Static | ZeroBOX

PE Compile Time

2023-03-14 03:58:42

PE Imphash

217175ecb4b918909da918aebf70d95a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x000d8000 0x00000000 0.0
UPX1 0x000d9000 0x00087000 0x00086400 7.9988617205
UPX2 0x00160000 0x00001000 0x00000600 3.0354187522

Imports

Library advapi32.dll:
0x140160118 RegCloseKey
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140160128 free
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140160138 _configthreadlocale
Library api-ms-win-crt-math-l1-1-0.dll:
0x140160148 __setusermatherr
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140160158 exit
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140160168 _set_fmode
Library bcrypt.dll:
0x140160178 BCryptGenRandom
Library crypt32.dll:
0x140160188 CertOpenStore
Library KERNEL32.DLL:
0x140160198 LoadLibraryA
0x1401601a0 ExitProcess
0x1401601a8 GetProcAddress
0x1401601b0 VirtualProtect
Library ntdll.dll:
0x1401601c0 NtCreateFile
Library secur32.dll:
0x1401601d0 EncryptMessage
Library VCRUNTIME140.dll:
0x1401601e0 memset
Library ws2_32.dll:
0x1401601f0 send

!This program cannot be run in DOS mode.
[JMqB+
p`xu|Z Uw
J*}/t<
R7]rW;?H
LE(.(>54
6#4#]w-w
Q%_U+E
I[-%3b
p"I#/;
L.|en;"^
@bM(4z
]HEcJ<
AyY%6w
i`w|e3
GX6w6H
:]SQ|
2[B5(F
$&"&(E
PkrI}}#
IT|1OR
H5k9?4
'6<:+d
t1AaD^D
uJiYTS
zQXJkt
I/-)({
|Yct'7
T j]5Y
\@?GZ&
x9]b!33
`eemwQa
'q1NyV^
|x3%r
jr[<N0
HrVtbL
Zz0O0[
TKAB2i
%,Z=iv
}*.`/`A
gn~4n5
2D,e[r9
{$*=dg+
~_~@>H
dK,p@1
Iz5AiS
y%]1jZy
/U+{;AgB
Js0*e%Em
R!fM)@
z,52Qv
?0FzG>
9]{o^@
-Wl/XC_
T.WPXY
mGnzQ(#
BE/pK
z!4=`{H
*y8SL/($;)#
D`vg[pO
832m`lw's
hRUvsRoF+
P<Ri&
Kxm) 3
&MboAH+h
lD;PT[
9iLf;i
[s4syls4o
3l:c_R'
_yzx4
yOt_wk
A1BLX'
3!>`J
X'F!&e
idF[]VF
G(UR.?!C
i1JP+x
Tl6%8c~
5e6/|md]Up
ef!."*
vd&8)O>
(FB.-/
$~P\Z>
wUu}i|
r${-!'
$g)8DSd6
v"--U05l
x7V]\r1
,n9-Noy
#"GzYg
)-g+rv
h#PM'"F
H/3sXx2)M
#m<G+^
xfCghf
|Q,lX|
)S:zbN
9oX)Z0-
R_:O!,6
_'"Gp
w8,X>J
7_$c.(
ZRmym7
v!4c`0
}asceZ6U
/v C;D
{b^X-X
d>.euy`w
-`N>/%
5$gUq(D
N%q+}W
Yio*"o
zTi)Bx
p'y"z&
3N.bl%
=xx$ia.E
G9cfMpI
["0O3U
B_Qbj<R
]]%%]r
#I'})rU
?F(@k\
) /,e}
mX&7~:
_:cOW1
a9.klc1
]$~C#*
nS22Gi
#:'aqA``p
]RBgV*
Ae+#4|6
Y,48,y)eV
KsV}!@E
[_2=SO
jj*&UvA]
LWiArI
J3zkG=
J2H*c;7
zv@>*\UF
0$;~a`d
V 9%`I
**,GL8?z^x
_KmRr_
DGeH:8
v",tLb
sE\(8k
pP("$jS
<p0Nin~
!}8)ddP
N322-!
eyp4*/
QGQG;R
U{hz;r3
$1"H-8C
es4G)>
U]YJtixk
*&a=[xi
oN"RAp4
yQqaL'
l>^$*e
.|-P5Y
Au|'Qa
+xB#@s
^9N{f;
4K.::`H
@SxjbI#
?c1'f~w
h$LybB
eTOKjN
g+/4YGJ
FaFjMY
mPQ7bd
(_/}V5H
wQ)qrp
AO^tk.
#en$.}
]\,#OI
\|H"}H
Nw(a]+
Y/ZpE}
H;_$pl
8,F6t=
dZ>Z_U
WH0y=?=
3r8eHh{g9
y_A)H i+
7XRh:n
<9.}.
R~a$?&D
>h5QMO63-
luvfc2
?X8"N`
4R!Fo^
k%po@dQ?
.Cb)x1
v,?"_h
\s)3u(r
zAYBR)
,6.6[FR
=)$qR:xU
weOz4i
Bma9Mru`~
g}`*XU
H1FU=7
.q(k~g
k?tR~G
|{S(ah
/z29a7
+_*1 f
F_ql{f
aBXLqwIU
*a2UpQ
:d~R;O
"s~3Cp
yZ6^f~
#QbnG
C|pyr#
%]l6\H$
GafC3T
SR 0By
P+c]7y
Pr^%:b
#PC^~/
{HVyd;q
:=r4rtT
"/WJSs
&{]N{}
L2^BQ;
WY5f"a
m9AUX:7
Q'gp}v
@Uwn^_
ch5P|k.
.$xN%;
@lbO/K
WEznx]
hn:@K
,99-h-
F\E`jX5
}]%\t7
13/66V;
v7,v!
W=@Vyjy
_UNx:PJ
<8r,VlO
L?cP6a
xr2+!~
,lRiUvs!
EH%,K
kG6~k m~L
_~3l,O
+>,!}<
0"+B8`
waFPdO
IT}#X4
%:|PAYy
kIX!g{1
6'4qrp
cX}89>
Oa$KIP
s3XEL0
4~7)~C
+qbF%*
'6Kl5g=
)7~NPV
5{?Nqp&
/oBtqzs
DO\,l]9
r0C;X^
,M>[m&
[(WEeu5
Vh0>dt
IDK2dR.
K^'h{+
oEwZ*x
tMI;6R~
.{\Mi
&Uw.~?
Vm{H8X
Hha$Yl
lbjCZ;
hVM&[$
#VGWirr
nqx:>k
8zvl7i9M
R>y#Z
MEELiK
K~B{:P"*v%
Nu7RI\#'
'U#^+)
?1@eCqd^0
JRcvrNl
38P}{{
f<W:"n"
>K>M:))C
WR\:!pp
C,=sx%
lP,95.
7`P{t/,|
?+ofbsI
A*={-<Am
Rc2ht2
_a&c#c3'L
G"GcR5A
g$\,^#
-Dxr#g`
R8Hoaa
CmTi3+
zgk)" /
@*%.UU
pvwEo[S0M
^k/J%
LbC?J[M
y.(UMA$
w'%m&<
{d,If>o
qcTCjc
RbxfF
NV}HWn
o8\b\_F
'4QATb
HSie{u
.T&}3K
AP3_$O
G-gi|E
>+d# QX$
l"V/P
nqE=W5
?Mv2<y
"$tT#eY
L9+&6o*
h{%'I%
4>JHd+
O*^s&E
W4+*$BS
UC/\nq
A4W|yk
>!]@=ah
K#CGl[
:lXJ"v
,m]mr%
T6wG3,
q74w{n
o[D}jb
=}qhl-
3'mVPd
|~qH?nC
I4=b35
wanoz"
#,BQ# 5R
[J%N@p
0{7cq>
`-Fi7j
+SMB*D
fWWE<g
%6L$1<|
qG<HrU
|0.kYN0
f)vo6/+
!$@{+/
7Kr:^F/
4f#anW
h7EEkz
~'go)3
G3zR1R
9EeWbH6
TaKSF
~6eq=j
t+\U{BP@
>{mdzT
(wYh+PA
t=H6[O
(cz&*;
k&W/LT
QGvw*l
)XJQ^s
(}Zg*+
4h3(3Y
N+t%Ny
TB+'lL+
*(O`e=
*R0<Ks
qwEjpT
,Aky'W
NRfzN(
6Gfj-Il
ET?,?4
l4K>Me
Gn9`F~
Y.4OC
/V=o4
c}NzWF`
^K5=qD|bU
\w_0z4
J$[V`UN
P`c6f?
dbPdgC
HE-YPW
`4;E_~
N47uVU
^L8KTY4
TQgaG1
q80!az
{pf-!
^6y2Ki8jv(
-$JZ(O
7wR/?
{]@3j`
;X=XYEY
CuSp&Bth
ynK~(z
LNoRyP$
gdl&v
k4GWB"
6MOM<!
#;ks%O
.c[t/e
O?1b/b
b>Z83R
anv1$G&
nwoBl,
abd8<P
IAy1Iy
R0F)jv
t@``ev
L~~Wgy_{L
Nb0SQ
waXQ.C&
~f$ |x
O_8Z}v
e[;tuK
#&WBLT
qMFqeOiC
iQG8UE+
Mdx}4#OU
)QF&Be
*7)_dQ?
uo*,C
""BcsK
u46UFMV
Cmiv6^1
&/*2SD
a|ZA!g
np!3F{wi
Pq_&-u}
aT0#'EC.
=9l2iz
Z0+Ip~
o5EDt&'6
^#,5MG}
7(#'CJ
fzoQw8
G3"Ha&
7-SBnB
w:05_I|X
>'9Pv9
>E+s'%
>[LoiUw
l&^X[\.
|$UDF_
.'|Xl@m
&m\n+/.^
a65?Lk
)K2&y`
<5@=Ui
7%\:C'
Go0~LJ8
lPx@ks
?A7di\
&1dhQk
(MyIyw
Gq><3'
,(#KR]
?7j^W.ZM
L.Zn_z
X~>0VM
XQ";jt]
c+NMt2b]
=d*a*gs
Jm-*8Tgh
N{k=`E
KCv8HR
"\+!ubR
4Zt[yQ
A`|,^H
]6ISM:np
o.~e,aY
*%uj#C
~gm@B$
MrrF %skH
\`5uB(
}o@KHP
t</fVZ
la]%vhg
Ckal.w
q=]1u;.,
]M{=AN
X%1wjKs
ZE:yoh
mXS-xih
<8u]yT^Cs*
wS3c;iR
;/8mX7"
;~X-La
2j:L4l
L6EG M@
I^5^-M5
QZeBTO
*7/eN8{
'nKDY=
1qV[QwZ
d,ND$
Xe?%7U
!4_?;/
$AV$>%:
S~Q17B=
BtqA}#
O+<~OT
[YG2GF
>;5in_
E7wew&P
,Tzhs:
LaIB<0
y@b?@Fe
HQJAy[
fDr)4q
Cp2ebAl
L32J*@/fH
FS:S<o
)tjXp7
*h vMs$D
dx_.sH
LJ8r|J
a78xJ-
Rt/Zy`
3V1C`S(
@i"s;_
NghR$9
1l60dz
`S+\.*8U(
TF041Sj
{,853ZV
.=c?GI
\{$;'(
N% D2`
#PC?{c
M|}v!P
4cJ{3
YpwILn
3`}xu|G
~W->1<??
tTU`o"2
iPM7[}
4A\s52
E3&|1'
.J#@x1
~k3#qe
)dA^(U
}l&x4C
zOb[;A_
lJ1HRo
1 w{
58{53X
@cE"I+
L2S+6
9`%hVvmK*
X$^}?_N
b=1gX j
4GUoBB
gM"L1I
ELqfdP
)&. 4y
$Y+-Q|
Lak:gv
1p,aA,
1l_gIR$
qGeoW
k:zX-|
}5qVjwF
}JIP'8@
y2,fg9
%",R%,
8 8=JMC
a)XR?l
}oS;u&
m6O0cD
su%MH2U!
_1(4ol
naqIv*
3wZ||!v
[Zvqyr
Q<`VyM
TaAFq}vQR
{WXNoY
nb&xT2
?'+~[.
?v73ZV
BTT"ZR
*f>Wz
:W O6=
O$,RYe5
[vK)7s[
)qanNb
jf<7#9K
aAg^M"
@*(K!N
6}/Arh
}OiAm4
u_Ue}rg
P*/ai"
_x1P&+
W=]PBL
g?y(zU=
|En\mQ?:?1A
gyeBJ(
JL$ZXB7
md9Op*
}^pY1F
dO:pw:hA
jUWbIHZ
$R8>0
yF@}(1
Fc$S'WC
rk{tYU\<
~xqS8e(?
?P?K5%
dY"qj[
iX+bF4
TWI-o.~F^
tQkUr-$E%s
voH;@
'v=s]#
~<Z,b7
ky;SbC
IFCA;4
U-0e|"}X\
W=~i=C
QSX@d(H
@%sR_~xH
y6@qc/9
0Z\Whs
t)q:hb
u}?gR*[]
6@wDOXz
*IR@r'
-m!)yzT
ks=T/5
8g]<>G
.<@L`'=
G27E}m
$$ #E
O9h%*|
@sb[d*F"2
w9 O4i
Of[XI&6
eY.dVM
AdP8t<
DZd#R}s
&kJ-0u7
o##\s
I[Je6\
NJQ68DcV
2BPw4Rt
k>J<{P
$PQK?W
b:&(oC
_I=U4Iy
1;ERJ( ;
V[-Be'
Io>$<
"=EZ50,
>[^'~9E
d3*i:Vq
ZxJ.m@`
m,qsp%!c
^=@u4{@
+@-U A
eb>A{h
A5^Y9|H@'4
*G5lb|>y|
u]1@}<K
Psr>#*t?
XQMTZUPD
aT\}[m
h\NCVe
5t'35F
8.} -h
l+$y5D
#znF68
(+`0qn
h^ISgS
I}M06G
&@j'A
_bxK- v
V]iF{d@
DD9}Ft9
hPPON"r
iKo&DG
`x88[`
"3*.eX
UYOJQ
uI/16%
3<`eW}MH=
sr7hDe
/2+vU'
N)%(OI
Gz$(lE
V{{&u\
E.uW$i
%Wwc,4
@M'jorF
&.:CtA
E^m4\u
+{}bu
]=|Sn{j
6j"EHk
q^sLcw{*
` 9tZTB<
9KiX]8S
Cc/Nu]
cDMHJDg#
]}Q;1o
fp66S_"
M&LoA6
OA?!UV
|.y&\y
Q19g6
=`/8MA
c(p&)Y
AWETp+
za3j5}<)q
TOH?~4
?BYKkN
0~sRB4
yZXzN.
:j-((M
c.%AEn
90x@eFJY
UEQ:%?
mL$6KO
1JI0=U
HhhNUR
WJf5VRZa
jdDh4T
G7qe)
*fz`Z]
`lg-*f
>$^y}
UjC~TD
]jY[M/
F'O<Rq
G*FErN
GD;!S2
ydafhsy
&\9Jxa
eN}il~|
?r@E&,
,EIz$y9
Xjhnzh
1'%m>z
/9^@q
/y5:9
TIrr G
oJ6Q`j
Lix9]U
Td-#&p
r+Gj]$d
8zEBW]
N]pTd{
zsn'^(
H[]{`
#95{lu
Ap\njA
"H.c!c
m7^c2@
m-\LKs
Aew3yn
iJESv07{
u\q~"B
b";^G9
~fY*+V
$eyOhs
g?m`J:
)qNEE|
U.FHHp3
V'QlSI
2:$ILw
'-L4n*m>
ywfX%"g
8P;9zJ
RYNA,u
==A],>E
G!sLRV
\Ve0+W@
`mm+})
Wa!N,V7
)\#T>:
-qQ_3,V
?e@EQb
wB<=R#B
+^GJ:y
MQFd~LO
<Ijc]E
kj2+G)&V)u
GU)!+28
;'qn|V
a:P<P
[D&.pg
1p=-<:}
wn+soT
B_92HTA
3CZ(dO
T,vcqhfea!w
_|Fr`:~
Az\{5i#5#
U-lUQ>
M<|N7K
iC XPol
#B&<r-w
-(6VBn
*=i <3,
y(6dd1l3
d#.@nf+
cg4!*;
;l0aUH
|#D7"K
jj 9d&KF
RsB.*H
8[tnB2
B^365`
K{UeQD3
Ear2kiXI
=)3r=E
#8"6=6
wxvHw7Q
eUC"Dul
8K=<~M
P!&Aopd
5S_Z'.
n4W6`S{C
E#gPW'
",1p\x
,!rPsB
O2TwZk
W##3*n
`"him0
CY8JQF0
N]M!Kw
h|dH@4
lO&:fR8
N6;8S!j
m+jM<2R
tybrx~
@@gYBvME
L!nl1B
":eC-m
vA|9l'
'=)`wM
.H=<+'}l
NH&|TFS
A|zg6-
O`"%Y2J
Oo2awb
jT,y)'-
,5:0l'
sxe*jApI
$hH@w&
zr\&{o
N[/*2m
<n+E{XR
7#0|LD
KuC4,/
&\Cxo`y
dQ#MD0
KN?Dx3/
T~8VyTFy
:J@?0l5V
8j/HH {
l#b>d,
Lt}5IgUL
d;Z904
j dbZ1]
w^Y*,_7:
y2~Km'?
`= Z\ )=
i:BiLy
f6T:$;
&,'a0M!
P\<393
;n6=j]
d84"N>
AN;C9:
8fd/o*
[-Wu~~
~I%[p_|
i9E2Ow
aV]`45
cG6=aU
"y5ggH
0I`ZzBa
,k7A=}
4,]8;=
y*EX!E{
8k23]S
|+kDk&
dD`]Le
G/r=H2
]<{c>:
)aL,2)
>yOJpDe
luCOXp
,'8an6y
lx1' 5?
--MSNP
nfF~~3
F$|C2FK
94>v)
ZU#a>@b
FFs"~w
H&./DI
2a(}e
<tLiZd
l=tzx~CJB
X^iG[a
2+y=F
.`/4?j
/Nibo2
"g.u(T
v9Y#YZ
Udn+2{
dmqtt%
9;-$aS
;P.QgI;
A"h?(
*Lre)-
ZFZIR=
a2(lZr
\xi l
q/4mnnIFC
h&bL^sP
4DkxxE}
s]A[*Kp{
t4*_GI]
6+t9A+y
OZc *G
\ov Ue
WV<ko.
6LpsdV
w}]W?H
YQ V2g>A
g'};>cT
%LsVOv
Qw>n#,
eJ&?T1K
wq1Jq7
HPJP*y
\QH@mu
*MiY.J)
}QA\7HQJ
6WOr&.
t,HW{x
_j_|*58
srLK*o
TKYa/>
OcHuH+
Xo:Hif>
lo"P2h
od_i@%
5tnC#
%<>{zC
*@%8Q
gacyi?I
_E=:5)5-
i"8USw
6dWC,A
56B S9j>
{_kDu/
}?;9E x
2r/u!wj%
n_XPn'`
\`J3~{q
6]L(/N
>m>zLm
Xyowfv
VtLlmiC
D$>f74muj
f%0[tE
pxnzH~
*x"^Sm
8&QS8-QT@d
=8?'B`
$Hc,$H
H[]A\A]A^A_
X]_^[H
advapi32.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
bcrypt.dll
crypt32.dll
KERNEL32.DLL
ntdll.dll
secur32.dll
VCRUNTIME140.dll
ws2_32.dll
RegCloseKey
_configthreadlocale
__setusermatherr
_set_fmode
BCryptGenRandom
CertOpenStore
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
NtCreateFile
EncryptMessage
memset
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (moderate confidence)
MicroWorld-eScan Trojan.GenericKD.65926958
ClamAV Clean
FireEye Generic.mg.04694e5e78d0a3dc
CAT-QuickHeal Trojan.GenericRI.S29850418
ALYac Clean
Malwarebytes Malware.AI.4287928828
Zillya Clean
Sangfor Downloader.Win64.Agent.V0q6
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Trojan.GenericKD.65926958
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Win64/TrojanDownloader.Agent.XW
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Trojan-Downloader.Win32.ZippyLoader.eya
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Downloader.Agent!8.B23 (TFE:5:3iivrlo7YP)
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro TROJ_GEN.R002C0DCE23
McAfee-GW-Edition BehavesLike.Win64.BadFile.hc
Trapmine malicious.moderate.ml.score
CMC Clean
Emsisoft Trojan.GenericKD.65926958 (B)
Ikarus Clean
GData Win64.Trojan.Agent.GHXZ6U
Jiangmin TrojanDropper.Dapato.adrr
Webroot Clean
Avira TR/Dldr.Agent.tkfbf
Antiy-AVL Trojan/Win32.Sabsik
Gridinsoft Ransom.Win64.Sabsik.sa
Xcitium Clean
Arcabit Clean
ViRobot Trojan.Win.Z.Dapato.552448
ZoneAlarm Clean
Microsoft Trojan:Win32/Dapato.EM!MTB
Google Clean
AhnLab-V3 Trojan/Win.Generic.C5303216
Acronis Clean
McAfee Artemis!04694E5E78D0
MAX malware (ai score=89)
VBA32 Clean
Cylance Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DCE23
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Agent.XW!tr.dldr
Panda Clean
No IRMA results available.