popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-03-17 10:23:03

PDB Path

c:\Users\Administrator\Desktop\316.5\shellcodeloder\release\shellcodeloder.pdb

PE Imphash

aca77bb36f4ee9dc931c40d10b8cabe8

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000060c4 0x00007000 6.10046961833
.rdata 0x00008000 0x00001acc 0x00002000 4.93218731056
.data 0x0000a000 0x00001d7c 0x00002000 2.29624935641
.rsrc 0x0000c000 0x000000b0 0x00001000 3.05551444685

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000c058 0x00000056 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x408000 GetCommandLineA
0x408004 HeapFree
0x408008 GetVersionExA
0x40800c HeapAlloc
0x408010 GetProcessHeap
0x408014 TerminateProcess
0x408018 GetCurrentProcess
0x408024 IsDebuggerPresent
0x408028 GetProcAddress
0x40802c GetModuleHandleA
0x408030 ExitProcess
0x408034 WriteFile
0x408038 GetStdHandle
0x40803c GetModuleFileNameA
0x40804c WideCharToMultiByte
0x408050 GetLastError
0x408058 SetHandleCount
0x40805c GetFileType
0x408060 GetStartupInfoA
0x408068 TlsGetValue
0x40806c TlsAlloc
0x408070 TlsSetValue
0x408074 TlsFree
0x40807c SetLastError
0x408080 GetCurrentThreadId
0x408088 HeapDestroy
0x40808c HeapCreate
0x408090 VirtualFree
0x408098 GetTickCount
0x40809c GetCurrentProcessId
0x4080ac LoadLibraryA
0x4080b4 Sleep
0x4080b8 GetCPInfo
0x4080bc GetACP
0x4080c0 GetOEMCP
0x4080c4 VirtualAlloc
0x4080c8 HeapReAlloc
0x4080cc RtlUnwind
0x4080d0 HeapSize
0x4080d4 MultiByteToWideChar
0x4080d8 GetLocaleInfoA
0x4080dc LCMapStringA
0x4080e0 LCMapStringW
0x4080e4 GetStringTypeA
0x4080e8 GetStringTypeW
!This program cannot be run in DOS mode.
`.rdata
@.data
YYuTVWhX @
>=Yt/j
t#SSUP
t$$VSS
_^][YY
j(j ^V
0SSSSS
0SSSSS
0SSSSS
YYu-9D$
0A@@Ju
t^9(uZ
tD9(u@
URPQQh
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
CorExitProcess
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
RSDS_Le
c:\Users\Administrator\Desktop\316.5\shellcodeloder\release\shellcodeloder.pdb
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
KERNEL32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
T$4_^3
xyccinfo1.12.242.71
Default
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
((((( H
h(((( H
H
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Zenpak.4!c
Elastic malicious (moderate confidence)
MicroWorld-eScan Gen:Variant.Zusy.452794
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Zusy.452794
Malwarebytes Malware.AI.3996680019
Zillya Clean
Sangfor Trojan.Win32.Rozena.Viyf
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Zusy.452794
K7GW Trojan ( 005a0fae1 )
K7AntiVirus Trojan ( 005a0fae1 )
BitDefenderTheta Gen:NN.ZexaF.36344.dqW@ayveWhoi
VirIT Trojan.Win32.Genus.OQP
Cyren W32/ABRisk.DEET-1671
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Rozena.BQM
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Zenpak.gen
Alibaba Trojan:Win32/Zenpak.591409bc
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Trojan.Win.Z.Zusy.53248.U
Rising Trojan.Generic@AI.84 (RDML:pi7A+OY26Z4YlhNMNuFxMQ)
TACHYON Clean
Emsisoft Gen:Variant.Zusy.452794 (B)
Baidu Clean
F-Secure Clean
DrWeb Trojan.DownLoader7.33859
VIPRE Gen:Variant.Zusy.452794
TrendMicro TROJ_GEN.R002C0DCM23
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
FireEye Gen:Variant.Zusy.452794
Sophos Clean
Ikarus Worm.Win32.Slenfbot
GData Gen:Variant.Zusy.452794
Jiangmin Trojan/Generic.alimm
Webroot Clean
Avira TR/Rozena.aexkw
Antiy-AVL Trojan/Win32.Rozena
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.Zusy.D6E8BA
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Rozena.RK!MTB
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!77D8FF584C4A
MAX malware (ai score=84)
VBA32 BScope.Trojan.Zenpak
Cylance Clean
Panda Trj/Chgt.AC
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DCM23
Tencent Win32.Trojan.Zenpak.Yimw
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/Rozena.BQM!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
No IRMA results available.