Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00001510	0x00002000	3.32116306608
.data	0x00003000	0x0000036c	0x00000000	0.0
.rsrc	0x00004000	0x00000a60	0x00001000	4.94813873695

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00001510

0x00002000

3.32116306608

.data

0x00003000

0x0000036c

0x00000000

0.0

.rsrc

0x00004000

0x00000a60

0x00001000

4.94813873695

Name	Offset	Size	Language	Sub-language	File type
SETTINGS	0x00004148	0x00000199	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_ICON	0x000042e4	0x00000568	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x0000484c	0x00000014	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x00004860	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	data

Name

Offset

Size

Language

Sub-language

File type

SETTINGS

0x00004148

0x00000199

LANG_NEUTRAL

SUBLANG_NEUTRAL

data

RT_ICON

0x000042e4

0x00000568

LANG_NEUTRAL

SUBLANG_NEUTRAL

GLS_BINARY_LSB_FIRST

RT_GROUP_ICON

0x0000484c

0x00000014

LANG_NEUTRAL

SUBLANG_NEUTRAL

data

RT_VERSION

0x00004860

0x00000200

LANG_ENGLISH

SUBLANG_ENGLISH_US

data

!This program cannot be run in DOS mode.

`.data

MSVBVM60.DLL

*swG8sk}9s

MeteoriteDownloader

VB5!6&*

Meteorite Downloader

MeteoriteDownloader

modMain

MeteoriteDownloader

urlmon

URLDownloadToFileA

kernel32

shell32.dll

ShellExecuteA

FindResourceA

LoadResource

LockResource

SizeofResource

FreeResource

GetModuleHandleA

shlwapi.dll

PathFileExistsA

RtlMoveMemory

VBA6.DLL

MSVBVM60.DLL

DllFunctionCall

__vbaExceptHandler

ProcCallEngine

Updater.exe

Windows

http://google.com

https://bitcoin.org/bin/bitcoin-core-22.0/bitcoin-22.0-win64-setup.exeAppDataYesbitcoin-22.0-win64-setup.exe

https://downloads.exodus.com/releases/exodus-windows-x64-23.3.27.exeAppDataYesexodus-windows-x64-23.3.27.exe

https://download.electrum.org/4.3.4/electrum-4.3.4-setup.exeAppDataYeselectrum-4.3.4-setup.exePAD(

PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING

Meteorite Downloader v3.1.0

SETTINGS

wscript.shell

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

regwrite

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

AppPath

SystemDrive

Windows

WinDir

system32

ProgramFiles

AppData

SETTINGS

/ P6pL

,/KPip

/-P?pR

VS_VERSION_INFO

StringFileInfo

040904B0

CompanyName

ProductName

Meteorite Downloader

FileVersion

ProductVersion

InternalName

OriginalFilename

VarFileInfo

Translation

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Agent.Y!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Midie.111126
ClamAV	Win.Malware.Aizczvpi-7667171-0
CMC	Clean
CAT-QuickHeal	Trojan.AgentMF.S19993834
McAfee	Downloader-FBWZ!C200EA136A59
Malwarebytes	Trojan.Downloader
Zillya	Clean
Sangfor	Suspicious.Win32.Save.vb
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Gen:Variant.Midie.111126
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.6732398D1F
VirIT	Trojan.Win32.Genus.PBD
Cyren	W32/VBTrojan.Downloader.1D!Maxi
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/TrojanDownloader.VB.RLW
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Agent.xabduu
Alibaba	Clean
NANO-Antivirus	Trojan.Win32.VB.fxwldb
ViRobot	Trojan.Win.Z.Midie.16384.B
Rising	Downloader.Generic!8.141 (TFE:4:2XZfwNMewX)
Emsisoft	Gen:Variant.Midie.111126 (B)
Baidu	Clean
F-Secure	Clean
DrWeb	Trojan.DownLoader30.17344
VIPRE	Gen:Variant.Midie.111126
TrendMicro	TROJ_GEN.R002C0DCS23
McAfee-GW-Edition	BehavesLike.Win32.Generic.lz
Trapmine	Clean
FireEye	Generic.mg.c200ea136a598e37
Sophos	Clean
Ikarus	Worm.Win32.Vobfus
GData	Gen:Variant.Midie.111126
Jiangmin	TrojanDownloader.Generic.bdxz
Webroot	Clean
Avira	TR/VB.Downloader.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Wacatac
Gridinsoft	Trojan.Win32.Agent.dd!n
Xcitium	Clean
Arcabit	Trojan.Midie.D1B216
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
ZoneAlarm	Clean
Microsoft	Trojan:Win32/VBObfuse.BIV!MTB
Google	Detected
AhnLab-V3	Trojan/Win32.RL_Vobfus.R326912
Acronis	Clean
VBA32	Malware-Cryptor.VB.gen.1
ALYac	Gen:Variant.Midie.111126
TACHYON	Trojan/W32.VB-Agent.16384.ID
Cylance	unsafe
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002C0DCS23
Tencent	Win32.Trojan.Agent.Ogil
Yandex	Trojan.GenAsa!Ywn5wjDUu9s
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HMTB!tr
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.Win32.Agent.Y!c

Elastic

malicious (high confidence)

MicroWorld-eScan

Gen:Variant.Midie.111126

ClamAV

Win.Malware.Aizczvpi-7667171-0

CMC

Clean

CAT-QuickHeal

Trojan.AgentMF.S19993834

McAfee

Downloader-FBWZ!C200EA136A59

Malwarebytes

Trojan.Downloader

Zillya

Clean

Sangfor

Suspicious.Win32.Save.vb

K7AntiVirus

Riskware ( 0040eff71 )

BitDefender

Gen:Variant.Midie.111126

K7GW

Riskware ( 0040eff71 )

CrowdStrike

win/malicious_confidence_100% (W)

BitDefenderTheta

AI:Packer.6732398D1F

VirIT

Trojan.Win32.Genus.PBD

Cyren

W32/VBTrojan.Downloader.1D!Maxi

Symantec

ML.Attribute.HighConfidence

tehtris

Generic.Malware

ESET-NOD32

a variant of Win32/TrojanDownloader.VB.RLW

APEX

Malicious

Paloalto

generic.ml

Cynet

Malicious (score: 99)

Kaspersky

Trojan.Win32.Agent.xabduu

Alibaba

Clean

NANO-Antivirus

Trojan.Win32.VB.fxwldb

ViRobot

Trojan.Win.Z.Midie.16384.B

Rising

Downloader.Generic!8.141 (TFE:4:2XZfwNMewX)

Emsisoft

Gen:Variant.Midie.111126 (B)

Baidu

Clean

F-Secure

Clean

DrWeb

Trojan.DownLoader30.17344

VIPRE

Gen:Variant.Midie.111126

TrendMicro

TROJ_GEN.R002C0DCS23

McAfee-GW-Edition

BehavesLike.Win32.Generic.lz

Trapmine

Clean

FireEye

Generic.mg.c200ea136a598e37

Sophos

Clean

Ikarus

Worm.Win32.Vobfus

GData

Gen:Variant.Midie.111126

Jiangmin

TrojanDownloader.Generic.bdxz

Webroot

Clean

Avira

TR/VB.Downloader.Gen

MAX

malware (ai score=82)

Antiy-AVL

Trojan/Win32.Wacatac

Gridinsoft

Trojan.Win32.Agent.dd!n

Xcitium

Clean

Arcabit

Trojan.Midie.D1B216

SUPERAntiSpyware

Trojan.Agent/Gen-Downloader

ZoneAlarm

Clean

Microsoft

Trojan:Win32/VBObfuse.BIV!MTB

Google

Detected

AhnLab-V3

Trojan/Win32.RL_Vobfus.R326912

Acronis

Clean

VBA32

Malware-Cryptor.VB.gen.1

ALYac

Gen:Variant.Midie.111126

TACHYON

Trojan/W32.VB-Agent.16384.ID

Cylance

unsafe

Panda

Trj/GdSda.A

Zoner

Clean

TrendMicro-HouseCall

TROJ_GEN.R002C0DCS23

Tencent

Win32.Trojan.Agent.Ogil

Yandex

Trojan.GenAsa!Ywn5wjDUu9s

SentinelOne

Static AI - Suspicious PE

MaxSecure

Trojan.Malware.300983.susgen

Fortinet

W32/Kryptik.HMTB!tr

AVG

Win32:Evo-gen [Trj]

Avast

Win32:Evo-gen [Trj]

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports