popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-04-09 21:02:21

PE Imphash

534add4c0cbea8afae98064a5b4a30b6

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000c2b6 0x0000c400 6.55984088475
.rdata 0x0000e000 0x00005f00 0x00006000 4.80653680237
.data 0x00014000 0x0002bb14 0x0002b200 6.78123697364
.reloc 0x00040000 0x00000f40 0x00001000 6.33301494392
.zrjj3 0x00041000 0x000dbf38 0x000dc000 0.000586604301916

Imports

Library KERNEL32.dll:
0x40e000 LoadLibraryA
0x40e00c GetCurrentProcessId
0x40e010 GetCurrentThreadId
0x40e018 InitializeSListHead
0x40e01c IsDebuggerPresent
0x40e028 GetStartupInfoW
0x40e030 GetModuleHandleW
0x40e034 GetCurrentProcess
0x40e038 TerminateProcess
0x40e03c WriteConsoleW
0x40e040 RaiseException
0x40e044 RtlUnwind
0x40e048 GetLastError
0x40e04c SetLastError
0x40e060 TlsAlloc
0x40e064 TlsGetValue
0x40e068 TlsSetValue
0x40e06c TlsFree
0x40e070 FreeLibrary
0x40e074 GetProcAddress
0x40e078 LoadLibraryExW
0x40e07c GetStdHandle
0x40e080 WriteFile
0x40e084 GetModuleFileNameW
0x40e088 ExitProcess
0x40e08c GetModuleHandleExW
0x40e090 GetCommandLineA
0x40e094 GetCommandLineW
0x40e098 CompareStringW
0x40e09c LCMapStringW
0x40e0a0 HeapAlloc
0x40e0a4 HeapFree
0x40e0a8 FindClose
0x40e0ac FindFirstFileExW
0x40e0b0 FindNextFileW
0x40e0b4 IsValidCodePage
0x40e0b8 GetACP
0x40e0bc GetOEMCP
0x40e0c0 GetCPInfo
0x40e0c4 MultiByteToWideChar
0x40e0c8 WideCharToMultiByte
0x40e0d8 SetStdHandle
0x40e0dc GetFileType
0x40e0e0 GetStringTypeW
0x40e0e4 GetProcessHeap
0x40e0e8 HeapSize
0x40e0ec HeapReAlloc
0x40e0f0 FlushFileBuffers
0x40e0f4 GetConsoleOutputCP
0x40e0f8 GetConsoleMode
0x40e0fc SetFilePointerEx
0x40e100 CreateFileW
0x40e104 CloseHandle
0x40e108 DecodePointer
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
B.zrjj3
URPQQh
UQPXY]Y[
zSSSSj
f9:t!V
QQSVj8j@
tl=HFA
j,hh7A
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
invalid random_device value
bad allocation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
SystemFunction036
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
Unknown exception
bad array new length
string too long
VirtualProtect
kernel32.dll
vector too long
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
LoadLibraryA
QueryProcessCycleTime
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
KERNEL32.dll
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
aY,KcM
VGq8Qu
yYdFhr3
!I<SD&
(_!Aj->*I
vx"L$i
~F"T,)
z#}zzQ
zQuSe'}2zQ
sKM-;:
sKM-;*
cmQmzzQ
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
;2;8;W;
<6=a=v={=
0.040:0@0F0L0R0g0|0
2%2+2X2^2
4^4g4l4
5 5'5:5H5N5T5Z5`5f5m5t5{5
666N6X6a6
7W7a7j7s7
0'1/1A1N1p1
3*414[4`4
5:5D5N5\5w5
6/6W6k6}6
787E7N7S7X7s7}7
8-8=8\8J9T9a9
9-:P:W:
<+<2<:<R<`<h<
2(232@2N2
3(373L3V3i3p3|3
5)5;5J5
6%6>6C6L6
6>7G7t7}7
<#<.<4<B<`<y<~<
=;>C>J>U?
353N3l3
4?4T4f4s4
45R5e5o5t5y5
6"6.6B6X6~6
7'7,717N7r7
8"8'8,8G8V8a8f8k8
:,:>:J:
:j; <f<N?
3,4G4Q4
4'5F5i5
809<9N9
:":=:j:
374F4T4q4y4
5)6[6v6
8%878I8[8m8
071>1E1L1Y1
3A4[4`4F6`6o6}6
7*787F7Q7g7{7
<0=:=]=g=
8W9]9j9
272T2s2L3
5%52575E5
1D1h1s1
2 3&3+323B3P3a3y3
4,565Q5
6@7j7r7
>%>5>F>
?-?@?_?
040V0z0
5>9F:W:6=;=M=k=
171P1`1i1x1
1(1,1014181<1H1L1P1|1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5
=h?l?p?t?x?|?
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
;$;,;4;<;D;L;T;\;d;l;t;|;
?(?,?<?@?D?H?P?h?x?|?
000@0D0T0d0t0x0|0
4,444<4D4H4L4T4h4p4x4
5 5@5`5
6 6@6`6
7 7@7`7
8 8@8\8`8h8l8p8x8
686<6H6L6P6T6X6\6`6d6h6l6x6|6
0$0D0d0
@api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
@api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
@ja-JP
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
MicroWorld-eScan Gen:Variant.Zusy.455970
ClamAV Clean
FireEye Generic.mg.8ae47c8391af6dab
CAT-QuickHeal Clean
ALYac Gen:Variant.Zusy.455970
Malwarebytes Clean
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (W)
BitDefender Gen:Variant.Zusy.455970
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HSVJ
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Backdoor.Agent!8.C5D (TFE:5:UJpWrpqriHJ)
Sophos Generic ML PUA (PUA)
F-Secure Heuristic.HEUR/AGEN.1317016
DrWeb Trojan.Inject4.55820
VIPRE Gen:Variant.Zusy.455970
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.tz
Trapmine malicious.high.ml.score
CMC Clean
Emsisoft Gen:Variant.Zusy.455970 (B)
SentinelOne Static AI - Suspicious PE
GData Gen:Variant.Zusy.455970
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1317016
MAX malware (ai score=88)
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Zusy.D6F522
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Clean
AhnLab-V3 Malware/Win.Generic.C5407456
Acronis suspicious
McAfee Artemis!8AE47C8391AF
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 BScope.TrojanSpy.Bobik
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan-Spy.Stealer.Pgil
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HPND!tr
BitDefenderTheta Gen:NN.ZexaF.36132.gvW@a0GdQSh
AVG Clean
Avast Clean
No IRMA results available.