Static | ZeroBOX

PE Compile Time

2023-04-11 19:06:58

PDB Path

D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb

PE Imphash

52982bbab8b9d5eafbb4ec438626f86a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000dd56 0x0000de00 6.65616853175
.rdata 0x0000f000 0x000061ee 0x00006200 4.99626462923
.data 0x00016000 0x00001444 0x00000c00 2.05558001205
.rsrc 0x00018000 0x000000f8 0x00000200 2.51957935048
.reloc 0x00019000 0x00001054 0x00001200 6.26182229427

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00018060 0x00000091 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x1000f000 GlobalAlloc
0x1000f004 GlobalLock
0x1000f008 GlobalUnlock
0x1000f00c WideCharToMultiByte
0x1000f010 Sleep
0x1000f014 WriteConsoleW
0x1000f018 CloseHandle
0x1000f01c CreateFileW
0x1000f020 SetFilePointerEx
0x1000f028 IsDebuggerPresent
0x1000f034 GetStartupInfoW
0x1000f038 GetModuleHandleW
0x1000f040 GetCurrentProcessId
0x1000f044 GetCurrentThreadId
0x1000f04c InitializeSListHead
0x1000f050 GetCurrentProcess
0x1000f054 TerminateProcess
0x1000f058 RaiseException
0x1000f05c InterlockedFlushSList
0x1000f060 GetLastError
0x1000f064 SetLastError
0x1000f068 EnterCriticalSection
0x1000f06c LeaveCriticalSection
0x1000f070 DeleteCriticalSection
0x1000f074 RtlUnwind
0x1000f07c TlsAlloc
0x1000f080 TlsGetValue
0x1000f084 TlsSetValue
0x1000f088 TlsFree
0x1000f08c FreeLibrary
0x1000f090 GetProcAddress
0x1000f094 LoadLibraryExW
0x1000f098 ExitProcess
0x1000f09c GetModuleHandleExW
0x1000f0a0 GetModuleFileNameW
0x1000f0a4 HeapAlloc
0x1000f0a8 HeapFree
0x1000f0ac FindClose
0x1000f0b0 FindFirstFileExW
0x1000f0b4 FindNextFileW
0x1000f0b8 IsValidCodePage
0x1000f0bc GetACP
0x1000f0c0 GetOEMCP
0x1000f0c4 GetCPInfo
0x1000f0c8 GetCommandLineA
0x1000f0cc GetCommandLineW
0x1000f0d0 MultiByteToWideChar
0x1000f0d4 GetEnvironmentStringsW
0x1000f0dc LCMapStringW
0x1000f0e0 GetProcessHeap
0x1000f0e4 GetStdHandle
0x1000f0e8 GetFileType
0x1000f0ec GetStringTypeW
0x1000f0f0 HeapSize
0x1000f0f4 HeapReAlloc
0x1000f0f8 SetStdHandle
0x1000f0fc FlushFileBuffers
0x1000f100 WriteFile
0x1000f104 GetConsoleCP
0x1000f108 GetConsoleMode
0x1000f10c DecodePointer
Library USER32.dll:
0x1000f114 SetClipboardData
0x1000f118 EmptyClipboard
0x1000f11c OpenClipboard
0x1000f120 CloseClipboard
0x1000f124 GetClipboardData

Exports

Ordinal Address Name
1 0x10001120 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
2 0x10001120 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
3 0x10003040 Main
!This program cannot be run in DOS mode.
RichCy
`.rdata
@.data
@.reloc
E0SVW3
0VWj$h
CL$ ;x
CL$ ;x
CL$ ;x
CL$ ;x
CL$ ;x
CL$ ;x
CL$ ;x
URPQQh
;t$,v-
UQPXY]Y[
zSSSSj
f9:t!V
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
QQSVj8j@
bad allocation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
Unknown exception
bad array new length
4971eddfd380996ae21bea987102e417
RkIng0QxhfVS9EI6gyDihGK18xtpSwLj8RIUgmUm2by9K0AsgTC1fTa0
FFcUSXXEQwSaKhvxRdu2VTTeKJ3 RNK1GRgUUCL6PMNnWRD3RuPD2TzB
MENPg6E2fbWj9Zzz0bVPZHLqUctURWKWSlFyVJkvdLCDbe==
KCFgip2rdLKQ UcMYNzWV0vP8QUIhUeW6EllW6oTUeCdXe==
GBFW2osSQO6VWhMpVwDPR2f1PcUIQNHPJVVvfXg4PVlnQ1UB0NROiFLH7RKu2sLeLlhARZkpdTSQLBHyRwPLiDfyMSCvWdfUSxFE2oMpYTW9PFgTSu41iUvm7SeNZde=
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyz0123456789
invalid string position
string too long
D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb
.text$di
.text$mn
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
CLIPPERDLL.dll
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
??4CClipperDLL@@QAEAAV0@ABV0@@Z
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
KERNEL32.dll
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
USER32.dll
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_array_new_length@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
</assembly>
0#0(020C0H0R0c0h0r0
1?1d1{1
2(2O2h2
:0;@;T;w;
=->8>F>
>@?J?}?
%000>0
6*6U6t6
89E9T9k9q9w9}9
;G;T;u;z;
;"<,<:<U<m<
=7>J>T>
?O?Y?b?k?
1(1A1Q1n1
152>2E2K2Q2]2c2
363<3B3H3N3T3[3b3i3p3w3~3
:F:Z:v:
;!;';U;a;~<
=/===I=U=k=
>#>0>9>>>C>^>h>t>y>~>
?(?<?E?
&0C0O0
9K9P9T9X9\9
<(=9=D=
?0?N?f?
3&3t3|3
374E4N4
6.757`8
<c<g<o<{<
=&=D=]=b=
313K3c3j3
484_4t4
5 525?5X5i5s5
8*818e8k8
;S;<>"?
0'0]0n2
7$808B8
?/?E?k?
0;0_0s0x0}0
1%10151:1X1g1r1w1|1
2.2E2J2U2|2
5:5R5p5{5
5M6R6W6\6n6.7
8N9h9m9S;m;|;
<*<7<E<S<^<t<
3,3>3P3b3t3
5f6+7X7
0!0)0R0Y0u0|0
=+=A=N=S=a=
1(2G2S2
3=4W4d4
5p6v6{6
9I9Q9Y9a9i9
K0L1\1m1u1
2Q2`2l2{2
2<3E3N3W3
90=8>I>
0&1+1=1[1o1u1
5N6b6s6
:7:A:K:b:l:
;";,;W;a;k;
<!<+<B<L<w<
=7=A=K=
,14181<1@1D1H1L1P1T1`1d1h1t1x1|1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5(:,:0:4:h:l:p:t:x:|:
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
;$;,;4;<;D;L;T;\;d;l;t;|;
@0D0T0X0\0d0|0
1,101@1D1L1d1h1l1p1x1|1
2 20242D2H2
6 6(6<6T6X6x6
7 7@7`7
8 8@8`8
9 9@9`9
: :(:,:0:8:L:T:h:p:
7(7,7074787<7@7D7H9h9
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
((((( H
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Antivirus Signature
Bkav W32.NataDecoAAT.Trojan
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.446682
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.GenericPMF.S29595454
McAfee Artemis!EE69AEAE2F96
Cylance unsafe
VIPRE Gen:Variant.Zusy.446682
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Zusy.446682
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
BitDefenderTheta Gen:NN.ZedlaF.36132.fu4@aa9fHcni
VirIT Trojan.Win32.Genus.NMA
Cyren W32/Agent.GPBN-4848
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/TrojanDownloader.Amadey.H
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Agent.gen
Alibaba TrojanDownloader:Win32/Amadey.cd1a11ef
NANO-Antivirus Trojan.Win32.Clipper.juivsg
ViRobot Clean
Rising Trojan.Generic@AI.98 (RDML:UOvjVOFWo3+5kBV55m4AZg)
Sophos Troj/Amadey-K
Baidu Clean
F-Secure Heuristic.HEUR/AGEN.1301048
DrWeb Trojan.Clipper.165
Zillya Trojan.Sdum.Win32.9736
TrendMicro Clean
McAfee-GW-Edition Trojan-FUUW!EE69AEAE2F96
Trapmine Clean
FireEye Gen:Variant.Zusy.446682
Emsisoft Gen:Variant.Zusy.446682 (B)
SentinelOne Clean
GData Gen:Variant.Zusy.446682
Jiangmin Trojan.Agent.ejvu
Webroot Clean
Avira HEUR/AGEN.1301048
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Malware.Win32.Wacatac.cc
Xcitium Clean
Arcabit Trojan.Zusy.D6D0DA
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
Microsoft Trojan:Win32/Amadey.MA!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5355012
Acronis Clean
VBA32 Trojan.Sabsik
ALYac Gen:Variant.Zusy.446682
TACHYON Trojan/W32.Agent.91136.ADU
DeepInstinct MALICIOUS
Malwarebytes Trojan.Amadey
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Malware.Win32.Gencirc.10bdd5b2
Yandex Clean
Ikarus Trojan.Win32.Amadey
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
No IRMA results available.