Static | ZeroBOX

PE Compile Time

2021-08-20 05:26:36

PE Imphash

127bc68c3d34a048139e9d88ad1484f8

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00004f4c 0x00005000 6.24360206309
.data 0x00006000 0x000017cc 0x00002000 2.67795310657

Imports

Library KERNEL32.dll:
0x40101c FreeLibrary
0x401020 CloseHandle
0x401024 GetModuleFileNameA
0x401028 WaitForSingleObject
0x40102c GetVersionExA
0x401030 CopyFileA
0x401034 GetCurrentProcess
0x401038 GetModuleHandleA
0x401040 HeapAlloc
0x401044 GetProcessHeap
0x401048 HeapFree
0x40104c SetEvent
0x401050 CreateEventA
0x401054 lstrcmpiA
0x401058 Process32Next
0x40105c Process32First
0x401064 lstrcpyA
0x401068 GetStartupInfoA
0x40106c lstrlenA
0x401070 CreateFileA
0x401074 WriteFile
0x401078 lstrcatA
0x40107c VirtualFree
0x401080 GetTickCount
0x401084 LocalAlloc
0x401088 LocalSize
0x40108c LocalFree
0x401090 LoadLibraryA
0x401094 GetProcAddress
0x401098 Sleep
0x40109c InterlockedExchange
0x4010a0 VirtualAlloc
0x4010a4 VirtualProtect
Library USER32.dll:
0x40115c GetWindow
0x401160 GetWindowTextA
0x401164 wsprintfA
0x401168 FindWindowA
0x40116c GetLastInputInfo
0x401170 GetClassNameA
Library ADVAPI32.dll:
0x401000 OpenEventLogA
0x401004 ClearEventLogA
0x401008 CloseEventLog
0x40100c SetServiceStatus
Library MSVCRT.dll:
0x4010ac realloc
0x4010b0 _stricmp
0x4010b4 _strupr
0x4010b8 _controlfp
0x4010bc __set_app_type
0x4010c0 ??3@YAXPAX@Z
0x4010c4 memcpy
0x4010c8 ceil
0x4010cc _ftol
0x4010d0 __CxxFrameHandler
0x4010d4 _CxxThrowException
0x4010d8 memset
0x4010dc ??2@YAPAXI@Z
0x4010e0 memcmp
0x4010e4 strlen
0x4010e8 strstr
0x4010ec strcpy
0x4010f0 strncpy
0x4010f4 strrchr
0x4010f8 atoi
0x4010fc strcspn
0x401100 rand
0x401104 memmove
0x401108 strcat
0x40110c strcmp
0x401110 _strcmpi
0x401114 free
0x401118 _beginthreadex
0x40111c _except_handler3
0x401120 strchr
0x401128 __dllonexit
0x40112c _onexit
0x401130 _exit
0x401134 _XcptFilter
0x401138 exit
0x40113c _acmdln
0x401140 __getmainargs
0x401144 _initterm
0x401148 __setusermatherr
0x40114c _adjust_fdiv
0x401150 __p__commode
0x401154 __p__fmode

!This program cannot be run in DOS mode.
`.data
SSSVh#
SGSWhz,@
SGSWhl"@
SPhtr@
PSSSSS
@PhH)@
^VShLa@
PSSSSS
PSSSSSSVS
YFYt'V
VPPPPh
VHtAHt,Ht
VWh,i@
s9VVVW
SVWj@3
SVWh\n@
4SVWh\n@
t\HtwHt0H
VirtualFree
VirtualAlloc
InterlockedExchange
GetProcAddress
LoadLibraryA
LocalFree
LocalSize
LocalAlloc
GetTickCount
lstrcatA
WriteFile
CreateFileA
lstrlenA
FreeLibrary
CloseHandle
GetModuleFileNameA
WaitForSingleObject
GetVersionExA
CopyFileA
GetCurrentProcess
GetModuleHandleA
GlobalMemoryStatusEx
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
SetEvent
CreateEventA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
KERNEL32.dll
wsprintfA
GetClassNameA
GetWindow
GetWindowTextA
FindWindowA
GetLastInputInfo
USER32.dll
CloseEventLog
ClearEventLogA
OpenEventLogA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ADVAPI32.dll
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_CxxThrowException
memset
??2@YAPAXI@Z
memcmp
strlen
strstr
strcpy
strncpy
strrchr
strcspn
memmove
strcat
strcmp
realloc
_beginthreadex
_except_handler3
strchr
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetStartupInfoA
_strupr
_stricmp
_strcmpi
bad Allocate
bad buffer
KERNEL32.dll
PluginMe
OpenProxy
CloseProxy
SeShutdownPrivilege
System
Security
Application
Remark
SYSTEM\CurrentControlSet\Services\%s
%s\%d.bak
%s\shell\open\command
Applications\iexplore.exe\shell\open\command
www.jz3366.top
Defghi
Defghi Klmnopqr Tuvwxyab Defg
Defghijk Mnopqrstu Wxyabcd Fghijklm Opq
BaiduSdSvc.exe
ServUDaemon.exe
mssecess.exe
QUICK HEAL
QUHLPSVC.EXE
V3Svc.exe
patray.exe
AYAgent.aye
Miner.exe
TMBMSRV.exe
knsdtray.exe
QQ.exe
K7TSecurity.exe
QQPCRTP.exe
ksafe.exe
rtvscan.exe
ashDisp.exe
Avira(
avcenter.exe
kxetray.exe
egui.exe
Mcshield.exe
RavMonD.exe
KvMonXP.exe
avp.exe
HipsTray.exe
360sd.exe
360tray.exe
%s:%d:%s
SysFreeString
Oleaut32.dll
CoCreateInstance
CoUninitialize
CoInitialize
Ole32.dll
CreateEnvironmentBlock
userenv.dll
RtlGetNtVersionNumbers
ntdll.dll
%d*%sMHz
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%s Win7
kernel32.dll
IsWow64Process
IsBadReadPtr
wininet.dll
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
DeleteService
ChangeServiceConfig2A
CreateServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
ADVAPI32.dll
gethostname
getsockname
select
WSAIoctl
setsockopt
closesocket
connect
gethostbyname
socket
WSACleanup
WSAStartup
ws2_32.dll
strstr
memset
memcpy
strlen
strcmp
MSVCRT.dll
EnumWindows
SendMessageA
IsWindowVisible
MessageBoxA
ExitWindowsEx
wsprintfA
User32.dll
GetCurrentProcess
WTSGetActiveConsoleSessionId
MoveFileExA
MoveFileA
GetSystemDirectoryA
GetSystemInfo
ExpandEnvironmentStringsA
GetExitCodeProcess
GetVersionExA
TerminateThread
SetEvent
CancelIo
ResetEvent
CreateEventA
GetFileAttributesA
WaitForSingleObject
GetTickCount
lstrcatA
CloseHandle
GetLastError
ReleaseMutex
CreateMutexA
GetModuleFileNameA
CreateProcessA
GetCurrentThreadId
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
user32.dll
OpenDesktopA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
MSIE 6.0
InternetOpenA
LookupPrivilegeValueA
AdjustTokenPrivileges
Process32Next
Process32First
CreateToolhelp32Snapshot
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
.?AVtype_info@@
FriendlyName
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Lotok.4!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Tedy.131801
ClamAV Win.Trojan.Generic-6305873-0
CMC Clean
CAT-QuickHeal Backdoor.LotokPMF.S22207093
McAfee GenericRXAA-FA!0D34A5F97AE3
Cylance unsafe
VIPRE Gen:Variant.Tedy.131801
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus Trojan ( 0052cdd61 )
BitDefender Gen:Variant.Tedy.131801
K7GW Trojan ( 0052cdd61 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Trojan.Win32.Genus.PUS
Cyren W32/KillAV.AU.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Farfli.CVB
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Backdoor.Win32.Lotok.gen
Alibaba Backdoor:Win32/Venik.b4a60988
NANO-Antivirus Trojan.Win32.Lotok.jrwrll
SUPERAntiSpyware Clean
Rising Backdoor.Lotok!8.111D5 (TFE:5:VE56F3v74yI)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Crypt.ZPACK.Gen
DrWeb Clean
Zillya Clean
TrendMicro BKDR_ZEGOST.SM37
McAfee-GW-Edition BehavesLike.Win32.Injector.nm
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.0d34a5f97ae366a4
Emsisoft Gen:Variant.Tedy.131801 (B)
Ikarus Trojan.Win32.Farfli
GData Win32.Trojan.Farfli.P
Jiangmin Backdoor.Lotok.aao
Webroot Clean
Avira TR/Crypt.ZPACK.Gen
MAX malware (ai score=89)
Antiy-AVL Trojan[Backdoor]/Win32.Lotok
Gridinsoft Clean
Xcitium TrojWare.Win32.Farfli.BLH@6lj6he
Arcabit Trojan.Tedy.D202D9
ViRobot Trojan.Win.Z.Lotok.32768.D
ZoneAlarm HEUR:Backdoor.Win32.Lotok.gen
Microsoft Trojan:Win32/Venik.SIB!MTB
Google Detected
AhnLab-V3 Backdoor/Win.Zegost.R438653
Acronis Clean
BitDefenderTheta AI:Packer.DE6B7CE41E
ALYac Gen:Variant.Tedy.131801
TACHYON Backdoor/W32.Lotok.32768.C
DeepInstinct MALICIOUS
VBA32 BScope.TrojanPSW.Cimuz.B
Malwarebytes Trojan.BitCoinMiner
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall BKDR_ZEGOST.SM37
Tencent Malware.Win32.Gencirc.10bab93e
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Farfli.CVB!tr
AVG Win32:BackdoorX-gen [Trj]
Avast Win32:BackdoorX-gen [Trj]
No IRMA results available.