Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00005a15	0x00005c00	6.57163860797
.rdata	0x00007000	0x00000a48	0x00000c00	4.64394893095
.data	0x00008000	0x00000520	0x00000200	1.83004695137
.reloc	0x00009000	0x000002e8	0x00000400	5.41479239521

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00005a15

0x00005c00

6.57163860797

.rdata

0x00007000

0x00000a48

0x00000c00

4.64394893095

.data

0x00008000

0x00000520

0x00000200

1.83004695137

.reloc

0x00009000

0x000002e8

0x00000400

5.41479239521

!This program cannot be run in DOS mode.

`.rdata

@.data

.reloc

jCXjrf

XjtZjof

XjaYjbf

YjeXj/f

Yj2XjFf

PSSSSS

D$LPVh

D$@H=~

PWh(t@

L$$SQPVS

QQQQSPQQ

PPPPSRPP

ujRXj

j$Xjsf

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Poverty is the parent of crime.

- SystemLayout %d

- KeyboardLayouts: (

- HWID: %s

- CPU: %s (%d cores)

- VideoAdapter #%d: %s

- OperationSystem: %d:%d:%d

(null)

0123456789ABCDEF

0123456789abcdef

- ScreenSize: {lWidth=%d, lHeight=%d}

89.238.170.250

0123456789

?333333

.text$mn

.idata$5

.rdata

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

EnterCriticalSection

LeaveCriticalSection

GetModuleFileNameW

WaitForMultipleObjects

GetUserDefaultUILanguage

InitializeCriticalSectionAndSpinCount

CreateMutexA

GetLastError

GetSystemInfo

CreateThread

DeleteCriticalSection

ExitProcess

HeapFree

MultiByteToWideChar

IsDBCSLeadByte

HeapAlloc

GetProcessHeap

WideCharToMultiByte

GetCurrentProcess

VirtualAlloc

GetFileAttributesW

GetModuleHandleA

LoadLibraryA

IsWow64Process

KERNEL32.dll

GetCursorPos

GetKeyboardLayoutList

EnumDisplayDevicesA

ReleaseDC

GetSystemMetrics

USER32.dll

GetCurrentHwProfileA

ADVAPI32.dll

CryptProtectData

CRYPT32.dll

c4d1da23-ecb6-4036-9349-7dcfa8eb6cf5

1*2;2R2e2

7O7X7t7

9J9Q9o9

>#>/>B>N>d>n>

>'?6?N?

0"1=1W1m1w1

2V2e2t2z2

3$3/353M3X3d3

4 4O4U4f4v4

5"5-585>5C5S5

5-949J:

:1;L=f=

44#4'4+424;4D4K4T4f4m4]:

:%<[<o<y<

0J1P1]1c1

2;2A2N2T2v2~2

2Z4u4z4

45)5U5o5

6&606;6B6W6a6~6

7"7,7=7M7

8.9@9V9|9

<&<K<c<

=!><>G>[>l>

4i4l5X8a8

$d.log

(null)

\??\%s

%s\tdata

%s\tdata_%d\%s

%s\maps

%s\tdata_%d\%s\maps

Antivirus	Signature
Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.4!c
tehtris	Clean
DrWeb	Clean
MicroWorld-eScan	Gen:Variant.Ser.Razy.14040
FireEye	Generic.mg.bd1f19c4defecdd3
CAT-QuickHeal	Clean
ALYac	Gen:Variant.Ser.Razy.14040
Malwarebytes	Clean
VIPRE	Gen:Variant.Ser.Razy.14040
Sangfor	Trojan.Win32.Agent.Agin
K7AntiVirus	Clean
BitDefender	Gen:Variant.Ser.Razy.14040
K7GW	Clean
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.36164.bqW@ayTDf5n
VirIT	Clean
Cyren	Clean
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Spy.Agent.QJC
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Trojan.Generic@AI.100 (RDML:89aHFN4pWtotzBeRbBxezg)
TACHYON	Clean
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1317098
Baidu	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
CMC	Clean
Emsisoft	Gen:Variant.Ser.Razy.14040 (B)
Ikarus	Win32.Outbreak
GData	Gen:Variant.Ser.Razy.14040
Jiangmin	Clean
Webroot	W32.Trojan.Gen
Google	Clean
Avira	HEUR/AGEN.1317098
Antiy-AVL	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Trojan.Ser.Razy.D36D8
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Doina.MA!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.VX.C5393441
Acronis	Clean
McAfee	Artemis!BD1F19C4DEFE
MAX	malware (ai score=82)
DeepInstinct	MALICIOUS
VBA32	Clean
Cylance	unsafe
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Win32.Trojan.Generic.Ijgl
Yandex	Clean
SentinelOne	Clean
MaxSecure	Clean
Fortinet	Clean
AVG	Win32:SpywareX-gen [Trj]
Avast	Win32:SpywareX-gen [Trj]

Antivirus

Signature

Bkav

W32.AIDetect.malware2

Lionic

Trojan.Win32.Generic.4!c

tehtris

Clean

DrWeb

Clean

MicroWorld-eScan

Gen:Variant.Ser.Razy.14040

FireEye

Generic.mg.bd1f19c4defecdd3

CAT-QuickHeal

Clean

ALYac

Gen:Variant.Ser.Razy.14040

Malwarebytes

Clean

VIPRE

Gen:Variant.Ser.Razy.14040

Sangfor

Trojan.Win32.Agent.Agin

K7AntiVirus

Clean

BitDefender

Gen:Variant.Ser.Razy.14040

K7GW

Clean

CrowdStrike

win/malicious_confidence_100% (W)

BitDefenderTheta

Gen:NN.ZexaF.36164.bqW@ayTDf5n

VirIT

Clean

Cyren

Clean

Symantec

ML.Attribute.HighConfidence

Elastic

malicious (high confidence)

ESET-NOD32

a variant of Win32/Spy.Agent.QJC

APEX

Malicious

Paloalto

generic.ml

ClamAV

Clean

Kaspersky

HEUR:Trojan.Win32.Generic

Alibaba

Clean

NANO-Antivirus

Clean

ViRobot

Clean

Rising

Trojan.Generic@AI.100 (RDML:89aHFN4pWtotzBeRbBxezg)

TACHYON

Clean

Sophos

Mal/Generic-S

F-Secure

Heuristic.HEUR/AGEN.1317098

Baidu

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

Artemis!Trojan

Trapmine

malicious.moderate.ml.score

CMC

Clean

Emsisoft

Gen:Variant.Ser.Razy.14040 (B)

Ikarus

Win32.Outbreak

GData

Gen:Variant.Ser.Razy.14040

Jiangmin

Clean

Webroot

W32.Trojan.Gen

Google

Clean

Avira

HEUR/AGEN.1317098

Antiy-AVL

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Trojan.Ser.Razy.D36D8

SUPERAntiSpyware

Clean

ZoneAlarm

HEUR:Trojan.Win32.Generic

Microsoft

Trojan:Win32/Doina.MA!MTB

Cynet

Malicious (score: 100)

AhnLab-V3

Trojan/Win.VX.C5393441

Acronis

Clean

McAfee

Artemis!BD1F19C4DEFE

MAX

malware (ai score=82)

DeepInstinct

MALICIOUS

VBA32

Clean

Cylance

unsafe

Panda

Trj/GdSda.A

Zoner

Clean

TrendMicro-HouseCall

Clean

Tencent

Win32.Trojan.Generic.Ijgl

Yandex

Clean

SentinelOne

Clean

MaxSecure

Clean

Fortinet

Clean

AVG

Win32:SpywareX-gen [Trj]

Avast

Win32:SpywareX-gen [Trj]

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports