popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-04-10 10:27:28

PE Imphash

1619c2fb0abae4a066cd55f93e5cd107

PEiD Signatures

NsPack 2.9 -> North Star

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
0x00001000 0x000d3000 0x00000000 0.0
0x000d4000 0x00047000 0x00046281 7.9984509888
0x0011b000 0x000005c1 0x00000000 0.0

Imports

Library KERNEL32.DLL:
0x4d409c LoadLibraryA
0x4d40a0 GetProcAddress
0x4d40a4 VirtualProtect
0x4d40a8 VirtualAlloc
0x4d40ac VirtualFree
0x4d40b0 ExitProcess
Library RASAPI32.DLL:
0x4d40b8 RasHangUpA
Library USER32.DLL:
0x4d40c0 GetCursorPos
Library GDI32.DLL:
Library WINMM.DLL:
Library WINSPOOL.DRV:
0x4d40d8 ClosePrinter
Library ADVAPI32.DLL:
0x4d40e0 RegCreateKeyExA
Library SHELL32.DLL:
0x4d40e8 ShellExecuteA
Library OLE32.DLL:
0x4d40f0 CLSIDFromString
Library OLEAUT32.DLL:
0x4d40f8 UnRegisterTypeLib
Library COMCTL32.DLL:
0x4d4100 None
Library WS2_32.DLL:
0x4d4108 closesocket
Library WININET.DLL:
0x4d4110 HttpQueryInfoA
Library COMDLG32.DLL:
0x4d4118 ChooseColorA
!This program cannot be run in DOS mode.
JOX4@O
JOX4AO0
JORichn
KERNEL32.DLL
RASAPI32.DLL
USER32.DLL
GDI32.DLL
WINMM.DLL
WINSPOOL.DRV
ADVAPI32.DLL
SHELL32.DLL
OLE32.DLL
OLEAUT32.DLL
COMCTL32.DLL
WS2_32.DLL
WININET.DLL
COMDLG32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RasHangUpA
GetCursorPos
GetSystemPaletteEntries
waveOutUnprepareHeader
ClosePrinter
RegCreateKeyExA
ShellExecuteA
CLSIDFromString
HttpQueryInfoA
ChooseColorA
y<w:~s
U.X-.]_
$e:@3I
'>a2mR
B`^r2\
pp44G=
bwYXUB
j=,X=U
3'Z;gH
,)$!%z
)tqam]
;J)MLq;7
Nh?9e;
o3#3Ks
9#h`/@
y[O`g/
%fzrU_
]{DsBt
8NF5]m
@=H>F>
%}?T]n
mxLa/
r,bsRFq
DqB<&i
`Z0Yx
T hwjM
)V-^g1
X4lHy)
z#[M@{OF{
mbb!gun
;_`j5n
~!Ha<Q
"4oI?2H
>)HuZQnp
bgS(02
rqVbjV/Q1
4tP%j^DR
B((El
'=*re,N:?
Ek]c~!
_Iv7JS+%
fX-C(}
kXEt9'
szBYFl
sY)B3:)
;^-cFM
f8p9k;
9tmk:f]
C13E"h
KOQl9&
}vtU'?
78_vq,
zDY]ZV
t=zH^S
W+@a%fl
ZQjJpQ
W3C?1d
-?"pvm
mXZn&h
^?ywIh
U;(~{i
:/1E9o
@A;K|f&
~yO,d._
L>N06Y
5S|eN~
1>aC z
~_'E;i
72CKu$d
rwT)Qs
c5PWo6
vMn~)8G<7
8x^d2t
r:6@coU
CB$:Xf_Za)
(6}3o=
q22|3T
WkQ(fPh
N?tBF{a
q1V +1
>AoLwk=i
:*>zM&U3A
E{_q#R
~=fJME&&
t0P$qz1
LJ3u#J
R>q(5s
A^t7O7
|9PJWw
}p:T
mUs|kH"
pny4*&
re4J%:
BV m5\
`O^`n-G
,p9y<E}
Plxz)j*
$nLqWa
E8BD$5
7tSTXH3
!3px2dv
G)LW]V
"s;f5-
"4h.EO
m3um>'
q/\WV"t
?BOiMQ
mb3hK_As4O
0n)^Is
hv6y;6Lk
~:fPe+@e
L~k09C
y|i,1m
oa'Eo
Ydfyl4
0C<BI^
9&6zm/
I>3p*w
S%RW9
Hjms{Q
zEPvm"pc
25O{`~
v[:)GPe
7d.Ht
o<Cd0I
.9*0TF-
Q'jpQJ,
?{\"(,
:YJk^o9
'kkg6PF
UR\geD
mgSl}'v
YBy^b=Z(
;2&QDW.
mW')gLme:tB
2xY=cw<a2
"c/R1yoH
0G%ObC
E7.:@
a<5L"s
{HwUr%
i1ELC
h7LtpM
Mym3c@s
5}UZeg
Hu"H7
NMVd As
B&-8Xg
m5`oXf$\
FNHrlB
ff=ZNN
(LgpB
.O4~O/
LI|KFi
Bj`G?R
O7pV -R
@3:{vNi
&#f:Kc
qSwr;
[*[E&
Z;``|['&
}cCq2e
@\myLG
m#Zmc
ZOt}OFM
F5D<BZ
LupDuaW
H0FgN4H
qxly7o
2)9349L-w
m -j3&VL
Tq:5O,y
o"mHIn-
_NN$3
pp2/Fm
-#`qWC&
/030yJ
4e#x%vV
Wh;]%c
FCt"xS}"
-L|mG}g
kV+d&c
,^sMSx
IpnEVV
JT?V-
3(XtZm
_Iw,mC
pfD;#_
Bq4k_
bpv<fy
i$8{E
uQ>@Rxh4
[!'9Q%
ejoxM67$
UhL0@b
>3: xs
%g_mX-
X_E#AW}
<+)'})
>PKrC[l
f.l2COR
fpa8M
6~ah`y
<BeQ9f
\NN,Ua
MR[Y64u
gF1vs;TG
]33P<Z
S^*&w8
*;gg=/
B"yN-oH
&NfLGe.e
OE?c=o&
)4eW,<E
tNgg[c
VxFrmg
r^=\dZzT
ZVL!Yn
X-HnG
6}k<&I<i
9<;[vY
Grxx6G
tcN*'d
>pG.+F
'<"Ar@
4hB^Zr
~f;-qZ
}~022LVT
|@G<Qv
D@1f6Yw
5^P'`H
/+<?~P)q,h
T~"Y[c
+.mZ|FQ
.(=C5ih
74R.L^>j
)7Sk!r
fDjsI}
j*/:|
%x{ihP
"-'UCx
hhCnL>
ba?/<z
<8Mg/W
J%h(lN
;K3'ok
1R|B1e
_-1Hu)
G?[K^i
m{SCPL
Rig@%W\
3al f,\
N#K0`=;#_
{JG)5sK
)8~;<cXF
!<O2cU
W7`Y=0
*2>QTs]
VP67q<*
a+yr:rX
f-3[K9
%nHkOA!
q6r+=h
01>Mr8*
Y8{(MQ
3LTTR*S
G:w7ukIE
1E+eO+
=U8QJ.|l
ak[YK1
r)D@ M
;~Wct!rJ
x/GJMS
<}BWsN(
?|C5O^
Q" :bc
oj+?DH
gg_j=St
g693>,
YHjGf(H=
qo>II=
)/KG;V
n.4@/
<J3d!V.X
dhi!5/b
8QS7huy
mW4@k{
c MZ6N
Gflz~BJ=R
!fTV_tL
-CE],~
;q?1"J
$?q)yC
eLVyh8
z}I+vc.h
wBDd5
utTE+*
w^'dE3
#|%o~@
wi+)2$
#5w, V
bwelWi
,Prea7E~
{{MQpj
t9INr;q49
\z\an9
>nYH;o
-O2D89o
]iRETH
k_&8]!
VZ'>p}
T$in|~
,9a*PPq
mz/wy:4
X=<XSA
VL5X?6#
fjaInb
Aknt6`
6E2BZ,
"HQ9N4
Rfz?))
y@yE*.
n`&-Ol
T/AmWO
~~JUuD
>6nWs}
/ba^N<
IS.Xh%
,ixq'\
OP"DnG
nU0a20
NXXM|(
I~e>T7/
7+#\nG
r`~VKV%
~/Rdr=
3A4]Ra
Jw/jv85
50Cum#Wt$i
Qs*dOj
e?9]sY
\&QM;)L
=T5$ky
Ij9=*W
Se?WaJ
CAaB\t
{:{e54
>'p&C;!oq
:`Z&i7o
c!fH&n
_:b)qB!
=iIK!^
/=|a h
_A+K+=
uqz/Qf
$~5x*x
.qG1NS
].c#klp.
{=;5w-
_hxm=2
IC_P5t-9n
^lyrF8
xQ&>pATH
vy/y>qu
JVU66&
9BCl
h*qcjs.
#<d@JY
tB`{m&t
yZv9J&
E,^*Op
.|8e7s
$}k"l`
[fd9MG
He]2UXS
gyTsB-*'
-8Toe(
+ywAnJ
?Sm`(>
Ti3mG#t
_|=Em-T<F
d"{DP@U
$nE) qM
V/bHm:n
,hGf7?
3r?{!K
5C(j}U
U~Rk-cU
"d}=DI
:Dc47H
=G~G/
[05kA@
c:BfOCp
]A"9`?
e?m*kk
2^sIN?
^Y>SGY
F 5h>k4
3?LE!H
wP,iqv
63kqKL
tn$*3@"
xl:?q+R
EiC(q-
poI^L_
d.4-:(6%
-dQkdj
jet:&;
:0ibhH
P3:n&
a(wa\%o(
[+&sJs
|pUh$e
?mP7U<[
G!jl/z
1-c)[c
R2^B[u
9w"^M!
gl>E&Su
WOi'.t
0,*FI M
Exhgx&r&BH4
YfBSb
aq?E7ND8
If/ )w
R"98p
XPmhH.
qqH=;
?KQ9pb
$Xo$<}|
L3#vCy
@&~N$9&.K
V- knd
\/$zpW
UBb_eI
"%y{HU:5
59G`i"
_f69SS
q)!Hx>
A$p5sy
nCWtUz2
Y}^Z^@
q_'\.Z}
$[|:WR
CqVL%_
kS"6?}
a=W$\Q
FlCk+.:
qxDJ=|
7#vp1z/
-K%l/5b
5dN:tr
6,'.5"
H9[n%W4
E8W\im
acI?`x0%j
GylFs0
=B<FFvZ
|F 0WKv
7]_6e
>O<Ik% f
CS*?xn$Lx
B7r%4.f<
HVu?R{!gV#
Z0nqkS|
f!]J!4
|BGye%p?
w9/}(29E!
?zGFkr
;=AgdjA
+!A4\V
BF&Rro
UtYcM;#1i?
To_C$i
3 T 9P
:i_3x9
Krzap/-
#dp|by
c9(k TL
Z%0KU)
N^qthw
2VYQ=>
z![p&6
3j}eAx
Z .3Zp]
8"qVkoErZ
UI3;o%A
_'^"8V
S[K=Y'-U
^f8y2z
i*wV=7*
/5K Y)
'({1ap*
[pQ.Kk
B[baix
XJkNe6
0$cb/
+Q8^v9
Y_D6"^
g/l"?o
q|yJ\?
~&EIuN
?rlrtYxY\
3_8#9l
$ax4@Mf
vP|</jk
q^%vCh
*j6M\J>c
#H9p@dW
f0)VX
Pf]dK*z
r>I*!?Z<
Tx4_9T
\~wlo/
/GSA<_
B=?*8D
;uuI&>Ok?o
H;~uf
CT}]w@
ov5|3.
7"3D~%
L,v|(o
^&Sv|(
*uSpf<
(+X5/a'
kNjKg<
@^J-Qcw
d{fuQT
?UK!(O
Y+Kz"v
G<,!9K
3d"LHt
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Bjlog.lzuS
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Graftor.945714
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Generic.2919
McAfee Artemis!665D90FC3264
Cylance unsafe
VIPRE Gen:Variant.Graftor.945714
Sangfor Trojan.Win32.FlyStudio.Vaou
CrowdStrike win/malicious_confidence_70% (W)
BitDefender Gen:Variant.Graftor.945714
K7GW Trojan ( 005257651 )
K7AntiVirus Trojan ( 005257651 )
BitDefenderTheta Gen:NN.ZexaF.36164.rmGdayXyRTi
VirIT Clean
Cyren W32/Downloader.AT.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Siscos.acer
Alibaba TrojanDownloader:Win32/FlyStudio.ae13fb70
NANO-Antivirus Trojan.Win32.Drop.jvoaam
ViRobot Trojan.Win.Z.Graftor.288385
Rising Trojan.Siscos!8.2A3A (CLOUD)
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
F-Secure Heuristic.HEUR/AGEN.1331417
DrWeb Clean
Zillya Virus.Hupigon.Win32.5
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Trapmine malicious.high.ml.score
FireEye Generic.mg.665d90fc3264e6f0
Emsisoft Gen:Variant.Graftor.945714 (B)
Ikarus Trojan.Crypt
GData Gen:Variant.Graftor.945714
Jiangmin Trojan/StartPage.nxa
Webroot Clean
Avira HEUR/AGEN.1331417
Antiy-AVL Trojan/Win32.FlyStudio.a
Gridinsoft Pack.Win32.Gen.bot!ep-44128
Xcitium Backdoor.Win32.Popwin.~IQ@ogvrk
Arcabit Trojan.Graftor.DE6E32
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win32.Siscos.acer
Microsoft Trojan:Win32/Tiggre!rfn
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5229540
Acronis Clean
ALYac Gen:Variant.Graftor.945714
MAX malware (ai score=82)
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes Malware.Heuristic.1003
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CDJ23
Tencent Win32.Trojan.Siscos.Mcnw
Yandex Packed/NSPack
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet Riskware/Application
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
No IRMA results available.