popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2010-04-15 07:06:53

PE Imphash

b4c6fff030479aa3b12625be67bf4914

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000104e 0x00001200 0.168100494025
.rdata 0x00003000 0x00000084 0x00000200 0.963086734599
.mydf 0x00004000 0x00000248 0x00000400 4.03979556918

Imports

Library KERNEL32.dll:
0x140003000 VirtualAlloc
0x140003008 ExitProcess
!This program cannot be run in DOS mode.
Rich}E
`.rdata
@.mydf
PAYLOAD:
ExitProcess
VirtualAlloc
KERNEL32.dll
AQAPRQVH1
AXAX^YZAXAYAZH
ws2_32
VPAPAPAPI
KERNEL32.dll
VirtualAlloc
ExitProcess
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Shelma.W!c
Elastic Windows.Trojan.Metasploit
MicroWorld-eScan Trojan.Metasploit.A
ClamAV Win.Trojan.MSShellcode-6
CMC Clean
CAT-QuickHeal HackTool.Metasploit.S9212471
McAfee Trojan-FJIN!D32A31A37673
Malwarebytes Trojan.MalPack
Zillya Trojan.Shelma.Win64.9753
Sangfor HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus Trojan ( 004fae881 )
BitDefender Trojan.Metasploit.A
K7GW Trojan ( 004fae881 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Trojan.Win32.Generic.BZPS
Cyren W64/S-c4a4ef26!Eldorado
tehtris Clean
ESET-NOD32 a variant of Win64/Rozena.M
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Alibaba Trojan:Win64/Shelma.34150421
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
TACHYON Clean
Sophos ATK/Meter-A
F-Secure Backdoor.BDS/ShellCodeF.641
DrWeb BackDoor.Shell.244
VIPRE Trojan.Metasploit.A
TrendMicro TROJ64_SWRORT.SM1
Trapmine malicious.high.ml.score
Emsisoft Trojan.Metasploit.A (B)
Ikarus Trojan.Win64.Meterpreter
Webroot W32.Trojan.Gen
Avira BDS/ShellCodeF.641
Antiy-AVL GrayWare/Win32.Rozena.j
Gridinsoft Trojan.Win64.ShellCode.sd!s1
Xcitium Clean
Arcabit Trojan.Metasploit.A
ViRobot Clean
ZoneAlarm Trojan.Win64.Shelma.b
GData Win64.Trojan.Rozena.A
Google Detected
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
MAX malware (ai score=85)
DeepInstinct MALICIOUS
Cylance unsafe
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ64_SWRORT.SM1
Tencent Hacktool.Win64.Rozena.a
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Rozena.J!tr
Panda Trj/CI.A
No IRMA results available.