popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-03-12 20:55:03

PE Imphash

9d40dd67bb6cfbfeb09c141d693f05f0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002d9e 0x00002e00 5.64064475572
.rdata 0x00004000 0x00000a55 0x00000c00 4.54369479434
.data 0x00005000 0x00000253 0x00000400 3.34245202621
.pdata 0x00006000 0x000001b0 0x00000200 3.47203484309

Imports

Library user32.dll:
0x1800040f8 wsprintfA
Library ws2_32.dll:
0x180004108 getaddrinfo
0x180004110 closesocket
0x180004118 shutdown
0x180004120 send
0x180004128 setsockopt
0x180004130 freeaddrinfo
0x180004138 recv
0x180004140 WSAIoctl
0x180004148 select
0x180004150 connect
0x180004158 inet_ntoa
0x180004160 inet_addr
0x180004168 htons
0x180004170 ioctlsocket
0x180004178 WSAStartup
0x180004180 socket
Library advapi32.dll:
0x180004000 GetTokenInformation
0x180004008 OpenProcessToken
0x180004010 GetSidSubAuthority
Library kernel32.dll:
0x180004020 WriteFile
0x180004028 SetFilePointer
0x180004030 CreateFileA
0x180004038 VirtualFree
0x180004040 LocalFree
0x180004048 LocalAlloc
0x180004050 GetLocalTime
0x180004058 SetEvent
0x180004060 WaitForSingleObject
0x180004068 ExitThread
0x180004070 CloseHandle
0x180004078 CreateThread
0x180004080 GetVolumeInformationA
0x180004088 VirtualAlloc
0x180004090 SystemTimeToFileTime
0x180004098 Sleep
0x1800040a0 GetCurrentProcess
0x1800040a8 FileTimeToSystemTime
0x1800040b0 CreateEventA
Library secur32.dll:
0x1800040e0 GetUserNameExA
0x1800040e8 GetUserNameExW
Library ole32.dll:
0x1800040c0 CoUninitialize
0x1800040c8 CoCreateInstance
0x1800040d0 CoInitialize

Exports

Ordinal Address Name
1 0x180001020 rundll
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
8A_A^A]A\^_[]
SWVATAUAVAWH
(A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
PSWVATAUAVAWH
A_A^A]A\^_[X]
PSWVATAUAVAWH
xorduX
A_A^A]A\^_[X]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
(A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
SWVATAUAVAWH
A_A^A]A\^_[]
wsprintfA
user32.dll
WSAStartup
ioctlsocket
connect
select
WSAIoctl
socket
setsockopt
shutdown
closesocket
getaddrinfo
freeaddrinfo
inet_ntoa
inet_addr
ws2_32.dll
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
advapi32.dll
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateEventA
VirtualAlloc
GetVolumeInformationA
CreateThread
CloseHandle
ExitThread
WaitForSingleObject
SetEvent
GetCurrentProcess
LocalAlloc
LocalFree
VirtualFree
CreateFileA
SetFilePointer
WriteFile
kernel32.dll
GetUserNameExW
GetUserNameExA
secur32.dll
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
socks64.dll
rundll
BEGINDATA
HOST1:65.21.119.52
HOST2:localhost.exchange
PORT1:4277
a2guard.exe
start2
ALLUSERSPROFILE
win32app
Microsoft
ntdll.dll
LoadLibraryA
powershell
-WindowStyle Hidden -ep bypass -file "
kernel32.dll
RtlGetVersion
GET %s HTTP/1.0
Host: %s
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Connection: close
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Sybici.4!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Lazy.85967
ClamAV Clean
FireEye Generic.mg.4c09e8e3a1d837f1
CAT-QuickHeal Trojan.SystemBC.S27791300
ALYac Gen:Variant.Lazy.85967
Cylance unsafe
VIPRE Gen:Variant.Lazy.85967
Sangfor Backdoor.Win32.Coroxy.Vrv6
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.85967
K7GW Trojan ( 0056e4c51 )
K7AntiVirus Trojan ( 0056e4c51 )
Baidu Clean
VirIT Clean
Cyren W64/ABRisk.FKYM-8768
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Coroxy.A
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan-Proxy.Win32.Sybici.va
Alibaba Trojan:Win32/SystemBC.da117b51
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Coroxy.17408.A
Rising Backdoor.Coroxy!8.12282 (TFE:2:Tk58K9rsafI)
TACHYON Clean
Emsisoft Gen:Variant.Lazy.85967 (B)
F-Secure Heuristic.HEUR/AGEN.1302393
DrWeb BackDoor.Coroxy.1
Zillya Trojan.Coroxy.Win64.13
TrendMicro Backdoor.Win64.COROXY.SMTH
McAfee-GW-Edition RDN/Generic BackDoor
Trapmine Clean
CMC Clean
Sophos Troj/Coroxy-A
SentinelOne Static AI - Suspicious PE
GData Gen:Variant.Lazy.85967
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1302393
Antiy-AVL Trojan/Win64.Coroxy
Gridinsoft Trojan.Win64.Gen.cl
Xcitium Clean
Arcabit Trojan.Lazy.D14FCF
SUPERAntiSpyware Clean
ZoneAlarm Trojan-Proxy.Win32.Sybici.va
Microsoft Trojan:Win32/SystemBC.SA
Google Detected
AhnLab-V3 Trojan/Win.Generic.C4452892
Acronis Clean
McAfee Artemis!4C09E8E3A1D8
MAX malware (ai score=80)
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes Malware.AI.3928362742
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan-Proxy.Sybici.Ymhl
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.205382659.susgen
Fortinet W64/Coroxy.A!tr
BitDefenderTheta Clean
AVG Win64:BackdoorX-gen [Trj]
Avast Win64:BackdoorX-gen [Trj]
No IRMA results available.