popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2017-04-09 11:40:35

PE Imphash

3d2b95b998469ac775106242f347c0e1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00016000 0x00000000 0.0
UPX1 0x00017000 0x00008000 0x00007400 7.93411525256
.rsrc 0x0001f000 0x00001000 0x00000a00 3.10774404196

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x00017810 0x00000428 LANG_FRENCH SUBLANG_FRENCH data
RT_BITMAP 0x00017810 0x00000428 LANG_FRENCH SUBLANG_FRENCH data
RT_MENU 0x000182ec 0x000003ce LANG_FRENCH SUBLANG_FRENCH data
RT_MENU 0x000182ec 0x000003ce LANG_FRENCH SUBLANG_FRENCH data
RT_MENU 0x000182ec 0x000003ce LANG_FRENCH SUBLANG_FRENCH data
RT_MENU 0x000182ec 0x000003ce LANG_FRENCH SUBLANG_FRENCH data
RT_DIALOG 0x000186bc 0x0000012e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_STRING 0x00019e54 0x0000008e LANG_FRENCH SUBLANG_FRENCH data
RT_ACCELERATOR 0x00019f9c 0x00000070 LANG_FRENCH SUBLANG_FRENCH data
RT_ACCELERATOR 0x00019f9c 0x00000070 LANG_FRENCH SUBLANG_FRENCH data
RT_ACCELERATOR 0x00019f9c 0x00000070 LANG_FRENCH SUBLANG_FRENCH data
RT_VERSION 0x0001f5cc 0x00000324 LANG_FRENCH SUBLANG_FRENCH data
None 0x0001a344 0x0000001e LANG_FRENCH SUBLANG_FRENCH data
None 0x0001a344 0x0000001e LANG_FRENCH SUBLANG_FRENCH data

Imports

Library KERNEL32.DLL:
0x41f954 LoadLibraryA
0x41f958 ExitProcess
0x41f95c GetProcAddress
0x41f960 VirtualProtect
Library MFC42.DLL:
0x41f968 None
Library MSVCRT.dll:
0x41f970 exit
Library USER32.dll:
0x41f978 wsprintfA
!This program cannot be run in DOS mode.
1o>.'x<
FYxxaC
JAOI0sa
q+lcoB
S)iFZT
+%%'u?q{N
e9K?m?
,57cH[/
a"Lz1'
1@v>*:
UHXUf.
uep#4,
BQNvXYB
G`~4P7K
fX5w^TDd
?hVm=j
`7i+0LO
NE<StP
"wou*B
iu4R?7
#MvSLuP
X1@wsa
O-Z4[[
s9Dthn
yZ</z#
F54B*r
R'wBHGvj"
g0!L| ^
N6f|7]
3dOElT/
d2u_9A
[Wt#?q
wrL*&])!
(p/bN#
kq[uP1
\uJq(
4Ch4HJ
WHf&5}
=^CvV`'
u|2Fj,
zE[AiLZ
)h4}gF
/f\o%O
6nK=P
..to?2
;<%{nt\
\Z`T$Nw
+1B0f+
pkoQO
2uXsu@B
l)N=2!
%'`C.Z
+ZuXm_
Xhc*9@
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
)D$H)
9l$\w_
XPTPSW
KERNEL32.DLL
MFC42.DLL
MSVCRT.dll
USER32.dll
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
wsprintfA
VS_VERSION_INFO
StringFileInfo
040C04B0
CompanyName
FileDescription
Application MFC MFC KING 2017
FileVersion
1, 0, 0, 1
InternalName
MFC KING 2017
LegalCopyright
Copyright (C) 2017
LegalTrademarks
OriginalFilename
MFC KING 2017.EXE
ProductName
Application MFC KING 2017
ProductVersion
1, 0, 0, 1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (moderate confidence)
ClamAV Win.Malware.Siscos-6993581-0
CMC Clean
CAT-QuickHeal Trojan.SiscosRI.S8512495
ALYac Gen:Heur.RI.1
Cylance unsafe
VIPRE Gen:Heur.RI.1
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 00522d7f1 )
BitDefender Gen:Heur.RI.1
K7GW Trojan ( 00522d7f1 )
Cybereason malicious.058166
Baidu Clean
VirIT Clean
Cyren W32/Siscos.E.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Win32/Farfli.CEN
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Siscos.wbm
Alibaba Clean
NANO-Antivirus Trojan.Win32.Siscos.enrcbv
ViRobot Clean
MicroWorld-eScan Gen:Heur.RI.1
Rising Backdoor.Venik!8.11E (TFE:5:Uqd4uAhaXbC)
Sophos Troj/AutoG-AD
F-Secure Clean
DrWeb Trojan.DownLoader23.39271
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition GenericRXIX-IO!00EE04BB9E02
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.ff8a7fe058166ccb
Emsisoft Gen:Heur.RI.1 (B)
SentinelOne Static AI - Suspicious PE
GData Win32.Trojan.Siscos.A
Jiangmin Trojan.Siscos.ks
Webroot Clean
Avira HEUR/AGEN.1234095
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.SelfDel
Gridinsoft Trojan.Win32.Agent.vb!n
Xcitium TrojWare.Win32.GameThief.Magania.~NWABU@18g2sq
Arcabit Trojan.RI.1
SUPERAntiSpyware Backdoor.Farfli/Variant
ZoneAlarm Clean
Microsoft Backdoor:Win32/Farfli.BH!MTB
Google Detected
AhnLab-V3 Trojan/Win32.RL_Siscos.R302641
Acronis Clean
McAfee GenericRXIX-IO!00EE04BB9E02
TACHYON Trojan/W32.Siscos.110592.C
VBA32 Trojan.Siscos
Malwarebytes Clean
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Trojan.Win32.Siscos.za
Yandex Trojan.GenAsa!G5Cq9PqIIJA
Ikarus Trojan.Win32.Farfli
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Farfli.CEN!tr
BitDefenderTheta Gen:NN.ZexaF.36308.cmKfa4Gr0Eke
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
No IRMA results available.