popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-03-15 09:09:30

PE Imphash

851b3b915be34ffd02bc31b65dd9a2a1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00014108 0x00014200 6.11428034069
.data 0x00016000 0x00000160 0x00000200 1.46011942199
.rdata 0x00017000 0x00001b20 0x00001c00 5.03338011195
.pdata 0x00019000 0x00000cd8 0x00000e00 4.57360923255
.xdata 0x0001a000 0x00000b54 0x00000c00 4.16349659674
.bss 0x0001b000 0x00000e80 0x00000000 0.0
.idata 0x0001c000 0x0000100c 0x00001200 4.1383360717
.CRT 0x0001e000 0x00000070 0x00000200 0.406023500602
.tls 0x0001f000 0x00000010 0x00000200 0.0
.rsrc 0x00020000 0x000004e8 0x00000600 4.77847716838
.reloc 0x00021000 0x0000009c 0x00000200 1.85957720799

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00020058 0x0000048f LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library KERNEL32.dll:
0x14001c3c4 AddAtomA
0x14001c3d4 CloseHandle
0x14001c3dc CreateEventA
0x14001c3e4 CreateMutexA
0x14001c3ec CreateSemaphoreA
0x14001c3f4 DeleteAtom
0x14001c3fc DeleteCriticalSection
0x14001c404 DuplicateHandle
0x14001c40c EnterCriticalSection
0x14001c414 FindAtomA
0x14001c41c FormatMessageA
0x14001c424 GetAtomNameA
0x14001c42c GetCurrentProcess
0x14001c434 GetCurrentProcessId
0x14001c43c GetCurrentThread
0x14001c444 GetCurrentThreadId
0x14001c44c GetHandleInformation
0x14001c454 GetLastError
0x14001c45c GetModuleHandleA
0x14001c464 GetProcAddress
0x14001c46c GetProcessAffinityMask
0x14001c474 GetStartupInfoA
0x14001c47c GetSystemTimeAsFileTime
0x14001c484 GetThreadContext
0x14001c48c GetThreadPriority
0x14001c494 GetTickCount
0x14001c4a4 IsDBCSLeadByteEx
0x14001c4ac IsDebuggerPresent
0x14001c4b4 LeaveCriticalSection
0x14001c4bc LocalFree
0x14001c4c4 MultiByteToWideChar
0x14001c4cc OpenProcess
0x14001c4d4 OutputDebugStringA
0x14001c4dc QueryPerformanceCounter
0x14001c4ec RaiseException
0x14001c4f4 ReleaseMutex
0x14001c4fc ReleaseSemaphore
0x14001c50c ResetEvent
0x14001c514 ResumeThread
0x14001c51c SetEvent
0x14001c524 SetLastError
0x14001c52c SetProcessAffinityMask
0x14001c534 SetThreadContext
0x14001c53c SetThreadPriority
0x14001c54c Sleep
0x14001c554 SuspendThread
0x14001c55c TlsAlloc
0x14001c564 TlsGetValue
0x14001c56c TlsSetValue
0x14001c574 TryEnterCriticalSection
0x14001c57c VirtualProtect
0x14001c584 VirtualQuery
0x14001c58c WaitForMultipleObjects
0x14001c594 WaitForSingleObject
0x14001c59c __C_specific_handler
Library msvcrt.dll:
0x14001c5ac ___lc_codepage_func
0x14001c5b4 ___mb_cur_max_func
0x14001c5bc __getmainargs
0x14001c5c4 __initenv
0x14001c5cc __iob_func
0x14001c5d4 __lconv_init
0x14001c5dc __set_app_type
0x14001c5e4 __setusermatherr
0x14001c5ec _acmdln
0x14001c5f4 _amsg_exit
0x14001c5fc _beginthreadex
0x14001c604 _cexit
0x14001c60c _commode
0x14001c614 _endthreadex
0x14001c61c _errno
0x14001c624 _fmode
0x14001c62c _initterm
0x14001c634 _memccpy
0x14001c63c _onexit
0x14001c644 _setjmp
0x14001c64c _strdup
0x14001c654 _ultoa
0x14001c65c abort
0x14001c664 atoi
0x14001c66c calloc
0x14001c674 clock
0x14001c67c exit
0x14001c684 fprintf
0x14001c68c free
0x14001c694 fwrite
0x14001c69c getc
0x14001c6a4 islower
0x14001c6ac isspace
0x14001c6b4 isupper
0x14001c6bc isxdigit
0x14001c6c4 localeconv
0x14001c6cc longjmp
0x14001c6d4 malloc
0x14001c6dc memcpy
0x14001c6e4 memmove
0x14001c6ec memset
0x14001c6f4 printf
0x14001c6fc realloc
0x14001c704 signal
0x14001c70c strlen
0x14001c714 strncmp
0x14001c71c strtol
0x14001c724 strtoul
0x14001c72c tolower
0x14001c734 ungetc
0x14001c73c vfprintf
!This program cannot be run in DOS mode.
P`.data
.rdata
`@.pdata
0@.xdata
0@.bss
.idata
.reloc
AUATUWVSH
[^_]A\A]
[^_]A\A]
UAWAVAUATWVSH
[^_A\A]A^A_]
UAWAVAUATWVSH
[^_A\A]A^A_]
ATWVSH
([^_A\H
:MZuWHcB<H
AVAUATUWVSH
[^_]A\A]A^
[^_]A\A]A^
AVAUATUWVSH
L9 siH
[^_]A\A]A^
[^_]A\A]A^
AUATSH
[A\A]
Error clH
eaning uH
p spin_kH
eys for H
thread
AUATVSH
([^A\A]
AWAVAUATUWVSH
([^_]A\A]A^A_
ATUWVSH
@[^_]A\
@[^_]A\
AWAVAUATUWVSH
8[^_]A\A]A^A_
8[^_]A\A]A^A_
AVAUATSH
([A\A]A^
AUATVSH
8[^A\A]
AUATWVSH
@[^_A\A]
@[^_A\A]
@[^_A\A]
AVAUATUWVSH
0[^_]A\A]A^
0[^_]A\A]A^
AWAVAUATUWVSH
([^_]A\A]A^A_
AVAUATVSH
[^A\A]A^
AWAVAUATUWVSH
9sHv9L
([^_]A\A]A^A_
AUATSH
AUATVSH
[^A\A]
[^A\A]
ATWVSH
([^_A\
([^_A\
ATWVSH
([^_A\
([^_A\
AVAUATUWVSH
@[^_]A\A]A^
@[^_]A\A]A^
ATWVSH
8[^_A\
8[^_A\
8[^_A\
ATWVSH
H[^_A\
H[^_A\
H[^_A\
AUATVSH
([^A\A]
([^A\A]
([^A\A]
aaaaaaaaH
aaaaaaaaH
AUATWVSH
0[^_A\A]
0[^_A\A]
AVAUATUWVSH
0[^_]A\A]A^
ATWVSH
([^_A\
([^_A\
([^_A\
([^_A\
AUATWVSH
[^_A\A]
[^_A\A]
[^_A\A]
ATWVSH
([^_A\
AWAVAUATSH
[A\A]A^A_
AVAUATVSH
0[^A\A]A^
AWAVAUATSH
[A\A]A^A_
[A\A]A^A_
AWAVAUATSH
[A\A]A^A_
[A\A]A^A_
AWAVAUATSH
[A\A]A^A_
[A\A]A^A_
AWAVAUATSH
[A\A]A^A_
[A\A]A^A_
AVAUATSH
([A\A]A^
([A\A]A^
AVAUATWVSH
H[^_A\A]A^
H[^_A\A]A^
AVAUATUWVSH
@[^_]A\A]A^
@[^_]A\A]A^
@[^_]A\A]A^
AUATVSH
([^A\A]
([^A\A]
([^A\A]
ATUWVSH
[^_]A\
AUATSH
[A\A]
AUATWVSH
0[^_A\A]
0[^_A\A]
0[^_A\A]
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATVSH
8[^A\A]A^A_
AUATSH
@[A\A]
@[A\A]
@[A\A]
@[A\A]
AUATUWVSH
[^_]A\A]
[^_]A\A]
AUATUWVSH
8[^_]A\A]
AVAUATUWVSH
[^_]A\A]A^
[^_]A\A]A^
AUATVSH
8[^A\A]
8[^A\A]
8[^A\A]
AVAUATVSH
[^A\A]A^
[^A\A]A^
AWAVAUATUWVSH
[^_]A\A]A^A_
<'t,<Iup
<6t8<3tLA
H9D$HuqH
\$HHc|$PL
D$xA8D8
L+D$hL
H9T$Xt
H9T$Xt
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
H[^_]A\A]A^A_
AUATSH
[A\A]
[A\A]
AWAVAUATUWVSH
[^_]A\A]A^A_
D$H+D$P
\$\+|$@
|$X;D$@}
;D$Xu9
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
ATUWVSHcY
[^_]A\
[^_]A\
AWAVAUATUWVSH
8[^_]A\A]A^A_
AUATVSH
([^A\A]
AWAVAUATUWVSH
([^_]A\A]A^A_
AVAUATUWVSH
[^_]A\A]A^
AVAUATUWVSH
[^_]A\A]A^
ATUWVSH
[^_]A\
[^_]A\
ATSHcA
ATUWVSH
[^_]A\
D$(+D$,fH
AUATWVSH
@[^_A\A]
AVAUATUWVSH
@[^_]A\A]A^
ATWVSH
H[^_A\
955a4058454456254445fbcf76e373427051a5161070755458b03002b20c21b2001bd188c9a19ae97610111129b5911affff8c7a229f52f50d30429dfdc37ea28f4aef21fa2ffbe0260133994600e295582c35507d84300d4105554667044cb5bd8e28442f0fff3af74f6622225745620c8f23d43454623a7c7351f46af0b544f760023011801cd1851b9491540198189ec791981a19ae882d8f2f6c44a59a3d1eb37e099a52540d9730464422fbce6a645f0938090650329454436e41704c8cc784d5448664fc582453db3485048a2a07f884e7463347526302deb8b3e335c606ac5650880bd049804c800330168881288288f8111bb0e18b75af108637881bf926048f3e5310b651c059f4b45047461c1a8b298eab59958f08050089015b8052f541847e87841f4c3d484555177bd344108444f5d5108e689f4d9f056626462366fd832e12027783fd2ee725aedf4104e0b804532c182b9c1b1b78881890418902e415d1a2a91d2faa980c035670a3df07c0c540459583ef4e441f06fb5f0a667b06e800570a07801e44357c0c58864404e324854eeb0444b5069c35d04c70003b496fbe8066262633660b9e7338dbdf2870bc6dcb47fb300d421245c33801b21212604461c0548b11f990180a301f9125a91b1109bd2ead14e59820e66e96e2f86654815e8074a0685f9b1180f8024883e280d85320268785da7444045f44
Unknown error
Argument domain error (DOMAIN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Argument singularity (SIGN)
_matherr(): %s in %s(%g, %g) (retval=%g)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
%p not found?!?!
once %p is %d
T%p %d %s
T%p %d V=%0X H=%p %s
failed to to lock cleanup mutex
__shmem3_winpthreads_tdm_
failed to to lock creation mutex
failed to add string to atom table
failed to get string from atom
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)
Assertion failed: (%s), file %s, line %d
RWL%p %d %s
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
C%p %d %s
C%p %d V=%0X w=%ld %s
0123456789
abcdef
ABCDEF
GCC: (GNU) 10.3.0
GCC: (tdm64-1) 10.3.0
GCC: (tdm64-1) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (tdm64-1) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (GNU) 10.3.0
GCC: (tdm64-1) 10.3.0
AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
FormatMessageA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_memccpy
_onexit
_setjmp
_strdup
_ultoa
calloc
fprintf
fwrite
islower
isspace
isupper
isxdigit
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strlen
strncmp
strtol
strtoul
tolower
ungetc
vfprintf
KERNEL32.dll
msvcrt.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!--The ID below indicates application support for Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!--The ID below indicates application support for Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!--The ID below indicates application support for Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Trojan.GenericKDZ.95079
Malwarebytes Malware.AI.1789148421
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:Win64/Cobalt.9dc9a9ec
K7GW Trojan ( 005811cf1 )
K7AntiVirus Clean
Arcabit Trojan.Generic.D17367
Baidu Clean
VirIT Clean
Cyren W64/Rozena.DW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/Rozena.LF
APEX Clean
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Cobalt.eax
BitDefender Trojan.GenericKDZ.95079
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKDZ.95079
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Rozena.pucbe
DrWeb BackDoor.CobaltStrike.182
VIPRE Trojan.GenericKDZ.95079
TrendMicro Backdoor.Win64.COBEACON.YXDFJZ
McAfee-GW-Edition RDN/Generic BackDoor
Trapmine Clean
FireEye Trojan.GenericKDZ.95079
Emsisoft Trojan.GenericKDZ.95079 (B)
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira TR/Rozena.pucbe
Antiy-AVL Trojan/Win64.ShellcodeRunner
Gridinsoft Trojan.Win64.CobaltStrike.bot
Xcitium Clean
Microsoft Trojan:Win64/CobaltStrike.SPW!MTB
ViRobot Trojan.Win.Z.Rozena.105472.S
ZoneAlarm Backdoor.Win32.Cobalt.eax
GData Trojan.GenericKDZ.95079
Google Detected
AhnLab-V3 Trojan/Win.Generic.R572731
Acronis Clean
McAfee Artemis!1747AF9F1B9D
MAX malware (ai score=80)
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Backdoor.Win64.COBEACON.YXDFJZ
Tencent Malware.Win32.Gencirc.10be7bc0
Yandex Clean
Ikarus Trojan.Win64.Rozena
MaxSecure Clean
Fortinet W64/Rozena.KP!tr
BitDefenderTheta Clean
AVG Win64:BackdoorX-gen [Trj]
Cybereason Clean
Avast Win64:BackdoorX-gen [Trj]
No IRMA results available.