popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-01-10 22:01:26

PE Imphash

b76b81f4a49e6d89fb9b3188ab53b9e6

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002198 0x00002200 6.01579975787
.data 0x00004000 0x000000d0 0x00000200 0.800747928012
.rdata 0x00005000 0x00000fc0 0x00001000 4.76685662665
.pdata 0x00006000 0x00000270 0x00000400 2.67874302883
.xdata 0x00007000 0x00000214 0x00000400 2.5603824252
.bss 0x00008000 0x00000980 0x00000000 0.0
.idata 0x00009000 0x00000830 0x00000a00 3.50362208811
.CRT 0x0000a000 0x00000068 0x00000200 0.27091922826
.tls 0x0000b000 0x00000010 0x00000200 0.0
.rsrc 0x0000c000 0x000004e8 0x00000600 4.77847716838

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000c058 0x0000048f LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library KERNEL32.dll:
0x409214 EnumSystemLocalesW
0x40921c GetCurrentProcess
0x409224 GetCurrentProcessId
0x40922c GetCurrentThreadId
0x409234 GetLastError
0x40923c GetStartupInfoA
0x40924c GetTickCount
0x409254 HeapAlloc
0x40925c HeapCreate
0x40927c RtlAddFunctionTable
0x409284 RtlCaptureContext
0x409294 RtlVirtualUnwind
0x4092a4 Sleep
0x4092ac TerminateProcess
0x4092b4 TlsGetValue
0x4092c4 VirtualProtect
0x4092cc VirtualQuery
Library msvcrt.dll:
0x4092e4 __getmainargs
0x4092ec __initenv
0x4092f4 __iob_func
0x4092fc __lconv_init
0x409304 __set_app_type
0x40930c __setusermatherr
0x409314 _acmdln
0x40931c _amsg_exit
0x409324 _cexit
0x40932c _fmode
0x409334 _initterm
0x40933c _onexit
0x409344 abort
0x40934c atoi
0x409354 calloc
0x40935c clock
0x409364 exit
0x40936c fprintf
0x409374 free
0x40937c fwrite
0x409384 malloc
0x40938c memcpy
0x409394 memmove
0x40939c signal
0x4093a4 sscanf
0x4093ac strlen
0x4093b4 strncmp
0x4093bc vfprintf
!This program cannot be run in DOS mode.
P`.data
.rdata
`@.pdata
0@.xdata
0@.bss
.idata
AUATUWVSH
[^_]A\A]
[^_]A\A]
UAWAVAUATWVSH
[^_A\A]A^A_]
ATUWVSH
0[^_]A\
0[^_]A\
ATUWVSH
P[^_]A\
P[^_]A\
UAWAVAUATWVSH
[^_A\A]A^A_]
ATUWVSH
[^_]A\
ATWVSH
([^_A\H
tNHcA<H
tTIcB<L
tCHcA<H
tKIcA<L
tSIcK<L
95475843044544385428104942466663935ad44114220e0243021081cb208b0d1c36101120911d18911295e8968c15e50c4236fdf499e45e131b7c243b44db4a7d414a1c200358040884595528608280824c4468d54f0bfb4c4c44d8534d0780670362677b4776666622046c8548f70ef92628c82bab445fb2c850320062bc280b040691c0b180fae9a09a13119bb1adb409192b054d40a12749e89dfb75b9e4920db6363f96c03014f1035851e9545732488044d4f2d0042e6784c4540b3deff42f8030d19635ae2666566760fd26202ad5280809546d28e00bad408c5033018b2cc1b208918541c81c0d7cc1131aa88af99aff0f08d48e6aea90c0f244d38b8dab89250d724ba795db00885a08080e2f4385a254701003700445e55647357b6544bd8cbd0e27528cb05d36762772705173a8fe79bcce2591af1e240054d0475023c1180001250818108988838f967d0b8171d158715fbfe5d31a2034cd5b74f1a391d45e94b4b7fc9b38e4ea1a0a89054705345d44c443744d4ce4448584f6e244e058c3444c48cdf37d2f6f507663375360ad16095e603a0bd0035890fbb1b984dbd03381288112c28b08085444e81fe96215b199128f025f3fb96fb7ef0ecfb030400bf677e26edb3ad346d95500e901389f650400846103c54088e8a33280545f680d5d1498c585f5cfefff4d2ec8566623222571fc0fa9f94220483e38
Unknown error
Argument domain error (DOMAIN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Argument singularity (SIGN)
_matherr(): %s in %s(%g, %g) (retval=%g)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
.pdata
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
GCC: (tdm64-1) 9.2.0
DeleteCriticalSection
EnterCriticalSection
EnumSystemLocalesW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
calloc
fprintf
fwrite
malloc
memcpy
memmove
signal
sscanf
strlen
strncmp
vfprintf
KERNEL32.dll
msvcrt.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!--The ID below indicates application support for Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!--The ID below indicates application support for Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!--The ID below indicates application support for Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Cobalt.4!c
Elastic malicious (high confidence)
DrWeb BackDoor.Meterpreter.157
MicroWorld-eScan Trojan.GenericKD.67450070
ClamAV Clean
FireEye Trojan.GenericKD.67450070
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Malware.AI.2309496273
VIPRE Trojan.GenericKD.67450070
Sangfor Backdoor.Win64.Cobalt.Vzqi
K7AntiVirus Clean
BitDefender Trojan.GenericKD.67450070
K7GW Trojan ( 0059ac421 )
Cybereason Clean
Arcabit Trojan.Generic.D40534D6
BitDefenderTheta Clean
VirIT Clean
Cyren W64/ABRisk.NLGO-2087
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/ShellcodeRunner.FT
APEX Clean
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Cobalt.cwz
Alibaba Backdoor:Win32/Cobalt.adb2fd5e
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Backdoor.Cobalt!8.1233E (TFE:5:lRx2QUpcOxN)
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.PatchedWinSwrort.mewpb
Baidu Clean
Zillya Clean
TrendMicro Backdoor.Win64.SWRORT.YXDFKZ
McAfee-GW-Edition RDN/Generic BackDoor
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.67450070 (B)
Ikarus Trojan.Win64.Rozena
Jiangmin Backdoor.Cobalt.il
Webroot W32.Trojan.GenKD
Avira TR/AD.PatchedWinSwrort.mewpb
Antiy-AVL Trojan/Win64.ShellcodeRunner
Gridinsoft Clean
Xcitium Clean
Microsoft Trojan:Win64/CobaltStrike!MTB
ViRobot Clean
ZoneAlarm Backdoor.Win32.Cobalt.cwz
GData MSIL.Backdoor.Rozena.4IE1HW
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic BackDoor
MAX malware (ai score=88)
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DF923
Tencent Win32.Backdoor.Cobalt.Dkjl
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/PossibleThreat
AVG Win64:Evo-gen [Trj]
Avast Win64:Evo-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.