popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-06-14 23:18:13

PE Imphash

518b2345d494b1e80417ecf496968b80

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001c9f 0x00001e00 5.70545616101
.data 0x00003000 0x000000b4 0x00000200 0.366223803901
.idata 0x00004000 0x000002de 0x00000400 3.90453473738
.rsrc 0x00005000 0x00069590 0x00069600 6.52064064284
.reloc 0x0006f000 0x000001fc 0x00000200 6.38631549183

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00005a58 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00005a58 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_RCDATA 0x00006508 0x00068083 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00005fc0 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00006148 0x000003c0 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00005fe8 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x404000 GetCommandLineW
0x404004 CreateFileW
0x404008 FlushFileBuffers
0x404010 SetFileValidData
0x404014 DisconnectNamedPipe
0x404018 HeapCreate
0x404028 SetEvent
0x40402c ResetEvent
0x404030 WaitForSingleObject
0x404034 CreateMutexW
0x404038 CreateEventW
0x404044 GetModuleHandleA
0x40404c DeleteAtom
0x404050 GetCommMask
0x404054 EraseTape
0x404058 AddAtomW
0x40405c FindAtomW
0x404060 GetAtomNameW
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
.CRT$XCU
.rdata
.rdata$voltmd
.rdata$zzzdbg
.text$di
.text$mn
.idata$5
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
GetCommandLineW
CreateFileW
FlushFileBuffers
GetFileInformationByHandle
SetFileValidData
DisconnectNamedPipe
HeapCreate
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
WaitForMultipleObjects
DisableThreadLibraryCalls
GetModuleHandleA
ConvertFiberToThread
DeleteAtom
GetCommMask
EraseTape
AddAtomW
FindAtomW
GetAtomNameW
KERNEL32.dll
zz1111MMM
^zz1111MM
^zz1111M
^zz1111
^zz111
ozR1ML
oLLLLL
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
|&cs;q
bxqXx/
LOle.H|U}
4\7Uu*
6MTjh$g
W3{d"X
;kENCI9
TusnYn
+Bbp5[|
BY=|e}J
I9W8?.s
=%:jP-
4%%`?3
s@&45Z3
wx"@6ZT
FeO7`f
fVUN37
v+ie5k
/cS`Ss
3:e0,!
<TKWh'
_r,5Ty#
+agjr+
8d=^46y@&
uY`Up[;
(U7;;WL
s:;IxqD+
\fZ//H3
#"'+jlM
fi/%{e
5e>$8A
2 OJ5C
0-u[c0~
?&u@F-
5EqxB<"Bu
u8`n|J
OoIGaE\\o
S|i+xN
IPjX%r
Ep-#(#-8w
eu[J_-^
Be l^u
s:>er^%
Bs}~}+T
Lsf$;C"
D{}M5g
aCS%W>
cQZ\ez
6c]J()
=qAwxf7
,GpJXBRi|t
[<=)\l
){`>!h
CO]e)`
8K4q[g)=
Q#[Wo?Y(
.*hV@^o;
C$%s="
&qo"Sa@
YOYUy7
@EQs!9~
y},Et&
{nyI5P"
; n#}fIk
{GmG]A
-91)OQ+d)
h_XWd"2
!ta*)i
}:DI!"Z
3tRFA`t
0$4)464>4
6&666i6
:&:1:7:=:O:a:n:w:
;(;/;B;G;S;g;r;x;
;%<*<7<U<
=+===J=S=Y=^=e=x=
>*>C>H>N>]>p>
?#?N?T?^?c?
0>0F0P0U0^0b0
1#1M1j1
2'2-2r2|2
3*404C4H4\4
5"5'5-5a5
6)6?6m6
7B7b7g7
8"8-8p8
909;9v9|9
:#:=:B:H:P:v:{:
;%;6;c;j;u;{;
F5Mh,McqA~v ZYG
4Rb0@mBw,NZ
C:\ProgramData\WMQrw7F.XD7
z25N4Nh_m~985Ralo
C:\ProgramData\4AgO5vYo.G3x
tV5c@RHYb_X0uKSPl
Vd.sRgG_UOy6f,XHR
Rtz5ZD#Jhe@nP7KB
C:\ProgramData\9zvixMg.Q3J
C:\ProgramData\eBdKRbRBQ7HQfg.Mme
ba.CxjWqqp@f6Z6J7
C:\ProgramData\GsvHMf2U.5Or
C:\ProgramData\eaAJxDJT0N62gz.HQj
JkSNLr.IPPM.X
qHmZYku_8Tj
VS_VERSION_INFO
StringFileInfo
040904E4
Comments
Payment instrument
CompanyName
Peel pepper
FileDescription
Dribble offspring
FileVersion
78.1513.583.8
InternalName
Explain observer
LegalCopyright
Copyright
On minute lounge
LegalTrademarks
Clarify reception instrument plain blow workshop
OriginalFilename
Workshop grudge
ProductName
ProductVersion
78.1513.583.8
VarFileInfo
Translation
No antivirus signatures available.
No IRMA results available.