Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000024fa	0x00002600	6.08029816444
.rdata	0x00004000	0x00001c26	0x00001e00	4.15131492121
.data	0x00006000	0x00000760	0x00000200	2.02282676972
.pdata	0x00007000	0x000002d0	0x00000400	3.03216302466
.rsrc	0x00008000	0x00069df0	0x00069e00	4.72300036363
.reloc	0x00072000	0x00000054	0x00000200	1.18201561554

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x000024fa

0x00002600

6.08029816444

.rdata

0x00004000

0x00001c26

0x00001e00

4.15131492121

.data

0x00006000

0x00000760

0x00000200

2.02282676972

.pdata

0x00007000

0x000002d0

0x00000400

3.03216302466

.rsrc

0x00008000

0x00069df0

0x00069e00

4.72300036363

.reloc

0x00072000

0x00000054

0x00000200

1.18201561554

Name	Offset	Size	Language	Sub-language	File type
KEY	0x00071bd8	0x00000091	LANG_ENGLISH	SUBLANG_ENGLISH_US	ASCII text, with no line terminators
OBFUSCATEDPAYLOAD	0x00008120	0x00069ab8	LANG_ENGLISH	SUBLANG_ENGLISH_US	ASCII text, with very long lines, with no line terminators
RT_MANIFEST	0x00071c70	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document text

Name

Offset

Size

Language

Sub-language

File type

KEY

0x00071bd8

0x00000091

LANG_ENGLISH

SUBLANG_ENGLISH_US

ASCII text, with no line terminators

OBFUSCATEDPAYLOAD

0x00008120

0x00069ab8

LANG_ENGLISH

SUBLANG_ENGLISH_US

ASCII text, with very long lines, with no line terminators

RT_MANIFEST

0x00071c70

0x0000017d

LANG_ENGLISH

SUBLANG_ENGLISH_US

XML 1.0 document text

!This program cannot be run in DOS mode.

K@Rich

`.rdata

@.data

.pdata

@.rsrc

@.reloc

UVWATAUAVAWH

`A_A^A]A\_^]

@SVWAVAWH

A_A^_^[

@SUVAWH

(A_^][

UATAUAVAWH

A_A^A]A\]

|$ UATAUAVAWH

A_A^A]A\]

u0HcH<H

H3E H3E

bad allocation

Unknown exception

bad array new length

string too long

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

invalid stol argument

stol argument out of range

C:\windows\system32\ntdll.dll

NtCreateSection

NtMapViewOfSection

NtUnmapViewOfSection

NtWriteVirtualMemory

RtlInitUnicodeString

RtlCreateProcessParameters

RtlCreateUserProcess

RtlCreateUserThread

NtWaitForSingleObject

NtClose

C:\Users\Administrator\Desktop\Espio-main\loader\x64\Release\Espio.pdb

.text$di

.text$mn

.text$mn$00

.text$x

.text$yd

.idata$5

.00cfg

.CRT$XCA

.CRT$XCAA

.CRT$XCU

.CRT$XCZ

.CRT$XIA

.CRT$XIAA

.CRT$XIAC

.CRT$XIZ

.CRT$XPA

.CRT$XPZ

.CRT$XTA

.CRT$XTZ

.rdata

.rdata$r

.rdata$voltmd

.rdata$zzzdbg

.rtc$IAA

.rtc$IZZ

.rtc$TAA

.rtc$TZZ

.xdata

.xdata$x

.idata$2

.idata$3

.idata$4

.idata$6

.data$r

.data$rs

.pdata

.rsrc$01

.rsrc$02

SizeofResource

GetCurrentProcess

FreeResource

LockResource

LoadLibraryW

LoadResource

FindResourceW

FreeLibrary

GetConsoleWindow

VirtualProtect

CreateFileA

CloseHandle

K32GetModuleInformation

GetProcAddress

CreateFileMappingW

MapViewOfFile

KERNEL32.dll

ShowWindow

USER32.dll

?_Xlength_error@std@@YAXPEBD@Z

?_Xinvalid_argument@std@@YAXPEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

MSVCP140.dll

__CxxFrameHandler4

__std_exception_destroy

__std_exception_copy

__C_specific_handler

_CxxThrowException

__current_exception

__current_exception_context

memset

VCRUNTIME140_1.dll

VCRUNTIME140.dll

isalnum

_invalid_parameter_noinfo_noreturn

_errno

strtol

malloc

_callnewh

_configure_narrow_argv

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_crt_atexit

_cexit

_seh_filter_exe

_set_app_type

__setusermatherr

_get_initial_narrow_environment

_initterm

_initterm_e

_set_fmode

__p___argc

__p___argv

_c_exit

_register_thread_local_exe_atexit_callback

_configthreadlocale

_set_new_mode

__p__commode

terminate

api-ms-win-crt-string-l1-1-0.dll

api-ms-win-crt-runtime-l1-1-0.dll

api-ms-win-crt-convert-l1-1-0.dll

api-ms-win-crt-heap-l1-1-0.dll

api-ms-win-crt-math-l1-1-0.dll

api-ms-win-crt-stdio-l1-1-0.dll

api-ms-win-crt-locale-l1-1-0.dll

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

GetModuleHandleW

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

memchr

memcpy

memmove

.?AVbad_alloc@std@@

.?AVexception@std@@

.?AVbad_array_new_length@std@@

.?AVtype_info@@

MHhiYzB4YzUweDkzMHgzYjB4MzAweGNhMHhmMDB4MzYweDY1MHhiMzB4YTkweGQ3MHg5NDB4Y2UweDlmMHhlODB4NmQweDliMHhlZDB4OWIweGUyMHgxMTB4ZTEweDg0MHhhODB4OTQweDY1MHg1MTB4OTgweDBjMHg5YTB4MmQweGFhMHg0ZDB4YTgweGI2MHgzZjB4YmYweGQzMHg1NTB4MTEweDNjMHg1ZTB4NTgweDU0MHgzNzB4N2QweDhkMHhiNDB4ODYweDkzMHhjYTB4ZjEweDVlMHhhODB4NTEweDUzMHg5ZDB4MDMweGQ3MHgzMjB4Y2MweDE4MHg2MzB4ZGYweGM3MHg1NjB4MWIweGIzMHgxYzB4NGQweGVlMHg3NzB4MDMweGU5MHhjZDB4YjMweDEyMHhmYTB4YTAweDZlMHg5NDB4ZWQweDkwMHgwNzB4ODkweGNiMHg4MTB4Y2IweDBlMHhlNzB4M2MweGMwMHhlNzB4NzcweDI2MHg0ODB4MDIweGI5MHhhNDB4MjcweDRhMHgwMTB4MTQweDUwMHg2NjB4YWQweDBhMHg4ODB4ODgweDY4MHhhYzB4ZmIweDNiMHg3YjB4ODkweGJjMHg3YzB4NWYweDA3MHhmOTB4ZWYweDMyMHhjNTB4Y2YweDhhMHhmYjB4OWIweGMzMHg4MjB4MTIweDcxMHgwNDB4ODkweGRjMHgzODB4MjkweDU2MHg2NjB4NzgweDI2MHhkZTB4OTcweGUyMHg0MDB4NGYweDc1MHhmYzB4MDcweDY0MHhmNTB4MmUweGE3MHg2MTB4NmEweGJiMHg5YzB4MWIweDZkMHg2NzB4NjEweDQxMHhhYjB4ZWEweDlkMHgyYjB4ZDEweDMwMHgyODB4OWMweGNjMHhmNDB4MDQweGY1MHgyOTB4YmMweGE2MHgwNjB4M2EweDQ4MHgzMzB4MjcweGVjMHg3YzB4MmUweGUxMHg0ODB4YzAweGNmMHg4NjB4MzEweDlk

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

ntdll.dll

\??\C:\Windows\System32\werfault.exe

obfuscatedPayload

OBFUSCATEDPAYLOAD

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win64.Donut.tsnU
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.293468
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Gen:Variant.Tedy.293468
Malwarebytes	Trojan.MalPack
VIPRE	Gen:Variant.Tedy.293468
Sangfor	Trojan.Win64.Agent.Vooy
K7AntiVirus	Clean
BitDefender	Gen:Variant.Tedy.293468
K7GW	Clean
Cybereason	Clean
Arcabit	Trojan.Tedy.D47A5C
BitDefenderTheta	Clean
VirIT	Clean
Cyren	Clean
Symantec	ML.Attribute.HighConfidence
tehtris	Clean
ESET-NOD32	a variant of Win64/Kryptik.DKU
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win64/Kryptik.dff42223
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
Rising	HackTool.Meterpreter!8.2F21 (TFE:5:YYnVYocbihB)
TACHYON	Clean
Sophos	Mal/Generic-S
Baidu	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win64.Infected.gt
Trapmine	Clean
FireEye	Gen:Variant.Tedy.293468
Emsisoft	Gen:Variant.Tedy.293468 (B)
Ikarus	Win32.Outbreak
Jiangmin	Trojan.Shelm.ip
Webroot	Clean
Google	Detected
Avira	Clean
Antiy-AVL	Trojan/Win64.Kryptik
Gridinsoft	Trojan.Win64.Kryptik.oa!s1
Xcitium	Clean
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Clean
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Tedy.293468
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5309372
Acronis	Clean
McAfee	GenericRXAA-AA!103746E75CC7
MAX	malware (ai score=82)
DeepInstinct	MALICIOUS
VBA32	Clean
Cylance	unsafe
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R014H0CGM23
Tencent	Malware.Win32.Gencirc.10be7231
Yandex	Clean
SentinelOne	Clean
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Clean
AVG	Win64:Evo-gen [Trj]
Avast	Win64:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.Win64.Donut.tsnU

Elastic

malicious (high confidence)

MicroWorld-eScan

Gen:Variant.Tedy.293468

CMC

Clean

CAT-QuickHeal

Clean

ALYac

Gen:Variant.Tedy.293468

Malwarebytes

Trojan.MalPack

VIPRE

Gen:Variant.Tedy.293468

Sangfor

Trojan.Win64.Agent.Vooy

K7AntiVirus

Clean

BitDefender

Gen:Variant.Tedy.293468

K7GW

Clean

Cybereason

Clean

Arcabit

Trojan.Tedy.D47A5C

BitDefenderTheta

Clean

VirIT

Clean

Cyren

Clean

Symantec

ML.Attribute.HighConfidence

tehtris

Clean

ESET-NOD32

a variant of Win64/Kryptik.DKU

APEX

Malicious

Paloalto

Clean

ClamAV

Clean

Kaspersky

UDS:DangerousObject.Multi.Generic

Alibaba

Trojan:Win64/Kryptik.dff42223

NANO-Antivirus

Clean

SUPERAntiSpyware

Clean

Rising

HackTool.Meterpreter!8.2F21 (TFE:5:YYnVYocbihB)

TACHYON

Clean

Sophos

Mal/Generic-S

Baidu

Clean

F-Secure

Clean

DrWeb

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.Win64.Infected.gt

Trapmine

Clean

FireEye

Gen:Variant.Tedy.293468

Emsisoft

Gen:Variant.Tedy.293468 (B)

Ikarus

Win32.Outbreak

Jiangmin

Trojan.Shelm.ip

Webroot

Clean

Google

Detected

Avira

Clean

Antiy-AVL

Trojan/Win64.Kryptik

Gridinsoft

Trojan.Win64.Kryptik.oa!s1

Xcitium

Clean

Microsoft

Trojan:Win32/Wacatac.B!ml

ViRobot

Clean

ZoneAlarm

UDS:DangerousObject.Multi.Generic

GData

Gen:Variant.Tedy.293468

Cynet

Malicious (score: 100)

AhnLab-V3

Trojan/Win.Generic.C5309372

Acronis

Clean

McAfee

GenericRXAA-AA!103746E75CC7

MAX

malware (ai score=82)

DeepInstinct

MALICIOUS

VBA32

Clean

Cylance

unsafe

Panda

Clean

Zoner

Clean

TrendMicro-HouseCall

TROJ_GEN.R014H0CGM23

Tencent

Malware.Win32.Gencirc.10be7231

Yandex

Clean

SentinelOne

Clean

MaxSecure

Trojan.Malware.300983.susgen

Fortinet

Clean

AVG

Win64:Evo-gen [Trj]

Avast

Win64:Evo-gen [Trj]

CrowdStrike

win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PDB Path

PE Imphash

Sections

Resources

Imports