Static | ZeroBOX

PE Compile Time

2022-09-29 00:08:51

PE Imphash

5ea05395629dd7cfa2fe7ed080de0303

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000273d8 0x00027400 3.94810936522
.data 0x00029000 0x01ecee6c 0x00029a00 7.9596833677
.rsrc 0x01ef8000 0x00006ec0 0x00007000 3.68603412625

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR 0x01efda30 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_ICON 0x01efaa28 0x00000988 LANG_TAMIL SUBLANG_DEFAULT dBase III DBT, version number 0, next free block index 40
RT_ICON 0x01efaa28 0x00000988 LANG_TAMIL SUBLANG_DEFAULT dBase III DBT, version number 0, next free block index 40
RT_STRING 0x01efee48 0x00000078 LANG_TAMIL SUBLANG_DEFAULT data
RT_STRING 0x01efee48 0x00000078 LANG_TAMIL SUBLANG_DEFAULT data
RT_STRING 0x01efee48 0x00000078 LANG_TAMIL SUBLANG_DEFAULT data
RT_STRING 0x01efee48 0x00000078 LANG_TAMIL SUBLANG_DEFAULT data
RT_STRING 0x01efee48 0x00000078 LANG_TAMIL SUBLANG_DEFAULT data
RT_ACCELERATOR 0x01efb3d8 0x00000068 LANG_TAMIL SUBLANG_DEFAULT data
RT_GROUP_CURSOR 0x01efda00 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_CURSOR 0x01efda00 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_CURSOR 0x01efda00 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x01efb3b0 0x00000022 LANG_TAMIL SUBLANG_DEFAULT data
RT_VERSION 0x01efe2f0 0x00000268 LANG_NEUTRAL SUBLANG_NEUTRAL MS Windows COFF Motorola 68000 object file

Imports

Library KERNEL32.dll:
0x401008 GetFileSize
0x401010 AllocConsole
0x40101c MoveFileExW
0x401024 HeapFree
0x401028 GetProfileStringW
0x40102c SetComputerNameW
0x401034 OpenSemaphoreA
0x40103c _lclose
0x401040 _lcreat
0x401044 GetModuleHandleW
0x401050 WaitNamedPipeW
0x401054 EnumTimeFormatsA
0x401058 GetDriveTypeA
0x40105c OpenProcess
0x401060 SetFileShortNameW
0x401064 LoadLibraryW
0x401068 ReadConsoleInputA
0x40106c _hread
0x401070 GetCalendarInfoA
0x401078 GetFileAttributesA
0x40107c TransactNamedPipe
0x401080 GetTimeFormatW
0x401084 GetConsoleAliasW
0x401088 TerminateProcess
0x40108c GetComputerNameA
0x401090 GetShortPathNameA
0x40109c GetStartupInfoA
0x4010a0 GetLastError
0x4010a4 IsDBCSLeadByteEx
0x4010a8 SetLastError
0x4010ac BackupRead
0x4010b4 GetProcAddress
0x4010b8 CreateNamedPipeA
0x4010bc MoveFileW
0x4010c0 OpenWaitableTimerA
0x4010c8 LocalAlloc
0x4010cc GetNumberFormatW
0x4010d4 GetModuleHandleA
0x4010d8 UpdateResourceW
0x4010dc FindNextFileW
0x4010e0 CreateMailslotA
0x4010e4 GetStringTypeW
0x4010ec EnumDateFormatsW
0x4010f0 FatalAppExitA
0x4010f4 FindFirstVolumeA
0x4010fc DeleteFileW
0x401100 DeleteFileA
0x401104 CloseHandle
0x401108 ReadFile
0x40110c CreateFileW
0x401110 GetOverlappedResult
0x401114 GetCommandLineW
0x40111c Sleep
0x401130 EncodePointer
0x401134 DecodePointer
0x401138 MoveFileA
0x40113c HeapAlloc
0x401140 HeapReAlloc
0x401144 GetCommandLineA
0x401148 HeapSetInformation
0x40114c GetStartupInfoW
0x401150 RtlUnwind
0x401154 SetHandleCount
0x401158 GetStdHandle
0x401160 GetFileType
0x40116c IsDebuggerPresent
0x401170 GetCurrentProcess
0x401174 ExitProcess
0x401178 WriteFile
0x40117c GetModuleFileNameW
0x401180 HeapCreate
0x401184 SetFilePointer
0x401188 HeapSize
0x40118c RaiseException
0x401190 GetModuleFileNameA
0x401198 WideCharToMultiByte
0x4011a0 TlsAlloc
0x4011a4 TlsGetValue
0x4011a8 TlsSetValue
0x4011ac TlsFree
0x4011b0 GetCurrentThreadId
0x4011b8 GetTickCount
0x4011bc GetCurrentProcessId
0x4011c4 GetCPInfo
0x4011c8 GetACP
0x4011cc GetOEMCP
0x4011d0 IsValidCodePage
0x4011d4 MultiByteToWideChar
0x4011dc GetConsoleCP
0x4011e0 GetConsoleMode
0x4011e4 SetStdHandle
0x4011e8 FlushFileBuffers
0x4011ec LCMapStringW
0x4011f0 WriteConsoleW
Library USER32.dll:
0x4011f8 CharUpperBuffA
0x4011fc CharUpperA
Library ADVAPI32.dll:
0x401000 RevertToSelf

!This program cannot be run in DOS mode.
hD2uhE2
hE2Rich
`.data
Unknown exception
bad allocation
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
agihavetih
cuhahutifaxofoh
ikebexehob
Recojo sizugone huhi fajozicug
ramusaxuyejiletexokiwogotinix
zilabac
petaranugewaro
yoguyejirazasesozulupafaz
1#QNAN
1#SNAN
_nextafter
_hypot
QQSVWd
j@j ^V
uTVWh[
j h sB
^SSSSS
t=MOC
HtHu4j
t*=RCC
;7|G;p
tR99u2
PPPPPPPP
PPPPPPPP
URPQQh
u}ht*@
;t$,v-
UQPXY]Y[
t"SS9] u
D$,PQQf
tRHtCHt4Ht%HtFHHt
<+t"<-t
+t HHt
GetCommandLineW
GetComputerNameA
GetFileSize
SetDefaultCommConfigA
AllocConsole
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
MoveFileExW
InterlockedDecrement
HeapFree
GetProfileStringW
SetComputerNameW
FlushConsoleInputBuffer
OpenSemaphoreA
FreeEnvironmentStringsA
_lclose
_lcreat
GetModuleHandleW
GetConsoleAliasesLengthA
GetCompressedFileSizeW
WaitNamedPipeW
EnumTimeFormatsA
GetDriveTypeA
OpenProcess
SetFileShortNameW
LoadLibraryW
ReadConsoleInputA
_hread
GetCalendarInfoA
GetConsoleAliasExesLengthW
GetFileAttributesA
TransactNamedPipe
GetTimeFormatW
GetConsoleAliasW
TerminateProcess
GetOverlappedResult
GetShortPathNameA
GetNamedPipeHandleStateW
GetPrivateProfileIntW
GetStartupInfoA
GetLastError
IsDBCSLeadByteEx
SetLastError
BackupRead
ReadConsoleOutputCharacterA
GetProcAddress
CreateNamedPipeA
MoveFileW
OpenWaitableTimerA
InterlockedExchangeAdd
LocalAlloc
GetNumberFormatW
GetPrivateProfileStructA
GetModuleHandleA
UpdateResourceW
FindNextFileW
CreateMailslotA
GetStringTypeW
GetCurrentDirectoryA
EnumDateFormatsW
FatalAppExitA
FindFirstVolumeA
GetWindowsDirectoryW
DeleteFileW
DeleteFileA
KERNEL32.dll
CharUpperBuffA
CharUpperA
USER32.dll
RevertToSelf
ADVAPI32.dll
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
SetFilePointer
HeapSize
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LCMapStringW
WriteConsoleW
ReadFile
CloseHandle
CreateFileW
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVexception@std@@
ixk;q[
XRp5(,
!@QSqN_
:1R9P'k
9YBbCQ
=8%$Hx
:1R9P'k
c]#<fm
)E1//8U
!cAyP)
IPB)#Q)sx]
;!<j!:5
_--bMY=
#7[Nu
Iqo?"F
__<V.:
gZ7Guf
#YrdE9
:>G~esH
tN!Ks](
^z{E0sr
|kncR7
.|t(}e
;Gxs#G
DM#zTE
=4ao[}
'tX?>G
<E2Qc'
E "GQN
NppEnL+
BEgw0V~
_!S!J2
nj:ae.
q*zH`I
'v:I W
)7)-X.!
vmq6U[
VaCmEB
x:\wk`
at%n/j
mgR.8F
G\=w=-
)b|b.i
^$W,=l
V9N&/Y
[GA dL
}be#?s
G7d0(E
2:H2G&
DSc"R;`Qb7
u>3(<m
(dt:s5
+TE|Jg
#zQ>1=
g8LLos
zU:EWz
T"Gesb
@bEYVd"
81F;KR
Wqk^T{(,
yBXS5h
A=9":e
=l`p%J
J^%@`vK
p PF[?wS
Dk^do0+
~^v7C*T
(e5?C?
~X`ft\
R8rVf>
4R3.}3YZ
@$z084M
QL%~q-P
,I%![k
q0-nr%))
\0.swD
E4U23f
C\]4Cc_
eQS\- :1{M
#qukLY
k1LgCu
{"UB ([SQ
_mKj2sFt
Ajk>d
pvU/1Gu
E^ot8]
B:zm ch
HQ#67R^\
5N4FJN
'ce^0"
4da4$Lz
`>QgMKz;:
jNr"yl
OT9lgp1
c8 FLu
7*]vnR
ao*;xl4
8bl}%\
XL|odI
+irvW;
UH'.*x
.-]uJFg
pxkReF
U?<j]<^
Xz::j
="&['1
Ec;Acn
8Nk,lz
-!"2=w
~~C(q@
viK;Gf
V)l|~by
lSQem0?kU
@5g7?z
EM0}jAQdW}9
F: 9=(
m<5W*~mU
7&$\T}
O1Qy%@r
~X6~+:
)Nl"H2
S9j>TWUyg
Q=X?wfo;gF
eg!efTK
`4K"hR
a;D2w8
O'Vp_O
X|je|I
Xt0~00
I6]^LyhGp
uM rR5}
K6w$gU
LO+{ D~
Da6QW!
EtlsAm
mjC 4)
wv9DC
odNNND-m
s#H{kB
D=:BL/
U Y)Z)=
I~q&Zj
9*:Fvl
+M.,n7
2u)GeoB
BPKC">s
dHLIDQ
ggx&Lr
hTB)ri
Sq&TnB
v2b7Bw
S\GXI:a
#E_?(f!z|
)uXN(N=
[CpN5[
tkY89B"
:yJ'AGF
57hOCM
aHxWHy
6/fp$J
9~d[/:
:DDO 2;
{bq{1X
8R$1Yj
ZyPYwo
1>c63X
HmE8S}hSL
l6b~)P
^C(kB:
-G/H^v
e5iH,Pm
Z2VX[g
WtfZ7I*
Z5}3X]
(2"lqi53#
u%r2bC
%k|!pE
C4?b;M
}QYKh*
@[iri{
ZA(o9I
MSA\u
1--x>W
|SORg/
WurH"[
t+XL`2
mme)EXic
M\RCp
|:7>@"FTw&
5?Sn/i
SqZ5=ZN
1h\&c7
6k1&,~
2}f[6X}
_*$m"7
Z<d:/6
+lxF}D
/rjay63"(
2[2S8N
2JJNO4
tG-.Hr
WVzm}L
L8Gd3*
y%ZiMJ
ai~Kf:C
,1~~+m
koy=$43O
'UjK|'
HrsWmlr&Q
n7+HM}
^:nP7'4
AX&n`aH
x8eyC\
[TFpsK
HtX_}b>
%(i2Hhp
ZsGmOa
zrU(&(
^/Hhin
<to$q>
bFVRN|>
`z+EfV-
e"5#k$
%.BKHV
ix%p:do
o>ro<;G
RAEiind
z<{yBg.
[Suu<n
A7@A4+d
cj2ESbl
\k@%pUlj
$G=4`MY
^nUbmZi
'X:/PN~
#u^zd
6jD?zn
I7Q3=F
xOuMBx
zJy}`
H`50y
G$>bPx>
k<WQtb
YBh[$T
-WEY;#
>FrcRt
Hdm~D$
i~rCb+
`wlZcS
h]Af&!
wK]&#c
fOd"FGl
0+M!PS
058@?>
#/E-j4
txO]Kc
[oj9`s}
>kt9F<
"ryFB^
]w#p/VkyL
~G|,q$N<
iMt|&E
"P^znpxf&
R<,CNTt
oC97sH
5(hf5!p7nhk+
S;)2q<?
jAH#.M
&B?cfeO
RR6B&O
!.orb<3=p)
^7"r&6
ZQ<#xg
p-s4Os
R(TAuOH
CjrLDz
y'Nc?W
3F;t*s
ex8U4b
.?AVbad_alloc@std@@
{}yz|z
yz|y|}~
~|~}yy|z
{|{{~z
}{{~||
yz~z}|
y~{{~~{|
|{~~~|
}y||{{
}|{~{z
~|~||z}
}}}z~z|
}}~||y
|~{u}|
m}|{q{}
~~~{~yy
~~~|}|{z
~{{~~~
}}}}||
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
@Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
KERNEL32.DLL
((((( H
h(((( H
H
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
@CONOUT$
rezaboj
yoherasexinorujidadamoviwilepiloj
ducifigacozitutatirowalovizazucahevavezecon
yorokiduyefipozirucopiteho
redepusaconeruyusefijoha
jjjjjjj
jjjjjjj
/ P6pL
,/KPip
/-P?pR
VS_VERSION_INFO
StringFileInfo
029185B1
CompanyName
FileDescriptions
Plastic
FileVersion
85.91.17.25
InternalName
Tree.exe
LegalCopyrights
Challangers mazambic
ProductName
Surfing
ProductVersion
532.42.12
VarFileInfo
Translation
Wipidu cirivoyolow nip zakade`Vehofasedenace benepud hoy guzidiligirovo hapopazotosekow bawexuvajogubur saf nif sedidixun loda7Nopiromuhaju dogimefoma lumumutifoki mewafinatazek lute)Fujuhade gamimiri mihulumocimulen hesanid'Soxewelizilif nuvusapud yiwoyipujufidig`Modocubuleriw laline simutuvij bavivaru zajululisasi lodiretu hafivewe rakitapab juw meyozuyubuxLTawolusexagemo cobeyawahaf surokicoji reduhozukujexut zihihakurapeno yocijet
5Xugaj domilugi litewehewuripec xiyor zofi vixevuyedajWLizuvesaci zonisewehe hanohuwedofeh jeduc fuzi kojuwujowelis jop rijocipada pimagelalaj
Lasegunatet lonu xuxayo
_Guxaxihik guwasodayulovo muwugosahapaco tini zikujutatoxeran rowebahovoy ses fevezi vosadoxuhac5Fefonewa nafekafafudohuy wafotigomumiwi gohi vaduzefu
gWij wovojaril lujazi toga maradekivud xalavozevan rasizazazexiwo hapabosuj jujijakiwimej wuhozuwavoyiji
Pefoh yoyasa zevazirejipe
Vudufudegawed9Kasinac nekocenuzetaxul tiyuy sifecidufagat widasolufunum
FZomivez tifocet kunoz sopibatetojoli verocek dutojuficuho dugoler pico
Refib>Dejicipumim foriwawasa welehige soreri wejase mixoyufomip kaxi
,Lawelizatove kiwucapolamoju libunuyedu vifut
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
ClamAV Clean
FireEye Generic.mg.7c18df4a1aab5314
CAT-QuickHeal Ransom.Stop.P5
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.c6dede
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky VHO:Backdoor.Win32.Convagent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!1.E892 (CLASSIC)
Emsisoft Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Lockbit.fh
Trapmine malicious.high.ml.score
CMC Clean
Sophos ML/PE-A
Ikarus Trojan.Win32.Crypt
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm VHO:Backdoor.Win32.Convagent.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
ALYac Clean
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Trojan.Win32.Obfuscated.gen
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
AVG PWSX-gen [Trj]
Avast PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (D)
No IRMA results available.