popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-07-01 01:02:00

PE Imphash

a909ce3dc0c1554a6489869514b92d36

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000f25c 0x0000f400 6.45719070497
.rdata 0x00011000 0x00009a0a 0x00009c00 4.64812914186
.data 0x0001b000 0x00002488 0x00001000 3.8018285951
.pdata 0x0001e000 0x000010e0 0x00001200 4.61779759395
_RDATA 0x00020000 0x0000015c 0x00000200 2.73750628004
.reloc 0x00021000 0x00000670 0x00000800 4.90608545525

Imports

Library KERNEL32.dll:
0x140011000 VirtualProtect
0x140011008 CreateFileW
0x140011010 HeapReAlloc
0x140011018 HeapSize
0x140011020 QueryPerformanceCounter
0x140011030 CloseHandle
0x140011038 Sleep
0x140011040 GetCurrentThreadId
0x140011048 FlsAlloc
0x140011050 FlsGetValue
0x140011058 FlsSetValue
0x140011060 FlsFree
0x140011070 GetSystemTimeAsFileTime
0x140011078 GetModuleHandleW
0x140011080 GetProcAddress
0x140011088 EnterCriticalSection
0x140011090 LeaveCriticalSection
0x140011098 DeleteCriticalSection
0x1400110a0 RtlCaptureContext
0x1400110a8 RtlLookupFunctionEntry
0x1400110b0 RtlVirtualUnwind
0x1400110b8 UnhandledExceptionFilter
0x1400110c8 GetCurrentProcess
0x1400110d0 TerminateProcess
0x1400110e0 GetCurrentProcessId
0x1400110e8 InitializeSListHead
0x1400110f0 IsDebuggerPresent
0x1400110f8 GetStartupInfoW
0x140011100 RtlUnwindEx
0x140011108 RtlPcToFileHeader
0x140011110 RaiseException
0x140011118 GetLastError
0x140011120 SetLastError
0x140011128 EncodePointer
0x140011138 TlsAlloc
0x140011140 TlsGetValue
0x140011148 TlsSetValue
0x140011150 TlsFree
0x140011158 FreeLibrary
0x140011160 LoadLibraryExW
0x140011168 GetModuleHandleExW
0x140011170 GetStdHandle
0x140011178 WriteFile
0x140011180 GetModuleFileNameW
0x140011188 ExitProcess
0x140011190 GetCommandLineA
0x140011198 GetCommandLineW
0x1400111a0 CompareStringW
0x1400111a8 LCMapStringW
0x1400111b0 HeapAlloc
0x1400111b8 HeapFree
0x1400111c0 GetFileType
0x1400111c8 SetFilePointerEx
0x1400111d0 FindClose
0x1400111d8 FindFirstFileExW
0x1400111e0 FindNextFileW
0x1400111e8 IsValidCodePage
0x1400111f0 GetACP
0x1400111f8 GetOEMCP
0x140011200 GetCPInfo
0x140011208 MultiByteToWideChar
0x140011210 WideCharToMultiByte
0x140011218 GetEnvironmentStringsW
0x140011220 FreeEnvironmentStringsW
0x140011228 SetEnvironmentVariableW
0x140011230 SetStdHandle
0x140011238 GetStringTypeW
0x140011240 GetProcessHeap
0x140011248 FlushFileBuffers
0x140011250 GetConsoleOutputCP
0x140011258 GetConsoleMode
0x140011260 WriteConsoleW
Library WINHTTP.dll:
0x140011270 WinHttpSetStatusCallback
0x140011278 WinHttpCloseHandle
0x140011280 WinHttpOpen
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.reloc
WATAUAVAWH
A_A^A]A\_
u/HcH<H
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
WATAUAVAWH
A_A^A]A\_
fffffff
ffffff
vKfffff
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
B(I9A(
SVWATAUAVAWH
0A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
ffffff
fffffff
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
p0R^G'
u3HcH<H
t$ WAVAWH
A_A^_
WAVAWH
A_A^_
D$0@8{
p*W4H
p*W4H
WATAUAVAWH
A_A^A]A\_
p0R^G'
L$ VWAVH
fD9t$b
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
u$D8r(t
D81uUL9r
uED8r(t
vAD8s(t
u$D8r(t
fD91uTL9r
uED8r(t
v@D8s(t
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
@USVWATAUAVH
D8t$ht
D8t$ht
A^A]A\_^[]
f9)u4H9j
u%@8j(t
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
UVWATAUAVAWH
xWI96tRI
0A_A^A]A\_^]
@UATAUAVAWH
e0A_A^A]A\]
fD94H}aD
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<A}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
AUAVAWH
@A_A^A]
@USVWATAUAVAWH
H!D$ I
hA_A^A]A\_^[]
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
H!T$0D
u,!T$(H!T$
A_A^A]A\]
x UAVAWH
WATAUAVAWH
0A_A^A]A\_
@USVWATAUAVAWH
eHA_A^A]A\_^[]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
USVWAVH
A^_^[]
LcA<E3
GetCurrentPackageId
GetSystemTimePreciseAsFileTime
GetTempPath2W
Unknown exception
bad allocation
bad array new length
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
VirtualProtect
KERNEL32.dll
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpOpen
WINHTTP.dll
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
HeapAlloc
HeapFree
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
(|HZGS
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVtype_info@@
kernel32.dll
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
User Agent
Antivirus Signature
Bkav W32.Common.038A36DE
Lionic Trojan.Win32.Cobalt.4!c
Elastic malicious (high confidence)
DrWeb BackDoor.Meterpreter.157
ClamAV Clean
CMC Clean
CAT-QuickHeal Backdoor.Cobalt
ALYac Trojan.GenericKD.68253391
Cylance unsafe
Zillya Clean
Sangfor Backdoor.Win64.Cobalt.Vyzx
K7AntiVirus Trojan ( 005a5cf71 )
BitDefender Trojan.GenericKD.68253391
K7GW Trojan ( 005a5cf71 )
Cybereason Clean
BitDefenderTheta Clean
VirIT Clean
Cyren W64/ABRisk.VBWB-8053
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/Inject.Y.gen
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Cobalt.efl
Alibaba Backdoor:Win32/Cobalt.e0cdc1c7
NANO-Antivirus Trojan.Win64.Cobalt.jxkbom
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKD.68253391
Rising Backdoor.Cobalt!8.1233E (CLOUD)
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1363347
Baidu Clean
VIPRE Trojan.GenericKD.68253391
TrendMicro Backdoor.Win64.COBEACON.YXDGTZ
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
FireEye Generic.mg.e4efed1ac69b15ff
Emsisoft Trojan.GenericKD.68253391 (B)
Ikarus Trojan.Win64.Inject
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1363347
MAX malware (ai score=81)
Antiy-AVL Trojan/Win64.Inject
Microsoft Trojan:Win64/CobaltStrike.D!MTB
Gridinsoft Trojan.Win64.CobaltStrike.bot
Xcitium Clean
Arcabit Trojan.Generic.D41176CF
ViRobot Clean
ZoneAlarm Backdoor.Win32.Cobalt.efl
GData Trojan.GenericKD.68253391
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!E4EFED1AC69B
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes Trojan.CobaltStrike
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Backdoor.Win64.COBEACON.YXDGTZ
Tencent Malware.Win32.Gencirc.13e480d5
Yandex Trojan.Inject!9+pjKIy/PIA
SentinelOne Clean
MaxSecure Trojan.Malware.214476368.susgen
Fortinet W64/Inject.Y!tr
AVG Win64:BackdoorX-gen [Trj]
Avast Win64:BackdoorX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.