popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-07-26 17:37:45

PE Imphash

0139538a651a21148db92c7ae213c5f3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001ab9f 0x0001ac00 6.71970316174
.rdata 0x0001c000 0x000061a4 0x00006200 4.88182035045
.data 0x00023000 0x00001ed8 0x00000a00 2.04244381839
.rsrc 0x00025000 0x000001e0 0x00000200 4.71229819329
.reloc 0x00026000 0x000010f0 0x00001200 6.34670097573

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00025060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x41c000 WriteFile
0x41c004 GetLastError
0x41c008 WriteConsoleW
0x41c010 GetCurrentProcessId
0x41c014 GetCurrentThreadId
0x41c01c InitializeSListHead
0x41c020 IsDebuggerPresent
0x41c02c GetStartupInfoW
0x41c034 GetModuleHandleW
0x41c038 GetCurrentProcess
0x41c03c TerminateProcess
0x41c040 RtlUnwind
0x41c044 SetLastError
0x41c058 TlsAlloc
0x41c05c TlsGetValue
0x41c060 TlsSetValue
0x41c064 TlsFree
0x41c068 FreeLibrary
0x41c06c GetProcAddress
0x41c070 LoadLibraryExW
0x41c074 EncodePointer
0x41c078 RaiseException
0x41c07c GetStdHandle
0x41c080 GetModuleFileNameW
0x41c084 ExitProcess
0x41c088 GetModuleHandleExW
0x41c08c HeapFree
0x41c090 HeapAlloc
0x41c094 HeapReAlloc
0x41c098 LCMapStringW
0x41c09c FindClose
0x41c0a0 FindFirstFileExW
0x41c0a4 FindNextFileW
0x41c0a8 IsValidCodePage
0x41c0ac GetACP
0x41c0b0 GetOEMCP
0x41c0b4 GetCPInfo
0x41c0b8 GetCommandLineA
0x41c0bc GetCommandLineW
0x41c0c0 MultiByteToWideChar
0x41c0c4 WideCharToMultiByte
0x41c0d0 SetStdHandle
0x41c0d4 GetFileType
0x41c0d8 GetStringTypeW
0x41c0dc GetProcessHeap
0x41c0e0 HeapSize
0x41c0e4 FlushFileBuffers
0x41c0e8 GetConsoleOutputCP
0x41c0ec GetConsoleMode
0x41c0f0 SetFilePointerEx
0x41c0f4 CreateFileW
0x41c0f8 CloseHandle
0x41c0fc DecodePointer
!This program cannot be run in DOS mode.
mYRich
`.rdata
@.data
@.reloc
URPQQh0?@
UQPXY]Y[
QQSVWd
uSSSSj
f9:t!V
QQSVj8j@
tl=H6B
PPPPPPPP
PPPPPVW
PP9E u!PPSVP
D$8)-1)
D$<d&6+
D$@37!6
D$D7d4%
D$H0,7d
D$L3!6!
D$Pd6!0
D$T6-!2f
j/Xt|f
D$,>)>f
D$')2>-f
D$\Jemp
D$`ih$x
D$ds$vi
D$hxvmi
D$lzi$g
D$plvsq
D$tmyq$
D$xfvs{
D$|wivw
D$0rSPWf
D$8'nq^3
YY_^][
V YYPj
V YYPS
D$@lI\I
D$xbt}t
V YYPj
PSSSSS
V YYPS
V YYPj
D$ ZL[
V YYPS
V YYPj
D$8Qtyo3
D$<+ns}
D$@zxt
D$Dx+nz
D$Hzvtp
D$M+om+f
D$hu(.)f
S YYPj
S YYPj
S YYPj
S YYPj
D$p%"Y
V YYPj
V YYPj
D$,y~?
SUVWj.X
T$DBG;T$X
Yj\Yf9
D$$`^Y^
D$(YRC
D$L~WSD
D$PWq@[
D$TF[QS
D$X^aWQ
D$\F[]\
D$dxp}x
D$hktRc
D$lxexr
D$pp}Bt
D$trex~
D$b8_3
D$ i|ol
D$$lk| f
D$4@ufe
D$8Ankb
\$$j._
D$\$kr[f
D$8yy|
D$<Q7j|
t$xYj._
t$PYj._
l$djsX
D$Ej.Xf
D$,=NUN3
D$0P[JV
t(j*Xf
SVWj/X
D$4,ezU
D$8yehj
D$<lz'z
D$@xe`}
D$ tnir
D$$od=y
D$X[f{cf
D$`cd;
V YYPS
V YYPj
D$Hnxqx
D$PTXQY
D$TS\PX
D$\QHX
D$`{orp
D$hb[RO
D$lPUTN
D$pIROD
D$4(;G?f
D$<9>bU
D$@XAQ
V YYPS
V YYPj
D$ u<#
D$$3??;
D$(95#~
D$,#!<9f
V YYPS
V YYPj
V YYPj
V YYPj
V YYPj
SSSSPj
D$$33/"
D$(+($-
D$$00,
D$((%!*
D$$(($
D$ sdJ~
D$$bbfu
D$,b8uf
D$h3/$5
D$pa' (
D$t-2za
D$x- 25
D$|a$33
D$0283
D$4:1<3
D$@76<-
3t.2AP
D$4wQGG3
D$8AWWB
D$<QHH]
D$HVKGAf
D$ &(-,
D$$;g*9
z@hPSh
D$ ']]$
D$$UUTU
D$(Q'W$
D$,SSRS
D$ e8bn
D$ B?}
PSSSSS
YY]_^[
D$$qtlm
D$(zg4r
D$,fxyj
D$(VPh
D$\)g5"
D$`35."
D$d1"#}
D$hgb4M
g+YkPVj
t$8WPPUj
L$8+L$L
9\$$v<
L;\$$r
D$$42-*f
D$,SQLI
D$4OPENf
D$,&$9<
D$0!0f
D$43<;4f
D$,jeXf
jCZSSSS
D$h"#g3
D$l(g$(
D$p))"$
D$t3g3(
D$xgb4M
D$@::-6
D$H6/=)
D$@M@@I
D$D.DU@f
D$P/3:(
D$T+=.9
D$l( ?
D$,cA\Wf
D$0FPG}f
9\$,t8
D$,st9.
D$,be=.
D$0"UOJf
D$ rgoh
D$$&TkU
D$(rgtr
D$,Ucuu
D$0oih!
D$4u&gb
D$8btcu
D$<u*&k
D$D&qoh
D$Hbiqu
D$L&bih
D$P!r&u
D$Tsvvi
D$Xtr&T
D$\curg
D$`trKg
D$dhgacf
D$ PSR]
D$$\_dg
D$(fa`c
D$,bmlo
D$0nihk
D$4jutw
D$8vqps
D$<r}|
QSUVW3
QQSUVW3
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
Unknown exception
bad exception
CorExitProcess
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
................5555555555555555MMMMMMMMMMMMMMMMPPPPPPPPPPPPPPPPUUUUUUUUUUUUUUUUWWWWWWWWWWWWWWWWeeeeeeeeeeeeeeeellllllllllllllll
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.rsrc$01
.rsrc$02
WriteFile
GetLastError
KERNEL32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
13181E1
2%343K3Q3W3]3c3i3o3
3*474_4q4
4%5.5B5H5u5{5
8.8Z8d8m8
99'9c9m9v9
:-:7:J:S:^:e:x:
;!;1;A;Q;Z;~;
<0<5<B<
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9
020S0a0g0
1(141P1p1~1
2-2X2b2
3#3-393>3C3^3h3t3y3~3
060D0L0d0}0
5 525@5S5^5i5
9!9a9g9{9
>Y>d>l>w>}>
?7?P?U?n?
3!4@4v4
676F6_6M7W7d7
8#8-898c8
=D=S=e=x=
>A>H>g>
?:?O?_?l?
0<0U0c0o0{0
1<1T1d1x1}1
2 2;2J2U2Z2_2z2
?+?v?}?
90L0q0
3O3i3{3
44%4)434F4T4j4
566T7Y7_7d7
979j9z9
:?;N;\;y;
<1=c=~=
?)?;?M?_?q?
0$060X1!2
5D5[5{5
7<7Z7r7
7V8]8d8k8x8
:,:X:~:
>>B>]>j>x>
4(4K4U4|4
20?0j0
3 323z3
4,454>4
9:9@9N9
;Q<]<q<}<
="=?=O=[=j=}>
>'?D?X?c?
1&2F2V2
3]4h4n4w4
99;T;j;
1/151@1M1
22&2?2F2M2T2[2R3
2<4]4a4e4i4m4q4u4y4}4
9!9.9@9M9\9i9w9
;*<;<S<`<h<y<
o0{034?5 6(6k6s;
;2;O;l;
1 1$1(1,101<1@1D1`1d1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
4$;(;,;<<@<D<\<`<d<@=H=P=T=X=\=`=d=h=l=t=x=|=
=(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5l5p5t5x5|5
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
=$=,=4=<=D=L=T=\=d=l=t=|=
2 2$24282@2X2<6@6\6`6|6
7D7H7d7h7p7x7
8(8\8`8
9$9(9H9h9
:(:H:h:
;(;H;d;h;
686<6H6L6P6T6X6\6`6d6h6l6x6|6
Aapi-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
Aapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-win-core-fibers-l1-1-0
ext-ms-
Aja-JP
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
((((( H
(
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
))))))))********BBBBBBBB
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
MicroWorld-eScan Clean
FireEye Generic.mg.e668ac854e5cdedf
CAT-QuickHeal Clean
McAfee Artemis!E668AC854E5C
Malwarebytes Clean
VIPRE Clean
Sangfor Trojan.Win32.Agent.Vxqq
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_90% (W)
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@AI.100 (RDML:mv5wUX3lX6XsIkw8pgHiNw)
Emsisoft Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Infected.ch
Trapmine suspicious.low.ml.score
CMC Clean
Sophos Clean
Ikarus Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Google Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.36318.iuW@au9N7Dji
ALYac Clean
TACHYON Clean
VBA32 BScope.TrojanPSW.Stealerc
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
DeepInstinct MALICIOUS
No IRMA results available.