popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-07-04 17:33:37

PDB Path

E:\HackingTool\ReverseShell\x64\Release\BypassBit.pdb

PE Imphash

57173fba085ffae4495411c317a53747

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00010c80 0x00010e00 6.47539338066
.rdata 0x00012000 0x0000a102 0x0000a200 4.90648250273
.data 0x0001d000 0x00001c18 0x00000c00 1.71504652096
.pdata 0x0001f000 0x00001008 0x00001200 4.52463621636
_RDATA 0x00021000 0x000000fc 0x00000200 1.96383628899
.rsrc 0x00022000 0x000001e0 0x00000200 4.70750684253
.reloc 0x00023000 0x00000650 0x00000800 4.86287348976

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00022060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x180012000 ReadFile
0x180012008 CreatePipe
0x180012010 WaitForSingleObject
0x180012018 Sleep
0x180012020 GetLastError
0x180012028 CloseHandle
0x180012030 ExitProcess
0x180012038 CreateProcessW
0x180012040 WriteConsoleW
0x180012048 CreateFileW
0x180012050 HeapReAlloc
0x180012058 HeapSize
0x180012060 SetFilePointerEx
0x180012068 GetFileSizeEx
0x180012070 SetStdHandle
0x180012078 GetConsoleMode
0x180012080 GetConsoleOutputCP
0x180012088 RtlCaptureContext
0x180012090 RtlLookupFunctionEntry
0x180012098 RtlVirtualUnwind
0x1800120a0 UnhandledExceptionFilter
0x1800120b0 GetCurrentProcess
0x1800120b8 TerminateProcess
0x1800120c8 QueryPerformanceCounter
0x1800120d0 GetCurrentProcessId
0x1800120d8 GetCurrentThreadId
0x1800120e0 GetSystemTimeAsFileTime
0x1800120e8 InitializeSListHead
0x1800120f0 IsDebuggerPresent
0x1800120f8 GetStartupInfoW
0x180012100 GetModuleHandleW
0x180012108 RtlUnwindEx
0x180012110 InterlockedFlushSList
0x180012118 SetLastError
0x180012120 EnterCriticalSection
0x180012128 LeaveCriticalSection
0x180012130 DeleteCriticalSection
0x180012140 TlsAlloc
0x180012148 TlsGetValue
0x180012150 TlsSetValue
0x180012158 TlsFree
0x180012160 FreeLibrary
0x180012168 GetProcAddress
0x180012170 LoadLibraryExW
0x180012178 RaiseException
0x180012180 GetModuleHandleExW
0x180012188 GetModuleFileNameW
0x180012190 MultiByteToWideChar
0x180012198 HeapAlloc
0x1800121a0 HeapFree
0x1800121a8 LCMapStringW
0x1800121b0 GetStdHandle
0x1800121b8 GetFileType
0x1800121c0 FindClose
0x1800121c8 FindFirstFileExW
0x1800121d0 FindNextFileW
0x1800121d8 IsValidCodePage
0x1800121e0 GetACP
0x1800121e8 GetOEMCP
0x1800121f0 GetCPInfo
0x1800121f8 GetCommandLineA
0x180012200 GetCommandLineW
0x180012208 WideCharToMultiByte
0x180012210 GetEnvironmentStringsW
0x180012218 FreeEnvironmentStringsW
0x180012220 GetProcessHeap
0x180012228 GetStringTypeW
0x180012230 FlushFileBuffers
0x180012238 WriteFile
Library WS2_32.dll:
0x180012248 closesocket
0x180012250 WSASocketW
0x180012258 WSAStartup
0x180012260 WSACleanup
0x180012268 WSAConnect
0x180012270 send
0x180012278 recv
0x180012280 htons
0x180012288 inet_addr
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
L$ SVWH
d$ UAVAWH
|$ AVH
H3E H3E
WATAUAVAWH
A_A^A]A\_
ffffff
fffffff
WATAUAVAWH
A_A^A]A\_
u3HcH<H
UWATAVAWH
D8&t4H
A_A^A\_]
D8t$8t
D$@H;G
t(<#t
<htl<jt\<lt4<tt$<wt
t$ WAVAWH
<Ct-<D
<StW@:
<g~{<itd<ntY<ot7<pt
<utT@:
D<P0@:
k4+kP+
0A_A^_
x ATAVAWH
A_A^A\
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
0A_A^_
WAVAWH
A_A^_
x AUAVAWH
@A_A^A]
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
L$ VWAVH
fD9t$b
@8l$Ht
L$ UVWH
WATAUAVAWH
gfffffffH
D8t$ht
A_A^A]A\_
x ATAVAWH
A_A^A\
u"8Z(t
uF8Z(t
vC8_(t
u"8Z(t
uF8Z(t
vB8_(t
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
\$ UVWATAUAVAWH
@8|$Ht
@8|$Ht
@8|$Ht
D$XD9x
@8|$ht
@8|$ht
@8|$ht
A_A^A]A\_^]
u"8Z(t
UVWATAUAVAWH
L$&8\$&t,8Y
@A_A^A]A\_^]
fD94Fu
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
UVWAVAWH
@A_A^_^]
@UATAUAVAWH
e0A_A^A]A\]
WAVAWH
A_A^_
UVWATAUAVAWH
D8\0>t
L$@D8]
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ H
`A_A^A]A\_^]
WAVAWH
A_A^_
SUVWATAVAWH
A_A^A\_^][
@USVWATAVAWH
D8|$0A
A_A^A\_^[]
D$0H9D$8
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
H!T$0D
ue!T$(H!T$
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
ffffff
fffffff
ATAVAWH
A_A^A\
USVWAVH
A^_^[]
LcA<E3
u HcA<H
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
(null)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
111.90.143.37
Building a safer world
Connected %d
cmd.exe /c
StdoutRd CreatePipe
Accept connection successfully
Created process
E:\HackingTool\ReverseShell\x64\Release\BypassBit.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
_RDATA
.rsrc$01
.rsrc$02
ReadFile
CreatePipe
WaitForSingleObject
GetLastError
CloseHandle
ExitProcess
CreateProcessW
KERNEL32.dll
WSAConnect
WSASocketW
WS2_32.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
(null)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
No antivirus signatures available.
No IRMA results available.