Static | ZeroBOX

PE Compile Time

2023-09-12 01:15:51

PE Imphash

660e4ba65070c42e55f04efddf5f7d78

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000e83d 0x0000ea00 6.44470763273
.rdata 0x00010000 0x000419d6 0x00041a00 7.09499509066
.data 0x00052000 0x000bfbb8 0x000bea00 5.40708348452
.pdata 0x00112000 0x00000e4c 0x00001000 4.48609115365
.gfids 0x00113000 0x00000094 0x00000200 1.26165227607
.rsrc 0x00114000 0x00000728 0x00000800 3.74001700596
.reloc 0x00115000 0x0000061c 0x00000800 4.73903373222

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x00114320 0x00000286 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00114320 0x00000286 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x001145a8 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text
None 0x00114120 0x000000c4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x180010000 EnterCriticalSection
0x180010008 LeaveCriticalSection
0x180010018 CloseHandle
0x180010020 GetLastError
0x180010028 GetCurrentActCtx
0x180010030 HeapCreate
0x180010038 TryEnterCriticalSection
0x180010040 CreateThread
0x180010048 OpenThread
0x180010050 FindFirstFileA
0x180010058 FindNextFileA
0x180010060 FindClose
0x180010068 WaitForSingleObject
0x180010070 GetStdHandle
0x180010078 WaitForMultipleObjects
0x180010080 GetCurrentThread
0x180010088 CreateFileMappingA
0x180010090 VirtualAlloc
0x180010098 DuplicateHandle
0x1800100a0 QueryPerformanceCounter
0x1800100a8 GetCurrentProcessId
0x1800100b0 GetCurrentThreadId
0x1800100b8 GetSystemTimeAsFileTime
0x1800100c0 InitializeSListHead
0x1800100c8 RtlCaptureContext
0x1800100d0 RtlLookupFunctionEntry
0x1800100d8 RtlVirtualUnwind
0x1800100e0 IsDebuggerPresent
0x1800100e8 UnhandledExceptionFilter
0x1800100f8 GetStartupInfoW
0x180010108 GetModuleHandleW
0x180010110 RtlUnwindEx
0x180010118 InterlockedFlushSList
0x180010120 SetLastError
0x180010128 DeleteCriticalSection
0x180010138 TlsAlloc
0x180010140 TlsGetValue
0x180010148 TlsSetValue
0x180010150 TlsFree
0x180010158 FreeLibrary
0x180010160 GetProcAddress
0x180010168 LoadLibraryExW
0x180010170 GetCurrentProcess
0x180010178 ExitProcess
0x180010180 TerminateProcess
0x180010188 GetModuleHandleExW
0x180010190 GetModuleFileNameA
0x180010198 MultiByteToWideChar
0x1800101a0 WideCharToMultiByte
0x1800101a8 HeapFree
0x1800101b0 HeapAlloc
0x1800101b8 LCMapStringW
0x1800101c0 FindFirstFileExA
0x1800101c8 IsValidCodePage
0x1800101d0 GetACP
0x1800101d8 GetOEMCP
0x1800101e0 GetCPInfo
0x1800101e8 GetCommandLineA
0x1800101f0 GetCommandLineW
0x1800101f8 GetEnvironmentStringsW
0x180010200 FreeEnvironmentStringsW
0x180010208 GetProcessHeap
0x180010210 GetFileType
0x180010218 GetStringTypeW
0x180010220 HeapReAlloc
0x180010228 HeapSize
0x180010230 SetStdHandle
0x180010238 RaiseException
0x180010240 WriteFile
0x180010248 FlushFileBuffers
0x180010250 GetConsoleCP
0x180010258 GetConsoleMode
0x180010260 SetFilePointerEx
0x180010268 WriteConsoleW
0x180010270 CreateFileW

Exports

Ordinal Address Name
1 0x18000f22c DllRegisterServer
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.gfids
@.rsrc
@.reloc
SUVWATAUAVAWH
A_A^A]A\_^][
x ATAVAWH
3B$5pw
@A_A^A\
x ATAVAWH
A_A^A\
@SUVWATAUAVAWH
HA_A^A]A\_^][
x ATAVAWH
\$ A_A^A\
S,9P0t3E+
WATAUAVAWH
0A_A^A]A\_
WAVAWH
0A_A^_
WAVAWH
A_A^_
WATAUAVAWH
#H4#S0
A_A^A]A\_
s WATAUAVAWH
A_A^A]A\_
@SUVWATAUAVAWH
8A_A^A]A\_^][
@SUVWATAUAVAWH
LF#H5k
HA_A^A]A\_^][
D9T$X~HE;
t$ WATAUAVAWH
HcD$xMc
A_A^A]A\_
|$ AVH
H3E H3E
WATAUAVAWH
A_A^A]A\_
ffffff
WATAUAVAWH
A_A^A]A\_
SVWAWH
L$PHc|$TI
(A__^[
(A__^[
SUVWATAUAVAWH
8A_A^A]A\_^][
u3HcH<H
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
A86taH
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
A_A^A\
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
x ATAVAWH
0A_A^A\
\$ UVWAVAWH
A_A^_^]
@8|$^t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
fD94Fu
fD9t$b
SVWATAUAWH
HA_A]A\_^[
D82u&H
D8t$Ht
USVWAVH
A^_^[]
l$ WAVAWH
A_A^_
@UATAVH
@UATAUAVAWH
e0A_A^A]A\]
@UATAUAVAWH
H!T$0D
uf!T$(H!T$
A_A^A]A\]
WAVAWH
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
`A_A^A]A\_^]
ffffff
fffffff
LcA<E3
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
pA_A^A]A\_^]
x AUAVAWH
0A_A^A]
A3@hD;
A\1A4H
x AUAVAWH
@A_A^A]
x ATAVAWH
@A_A^A\
WAVAWH
@A_A^_
pantomime
wars; nickname, intervention; spreading
require
meeting
camp topple. contradict, substantial leak
graphic# OK. did; forgery, dignified. iso; conduct# epidemic. inherited
unload, poems, crash; recollect. sterile# saddle
faster. edition tumbled lee bully. go myself, grew. once
repeatedly
flew; completed
fuss# rpm
login. if. administrator, thankful
loud; altitude hermione, traced
consider trips meat. loud headless forgot geoffrey, assisted horizontal;
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
[truncated strftime output]
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
utpcxre663tc32.dll
DllRegisterServer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
GetCurrentActCtx
HeapCreate
TryEnterCriticalSection
CreateThread
OpenThread
FindFirstFileA
FindNextFileA
FindClose
WaitForSingleObject
GetStdHandle
WaitForMultipleObjects
GetCurrentThread
CreateFileMappingA
VirtualAlloc
DuplicateHandle
KERNEL32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindFirstFileExA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
GetStringTypeW
HeapReAlloc
HeapSize
SetStdHandle
RaiseException
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
;S8gO6
Mwg&$0<6
;zeO4H
0s9Uoj
`uU2}[
#x!VBL6
t$%Z4L*#
z\MF.h
-V1!Jy
V>:Av8nA
eDD l
fhIKE|b^
J]&`c8C
/]*c@.
8T0U=O%e
38"!S,
5p"G-'
1zWuXu
sD=bM5
QDLRP&
@Dms37T~
`-bI.!g
CKS0iCz
j\=v-m
Y*~Q-?F
D%Px"3
{0F?cCY
kh=YzY
8OO-snb0
D"8"5&
0h+_a#G
S\pn<S
\(201G
nJnf3C
&Y,%Jv#j6S
Bb>BF}
2COx(/
-()zr0[
y3'{ic
#i#5/j
jp} /Ui
_k>X|}2
x~jwG+
?W[#6y=*v)!eJ
52 37d
;2a[6(
^8^=rZ
)sI!4W!
3.%icv
60NeH-
1St!)w"9N
l'}sNM
M6DjFk1
0{D`Y6;
^8njx{F
sF{1{Q?H
g`VP;
!&&,A/
o-@QiJ_
ijAUX?;
UQboDW
k!DGP7E48A
[+%-bV
3,B='?{
_FRW_D:5
M<2qAe
>wCiS2B
'cjl"U
Oa<oYO
a`xt;<
rO/=1gU$
\-L;^(
xl6)/uQ
5M-t]'p
FD`xIqQD
Tg/fF|n%
E$?N8=XSC
QZQH?6gYQ
F+ T%a
iXwKI]
@!rw8Z
{<X(N!
da|m(x
Rxf2D
a}Z"zE;#)o
!LFKe(
yD5&e-
71+p7?
SJo5"AFR_Q
FAfMG@
4b&# C
^FiU0/
.oc'T
BS|T2m
i}*5` *
Ie's89]v$
\P#&bS
CZ&5PD
9g\/$c
%a0n--
$2kLYJ3
!Nt=,*
KJ=wef"
8+l{J?|
4| eGoC>e
@5I+PIRc
^/<R~I
&J_c2E.
jNy821T6/i
0QL`v;[
^^_2e.
UBy%?Hd+i
*b"FR(:r
L0=@-DGNj
a!xq<!J
E,ENE6>
1T{'"@
__)),3g|\UE
_3.0Gh_
r!6/^V
\@PRcMU
OW%K$RM
G`Wb/J
D~r=J+4.\
UNdu >
`E\!6e
f&/MWC:
H)5F5na
xKE?lIs(
_S!?^#
UgBIP:
R;f}MC)>17I
##f~nS
6u#Q$NL$f
If[$\ni
:8^Y/5
V@@K\_V
a(YemC
H"%B=
5B;gle
kBLX_((
#\Cb%*[02
>[GSfg
"<Ulj\
#a:E5D
RIa?b0
TY\KHG
98f%5h:n
].O+sE3
!j_'ZD;
;lq/5^E
<]Of)b
BHSs)6
zH.:KkI
j `W0?L
3Cxr'isaeh
cF=qnV3
7Yaz$H
=:cq+O
&Y~aw.]M
^wk((P
c4(VM
C@%*Ri
f&0NX
',"5OS
+6zV:.
5s:begy>
|B8yx4>^b~[
=_03O=
J4~uLD
+Q?@h
`LSrQ~
hy*dZ!u
L9F1ik#
7E`z4s
jR0>WV
\&HP-sH
.7.y&H
8d)w g
B-TJ-b
A!g1(V
5^{Iph
5@66D#
wiq_O;
9(1VeV
#83?n3
h_jpN+
}O&G7^_
M;qc")
g8"F?j-
xe=p1^
X<.T2QZ
6g]G8>
#P#;!`
^ZdG,{PJ
9jCBC~:
*dThC4
W`?f*>J
pj:R(\
Tua1p`
S$mw(\'
Y^lEL3B
l%)CUZ<
9@9hyK
=BV'<z?
<Znw-#
TFA1My
aqrW.
<gVw)J\|T
E.X7Z:
U#+AP h1
y8B>%_
#hooo(9
r_yLo,
\j9\
Q%K$t5
^ >b#
o#7#X"fI%
IK$os6
j}Y5"FB
ee1;|^,
}ZT2KB{q
_5dcB
LV)LFhU^
F!}uT=
Pa@=fU=>[
8i|t[=
@{Ae?u
\dr&:[
&1rZyx+
\Y+Q@iy4
H?~"JW{te4
UgYQ07AL'l
[/DM(f1}_
.S\l&1
%[%!n]X
\}Cdd7=
u2)WvdMa
%^+O8E<
P65m3S&
mh9g58I
eu2$Fy
k@%ve
*g=:-t[?%
0r62>
j* &+
=$V$FY
=/R=ci
-v)(tX/
ma^(i#+:
Mj d\ABC
`jtzJ_X
:KO]Q
Y_#(3;
D 2d`I\
E?Za~1
3"nz%E
YlW8&h
)>8_J
d\N-^h
&U oW:
aDOgK4
u<>[$6
@Bj<8]
.R9A*n
y>cK{0
hU"By.X
]'V8[!
g<zoHD
Zu|0?c\K
u7&:lm
i .8bD
n+SO0
EMVn_v
w9Ww99w99www9
9999w9999999999999w9999999999
999999
999999999
999999
9999999w9999999w9999w9999999
9999999999w99999
9999999
99w999999999
999999999
99w999
9w999999999999w9999999999999w999
9w9w9w
99999999ww9999w9
99999999999999999999w999999999
9999999999999w
999w99w999999999999
99999999w999999999w9999999
w9999999999w99999999999999
99999$99
9999w99
9999999w
99999999999
9999w999ww999999
9999w999
999999999w999
99999999
w9999w9w99999w9
w99999999
999999w9w99999
w99999999w99999999999
99ww99999999999999ww999999999
99999999999999999
999w9w9999999999www99
99999w9999999
999999999999999
9999999
9w999999
999999999
w99w999w9
999999
w9999w
999999999w99999999999
9999999999999w9
9999999999w9999
999999w99
999999999999999
999999999w999999999w9999w9999w9999
w9w9999V999999
999999
9ww9999
9999999w999999999999999999999999999w99
99999999999999
99999w999999999wwww999
9w999w9999w9999999999999999@999999999w999999ww99
9999w999w9999999999w99ww9w9
999999999999
99999999999999999999999
99w9999999999999999999999w9w99999999999
9999999999
9w9w99999
w99999
9999999999999w999999999999
99ww9999#999999w999
99999w99999999999999
999999w99999
99999999w9w9
999999
9999999
999w999
9999999999999w9999999
9999999999999999
9w9999w9
99999999w9
999999w999w999w
999999999999w999
999999999
9999999999999
9999999999
9999999
999999999#9
999999999999999
99999w9999999w999999999999V
99999999999999999999999
9999999999
9999999999
99999ww9
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
varieties_ Chris Reply_ Remembered wept
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
advapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
mscoree.dll
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Haughty 695 974@ Affections
476+ 643$
tOppressive( %sClip condescending 652)
Inevitable Educational\
Einteger? %s Director) Performed 142 Wallpaper Superstition. consulate
haste 447 Unmoved_
%d %s Hereafter/ 143/ 195
%d 641! Moscow Detached
.Harderflint Popular Listened? mental Compelled
Alec compare Echo+ dip- %d Tales) Proceedingsickly_
arrested_ Beehive burn Fuel
9%d identical_ Cost? Puddle Despair Servant@ %d$ machinery
knocked 439, Careers 599.
Madame 419 492 515@
213, Newspapers climate@ Spur
%d %s\ 207$ 871( blond acorn
Antivirus Signature
Bkav W32.AIDetectMalware.64
Lionic Clean
tehtris Clean
ClamAV Clean
FireEye Generic.mg.7d2156efddf126df
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Injector.NO
APEX Clean
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win64.PinkSbot.th
Trapmine Clean
CMC Clean
Emsisoft Clean
SentinelOne Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis suspicious
BitDefenderTheta Clean
ALYac Clean
MAX Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG InjectorX-gen [Trj]
Avast InjectorX-gen [Trj]
No IRMA results available.