popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-03-26 03:26:26

PE Imphash

0e5c0e73b8bfe5fddd6a11f97096fb35

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00030234 0x00030400 5.28797545909
.data 0x00032000 0x002d0588 0x00004000 0.656900499504
.rsrc 0x00303000 0x0000a778 0x0000a800 3.60576975833

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x0030c620 0x00000468 LANG_SINDHI SUBLANG_SYS_DEFAULT GLS_BINARY_LSB_FIRST
RT_STRING 0x0030d2d0 0x000004a4 LANG_SINDHI SUBLANG_SYS_DEFAULT data
RT_STRING 0x0030d2d0 0x000004a4 LANG_SINDHI SUBLANG_SYS_DEFAULT data
RT_STRING 0x0030d2d0 0x000004a4 LANG_SINDHI SUBLANG_SYS_DEFAULT data
RT_GROUP_ICON 0x0030ca88 0x00000076 LANG_SINDHI SUBLANG_SYS_DEFAULT data
RT_GROUP_ICON 0x0030ca88 0x00000076 LANG_SINDHI SUBLANG_SYS_DEFAULT data
RT_VERSION 0x0030cb00 0x0000036c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x401014 MoveFileExA
0x40102c AddConsoleAliasW
0x401034 BackupSeek
0x401038 GetModuleHandleW
0x401040 GetNumberFormatA
0x401044 SetFileTime
0x40104c GetCommandLineA
0x401050 GetDriveTypeA
0x40105c LoadLibraryW
0x401060 TerminateThread
0x401064 FatalAppExitW
0x401068 ReadConsoleInputA
0x40106c CopyFileW
0x401070 SetConsoleCP
0x401078 GetVolumePathNameA
0x40107c FindFirstFileW
0x401080 CreateJobObjectA
0x401084 GetLastError
0x40108c SetLastError
0x401090 LoadLibraryA
0x401094 OpenMutexA
0x401098 GetProcessId
0x40109c LocalAlloc
0x4010a0 GetFileType
0x4010a8 RemoveDirectoryW
0x4010ac GetProfileStringA
0x4010b4 FindAtomA
0x4010b8 GetModuleHandleA
0x4010c0 FindNextFileW
0x4010c4 VirtualProtect
0x4010cc EnumDateFormatsW
0x4010d0 GetShortPathNameW
0x4010d4 OpenSemaphoreW
0x4010d8 FindAtomW
0x4010e0 FindFirstVolumeW
0x4010e4 SetStdHandle
0x4010e8 WriteConsoleW
0x4010ec CloseHandle
0x4010f0 EnumResourceNamesW
0x4010f4 GetComputerNameA
0x4010f8 GetStartupInfoW
0x4010fc GetCommandLineW
0x401100 CreateFileW
0x401104 MoveFileA
0x401108 HeapFree
0x40110c HeapAlloc
0x401110 GetProcAddress
0x401114 ExitProcess
0x401118 DecodePointer
0x40111c EncodePointer
0x401120 HeapSetInformation
0x401124 HeapCreate
0x401128 WriteFile
0x40112c GetStdHandle
0x401130 GetModuleFileNameW
0x40114c IsDebuggerPresent
0x401150 TerminateProcess
0x401154 GetCurrentProcess
0x401158 TlsAlloc
0x40115c TlsGetValue
0x401160 TlsSetValue
0x401164 TlsFree
0x40116c GetCurrentThreadId
0x401170 Sleep
0x401174 HeapSize
0x401178 SetHandleCount
0x401180 GetTickCount
0x401184 GetCurrentProcessId
0x40118c WideCharToMultiByte
0x401190 GetCPInfo
0x401194 GetACP
0x401198 GetOEMCP
0x40119c IsValidCodePage
0x4011a0 RtlUnwind
0x4011a4 HeapReAlloc
0x4011ac LCMapStringW
0x4011b0 MultiByteToWideChar
0x4011b4 GetStringTypeW
0x4011b8 GetConsoleCP
0x4011bc GetConsoleMode
0x4011c0 FlushFileBuffers
0x4011c4 SetFilePointer
Library USER32.dll:
0x4011d4 CharUpperW
0x4011d8 GetListBoxInfo
Library GDI32.dll:
0x401000 SelectPalette
0x401004 GetTextFaceW
0x401008 GetCharWidthW
Library SHELL32.dll:
0x4011cc DragFinish
Library WINHTTP.dll:
!This program cannot be run in DOS mode.
kxuWkO
`.data
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
xpxxxx
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
%s %d %f
pepirugazaxumojewoyetotucenejibe
sutinisapaherikaxohegogepovov hiduwamiferuyahecemugiwaw wetekulol coginanijopizoloxuvadegacidawuxa
^SSSSS
t hd%p
r=0%C
HHtXHHt
?If90t
QQSVWh
j@j ^V
to=8-C
URPQQh r@
v4;5l-C
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
y>O!B)
mw<%q"
c^/)n
]p&C]z
[gA5zl
121wX=q
_!3'U0
PeG/"
!DxMwG
|%{J1S
#UsULr
@WZd3k
oJP6f)k
2)@;W+
@t3DHB"
4lWQ:g
%}iz$vgg
yL(;d$q
fh=P.QJ
K,(fyA
DWw]X'
qsHL1:
Plw\E
S[={a%
1Ogp*D
V+&r[&
@w9}Xe
m,:ku2
NKC9x"H
`~+~n
DaUn$GE
;SM`;
a'nbnbs
SVgVqq
lUbBqr
A@ZusAir
LI~Ti*
IE;u!
U5qDa-
bvCk#j
kaZ=K'
]xv~/
`Tx}K*
-M?gW
Tyx?Xz
BYAF#X
`q.O/_Zeq
)&XEG(;A
HtIG2"
V73Sb
fla4@h0
UCgXZ@D
(g[8:S
4BF90i
4|EYk
K=JIwy
.@BH=b
7p'X66
L=*-lk
`/)f*^Y
rt/xbg
s)?v]0
]4Z0^g
|z9;B^
Z912t~
!8/X>j
N*k20^
VxBQkY
Ri{ X$y2
g@#eb!
+$ ZlJH:
\~9O36
ylUHR>
2Snw7p
2yMp.Z&G3
<'(Vdde
5bd2'8
:Afj }@
f*+NnW
DQz`2:
:8k\Hk
6$942XA&
+`'3Y+
G+/L@ngq
!vNwr^bOX
J>n)};
]Zn|Ia
Siv}O
"<GI4k
' F@uc;q,
5*p6i
:) ai(Y
PN!"3Y?
fOJ__A{
Q@m;q#Y-
J@+N5oz
:* c0:
%;>ThW
KF$h@#
0k`Ir/
T8:mhA5
f]z5&)7
Ly>)@_
h!tkVD
WNtOh8
] V7&vVQ`
Qz#@?<
vaHmy-
B)zi*8
)A/V`^
' zoI|
%7Tsn3P
8Y6,.Z
Q)?%7O
Z@HhBan7<
;;+ruk
${Rq-u
1&r.X[64
O*qSKm
+S;?Zd[
/CSf'[
(:"fIX
9nQ9uc$)
s#I}^\i
xI6VbF
RkO9(N:
mEhL;X
[&Mk?$
L+ke^gB
CV}o4)
WE\,fa
Ap]tIPs|
@a2.e/z-C
yk[bp dZ
hWt:KA#t
dEwWq
KiEajK
D$@t@i[
l$\6<pc
GetCommandLineW
GetComputerNameA
EnumResourceNamesW
FindFirstFileW
GetNumaProcessorNode
MoveFileExA
SystemTimeToTzSpecificLocalTime
InterlockedDecrement
SetDefaultCommConfigW
GetEnvironmentStringsW
SetConsoleScreenBufferSize
AddConsoleAliasW
SetVolumeMountPointW
BackupSeek
GetModuleHandleW
GetConsoleAliasesLengthA
GetNumberFormatA
SetFileTime
GetConsoleAliasExesW
GetCommandLineA
GetDriveTypeA
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
TerminateThread
FatalAppExitW
ReadConsoleInputA
CopyFileW
SetConsoleCP
EnumSystemCodePagesA
GetVolumePathNameA
GetStartupInfoW
CreateJobObjectA
GetLastError
GetCurrentDirectoryW
SetLastError
LoadLibraryA
OpenMutexA
GetProcessId
LocalAlloc
GetFileType
IsSystemResumeAutomatic
RemoveDirectoryW
GetProfileStringA
FindNextChangeNotification
FindAtomA
GetModuleHandleA
FreeEnvironmentStringsW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
GetShortPathNameW
OpenSemaphoreW
FindAtomW
GetWindowsDirectoryW
FindFirstVolumeW
KERNEL32.dll
GetListBoxInfo
CharUpperW
USER32.dll
GetTextFaceW
SelectPalette
GetCharWidthW
GDI32.dll
DragFinish
SHELL32.dll
WinHttpGetProxyForUrl
WINHTTP.dll
MoveFileA
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
DecodePointer
EncodePointer
HeapSetInformation
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapSize
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
~~||{~
~~~~~{
|z{~~|
y{|{|z
|~~|}}
|}{{{{
}{}z{}
{||{{{
zy||~}~
zy~}|{||
}||{{}
|||}{||y~z
~||~|}z
~}~}~}
|{y|~{
}}~{|y
~z}z}~{
}|~z{~|
}|}{|{
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////
//////////////////////
5%/////////////////////55}/////////////////////
/////////////////////5
////////////////////5
5}////////////////////5
//////////////////5~
///////////////////5
/////////////////5z
//////////////////5
////////////////}u
5}/////////////////5
L5%//////////////
////////////////5
//////////////5
//////////////5
/////////////
////////////5
oL5////////////%5&
55}//////////58mF
///////////
ZwwGkk
//////58
z5}///////////5
u55555
//////////
/////////}5
kkkkkmD
5}/////////
/////////
55//////////
////////////
5}///////////////
///////////////////}555}
////////////////////////
5}////////////////////////////////5
/////////////////////////////////5
5///////////////////////////////////5
////////////////////////////////////5
/////////////////////////////////////5
//////////////////////////////////////5
////////////////////////////////////////5
/////////////////////////////////////////5
//////////////////////////////////////////5
////////////////////////////////////////////55}/////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
#######################################################################o
#######
#####od6######
####o}P
####6*
########o8}f
##########o}P
###########od
#############o
######################
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
@Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
KERNEL32.DLL
(null)
WUSER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
((((( H
h(((( H
H
CONOUT$
rewologiwexovavucobosoruzulahag
voyisiradafexefenoh
yigewomoconagufofilej kemomohokebavedagelumezubowo nabojejusoyohecodez dol dulaku
vaguhesawi radaluxakeyih
VS_VERSION_INFO
StringFileInfo
029385B3
CompanyName
Phunderstuck
FileDescriptions
Anybodies
FileVersions
8.8.87.89
InternalName
Nutrition.exe
LegalCopyrights
Challangers bottle
LegalTrademark1
ElonDoesntGetIt
LegalTrademarks2
unobservable
OriginalFilename
HerbalEssentials.exe
ProductName
HumbleOpinion
ProductVersion
2.70.47.63
VarFileInfo
Translation
%Harumavo halogonif hon yeveremava hutDDecurudage kedahojon kuvehaba wimobacarada vewodofivomo jizicoxijiwo
Pesinidezeyo yuzuxa
LebimoePugizunololuw beruvadi hujixaciyeret gojomedakavuce nulezawovemafi boxical fal gudiw gekikajiwoj ciwi
eGasorofirim zagu ciyujagilunetuw gehirukelalemus sawipasu rob hudayulunuwuduj mujukugez buciyejiyakos
4Caxavo sokeyoge gumayexafi wagub hacuzofonov xugotoj
2Tumemoruvetexi domi wenatavaj kos pipurawocan deyu
^Jumidenica lunade bajutezurumatu ledo xisomas damura laxawujujivezen yipeyafuy keme himatinuxu
Wijumubodameh biwug
Fehejovo hiv limecawod
HZowebojikihehe necigejohogix feper kifoxuloy tovodukowix nosupanigayuzatDRisumamofuluwi rohorulax muvatafuvafuxo noyixuheronob nase miwoheson=Sasokib ranosuwemim sefamu jehec fuvuhuceluh cevaze maxiyipiv
2Midejozawudosi wadaw bovivudagupezal facekegucigab
OSovox lij xovoxuhay figahowalufipam lurihisez zekehepugiruf cicixufomujuw lavef7Hifuxoto wecehomeb xela hevicovacuvic bixabinafu gucese
Teve+Mexifejusezoku pat lup wogovovujubuva gowatiZepuku yuyihipisa lebosufedewoc nazagokunirin bosufe hahifobubuxej kugipu nayexiyigeyuxem wibociwafixoyeh
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
MicroWorld-eScan Clean
ClamAV Clean
FireEye Generic.mg.a96c7ec7bf374b42
CAT-QuickHeal Clean
McAfee Clean
Cylance unsafe
Zillya Clean
Sangfor Virus.Win32.Save.a
K7AntiVirus Trojan ( 00516fdf1 )
BitDefender Clean
K7GW Trojan ( 005649fd1 )
Cybereason Clean
Baidu Clean
VirIT Clean
Cyren W32/Kryptik.KMY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky VHO:Trojan.Win32.Convagent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@AI.90 (RDML:/zqRgVMRMux7K0Yw76kSpw)
Sophos ML/PE-A
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dt
Trapmine malicious.high.ml.score
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm VHO:Trojan.Win32.Convagent.gen
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
ALYac Clean
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Trojan.Win32.Obfuscated.gen
Yandex Clean
Ikarus Trojan.Win32.Crypt
MaxSecure Clean
Fortinet Clean
AVG Clean
Avast Clean
CrowdStrike win/malicious_confidence_100% (D)
No IRMA results available.