Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00039332	0x00039400	5.61070382257
.data	0x0003b000	0x002d0b00	0x00004400	1.19178543937
.rsrc	0x0030c000	0x00004a20	0x00004c00	4.10299394205

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00039332

0x00039400

5.61070382257

.data

0x0003b000

0x002d0b00

0x00004400

1.19178543937

.rsrc

0x0030c000

0x00004a20

0x00004c00

4.10299394205

Name	Offset	Size	Language	Sub-language	File type
RT_CURSOR	0x0030f1a8	0x000008a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_ICON	0x0030e7f8	0x00000988	LANG_SINDHI	SUBLANG_SYS_DEFAULT	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x0030e7f8	0x00000988	LANG_SINDHI	SUBLANG_SYS_DEFAULT	dBase III DBT, version number 0, next free block index 40
RT_STRING	0x003102b8	0x00000768	LANG_SINDHI	SUBLANG_SYS_DEFAULT	data
RT_STRING	0x003102b8	0x00000768	LANG_SINDHI	SUBLANG_SYS_DEFAULT	data
RT_STRING	0x003102b8	0x00000768	LANG_SINDHI	SUBLANG_SYS_DEFAULT	data
RT_GROUP_CURSOR	0x0030fa50	0x00000014	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_GROUP_ICON	0x0030f180	0x00000022	LANG_SINDHI	SUBLANG_SYS_DEFAULT	data
RT_VERSION	0x0030fa68	0x00000204	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

Name

Offset

Size

Language

Sub-language

File type

RT_CURSOR

0x0030f1a8

0x000008a8

LANG_NEUTRAL

SUBLANG_NEUTRAL

dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"

RT_ICON

0x0030e7f8

0x00000988

LANG_SINDHI

SUBLANG_SYS_DEFAULT

dBase III DBT, version number 0, next free block index 40

RT_ICON

0x0030e7f8

0x00000988

LANG_SINDHI

SUBLANG_SYS_DEFAULT

dBase III DBT, version number 0, next free block index 40

RT_STRING

0x003102b8

0x00000768

LANG_SINDHI

SUBLANG_SYS_DEFAULT

data

RT_STRING

0x003102b8

0x00000768

LANG_SINDHI

SUBLANG_SYS_DEFAULT

data

RT_STRING

0x003102b8

0x00000768

LANG_SINDHI

SUBLANG_SYS_DEFAULT

data

RT_GROUP_CURSOR

0x0030fa50

0x00000014

LANG_NEUTRAL

SUBLANG_NEUTRAL

data

RT_GROUP_ICON

0x0030f180

0x00000022

LANG_SINDHI

SUBLANG_SYS_DEFAULT

data

RT_VERSION

0x0030fa68

0x00000204

LANG_NEUTRAL

SUBLANG_NEUTRAL

data

!This program cannot be run in DOS mode.

`.data

CorExitProcess

(null)

`h````

xpxxxx

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

GetProcessWindowStation

GetUserObjectInformationW

GetLastActivePopup

GetActiveWindow

MessageBoxW

HH:mm:ss

dddd, MMMM dd, yyyy

MM/dd/yy

December

November

October

September

August

February

January

Saturday

Friday

Thursday

Wednesday

Tuesday

Monday

Sunday

`h`hhh

xppwpp

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

lesorakocixihujazawaxuy

mowasa yuhuk vohunaz

hexadamicukopicewuvu

%s %d %f

cepemadefamoyuzaxiyedemiwevubav

Boz wil

gosopi

lubugemulegipozuyopefel

luwenagoxi nor

RUUUUU

_nextafter

_hypot

i^^?(>

Y:/(A6>

<1#QNAN

1#SNAN

uTVWhE

^SSSSS

HHtXHHt

?If90t

QQSVWh

j@j ^V

URPQQhP

;t$,v-

UQPXY]Y[

t"SS9] u

PPPPPPPP

Y+h0Oo`*u

DP'p.wr

,k9C(8

?l<&je)?

1R vS<

:}wG0

"oL0f]o

zlvzFh

Q!=X~(\

Lpi[e%j/@

.)|X"HUK

KKNk;O

7@h-lxY7

'/y6c-&

f$V37

w\x3cR>

GW-7(G

MY^+>3

l"t}7G

mDn7o]_

REqRw

\Uptt,Y

)54u+XP

yFs$I6_4

zR+LsEkD

m{-Cyl

F-x@9V

ai|ba}

.c,Rz{?

uN{,N2i

<Uf=;y

ixZ<oO

w_BabSY7

s4\RQ3

-'XcLZT

GcWmI|

2G *^cl

/sI??4R1

EkbYAZf

L9pR4?

-T\Z%d

%}cC^}

Z?4XS@

"CXj~bQ-

.SV':YH"

A<EM0zo

z3E[kO

Vab34d\AG

*h_VV(w]

c4uDW3

ROx]=f

SzVN!Tq

$ODvP~

`Jv:s=<

K|pdMt

D6M4 VR_8R

ICG/X2

bP(Uw

Bn.%F6

b37shS

nEI3`^

z [MYf

d ]OqGxk

oG|x6K

%3J8qq

]Z_.yN

],ZFb+

+Ulz}U

Un=DGH

jJm;SG

GK[pnBk

lu[;Y$M

;!PTqX

hi*SEAO

>0~MK/=

wY[S6~T

[~<;LQ?/o

:4`PL~~*rh^s

fRoTX`

qeO^X/

P?Rj8=

,S ;&}

2V!j"7

ii[$vw

rEOS+caA

yYzHDY

a`dgU

8Z U{"

l"L&6<

cSHoexz+

wcG|6l

^BQN4TW5$

SQB%sH?7|`

z.a[VZ9<

yt>oU[

EkNq 2^o

P(k4lQ

GDJ(BE

.0~#;E

?A7dBb

1rM~L$Q

6@fPFe

O0m~-\

.byP`t

p[PQlz3

Rg<\*9

czN&(A

UXLl#ZU

!-%N &

tA(ShW

@R$(~s

]zD5Ae

Bf7,]A

S(XdQh

KeznC1kKY

PaOeKQ%

QfPG2=

:B6y/Q

Y\<;E1

X;YIo`58

`EkuEH

f*PZ$A

D$T-k`B

l$4'BEm

tWItHIt9It

tRHtCHt4Ht%HtFHHt

<+t"<-t

+t HHt

u-hPG@

GetCommandLineW

SetProcessAffinityMask

SetInformationJobObject

FindFirstFileW

GetDriveTypeW

MoveFileExA

SetDefaultCommConfigW

CreateJobObjectW

GetNamedPipeHandleStateA

SetConsoleScreenBufferSize

GetComputerNameW

GetSystemDefaultLCID

GetModuleHandleW

GetConsoleAliasesLengthA

ReadConsoleW

GetConsoleAliasExesW

GetCommandLineA

GetEnvironmentStrings

GetConsoleCP

GlobalAlloc

GetPrivateProfileIntA

LoadLibraryW

SetCommConfig

TerminateThread

ReadConsoleInputA

CopyFileW

DeleteVolumeMountPointW

LocalReAlloc

GetACP

CreateMailslotW

DisconnectNamedPipe

GetShortPathNameA

SetCurrentDirectoryA

GetStartupInfoA

FindFirstFileA

GetLastError

MoveFileW

EnumSystemCodePagesW

GetProcessVersion

LoadLibraryA

RemoveDirectoryW

FindAtomA

FindNextFileA

EnumDateFormatsA

GetModuleHandleA

SetLocaleInfoW

CreateMutexA

GetProcessAffinityMask

FreeEnvironmentStringsW

FindNextFileW

VirtualProtect

PurgeComm

GetCurrentDirectoryA

FatalAppExitA

GetShortPathNameW

FindAtomW

GetWindowsDirectoryW

FindFirstVolumeW

GetFileInformationByHandle

AddConsoleAliasA

DebugBreak

OpenFileMappingA

EnumSystemLocalesW

KERNEL32.dll

CharUpperA

USER32.dll

GetTextFaceW

SelectPalette

GetCharWidthA

GDI32.dll

MoveFileA

HeapAlloc

DeleteFileA

EncodePointer

DecodePointer

HeapReAlloc

HeapSetInformation

GetStartupInfoW

GetProcAddress

ExitProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

TerminateProcess

GetCurrentProcess

WriteFile

GetStdHandle

GetModuleFileNameW

HeapCreate

EnterCriticalSection

LeaveCriticalSection

HeapSize

HeapFree

SetFilePointer

GetEnvironmentStringsW

SetHandleCount

InitializeCriticalSectionAndSpinCount

GetFileType

DeleteCriticalSection

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

RtlUnwind

GetCPInfo

GetOEMCP

IsValidCodePage

MultiByteToWideChar

WideCharToMultiByte

SetStdHandle

GetConsoleMode

FlushFileBuffers

IsProcessorFeaturePresent

LCMapStringW

GetStringTypeW

ReadFile

WriteConsoleW

CloseHandle

CreateFileW

RaiseException

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

||~|}|

zz~}z|

{~~}{~~|{

~||z{}|~y{

~zy~|~

{}{}~|

|{}||z|

}|}|}~

|{}}}}

}{}{{{~{

y}}|||

|~}}z~

~|{z~{

}{~||~{}}

~~~~~y

||}~z~{{

}{|z||

mscoree.dll

runtime error

TLOSS error

SING error

DOMAIN error

- Attempt to use MSIL code from this assembly during native code initialization

This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.

- not enough space for locale information

- Attempt to initialize the CRT more than once.

This indicates a bug in your application.

- CRT not initialized

- unable to initialize heap

- not enough space for lowio initialization

- not enough space for stdio initialization

- pure virtual function call

- not enough space for _onexit/atexit table

- unable to open console device

- unexpected heap error

- unexpected multithread lock error

- not enough space for thread data

- abort() has been called

- not enough space for environment

- not enough space for arguments

- floating point support not loaded

@Microsoft Visual C++ Runtime Library

Runtime Error!

Program:

(null)

KERNEL32.DLL

WUSER32.DLL

HH:mm:ss

dddd, MMMM dd, yyyy

MM/dd/yy

December

November

October

September

August

February

January

Saturday

Friday

Thursday

Wednesday

Tuesday

Monday

Sunday

((((( H

h(((( H

CONOUT$

pecexoyopireruzumin

minazatenocubevoto

/ P6pL

,/KPip

/-P?pR

VS_VERSION_INFO

StringFileInfo

029385B3

FileVersions

8.8.87.29

InternalName

Velectrecidad.exe

OriginalFilename

Hungle.exe

ProductName

Hsdfgidgfyh

ProductVersion

2.8.47.63

VarFileInfo

Translation

Xodobisodayegam\Rokipef woda yijuz cekejeze gisagifipez rocofib layejoxubojuduw supij diwiferayevizag pedopeNiyixuloxokahad fijabusa zunutoNVawufujofekiwuw lapigomejiku bucodu xahun wizogotidivi xanigiyikux zofabogirofBBegusazujar sipoxu yegiyiheda cotokiyaciyiva liwoyepa vodorawaxopa

JJohujudijuvuduw xokixefi wisuhuniyojuca jikivu tunuminigivu serocomobakira

Bojibegoto

[Yivejagaj sinimomir xupiheyeg wilizejileb decucara geda mutah hiya ruloxumemotoni zizepovim"Tawagiyub yuwunaciwifahu rovopewalXZovukikuzawuv loxewivevig fabasesayuze sin culicoker jowofuh suvasux bopuhegawa piyileru

OJeraw vefezemicetumu zafahu vet gofuwowevefemap boditaner befudizasocemo yuduwu

Jifutak delidNimorugenemi basijide wisujifam zorowehedepa rozav cuxaluwatoc petuhi lomacinogutoca konazaruy guvomNWekesej pawoparipij fayu guxamoyesitino katacedidiheka muyevuki zexicufub pahohKufage kab zupewowavupev fopiguwu finopuvoyacaso mizuxiwuwewimov vugeremawe mowebadapezezin nijaxuzexapa

2Feteruh demayitamaseji lojasapiv wac jixas gecobomVNusagabititu nof rosaxece ditina zuvuguji wivituwip pegibasutobexim hamelin tilekununiCDuv sufaril newuwumila mutore juhedujuzacozi jalugej zanajurohufolu

wBije vagodogatejuno vicetajanijapu vulibibarivogo pubodaxewakajun tado sit wiyiwaciyusaw modonofimubabe dajucojivepibuj

kXopicowirudun zipuboyemuf bowevobasovo riyi vunamofowanubo timixawohexig bocuno tafin hodosawup mubisisagivhResotumigimites xisar babejinodoxeye kiy samayipu vahehebotow lapihigisinevi yifol tizede vedulimupenifa\Matesanafuwulaj gajocuriboxi soherujihusuri tiyuticigo yevoleset hixumeyanito xofigapuzubovinTotifi gekewu jocusayayu kokomekagekunap bane holec biregixutataw coveweronudu keracawuvuculof biculayodajicuk

Riraduyuyagites

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
tehtris	Clean
MicroWorld-eScan	Clean
FireEye	Generic.mg.ec1b1e9118b85599
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
BitDefender	Clean
K7GW	Trojan ( 00516fdf1 )
Cybereason	malicious.3b7943
BitDefenderTheta	Clean
VirIT	Clean
Cyren	W32/Kryptik.KRH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GOAV
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Tencent	Trojan.Win32.Obfuscated.gen
TACHYON	Clean
Sophos	Mal/Generic-S
Baidu	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dm
Trapmine	suspicious.low.ml.score
CMC	Clean
Emsisoft	Clean
Ikarus	Trojan.Win32.Crypt
GData	Clean
Webroot	Clean
Google	Detected
Avira	Clean
Antiy-AVL	Clean
Gridinsoft	Ransom.Win32.STOP.bot!n
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Clean
Acronis	Clean
McAfee	Artemis!EC1B1E9118B8
MAX	Clean
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Zenpak
Cylance	unsafe
Panda	Trj/Chgt.AD
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Spyware.Windigo!8.119B5 (TFE:5:WSzs0OZcerI)
Yandex	Clean
SentinelOne	Static AI - Suspicious PE
MaxSecure	Clean
Fortinet	W32/Kryptik.HURJ!tr
AVG	Win32:BotX-gen [Trj]
Avast	Win32:BotX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Antivirus

Signature

Bkav

W32.AIDetectMalware

Lionic

Trojan.Win32.Convagent.4!c

tehtris

Clean

MicroWorld-eScan

Clean

FireEye

Generic.mg.ec1b1e9118b85599

CAT-QuickHeal

Clean

ALYac

Clean

Malwarebytes

Generic.Malware/Suspicious

VIPRE

Clean

Sangfor

Trojan.Win32.Save.a

K7AntiVirus

Trojan ( 00516fdf1 )

BitDefender

Clean

K7GW

Trojan ( 00516fdf1 )

Cybereason

malicious.3b7943

BitDefenderTheta

Clean

VirIT

Clean

Cyren

W32/Kryptik.KRH.gen!Eldorado

Symantec

ML.Attribute.HighConfidence

Elastic

malicious (high confidence)

ESET-NOD32

a variant of Win32/GenKryptik.GOAV

APEX

Malicious

Paloalto

Clean

ClamAV

Clean

Kaspersky

UDS:DangerousObject.Multi.Generic

Alibaba

Clean

NANO-Antivirus

Clean

ViRobot

Clean

Tencent

Trojan.Win32.Obfuscated.gen

TACHYON

Clean

Sophos

Mal/Generic-S

Baidu

Clean

F-Secure

Clean

DrWeb

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.Win32.Lockbit.dm

Trapmine

suspicious.low.ml.score

CMC

Clean

Emsisoft

Clean

Ikarus

Trojan.Win32.Crypt

GData

Clean

Webroot

Clean

Google

Detected

Avira

Clean

Antiy-AVL

Clean

Gridinsoft

Ransom.Win32.STOP.bot!n

Xcitium

Clean

Arcabit

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

UDS:DangerousObject.Multi.Generic

Microsoft

Trojan:Win32/Sabsik.FL.B!ml

Cynet

Malicious (score: 100)

AhnLab-V3

Clean

Acronis

Clean

McAfee

Artemis!EC1B1E9118B8

MAX

Clean

DeepInstinct

MALICIOUS

VBA32

BScope.Trojan.Zenpak

Cylance

unsafe

Panda

Trj/Chgt.AD

Zoner

Clean

TrendMicro-HouseCall

Clean

Rising

Spyware.Windigo!8.119B5 (TFE:5:WSzs0OZcerI)

Yandex

Clean

SentinelOne

Static AI - Suspicious PE

MaxSecure

Clean

Fortinet

W32/Kryptik.HURJ!tr

AVG

Win32:BotX-gen [Trj]

Avast

Win32:BotX-gen [Trj]

CrowdStrike

win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports