popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-09-21 22:26:45

PE Imphash

eb3f1099640d7d708a3042408447c005

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00009b48 0x00009c00 6.13916650702
.data 0x0000b000 0x00000080 0x00000200 0.587631081343
.rdata 0x0000c000 0x00000b40 0x00000c00 4.69715051377
.pdata 0x0000d000 0x00000414 0x00000600 3.08867943166
.xdata 0x0000e000 0x000003e4 0x00000400 4.33522262495
.bss 0x0000f000 0x00000bd0 0x00000000 0.0
.edata 0x00010000 0x00000060 0x00000200 1.03947557232
.idata 0x00011000 0x00000660 0x00000800 3.5020257528
.CRT 0x00012000 0x00000058 0x00000200 0.257137451804
.tls 0x00013000 0x00000010 0x00000200 0.0
.reloc 0x00014000 0x00000060 0x00000200 1.06595023665

Imports

Library KERNEL32.dll:
0x24e4e11c8 CopyFileW
0x24e4e11d0 DeleteCriticalSection
0x24e4e11d8 EnterCriticalSection
0x24e4e11e0 GetLastError
0x24e4e11f0 IsDBCSLeadByteEx
0x24e4e11f8 LeaveCriticalSection
0x24e4e1200 MultiByteToWideChar
0x24e4e1208 Sleep
0x24e4e1210 TlsGetValue
0x24e4e1218 VirtualProtect
0x24e4e1220 VirtualQuery
0x24e4e1228 WinExec
Library msvcrt.dll:
0x24e4e1238 ___lc_codepage_func
0x24e4e1240 ___mb_cur_max_func
0x24e4e1248 __iob_func
0x24e4e1250 _amsg_exit
0x24e4e1258 _errno
0x24e4e1260 _initterm
0x24e4e1268 _lock
0x24e4e1270 _unlock
0x24e4e1278 abort
0x24e4e1280 calloc
0x24e4e1288 free
0x24e4e1290 fwrite
0x24e4e1298 getc
0x24e4e12a0 islower
0x24e4e12a8 isspace
0x24e4e12b0 isupper
0x24e4e12b8 isxdigit
0x24e4e12c0 localeconv
0x24e4e12c8 malloc
0x24e4e12d0 memcpy
0x24e4e12d8 memset
0x24e4e12e0 realloc
0x24e4e12e8 strcpy
0x24e4e12f0 strlen
0x24e4e12f8 strncmp
0x24e4e1300 strtol
0x24e4e1308 strtoul
0x24e4e1310 tolower
0x24e4e1318 ungetc
0x24e4e1320 vfprintf
Library USER32.dll:
0x24e4e1330 MessageBoxA

Exports

Ordinal Address Name
1 0x24e4d1450 xlAutoOpen
2 0x24e4d13d0 xor_decrypt
!This program cannot be run in DOS mode.
P`.data
.rdata
`@.pdata
0@.xdata
0@.bss
.edata
0@.idata
.reloc
AUATUWVSH
([^_]A\A]
([^_]A\A]
([^_]A\A]
AVAUATVSH
[^A\A]A^
AVAUATUWVSH
[^_]A\A]A^
C:\UsersH
\Public\H
me.exe
UAWAVAUATWVSH
[^_A\A]A^A_]
ATWVSH
([^_A\H
:MZuWHcB<H
AVAUATVSH
[^A\A]A^
[^A\A]A^
AWAVAUATUWVSH
[^_]A\A]A^A_
<'t,<Iup
<6t8<3tLA
H9D$HuqH
\$HHc|$PL
D$xA8D8
L+D$hL
H9T$Xt
H9T$Xt
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
H[^_]A\A]A^A_
AUATSH
[A\A]
[A\A]
AWAVAUATUWVSH
[^_]A\A]A^A_
D$H+D$P
\$\+|$@
|$X;D$@}
;D$Xu9
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
ATUWVSHcY
[^_]A\
[^_]A\
AWAVAUATUWVSH
8[^_]A\A]A^A_
AUATVSH
([^A\A]
AWAVAUATUWVSH
([^_]A\A]A^A_
AVAUATUWVSH
[^_]A\A]A^
AVAUATUWVSH
[^_]A\A]A^
ATUWVSH
[^_]A\
[^_]A\
ATSHcA
ATUWVSH
[^_]A\
D$(+D$,fH
AUATWVSH
@[^_A\A]
AVAUATUWVSH
@[^_]A\A]A^
ATWVSH
H[^_A\
secret_key
12070c07114e7d57161a010c13065b023e19451b5358431c00037f2a060d1a13062a2a16350e060d5b4714010606361b1157000d061e09567650451b5d17161c4d533c0601595c0643315f28033c0c17170a140139282c12160d1608504039283c1e17155d001b174559304b06432f39160100062c37390906070f1b0628035a4b0f1116431a11002f514a56464b57404b4369455440444a260213462f1e08564257505443003606001606114343555279085f252f10101717070337150c11090a1139286e45131b00424f52555d644b12101d010c054b173304161c5b4c584e4a073c190c09075b41
Internal Error
An internal error has occurred.
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
0123456789
abcdef
ABCDEF
plugin64.xll
xlAutoOpen
xor_decrypt
CopyFileW
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
TlsGetValue
VirtualProtect
VirtualQuery
WinExec
___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_unlock
calloc
fwrite
islower
isspace
isupper
isxdigit
localeconv
malloc
memcpy
memset
realloc
strcpy
strlen
strncmp
strtol
strtoul
tolower
ungetc
vfprintf
MessageBoxA
KERNEL32.dll
msvcrt.dll
USER32.dll
C:\Users\Public\me.exe
C:\Windows\System32\mshta.exe
Antivirus Signature
Bkav W32.AIDetectMalware.64
Lionic Trojan.Win32.Alien.4!c
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.69405985
ClamAV Clean
FireEye Trojan.GenericKD.69405985
CAT-QuickHeal Clean
McAfee Artemis!F1B91FDBCD06
Malwarebytes Trojan.DarkGate
VIPRE Trojan.GenericKD.69407119
Sangfor Clean
K7AntiVirus Clean
BitDefender Trojan.GenericKD.69405985
K7GW Clean
CrowdStrike Clean
Baidu Clean
VirIT Clean
Cyren W64/ABRisk.NHKN-7036
Symantec Trojan Horse
tehtris Clean
ESET-NOD32 a variant of Win64/Agent.CWT
APEX Clean
Paloalto Clean
Cynet Malicious (score: 99)
Kaspersky Trojan.Win64.Alien.bzk
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Downloader.Agent!8.B23 (TFE:6:OmxMTTXvMrN)
Emsisoft Trojan.GenericKD.69405985 (B)
F-Secure Trojan.TR/Agent.uutvu
DrWeb Clean
Zillya Clean
TrendMicro Trojan.Win64.DARKGATE.YXDIVZ
McAfee-GW-Edition BehavesLike.Win64.Infected.qm
Trapmine Clean
CMC Clean
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
GData Trojan.GenericKD.69405985
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira TR/Agent.uutvu
MAX malware (ai score=88)
Antiy-AVL Trojan/Win64.Alien
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D4230D21
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win64.Alien.bzk
Microsoft Trojan:Win64/Tedy.GPB!MTB
Google Detected
AhnLab-V3 Dropper/Win.Generic.R606770
Acronis Clean
BitDefenderTheta Clean
ALYac Trojan.GenericKD.69407119
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win64.DARKGATE.YXDIVZ
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
AVG MalwareX-gen [Trj]
Avast MalwareX-gen [Trj]
No IRMA results available.