popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-09-25 18:47:27

PE Imphash

765650190224c30d988bfe1c70e8de98

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001718 0x00001800 5.95153689269
.rdata 0x00003000 0x0000053e 0x00000600 4.24408977727
.data 0x00004000 0x00000184 0x00000200 3.87587896423
.reloc 0x00005000 0x000000fe 0x00000200 2.31651404918

Imports

Library user32.dll:
0x403080 wsprintfA
Library kernel32.dll:
0x403010 CreateFileA
0x403014 CreateThread
0x403018 ExitProcess
0x403020 GetCurrentProcess
0x403024 GetLocalTime
0x403028 GetTempPathA
0x403030 CreateEventA
0x403034 LocalFree
0x403038 SetEvent
0x40303c SetFilePointer
0x403040 CloseHandle
0x403048 VirtualAlloc
0x40304c VirtualFree
0x403050 WaitForSingleObject
0x403054 WriteFile
0x403058 LocalAlloc
0x40305c Sleep
Library advapi32.dll:
0x403000 OpenProcessToken
0x403004 GetTokenInformation
0x403008 GetSidSubAuthority
Library wsock32.dll:
0x403098 WSAStartup
0x40309c closesocket
0x4030a0 connect
0x4030a4 htons
0x4030a8 inet_addr
0x4030ac inet_ntoa
0x4030b0 ioctlsocket
0x4030b4 recv
0x4030b8 select
0x4030bc send
0x4030c0 setsockopt
0x4030c4 shutdown
0x4030c8 socket
Library ws2_32.dll:
0x403088 freeaddrinfo
0x40308c WSAIoctl
0x403090 getaddrinfo
Library ole32.dll:
0x403064 CoInitialize
0x403068 CoCreateInstance
0x40306c CoUninitialize
Library secur32.dll:
0x403074 GetUserNameExW
0x403078 GetUserNameExA
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
Pj2hh@@
Pj2hh@@
Pj2hh@@
Pj2hh@@
Wj2hh@@
Pj2hh@@
Pj2hh@@
GNPj2hh@@
Pj2hh@@
Pj2hh@@
Pj2hh@@
Pj2hh@@
Wj2hh@@
PSQRWVh
w^_ZY[X
SQRWVi
wsprintfA
user32.dll
CloseHandle
CreateEventA
CreateFileA
CreateThread
ExitProcess
FileTimeToSystemTime
GetCurrentProcess
GetLocalTime
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
SetEvent
SetFilePointer
SystemTimeToFileTime
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile
kernel32.dll
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
advapi32.dll
WSAStartup
closesocket
connect
inet_addr
inet_ntoa
ioctlsocket
select
setsockopt
shutdown
socket
wsock32.dll
WSAIoctl
freeaddrinfo
getaddrinfo
ws2_32.dll
CoCreateInstance
CoInitialize
CoUninitialize
ole32.dll
GetUserNameExA
GetUserNameExW
secur32.dll
HOST1:5.188.206.142
HOST2:5.188.206.142
PORT1:443
randomdata
FGET %s HTTP/1.0
Host: %s
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Connection: close
3'3h334f4
6$6*60666<6B6H6N6T6Z6`6f6l6r6x6~6
Antivirus Signature
Lionic Trojan.Win32.GenericML.4!c
tehtris Generic.Malware
DrWeb Trojan.Siggen21.34754
MicroWorld-eScan Trojan.GenericKD.69558883
ClamAV Clean
FireEye Generic.mg.ed7a716082ba3dc9
CAT-QuickHeal Clean
ALYac Clean
Cylance unsafe
VIPRE Clean
Sangfor Trojan.Win32.Coroxy.Vu1c
K7AntiVirus Clean
BitDefender Trojan.GenericKD.69558883
K7GW Clean
Cybereason malicious.9316c8
BitDefenderTheta Gen:NN.ZexaF.36738.aqW@a4KyXy
VirIT Clean
Cyren W32/Threat-HLLSI-based!Maximus
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Coroxy.L
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win32.GenericML.xnet
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@AI.96 (RDML:k//vgoIABHLbcxwvc/+LXA)
Emsisoft Trojan.GenericKD.69558883 (B)
Baidu Clean
Zillya Clean
TrendMicro Trojan.Win32.SMOKELOADER.YXDJCZ
Trapmine malicious.high.ml.score
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot W32.GenML.xnet
Avira TR/Coroxy.jnxvy
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.Wacatac
Kingsoft malware.kb.a.998
Gridinsoft Ransom.Win32.Wacatac.sa
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:Trojan.Win32.GenericML.xnet
GData Trojan.GenericKD.69558883
Google Detected
AhnLab-V3 Clean
Acronis Clean
VBA32 BScope.TrojanProxy.Sybici
TACHYON Clean
Malwarebytes Trojan.Dropper
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.SMOKELOADER.YXDJCZ
Tencent Clean
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.