popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-10-03 23:06:24

PE Imphash

f599f6d6eed879ac9612841c28ee3418

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00009b38 0x00009c00 6.13785157044
.data 0x0000b000 0x00000090 0x00000200 0.681683792693
.rdata 0x0000c000 0x00000b40 0x00000c00 4.69313355755
.pdata 0x0000d000 0x00000414 0x00000600 3.07506762493
.xdata 0x0000e000 0x000003e8 0x00000400 4.33636435585
.bss 0x0000f000 0x00000bd0 0x00000000 0.0
.edata 0x00010000 0x00000069 0x00000200 1.08098782273
.idata 0x00011000 0x00000610 0x00000800 3.39048636221
.CRT 0x00012000 0x00000058 0x00000200 0.253231201804
.tls 0x00013000 0x00000010 0x00000200 0.0
.reloc 0x00014000 0x00000064 0x00000200 1.08539918675

Imports

Library KERNEL32.dll:
0x3a02711a4 CopyFileW
0x3a02711ac DeleteCriticalSection
0x3a02711b4 EnterCriticalSection
0x3a02711bc GetLastError
0x3a02711cc IsDBCSLeadByteEx
0x3a02711d4 LeaveCriticalSection
0x3a02711dc MultiByteToWideChar
0x3a02711e4 Sleep
0x3a02711ec TlsGetValue
0x3a02711f4 VirtualProtect
0x3a02711fc VirtualQuery
0x3a0271204 WinExec
Library msvcrt.dll:
0x3a0271214 ___lc_codepage_func
0x3a027121c ___mb_cur_max_func
0x3a0271224 __iob_func
0x3a027122c _amsg_exit
0x3a0271234 _errno
0x3a027123c _initterm
0x3a0271244 _lock
0x3a027124c _unlock
0x3a0271254 abort
0x3a027125c calloc
0x3a0271264 free
0x3a027126c fwrite
0x3a0271274 getc
0x3a027127c islower
0x3a0271284 isspace
0x3a027128c isupper
0x3a0271294 isxdigit
0x3a027129c localeconv
0x3a02712a4 malloc
0x3a02712ac memcpy
0x3a02712b4 memset
0x3a02712bc realloc
0x3a02712c4 strcat
0x3a02712cc strlen
0x3a02712d4 strncmp
0x3a02712dc strtol
0x3a02712e4 strtoul
0x3a02712ec tolower
0x3a02712f4 ungetc
0x3a02712fc vfprintf

Exports

Ordinal Address Name
1 0x3a026b000 hash
2 0x3a0261470 xlAutoOpen
3 0x3a02613d0 xor_decrypt
!This program cannot be run in DOS mode.
P`.data
.rdata
`@.pdata
0@.xdata
0@.bss
.edata
0@.idata
.reloc
AUATUWVSH
([^_]A\A]
([^_]A\A]
([^_]A\A]
AVAUATVSH
[^A\A]A^
AWAVAUATUWVSH
([^_]A\A]A^A_
c:\usersH
\public\H
default.H
D$8exe
UAWAVAUATWVSH
[^_A\A]A^A_]
ATWVSH
([^_A\H
:MZuWHcB<H
AVAUATVSH
[^A\A]A^
[^A\A]A^
AWAVAUATUWVSH
[^_]A\A]A^A_
<'t,<Iup
<6t8<3tLA
H9D$HuqH
\$HHc|$PL
D$xA8D8
L+D$hL
H9T$Xt
H9T$Xt
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
H[^_]A\A]A^A_
AUATSH
[A\A]
[A\A]
AWAVAUATUWVSH
[^_]A\A]A^A_
D$H+D$P
\$\+|$@
|$X;D$@}
;D$Xu9
AWAVAUATUWVSH
([^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
ATUWVSHcY
[^_]A\
[^_]A\
AWAVAUATUWVSH
8[^_]A\A]A^A_
AUATVSH
([^A\A]
AWAVAUATUWVSH
([^_]A\A]A^A_
AVAUATUWVSH
[^_]A\A]A^
AVAUATUWVSH
[^_]A\A]A^
ATUWVSH
[^_]A\
[^_]A\
ATSHcA
ATUWVSH
[^_]A\
D$(+D$,fH
AUATWVSH
@[^_A\A]
AVAUATUWVSH
@[^_]A\A]A^
ATWVSH
H[^_A\
BTx7QldZ
233617422556466631370a5e21185a2c23265855715144342723587632180d2c270c37553b09072e6a760f44321e0d2a367a0b5f340008786b6f58557f1e11346a731b5a354c4b396217426b0d3b0d34263b0f440d30172331201d5a625e380621210a5b7f091c3f627917173256380637271d452230382a3736145e3230386b70674b056042123831741043251c5e756d6648007f5e506c6c63401967544b6c29051018103d061170725e433801013537205806614a423978082442220916291e08084233000d391e084905625f566b6c221a447640446a6b6f584038020035357a1b5b3e1f01726b6f4418220f163332204615
3dde11a7673e90ad96fafd0b3b27a477
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
0123456789
abcdef
ABCDEF
2N.xll
xlAutoOpen
xor_decrypt
CopyFileW
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
TlsGetValue
VirtualProtect
VirtualQuery
WinExec
___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_unlock
calloc
fwrite
islower
isspace
isupper
isxdigit
localeconv
malloc
memcpy
memset
realloc
strcat
strlen
strncmp
strtol
strtoul
tolower
ungetc
vfprintf
KERNEL32.dll
msvcrt.dll
c:\users\public\default.exe
c:\windows\system32\mshta.exe
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
DrWeb Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
CrowdStrike Clean
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Clean
APEX Clean
Paloalto Clean
Cynet Clean
Kaspersky VHO:Trojan-Downloader.Win32.Convagent.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
FireEye Clean
Emsisoft Clean
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Trojan/Win32.Sabsik
Kingsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm VHO:Trojan-Downloader.Win32.Convagent.gen
GData Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
DeepInstinct Clean
VBA32 Clean
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG Win64:TrojanX-gen [Trj]
Avast Win64:TrojanX-gen [Trj]
No IRMA results available.