Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00009b38	0x00009c00	6.13785000512
.data	0x0000b000	0x00000090	0x00000200	0.675345682346
.rdata	0x0000c000	0x00000b40	0x00000c00	4.66943538162
.pdata	0x0000d000	0x00000414	0x00000600	3.07506762493
.xdata	0x0000e000	0x000003e8	0x00000400	4.33636435585
.bss	0x0000f000	0x00000bd0	0x00000000	0.0
.edata	0x00010000	0x00000069	0x00000200	1.07708157273
.idata	0x00011000	0x00000610	0x00000800	3.39048636221
.CRT	0x00012000	0x00000058	0x00000200	0.253231201804
.tls	0x00013000	0x00000010	0x00000200	0.0
.reloc	0x00014000	0x00000064	0x00000200	1.08539918675

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00009b38

0x00009c00

6.13785000512

.data

0x0000b000

0x00000090

0x00000200

0.675345682346

.rdata

0x0000c000

0x00000b40

0x00000c00

4.66943538162

.pdata

0x0000d000

0x00000414

0x00000600

3.07506762493

.xdata

0x0000e000

0x000003e8

0x00000400

4.33636435585

.bss

0x0000f000

0x00000bd0

0x00000000

0.0

.edata

0x00010000

0x00000069

0x00000200

1.07708157273

.idata

0x00011000

0x00000610

0x00000800

3.39048636221

.CRT

0x00012000

0x00000058

0x00000200

0.253231201804

.tls

0x00013000

0x00000010

0x00000200

0.0

.reloc

0x00014000

0x00000064

0x00000200

1.08539918675

Ordinal	Address	Name
1	0x2b136b000	hash
2	0x2b1361470	xlAutoOpen
3	0x2b13613d0	xor_decrypt

Ordinal

Address

Name

0x2b136b000

hash

0x2b1361470

xlAutoOpen

0x2b13613d0

xor_decrypt

!This program cannot be run in DOS mode.

P`.data

.rdata

`@.pdata

0@.xdata

0@.bss

.edata

0@.idata

.reloc

AUATUWVSH

([^_]A\A]

AVAUATVSH

[^A\A]A^

AWAVAUATUWVSH

([^_]A\A]A^A_

c:\usersH

\public\H

default.H

D$8exe

UAWAVAUATWVSH

[^_A\A]A^A_]

ATWVSH

([^_A\H

:MZuWHcB<H

AVAUATVSH

[^A\A]A^

AWAVAUATUWVSH

[^_]A\A]A^A_

<'t,<Iup

<6t8<3tLA

H9D$HuqH

\$HHc|$PL

D$xA8D8

L+D$hL

H9T$Xt

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

H[^_]A\A]A^A_

AUATSH

[A\A]

AWAVAUATUWVSH

[^_]A\A]A^A_

D$H+D$P

\$\+|$@

|$X;D$@}

;D$Xu9

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

8[^_]A\A]A^A_

ATUWVSHcY

[^_]A\

AWAVAUATUWVSH

8[^_]A\A]A^A_

AUATVSH

([^A\A]

AWAVAUATUWVSH

([^_]A\A]A^A_

AVAUATUWVSH

[^_]A\A]A^

AVAUATUWVSH

[^_]A\A]A^

ATUWVSH

[^_]A\

ATSHcA

ATUWVSH

[^_]A\

D$(+D$,fH

AUATWVSH

@[^_A\A]

AVAUATUWVSH

@[^_]A\A]A^

ATWVSH

H[^_A\

XDv6E1M

39261943310b6f643715442c41396632174465536d6564185332110c3b301f402069023a2e135531196f2f3715442c413976371e53295d6f717f56546b4338366c515528556d772756757f6d110f2d18522a463e0418054f3645283577446a1952382a2858533d546d752b56557f6d112d371344366d112831145a2c52110475440576037c763214456559392c344c196a0079616a440e6b007c6c6a400f6a5d00146b3a40345e6b7e301f5b205e382c64470663172e62182a4336543f2b182a4630532131272a6a74037e6b76471833533e7f6856066c0a6d2f2d18522a46633b2819452019646378594526432428304814

4fb8a7a22a82c80f2c26fe6c1e0dcbb3

Mingw-w64 runtime failure:

Address %p has no image-section

VirtualQuery failed for %d bytes at address %p

VirtualProtect failed with code 0x%x

Unknown pseudo relocation protocol version %d.

Unknown pseudo relocation bit size %d.

0123456789

abcdef

ABCDEF

4P.xll

xlAutoOpen

xor_decrypt

CopyFileW

DeleteCriticalSection

EnterCriticalSection

GetLastError

InitializeCriticalSection

IsDBCSLeadByteEx

LeaveCriticalSection

MultiByteToWideChar

TlsGetValue

VirtualProtect

VirtualQuery

WinExec

___lc_codepage_func

___mb_cur_max_func

__iob_func

_amsg_exit

_errno

_initterm

_unlock

calloc

fwrite

islower

isspace

isupper

isxdigit

localeconv

malloc

memcpy

memset

realloc

strcat

strlen

strncmp

strtol

strtoul

tolower

ungetc

vfprintf

KERNEL32.dll

msvcrt.dll

c:\users\public\default.exe

c:\windows\system32\mshta.exe

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports

Exports