Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00009b38	0x00009c00	6.13783346206
.data	0x0000b000	0x00000090	0x00000200	0.675345682346
.rdata	0x0000c000	0x00000b40	0x00000c00	4.67662586646
.pdata	0x0000d000	0x00000414	0x00000600	3.07506762493
.xdata	0x0000e000	0x000003e8	0x00000400	4.33636435585
.bss	0x0000f000	0x00000bd0	0x00000000	0.0
.edata	0x00010000	0x00000069	0x00000200	1.08098782273
.idata	0x00011000	0x00000610	0x00000800	3.39048636221
.CRT	0x00012000	0x00000058	0x00000200	0.253231201804
.tls	0x00013000	0x00000010	0x00000200	0.0
.reloc	0x00014000	0x00000064	0x00000200	1.08539918675

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00009b38

0x00009c00

6.13783346206

.data

0x0000b000

0x00000090

0x00000200

0.675345682346

.rdata

0x0000c000

0x00000b40

0x00000c00

4.67662586646

.pdata

0x0000d000

0x00000414

0x00000600

3.07506762493

.xdata

0x0000e000

0x000003e8

0x00000400

4.33636435585

.bss

0x0000f000

0x00000bd0

0x00000000

0.0

.edata

0x00010000

0x00000069

0x00000200

1.08098782273

.idata

0x00011000

0x00000610

0x00000800

3.39048636221

.CRT

0x00012000

0x00000058

0x00000200

0.253231201804

.tls

0x00013000

0x00000010

0x00000200

0.0

.reloc

0x00014000

0x00000064

0x00000200

1.08539918675

Ordinal	Address	Name
1	0x2229ab000	hash
2	0x2229a1470	xlAutoOpen
3	0x2229a13d0	xor_decrypt

Ordinal

Address

Name

0x2229ab000

hash

0x2229a1470

xlAutoOpen

0x2229a13d0

xor_decrypt

!This program cannot be run in DOS mode.

P`.data

.rdata

`@.pdata

0@.xdata

0@.bss

.edata

0@.idata

.reloc

AUATUWVSH

([^_]A\A]

AVAUATVSH

[^A\A]A^

AWAVAUATUWVSH

([^_]A\A]A^A_

c:\usersH

\public\H

default.H

D$8exe

UAWAVAUATWVSH

[^_A\A]A^A_]

ATWVSH

([^_A\H

:MZuWHcB<H

AVAUATVSH

[^A\A]A^

AWAVAUATUWVSH

[^_]A\A]A^A_

<'t,<Iup

<6t8<3tLA

H9D$HuqH

\$HHc|$PL

D$xA8D8

L+D$hL

H9T$Xt

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

H[^_]A\A]A^A_

AUATSH

[A\A]

AWAVAUATUWVSH

[^_]A\A]A^A_

D$H+D$P

\$\+|$@

|$X;D$@}

;D$Xu9

AWAVAUATUWVSH

([^_]A\A]A^A_

AWAVAUATUWVSH

8[^_]A\A]A^A_

ATUWVSHcY

[^_]A\

AWAVAUATUWVSH

8[^_]A\A]A^A_

AUATVSH

([^A\A]

AWAVAUATUWVSH

([^_]A\A]A^A_

AVAUATUWVSH

[^_]A\A]A^

AVAUATUWVSH

[^_]A\A]A^

ATUWVSH

[^_]A\

ATSHcA

ATUWVSH

[^_]A\

D$(+D$,fH

AUATWVSH

@[^_A\A]

AVAUATUWVSH

@[^_]A\A]A^

ATWVSH

H[^_A\

000b034215534e0b120a1e5e111d5241001b4c5541544c59041e4c76021d0541043123550b0c0f43494b1b44021b054715471f5f0405001548524c554f1b1959494e0f5a05494354412a566b3d3e055905061b443d351f4e121d095a525b306b021c1e5b4f0c1452414403170253306b141a094512353047140b005e02353006535a5f0550471a5512490443151956184e5d5919565f4205525a4206515a4371163c166624024307530d0311471d055a0406194341585c11470a566b3d1c1f52131a306b111c0e5b080a306b505b5f0453584241031a4b1b4159450c411e055905061b19020503440441450c5d461f5413001c435f4b

979347d17d4e524005bc1a8e8101fa3a

Mingw-w64 runtime failure:

Address %p has no image-section

VirtualQuery failed for %d bytes at address %p

VirtualProtect failed with code 0x%x

Unknown pseudo relocation protocol version %d.

Unknown pseudo relocation bit size %d.

0123456789

abcdef

ABCDEF

PV.xll

xlAutoOpen

xor_decrypt

CopyFileW

DeleteCriticalSection

EnterCriticalSection

GetLastError

InitializeCriticalSection

IsDBCSLeadByteEx

LeaveCriticalSection

MultiByteToWideChar

TlsGetValue

VirtualProtect

VirtualQuery

WinExec

___lc_codepage_func

___mb_cur_max_func

__iob_func

_amsg_exit

_errno

_initterm

_unlock

calloc

fwrite

islower

isspace

isupper

isxdigit

localeconv

malloc

memcpy

memset

realloc

strcat

strlen

strncmp

strtol

strtoul

tolower

ungetc

vfprintf

KERNEL32.dll

msvcrt.dll

c:\users\public\default.exe

c:\windows\system32\mshta.exe

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports

Exports