popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-10-03 06:07:26

PE Imphash

c262573045b48eb83cfbc0d475b9abcd

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000075d6 0x00007600 6.69820748974
.rdata 0x00009000 0x000033e2 0x00003400 4.83335449653
.data 0x0000d000 0x000009a8 0x00000200 3.7558845986
.pdata 0x0000e000 0x0000057c 0x00000600 4.03898484918
.rsrc 0x0000f000 0x000001b4 0x00000200 5.09797908882
.reloc 0x00010000 0x0000006c 0x00000200 0.0
.xObf 0x00011000 0x000230be 0x00023200 6.10938012024

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000f058 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x140009000 FreeLibrary
0x140009008 LoadLibraryA
0x140009010 SetLastError
0x140009018 HeapAlloc
0x140009020 HeapFree
0x140009028 GetProcessHeap
0x140009030 GetNativeSystemInfo
0x140009038 VirtualAlloc
0x140009040 VirtualProtect
0x140009048 VirtualFree
0x140009050 GetProcAddress
0x140009058 IsBadReadPtr
0x140009060 GetStartupInfoW
0x140009068 IsDebuggerPresent
0x140009070 InitializeSListHead
0x140009078 GetSystemTimeAsFileTime
0x140009080 GetCurrentThreadId
0x140009088 GetCurrentProcessId
0x140009090 QueryPerformanceCounter
0x1400090a0 TerminateProcess
0x1400090a8 GetCurrentProcess
0x1400090b8 UnhandledExceptionFilter
0x1400090c0 RtlVirtualUnwind
0x1400090c8 RtlLookupFunctionEntry
0x1400090d0 RtlCaptureContext
0x1400090d8 GetModuleHandleW
Library VCRUNTIME140.dll:
0x1400090e8 _CxxThrowException
0x1400090f0 strstr
0x1400090f8 __C_specific_handler
0x140009100 __std_exception_copy
0x140009108 memcpy
0x140009110 __std_exception_destroy
0x140009120 memset
0x140009128 __current_exception
Library VCRUNTIME140_1.dll:
0x140009138 __CxxFrameHandler4
Library api-ms-win-crt-time-l1-1-0.dll:
0x140009250 _time64
Library api-ms-win-crt-utility-l1-1-0.dll:
0x140009260 rand
0x140009268 srand
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140009148 _set_new_mode
0x140009150 _callnewh
0x140009158 realloc
0x140009160 malloc
0x140009168 free
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140009220 __stdio_common_vfprintf
0x140009228 __acrt_iob_func
0x140009230 __stdio_common_vsprintf
0x140009238 _set_fmode
0x140009240 __p__commode
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x1400091a0 _c_exit
0x1400091a8 _cexit
0x1400091b0 _exit
0x1400091b8 _initialize_onexit_table
0x1400091c8 _crt_atexit
0x1400091d0 terminate
0x1400091d8 exit
0x1400091e0 _initterm
0x1400091f8 _configure_narrow_argv
0x140009200 _seh_filter_exe
0x140009208 _initterm_e
0x140009210 _set_app_type
Library api-ms-win-crt-math-l1-1-0.dll:
0x140009188 __setusermatherr
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140009178 _configthreadlocale
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
B.xObf
@SATAWH
A_A\[
UVWATAUAVAWH
uMIcE8
0A_A^A]A\_^]
Sh9P8t
VWATAUAVH
@A^A]A\_^
SVWATAUAVH
hA^A]A\_^[
hA^A]A\_^[
X0I+^0
D9o t)E3
hA^A]A\_^[
UATAUAVAW
A_A^A]A\]
WATAUAVAW
A_A^A]A\_
@SUWAW
WAVAWH
A_A^_
@SUVWAVAW
A_A^_^][
UVWATAUAVAWH
0A_A^A]A\_^]
WAVAWH
A_A^_
SUVWATAUAVAWH
XA_A^A]A\_^][
UVWATAUAVAWH
0A_A^A]A\_^]
WAVAWH
0A_A^_
SUVWATAUAVAWH
HA_A^A]A\_^][
H3E H3E
u/HcH<H
da3b05bf908e8a05db8d014e0f63fdb67ceca9c3f24386875a816cb82e4c4eafcbe419147dd37ccd6df3192caa3d16db0b8267719ed6fc547bd212a1b0da7e5f1338cf0d9d5f17dd4960738a7a944630
0123456789abcdef
"$&(*,.02468:<>@BDFHJLNPRTVXZ\^`bdfhjlnprtvxz|~
;9?=3175+)/-#!'%[Y_]SQWUKIOMCAGE{y
}sqwukiomcage
0365<?:9(+.-$'"!`cfelojix{~}twrqPSVU\_ZYHKNMDGBA
[X]^WTQRC@EFOLIJkhmngdabspuv
|yz;8=>7412# %&/,)*
$-6?HAZSle~w
szahW^EL
dmR[@I>7,%
MD_Vi`{r
|ungXQJC4=&/
GNU\cjqx
.'<5BKPYfot}
ypkb]TOF
,':1XSNEt
{pmfW\AJ#(5>
FMP[ja|w
ensxIB_T
GLQZk`}v
doryHC^U
-&;0YRODu~ch
zqlgV]@K")4?
49.#her
kfq|_REH
7:- m`wzYTCN
2?(%nctyZW@M
>3$)boxuV[LAal{vUXOB
gj}pS^ID
85"/di~sP]JG
86$*p~lbHFTZ
KEWYs}oa
MCQ_u{ig=3!/
vxjdN@R\
AO]Sywek1?-#
ztfhBL^P
4:(&|r`nDJXV79+%
185.216.71.79
Unknown exception
bad allocation
bad array new length
RSDSjY
H:\My\work\loader\client_obfuscated\build\loader.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
FreeLibrary
LoadLibraryA
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
IsBadReadPtr
KERNEL32.dll
memcpy
memset
__CxxFrameHandler4
strstr
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception
__current_exception_context
VCRUNTIME140.dll
VCRUNTIME140_1.dll
_time64
malloc
realloc
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vfprintf
_callnewh
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/u
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVBaseLoader@@
.?AVMemoryLoader@@
.?AVtype_info@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
)telPf
9XKlGo
czKF Pf
bn% Pf
9x'>@X
rk~~J/
`z:0Pf
}3[vhPf
03%`Pf
',spPf
[z|0Pf
n0(/Pf
R@`tSH
(~? Pf
M1p:H
t*ygy_F
3\2npH
k'+bxPf
?me@Pf
Q5PX#K
Bya`Pf
otx#+i]hH
!;yXPf
c;ZyWH
Zg1@Pf
QB"@Pf
\hw`<Pf
8nI40wH
jOV0Pf
8tcpPf
@ R5RH
gJ}>~
,(8o@Pf
Vr</N?
<M3 Pf
e/`R`5
3EzLy;
Xc]NNH
J.+,p=H
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.69592952
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.BadFile.ch
ALYac Clean
Malwarebytes Clean
VIPRE Trojan.GenericKD.69592952
Sangfor Trojan.Win32.Agent.Vmq1
K7AntiVirus Clean
BitDefender Trojan.GenericKD.69592952
K7GW Clean
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Trojan.Win64.SMOKELOADER.YXDJDZ
Trapmine Clean
FireEye Generic.mg.28008ae8515c1376
Emsisoft Trojan.GenericKD.69592952 (B)
Ikarus Clean
GData Trojan.GenericKD.69592952
Jiangmin Clean
Webroot Clean
Google Clean
Avira Clean
Varist Clean
Antiy-AVL Trojan/Win32.Caynamer
Kingsoft Clean
Gridinsoft Trojan.Win64.Caynamer.sa
Xcitium Clean
Arcabit Trojan.Generic.D425E778
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/ScarletFlash.A
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
MAX malware (ai score=87)
DeepInstinct MALICIOUS
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Trojan.Win64.SMOKELOADER.YXDJDZ
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet PossibleThreat.PALLAS.H
AVG Clean
Cybereason Clean
Avast Clean
No IRMA results available.