popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-10-10 06:05:25

PE Imphash

df189310e344dd9b055fac63e1a0295e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001cc0c 0x0001ce00 6.52496420133
.rdata 0x0001e000 0x00053868 0x00053a00 6.45912917274
.data 0x00072000 0x0003d328 0x0003c000 7.62365971178
.pdata 0x000b0000 0x00001638 0x00001800 5.04803624459
.gfids 0x000b2000 0x000000a4 0x00000200 1.53337333022
.rsrc 0x000b3000 0x000001e0 0x00000200 4.7113407226
.reloc 0x000b4000 0x00000624 0x00000800 4.77648447288

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x000b3060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x14001e000 GetProcessHeap
0x14001e008 CreateFileA
0x14001e010 CloseHandle
0x14001e018 GetComputerNameA
0x14001e020 GetCurrentDirectoryA
0x14001e028 HeapWalk
0x14001e030 CreateActCtxA
0x14001e038 ActivateActCtx
0x14001e040 DeactivateActCtx
0x14001e048 GetTempPathA
0x14001e050 ReadFile
0x14001e058 LockFile
0x14001e060 UnlockFile
0x14001e068 SetFileAttributesA
0x14001e070 ReleaseActCtx
0x14001e078 SetFileTime
0x14001e080 CreateNamedPipeA
0x14001e088 WaitNamedPipeA
0x14001e090 ConnectNamedPipe
0x14001e098 DisconnectNamedPipe
0x14001e0a0 ExitProcess
0x14001e0a8 VirtualAlloc
0x14001e0b0 EnterCriticalSection
0x14001e0b8 LeaveCriticalSection
0x14001e0c0 DeleteCriticalSection
0x14001e0c8 RtlCaptureContext
0x14001e0d0 RtlLookupFunctionEntry
0x14001e0d8 RtlVirtualUnwind
0x14001e0e0 IsDebuggerPresent
0x14001e0e8 UnhandledExceptionFilter
0x14001e0f8 GetCurrentProcess
0x14001e100 TerminateProcess
0x14001e110 HeapAlloc
0x14001e118 GetLastError
0x14001e120 HeapFree
0x14001e128 GetModuleHandleW
0x14001e130 GetProcAddress
0x14001e138 SetLastError
0x14001e148 TlsAlloc
0x14001e150 TlsGetValue
0x14001e158 TlsSetValue
0x14001e160 TlsFree
0x14001e168 GetSystemTimeAsFileTime
0x14001e170 FreeLibrary
0x14001e178 LoadLibraryExW
0x14001e180 LCMapStringW
0x14001e188 GetStdHandle
0x14001e190 GetFileType
0x14001e198 GetStartupInfoW
0x14001e1a0 MultiByteToWideChar
0x14001e1a8 WideCharToMultiByte
0x14001e1b0 GetCurrentThreadId
0x14001e1b8 GetACP
0x14001e1c0 GetStringTypeW
0x14001e1c8 RaiseException
0x14001e1d0 FlushFileBuffers
0x14001e1d8 WriteFile
0x14001e1e0 GetConsoleCP
0x14001e1e8 GetConsoleMode
0x14001e1f0 SetStdHandle
0x14001e1f8 GetCPInfo
0x14001e200 IsValidCodePage
0x14001e208 GetOEMCP
0x14001e210 GetModuleHandleExW
0x14001e218 SetFilePointerEx
0x14001e220 WriteConsoleW
0x14001e228 GetModuleFileNameW
0x14001e230 ReadConsoleW
0x14001e238 CreateFileW
0x14001e240 HeapSize
0x14001e248 HeapReAlloc
0x14001e250 QueryPerformanceCounter
0x14001e258 GetCurrentProcessId
0x14001e260 InitializeSListHead
0x14001e268 RtlUnwindEx
0x14001e270 FindClose
0x14001e278 FindFirstFileExW
0x14001e280 FindNextFileW
0x14001e288 GetCommandLineA
0x14001e290 GetCommandLineW
0x14001e298 GetEnvironmentStringsW
0x14001e2a0 FreeEnvironmentStringsW
!This program cannot be run in DOS mode.
WRichO
`.rdata
@.data
.pdata
@.gfids
@.rsrc
@.reloc
|$ AVAWH
t$(fA+
WATAUAVAWH
A_A^A]A\_
D+[0E;
k WATAUAVAWH
PA_A^A]A\_
VWATAVAWH
@A_A^A\_^
SUVWATAUAVAWH
D$(fD3
hA_A^A]A\_^][
L$85%}
t$ AVH
@UVWATAWH
C,+C<-
0A_A\_^]
WAVAWH
3Ct5w=
@A_A^_
SUVWATAUAVAWH
A_A^A]A\_^][
t$@E9e
H SVWH
H SVWH
)t$ H#
D$@H;G
S,, <Zw
CA< t(<#t
<htr<jtb<lt6<tt&<wt
!,X< w
t$ WAVAWH
s4+sP+
0A_A^_
WAVAWH
A_A^_
USVWATAUAVAWH
uC<0u?A
XA_A^A]A\_^[]
WATAVH
@A^A\_
WAUAVH
)D87tf
@A^A]_
WAVAWH
A_A^_
WAVAWH
A_A^_
|$ UATAUAVAWH
A_A^A]A\]
@8|$PtH
tC@8{2t
@8|$PtJ
tE@8{2t
WATAUAVAWH
@8q2u;H
A_A^A]A\_
UVWATAUAVAWH
D8i2u;H
tPD8k2u3H
0A_A^A]A\_^]
q0@80u
@HcC(H
UVWATAUAVAWH
0A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
D$XD8p
L$D;L$T
L$P+L$8
D$XD90}
L$P+L$H
A_A^A]A\_^]
L$0H;K
@80u#H
USVWAVH
A^_^[]
WATAUAVAWH
A_A^A]A\_
WAVAWH
@A_A^_
fD9t$b
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
D82u&H
D8t$Ht
x ATAVAWH
gfffffffH
D8d$ht
A_A^A\
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
`A_A^A]A\_^]
@UATAUAVAWH
H!T$0D
uf!T$(H!T$
A_A^A]A\]
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
@USVWATAUAVAWH
D8l$ht
A_A^A]A\_^[]
@UATAUAVAWH
e0A_A^A]A\]
u3HcH<H
SVWATAUAWH
HA_A]A\_^[
WATAUAVAWH
A_A^A]A\_
ffffff
fffffff
@SUVWATAUAVAWH
D88Hte
8A_A^A]A\_^][
SUVWATAUAVAWH
D88Ht!
D98Ht;H
8A_A^A]A\_^][
VATAUAVAWH
A_A^A]A\^
UVWATAUAVAWH
D(8Ht}
`A_A^A]A\_^]
|$ ATAVAWH
\$@@8=
A_A^A\
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
A_A^A\
H3E H3E
WATAUAVAWH
A_A^A]A\_
ffffff
WATAUAVAWH
A_A^A]A\_
fD9!u7A
UVWAVAWH
0A_A^_^]
WAVAWH
fA96tdH
fA94nu
0A_A^_
UVWATAUAVAWH
fA9<Bu
fC9<hu
A_A^A]A\_^]
WATAUAVAWH
fD9,yu
0A_A^A]A\_
\$ UVWAVAWH
A_A^_^]
f9|$^t&f
f9|$`t
l$ WAVAWH
A_A^_
@UATAVH
LcA<E3
t$ WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UVAUAVAWH
PA_A^A]^]
VATAUAVAWH
PA_A^A]A\^
@SVAUAWH
8A_A]^[
8A_A]^[
SUVWATAUAVAWH
Lct$`C
D"\$dHc<
D$xB1L
A_A^A]A\_^][
A+A<D;
A+I<D;
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
@A_A^A]A\_
@UVWATAUAVAWH
EiO w=
GxA3GdA
PA_A^A]A\_^]
E#O Di
PA_A^A]A\_^]
A9Pps'A
A9@<sKA
@UWAUAVAWH
UA+AtA+ApA
9C4v;D
0A_A^A]_]
WAVAWH
A1A<Ic
A_A^_
@SUVWATAUAVAWH
XA_A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
D$X%x?
WAVAWH
PA_A^_
UVATAUAWH
AX+A@-
`A_A]A\^]
|$ AVH
D+KxD9KT
WATAUAVAWH
A_A^A]A\_
SUVWATAUAVAWH
(A_A^A]A\_^][
WAVAWH
0A_A^_
WATAUAVAWH
@A_A^A]A\_
SUVWATAUAVAWH
XA_A^A]A\_^][
shoes, situated, flat. thoughtful# neighbourhood, wireless, tow. checking, beg; chapters, intelligent oars; rescue# wide. yell walk. perry# spurt# procedure. crouched, wrote, apparently nod. mossy sensible; good; brilliant marine gravity; ingratitude. headphones# examination; bench
dose# adept skinny
many; slacken
rent, edible
`h````
xpxxxx
(null)
[aOni*{
~ $s%r
@b;zO]
v2!L.2
IND)ind)UUUUUU
UUUUUU
@^8U)zj
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetCurrentPackageId
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
1#QNAN
1#SNAN
CorExitProcess
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
GetProcessHeap
CreateFileA
CloseHandle
GetComputerNameA
GetCurrentDirectoryA
HeapWalk
CreateActCtxA
ActivateActCtx
DeactivateActCtx
GetTempPathA
ReadFile
LockFile
UnlockFile
SetFileAttributesA
ReleaseActCtx
SetFileTime
CreateNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
ExitProcess
VirtualAlloc
KERNEL32.dll
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
LCMapStringW
GetStdHandle
GetFileType
GetStartupInfoW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetACP
GetStringTypeW
RaiseException
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCPInfo
IsValidCodePage
GetOEMCP
GetModuleHandleExW
SetFilePointerEx
WriteConsoleW
GetModuleFileNameW
ReadConsoleW
CreateFileW
HeapSize
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
9t%L){.#
%XSZ%X
d]!{'B
$Cz%t
X/6"mD`$
].bi!
#b;\ZQ
\B(I-P(+
a^L+w
d~.Z8
";+YZK
d<r!Yk
*cvo'4
.h7O.m
)~5Q&C
d.X4'.
8-p(O#
u/XL%
I@")TB
d% =()
#@Ud z6
m}n(q'&&
c0*ue#
,Z<$#Z
FH(C!u
X[Q"5cB
C{,d\.
\.^#x<
!T02&Z
'xxE![
&< %&!
-CXd.T
$Cy!,~
ZdYtB
&I~0
w"b],I
%*M0,
0Q?'ui^
y,7(xp&
,i?x'u
}Z:-`6
T1c!YNZ*
c#.}Z(Z~G
A&K-*92#
.];$,u
$0+Pc3$}
R LQR*e1
fR+@,m
2,}v
Y[&%9w
^q1)e+
%R?"t}
;&aY!$
$*+5pW
*j~r*E<
Rl?,/_
e+8aA%
+#pJ7#+
!K&Z.Z
$-%1)"`#
AQ#Jcy
'zm:#R
&o9E)qS
**9V(V
OQ ,#p
-XQk.D
F&^g8$Mk
i&ov;
gd+'fj
''bo>%
8 (Y8L
6$F.xA
n%XW[!
(K\!m4/"`
h,y*y;C!
$s8x%qE
AzSR
O6n^(
."0y#}J
,!5-v%6UN
S^m#<Y
|#[T:,
.ZT7#)
6!lTj%=X~
;u6*:hX
*^`2.9hQ
yY:"Sx+
sc$;:A
|+G{)+
[YkyKjX
qZF%$]
wA[%IV
| 2O1,
1:T,%-
arO)nO
>t2(d6tI.
B%g&`={
zb&;^,U
\F# e~[(}
)W~-&v
%nq[=
8]5.g
t1(FfW&
=)fQ-3
5%vk(
E!i6F+P.
\z?!bd
?(r<g
,&prp*
(Zw 2T
<M.}Y2
)}>u+I
"Fo#SFJ&
X<g,bpc.
&+hcA'#
gK!:T-
V"f-|]
t%*y@$7
zd$mhN
:)ph(+
(r$Yy(
"Yui&qI
*U#?4D
h,'g9
0%_+A,H
tC&z|N
$!N60+u
!OY-M`
LK'$E.*
XW)A;~
*?(h.W
{&I/^"
$Qvz0
B hx:.
+;#{b0
{ JfR"
<`'-ZJ#[
(1DI&ozz!
Rx+oBP
(A##%4
[Jy'+{y*9
%m;9#lt
i,-d)'"
i,#U|*
`*T _$
)C8z+A
)| L1,
_*zbX-
"FFcyr
s,JY%#
,'lFF&
y0('g$
3^+mig
,-~VR#zN
)ty&-J
g)VBE
_J.)y^
'lHY"Ag
c;9(U*
(mg>-AZ
&a]E.TIk&j
@4}$]3
$6W#%`
9}R$GY
9 aO2#
{{'#R^
"PjB't
O(7>@&
DJm)Pf
v'~%:%
,tQ&*!U
rc#Ujr
~ou-x[
B0G.UX
ZHO'V
~^h#.F4+!
G~(H!J
r*k+0c
x.",dae
N;%&'
#Lgh$e
u4X%<` %
l_o)_V
1s(S2a)
!MM!OI
/)0zu'
*/e_#|
%m$''1X
hMo,x)
{%}0V.
(&},\"\
pZ&T1n
&PmK,4]v
&6'H08%
=!N{&+j
f V@ |(
+IlM(b
%Fs:-r=
m!@/f%x
7w!m$$
+tJz)w
C&-6-,
~"C&7$
(9vq*'
Dnx"ZQ
vbT$}
@l(D*&9M
u~0+/H
lG3"1R|+
#qZ&+t
k^(.1
+tNQ'jio
:qXxD
#%W#l
h&P@4*F4z
C%+BV'
2{".m!M"X
.H:P-y
'Q+D`B
J] &t9
K+JE<&
*Pg8+[@*
G |($_x+
`9C+H;E
!D+&*Jy
M {Q\.M
C;o(]f
%%*x#+
&!ZR[
(,)p;#[
Hg)c{S
-)+;Y
`I(Qy8
VX)5d9
%Rf\"t
rEO#j
j!s F"
(n.)k](
V|%`*&
!l@#(z
>(.CUa"
R^6qn
B.6wv#y
8*~7~#
A1-#N|z
& ["'
:i=#7n#
~Xi*VcB'
1 %:%
(R9T&T)
90U*zXR
l)U+v[
# .R '*+
ZG"HUP
&7VC).
n+moP"X
L)k"h(h
)=N38:
$X/@&B
CF dLD,x
$&6Q$,P
jvg%Hk
"PuL-j
a|r,LY
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
(null)
minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
__crt_strtox::floating_point_value::as_double
_is_double
__crt_strtox::floating_point_value::as_float
!_is_double
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
mscoree.dll
CONOUT$
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.PinkSbot.bc
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.7a7625
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/Kryptik_AGen.GR
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Trojan-PSW.Win32.Vidar.ctq
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!8.8 (CLOUD)
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Trojan.PWS.Steam.36538
Zillya Clean
TrendMicro Clean
Trapmine malicious.high.ml.score
FireEye Generic.mg.571ea8843de2bd01
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Google Detected
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft malware.kb.a.976
Gridinsoft Spy.Win64.Vidar.bot
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Trojan-PSW.Win32.Vidar.ctq
Microsoft Trojan:Win32/Znyonm
Varist Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!571EA8843DE2
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DJA23
Tencent Clean
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG Win64:TrojanX-gen [Trj]
Avast Win64:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.