Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00011242	0x00011400	6.67856326395
.rdata	0x00013000	0x0002270a	0x00022800	6.71770463305
.data	0x00036000	0x0000b66c	0x0000ac00	6.73313060546
.gfids	0x00042000	0x000000ac	0x00000200	1.44691129418
.rsrc	0x00043000	0x000001e0	0x00000200	4.7074344726
.reloc	0x00044000	0x0000143c	0x00001600	6.41712392193

Name	Offset	Size	Language	Sub-language	File type
RT_MANIFEST	0x00043060	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document text

!This program cannot be run in DOS mode.

`.rdata

@.data

.gfids

@.rsrc

@.reloc

D$0_^][

D$H+|$(i

D$L3\08

D$0QR3

AD3A<;

E`9Mdu

@x+E(3

3Ep5Le

t$H+}xPQRV

D$@+D$LWPh(

VPWSh6

D$H_^]

PRVWh(

PQRVWSh(

|$(#|$

t$ 3t$8

PQRVWh(

D$pO;|$

T$d;\$l

} ;T$d

<B;l$$r

D$pK;\$

J;l$$r

D$pK;\$

T$d;\$l

T$d;T$

;\$HsR

T$d;T$

l$d;l$

T$d;T$

l$d;l$

D$pJ;T$

t$d+L$t

D$pK;\$

T$d;\$l

T$d;T$(

T$d;T$(~#

t$d;t$(|

t$d;t$(

;L$(|R

L$H;L$

L$d;L$(

L$H;L$

t$d;t$(|

t$d;t$(

D$pI;L$

Z;L$,r

y;l$0r

T$d;L$l

+Fxj@h

D$4hL5

_^][YY

T$4PQUR

(QRVWW

D$XPhw

SSVWh

YYh|1A

PPPPPWS

PP9E u:PPVWP

URPQQhp

;t$,v-

UQPXY]Y[

j"^f91j\^u8

j"^f9q

t/j=[f;

taj*Xf

VWj\^j:

WWWPWS

f9:t!V

QQSWj0j@

PPPPPPPP

H)D$LK

D$ +D$

D$X3D$8

D$PQPR

D$T_^]

T$,SUV

L$D*\$

D$4_^]

]R1^]P

~K5+@;F

1BvMa0r

j6)'Z+WA-%T

!?o`*<z8

S-Lucj

#6,o@ZL

h:vMbo^Y

cBK'#_b

GRLWPN

)$Ka:At

respected facing, publicly chair; ancient

ted gap

countries. proposed

stockings, logs procure; horizontally, qualities

alternative# broadcasting, torn

minus, lower rejoice alternative; disguises

meditate

mischief. basically. handbook; course# would suppress spread

shaft, considerate, gravel; seventeen# uproar; grounds. scotch,

UUUUUU

333333

?333333

?UUUUUU

?$rxxx

RUUUUU

?ZEM-'^

?{yK+;

?765@Z

?e')lW

i^^?(>

Y:/(A6>

?5Wg4p

%S#[k=

"B <1=

_hypot

_nextafter

FlsAlloc

FlsFree

FlsGetValue

FlsSetValue

GetCurrentPackageId

InitializeCriticalSectionEx

LCMapStringEx

LocaleNameToLCID

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

January

February

August

September

October

November

December

MM/dd/yy

dddd, MMMM dd, yyyy

HH:mm:ss

CorExitProcess

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

__based(

__cdecl

__pascal

__stdcall

__thiscall

__fastcall

__vectorcall

__clrcall

__eabi

__ptr64

__restrict

__unaligned

restrict(

delete

operator

`vftable'

`vbtable'

`vcall'

`typeof'

`local static guard'

`string'

`vbase destructor'

`vector deleting destructor'

`default constructor closure'

`scalar deleting destructor'

`vector constructor iterator'

`vector destructor iterator'

`vector vbase constructor iterator'

`virtual displacement map'

`eh vector constructor iterator'

`eh vector destructor iterator'

`eh vector vbase constructor iterator'

`copy constructor closure'

`udt returning'

`local vftable'

`local vftable constructor closure'

new[]

delete[]

`omni callsig'

`placement delete closure'

`placement delete[] closure'

`managed vector constructor iterator'

`managed vector destructor iterator'

`eh vector copy constructor iterator'

`eh vector vbase copy constructor iterator'

`dynamic initializer for '

`dynamic atexit destructor for '

`vector copy constructor iterator'

`vector vbase copy constructor iterator'

`managed vector copy constructor iterator'

`local static thread guard'

operator ""

Type Descriptor'

Base Class Descriptor at (

Base Class Array'

Class Hierarchy Descriptor'

Complete Object Locator'

?8bunz8

?/]7X&

?8bunz8

?'# cP

?ulsZ1

? m.S`

?1\q,_O

?p(/s5

?vmg$9e

?@En[vP

?VUUUUU

.text$atvsnl

.text$d

.text$deobkj

.text$dzuewf

.text$eltxqi

.text$enlosw

.text$epwcco

.text$exmlbh

.text$eyoowx

.text$f

.text$hifkbm

.text$ihuwdb

.text$iqxyoh

.text$jrddts

.text$kzsylf

.text$ldbhxu

.text$lprofx

.text$lxjate

.text$lzarrr

.text$mn

.text$mpweay

.text$notsgk

.text$okouuv

.text$prdscf

.text$qvdllu

.text$qzmvmb

.text$tslnhp

.text$vjpccv

.text$wadobd

.text$wxwjdy

.text$wymvik

.text$wywhnp

.text$xnnpfk

.text$yhfogt

.text$yxlvbk

.idata$5

.00cfg

.CRT$XCA

.CRT$XCAA

.CRT$XCZ

.CRT$XIA

.CRT$XIAA

.CRT$XIAC

.CRT$XIC

.CRT$XIZ

.CRT$XPA

.CRT$XPX

.CRT$XPXA

.CRT$XPZ

.CRT$XTA

.CRT$XTZ

.rdata

.rdata$zzzdbg

.rtc$IAA

.rtc$IZZ

.rtc$TAA

.rtc$TZZ

.xdata$x

.idata$2

.idata$3

.idata$4

.idata$6

.gfids$x

.gfids$y

.rsrc$01

.rsrc$02

CreateFileA

CloseHandle

GetCommandLineA

GetComputerNameA

GetLastError

GetFileAttributesA

FindFirstFileA

FindNextFileA

FindClose

SetCurrentDirectoryA

DeleteFileA

CreateFileMappingA

SetFileTime

MapViewOfFile

OpenFileMappingA

ExitProcess

VirtualAlloc

GetCurrentProcess

CreateMutexA

ReleaseMutex

KERNEL32.dll

IsProcessorFeaturePresent

DecodePointer

RaiseException

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

SetLastError

GetCurrentThreadId

HeapAlloc

HeapFree

GetModuleHandleW

GetProcAddress

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

FreeLibrary

LoadLibraryExW

LCMapStringW

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetModuleHandleExW

GetProcessHeap

GetStringTypeW

MultiByteToWideChar

WideCharToMultiByte

HeapSize

HeapReAlloc

GetStartupInfoW

QueryPerformanceCounter

GetCurrentProcessId

InitializeSListHead

RtlUnwind

GetStdHandle

WriteFile

GetModuleFileNameW

FindFirstFileExW

FindNextFileW

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetStdHandle

GetFileType

FlushFileBuffers

GetConsoleCP

GetConsoleMode

SetFilePointerEx

WriteConsoleW

CreateFileW

;p{C~t"

*sVS8z

0ElzUo

X:;04'

nJ[FXm

Dg]Rz?

Z+,%E}

q-JNRkI

67(]]`]|\

Oy{7Q

DAtwF!

~/o/UJ

Z?Enr+

~WZ)BM

NhIqNr

W@o^%r

O*:X]jF

Xrj2.

/U =nn

e)g/fG1

)A@D8Qm

q20,`#c

O]hE>^'

)KwTTq

FG`,#\

3z!qn

P"MJ-MK

qs9<a*

~&H[KDE

CUE@OM7

v76DX46_,5

J&'~Y+

6!/BFvc

4nzL:poo@

WJwdJi

<yM\sQq

uOIr$

UsAuHV

Qn)g.v

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

0!0'020@0R0`0m0w0

1&1<1B1M1

2%2Q2r2

2!383f3p3z3

3D4Z4h4

5#5,5>5D5Y5

6/7>7O7n7z7

828p8z8

8$9)919<9G9M9R9n9

:":Q:\:b:j:

;0<?<[<r<

>%>1>H>Q>_>h>m>

0"090_0v0

0<1J1R1f1

2@2T2i2o2

3X3^3n3

4%4;4F4L4[4q4

5*505R5e5m5t5

6?6\6x6

6 7>7C7

8E8b8i8

8?9J9R9X9b9h9n9t9~9

;);6;<;X;^;i;w;

<-<@<L<n<

?5?>?E?J?`?l?q?w?~?

0 0>0Q0_0j0

=>>C>s>

>#?N?h?

0+000:0C0j0

1-1D1L1}1

3(393@3F3a3g3[4

5@5G5u5z5

6&616U6o6{6

7<7J7Y7i7}7

7U8b8m8v8

8<9A9I9

:";*;6;

=7>?>G>S>_>

!0)0b0

1%1G1]1o1

2>2\2h2t2

3+3F3W3`3x3

4464=4

415=5Q5]5i5

66/6;6J6

<)<n<z<

0J4M5^5

6<7*848A8t8

80979@9

9<:8;L;

=)=:=C=x=

0)0G0O0

1#1E1W1b1g1l1

232=2Y2d2i2n2

33$3)3\3

44*4>4C4H4j4x4

:&:8:T:r:|:

;";/;9;I;

>3>T>Y>d>x>

3 3<3l3{3

5F5X5^5r5

576>6E6L6Y6

8%8=8O8|8

989S9^9

;/;A;S;e;w;

0K1V1`1f1z1

3+3|3#4D4

:$;5;:;?;`;e;r;

<0=9=A=

>R?q?{?

1>1D1J1P1V1\1c1j1q1x1

4@4U4\4b4t4~4

646:6`6i6o6w6|6

<+=0=4=8=<=

1I1[1e1s1

2!2-2i2y2

3)393>3C3j3s3x3}3

3$4,414A4K4p4

6L6V6\6b6

7 9N9S9

;!;&;1;<;N;W;

<!<T<c<h<y<

0@1l1t2y2

4!4>4F4o4v4

848h:4=j=

>(>6>F>[>r>

6(6-6;6

8)9P9[9k9

:8:N:X:w:

;-;V;t;

1'141d1

5(6E6Y6d6

9A9K9f9

8(858C8w8

9)94999H9\9f9

:7:@:_:i:

;#;N;U;

<$<X<_<d<

= =5=j=

=@>a>k>w>

1-161I1m1z1

22/2E2S2a2f2o2z2

3&3I3r3x3

4K4R4W4

6%6[6`6

7-737<7Y7v7

8#828?8E8T8n8

90979E9K9u9

:I:p:}:

<(<5<@<a<x<

="=)=>=I=

>$?.?9?C?

141@1R1

81@1L1P1T1X1\1h1l1p1

2$2,242<2D2L2T2\2d2l2t2|2

3 3$3(3,3034383<3@3D3H3L3P3T3X3\3

= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=l=p=t=x=|=

?$?,?4?<?D?L?T?\?d?l?t?|?

0$0,040<0D0L0T0\0d0l0t0|0

1$1,141<1D1L1T1\1d1l1t1|1

2$2,242<2D2L2T2\2d2l2t2|2

3$3,343<3D3L3T3\3d3l3t3|3

4$4,444<4D4L4T4\4d4l4t4|4

5$5,545<5D5L5T5\5d5l5t5|5

0 0(00080@0H0P0X0`0h0p0x0

1 1(10181@1H1P1X1`1h1p1x1

2 2(20282@2H2P2X2`2h2p2x2

3 3(30383@3H3P3X3`3h3p3x3

4 4(40484@4H4P4X4`4h4p4x4

5 5(50585@5H5P5X5`5h5p5x5

6 6(60686@6H6P6X6`6h6p6x6

`5d5h5l5p5t5

6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6

5 5$5(5,54585<5@5D5H5L5P5\5d5h5l5p5t5*6.62666

=(=H=h=

>0>P>p>

?0?P?\?x?

9 9$9@9D9X9\9`9d9h9l9p9t9x9|9

Bapi-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-fibers-l1-1-1

api-ms-win-core-file-l2-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-xstate-l2-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-security-systemfunctions-l1-1-0

ext-ms-win-kernel32-package-current-l1-1-0

ext-ms-win-ntuser-dialogbox-l1-1-0

ext-ms-win-ntuser-windowstation-l1-1-0

advapi32

kernel32

user32

Bja-JP

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

January

February

August

September

October

November

December

MM/dd/yy

dddd, MMMM dd, yyyy

HH:mm:ss

mscoree.dll

zh-CHS

az-AZ-Latn

uz-UZ-Latn

kok-IN

syr-SY

div-MV

quz-BO

sr-SP-Latn

az-AZ-Cyrl

uz-UZ-Cyrl

quz-EC

sr-SP-Cyrl

quz-PE

smj-NO

bs-BA-Latn

smj-SE

sr-BA-Latn

sma-NO

sr-BA-Cyrl

sma-SE

sms-FI

smn-FI

zh-CHT

az-az-cyrl

az-az-latn

bs-ba-latn

div-mv

kok-in

quz-bo

quz-ec

quz-pe

sma-no

sma-se

smj-no

smj-se

smn-fi

sms-fi

sr-ba-cyrl

sr-ba-latn

sr-sp-cyrl

sr-sp-latn

syr-sy

uz-uz-cyrl

uz-uz-latn

zh-chs

zh-cht

((((( H

CONOUT$

Antivirus	Signature
Lionic	Trojan.Win32.Cutwail.4!c
tehtris	Clean
MicroWorld-eScan	Trojan.GenericKD.69739661
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	BehavesLike.Win32.Generic.dh
McAfee	Artemis!4C321E07BBA6
Malwarebytes	Clean
Zillya	Clean
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Trojan.GenericKD.69739661
K7GW	Clean
K7AntiVirus	Clean
Baidu	Clean
VirIT	Clean
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Clean
APEX	Malicious
Paloalto	Clean
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Trojan.Generic@AI.100 (RDML:hOJOLWX+wgLsQdXKKYbt1g)
TACHYON	Clean
Sophos	Generic ML PUA (PUA)
F-Secure	Trojan.TR/AD.Cutwail.mysfu
DrWeb	Trojan.Siggen21.40036
VIPRE	Clean
TrendMicro	Trojan.Win32.SMOKELOADER.YXDJLZ
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.4c321e07bba6c01a
Emsisoft	Clean
Ikarus	Clean
GData	Clean
Jiangmin	Clean
Webroot	Clean
Google	Clean
Avira	TR/AD.Cutwail.mysfu
Antiy-AVL	Clean
Kingsoft	malware.kb.a.976
Gridinsoft	Ransom.Win32.Sabsik.sa
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Win32.Cutwail.gen
Microsoft	Trojan:Win32/Znyonm
Varist	Clean
AhnLab-V3	Clean
Acronis	Clean
BitDefenderTheta	Gen:NN.ZexaF.36738.qyW@auaysHni
ALYac	Clean
MAX	malware (ai score=87)
DeepInstinct	MALICIOUS
VBA32	Clean
Cylance	unsafe
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXDJLZ
Tencent	Clean
Yandex	Clean
SentinelOne	Static AI - Suspicious PE
MaxSecure	Clean
Fortinet	PossibleThreat.MTG.H
AVG	Win32:Malware-gen
Cybereason	malicious.75e189
Avast	Win32:Malware-gen

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports