Static | ZeroBOX

PE Compile Time

2023-10-18 18:08:36

PDB Path

D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb

PE Imphash

91452bf3259a3ff5928a3bb7f6be301a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00010c06 0x00010e00 6.62826186763
.rdata 0x00012000 0x00006240 0x00006400 4.92563696642
.data 0x00019000 0x00001704 0x00000c00 2.11635701806
.rsrc 0x0001b000 0x000000f8 0x00000200 2.52495999013
.reloc 0x0001c000 0x000012dc 0x00001400 6.4456532435

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0001b060 0x00000091 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x10012000 GlobalAlloc
0x10012004 GlobalLock
0x10012008 GlobalUnlock
0x1001200c WideCharToMultiByte
0x10012010 Sleep
0x10012014 WriteConsoleW
0x10012018 CloseHandle
0x1001201c CreateFileW
0x10012020 SetFilePointerEx
0x10012024 GetConsoleMode
0x10012028 GetConsoleCP
0x1001202c WriteFile
0x10012030 FlushFileBuffers
0x10012034 SetStdHandle
0x10012038 HeapReAlloc
0x1001203c HeapSize
0x10012044 IsDebuggerPresent
0x10012050 GetStartupInfoW
0x10012054 GetModuleHandleW
0x1001205c GetCurrentProcessId
0x10012060 GetCurrentThreadId
0x10012068 InitializeSListHead
0x1001206c GetCurrentProcess
0x10012070 TerminateProcess
0x10012074 RaiseException
0x10012078 InterlockedFlushSList
0x1001207c GetLastError
0x10012080 SetLastError
0x10012084 EnterCriticalSection
0x10012088 LeaveCriticalSection
0x1001208c DeleteCriticalSection
0x10012090 RtlUnwind
0x10012098 TlsAlloc
0x1001209c TlsGetValue
0x100120a0 TlsSetValue
0x100120a4 TlsFree
0x100120a8 FreeLibrary
0x100120ac GetProcAddress
0x100120b0 LoadLibraryExW
0x100120b4 ExitProcess
0x100120b8 GetModuleHandleExW
0x100120bc GetModuleFileNameW
0x100120c0 HeapAlloc
0x100120c4 HeapFree
0x100120c8 FindClose
0x100120cc FindFirstFileExW
0x100120d0 FindNextFileW
0x100120d4 IsValidCodePage
0x100120d8 GetACP
0x100120dc GetOEMCP
0x100120e0 GetCPInfo
0x100120e4 GetCommandLineA
0x100120e8 GetCommandLineW
0x100120ec MultiByteToWideChar
0x100120f0 GetEnvironmentStringsW
0x100120f8 LCMapStringW
0x100120fc GetProcessHeap
0x10012100 GetStdHandle
0x10012104 GetFileType
0x10012108 GetStringTypeW
0x1001210c DecodePointer
Library USER32.dll:
0x10012114 EmptyClipboard
0x10012118 SetClipboardData
0x1001211c CloseClipboard
0x10012120 GetClipboardData
0x10012124 OpenClipboard
Library WININET.dll:
0x1001212c InternetOpenW
0x10012130 InternetConnectA
0x10012134 HttpOpenRequestA
0x10012138 HttpSendRequestA
0x1001213c InternetReadFile
0x10012140 InternetCloseHandle

Exports

Ordinal Address Name
1 0x100011a0 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
2 0x100011a0 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
3 0x100053f0 Main
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
E0SVW3
0VWj$h0n
URPQQh
;t$,v-
UQPXY]Y[
zSSSSj
f9:t!V
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
QQSVj8j@
bad allocation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
Unknown exception
bad array new length
62b857f66195351f1264d04e26acb1b6
465dbc52837d815b3bc29835a05e6d18
HKhYFfJ0I92YDdu8D8==
Gqen7Ymc8SPNDWbzPxQXOcus4v==
Content-Type: application/x-www-form-urlencoded
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyz0123456789
invalid string position
string too long
D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb
.text$di
.text$mn
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
CLIPPERDLL.dll
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
??4CClipperDLL@@QAEAAV0@ABV0@@Z
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
KERNEL32.dll
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
USER32.dll
InternetOpenW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
WININET.dll
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_array_new_length@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
</assembly>
0#0(020C0H0R0c0h0r0
1!13181B1Q1a1q1
1%2M2S2o2
223k3q3
8&8E8]8q8y8
;I;b;n;v;
5P6`6t6
97:A:I:Z:
;,;3;9;B;[;c;m;
<&<><F<P<
> >)>8>B>|>
?!?+?6?C?
0-171?1P1
2"2)2/282Q2Y2c2
343<3F3u3
55.585r5y5
6!6,696
7#8-858F8~8
99%9.9G9O9Y9
:*:2:<:k:u:
<D<g<~<
=#=6=H=p=
>)>@>O>b>t>
>%?D?_?z?
2$2;2A2G2M2S2Y2_2t2
3'3O3a3
4$4E4J4c4h4u4
78)828;8P8Y8
;!;-;3;V;^;c;v;
<$<+<2<9<@<G<N<U<]<e<m<y<
>#?W?_?q?~?
1B2h2}2
3*3F3P3Z3h3
3%414N5U5{5
6%6;6a6
7.787D7I7N7i7s7
<K<P<T<X<\<D?W?u?
11h1o1t1x1|1
2 2$2(2,2
6$9,939
<A=N=]=r=|=
>#?+?5?>?O?a?p?
434N4^4c4m4r4}4
8!8-8G8
9@9Q9V9
?;?d?y?
0$040A0j0q0
1#1E1V1
363O3T3]3
4%404>4E4K4f4m4
4/555a5g5y5
0Q0X0_0f0
1N1v1f3
9%:*:/:?:D:I:Y:^:c:
<"<'<,<G<Q<a<f<k<
=!=&=+=L=\=
>+>=>I>V>]>g>}>
2F3O3g3
464D4L4d4q4
7+797E7Q7_7o7
<E=c=,>
?#?5?G?Y?k?
<%<,<C<Y<
<0=c=x=
<F<P<z<N=
0D0h0s0
1 2&2+222B2P2a2y2
3,464Q4
5@6j6r6
=%=5=F=
>+>>>]>
?2?T?x?
3-5H5^5t5|5
6G6Q6[6r6|6
727<7g7q7{7
7'818;8R8\8
9G9Q9[9r9|9
:2:<:g:q:{:
:';1;;;R;\;
H1P1T1X1\1`1d1h1l1p1t1x1|1
2 2(2,2024282<2@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
>$>,>0>4>8><>
6 6$6(6,6064686<6@6D6H6L6P6\6`6d6h6l6p6t6x6|6
7h:l:p:t:
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
;$;,;4;<;D;L;T;\;d;l;t;|;
;l?p?x?
0,000@0D0H0L0T0l0|0
1$1,1D1H1`1d1|1
145<5D5H5P5d5l5t5|5
686D6\6`6|6
7 7<7@7`7
8 8@8`8
9 9@9`9
:$:,:4:
7(7,7074787<7@7D7
:(:H:h:
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
((((( H
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Zusy.446682
FireEye Gen:Variant.Zusy.446682
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.NetLoader.ch
McAfee Trojan-FUUW!CEFFD8C6661B
Malwarebytes Trojan.Clipper
VIPRE Gen:Variant.Zusy.446682
Sangfor Trojan.Win32.Amadey.Vh6k
K7AntiVirus Trojan ( 005ac85a1 )
Alibaba Trojan:Win32/Amadey.918578b4
K7GW Trojan ( 005ac85a1 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Agent.AFGA
Cynet Malicious (score: 99)
APEX Clean
Paloalto Clean
ClamAV Win.Malware.Zusy-10001339-0
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Gen:Variant.Zusy.446682
NANO-Antivirus Trojan.Win32.Clipper.kcgsdq
SUPERAntiSpyware Clean
Avast Win32:BotX-gen [Trj]
Tencent Malware.Win32.Gencirc.11b7a763
Sophos Troj/Amadey-K
F-Secure Trojan.TR/Agent.nfeub
DrWeb Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0DJL23
Trapmine Clean
CMC Clean
Emsisoft Gen:Variant.Zusy.446682 (B)
Ikarus Trojan.Win32.Agent
Jiangmin Clean
Webroot Clean
Varist W32/ABRisk.LYRV-1851
Avira TR/Agent.nfeub
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Amadey
Kingsoft Clean
Microsoft Trojan:Win32/Amadey.MA!MTB
Gridinsoft Trojan.Win32.Agent.ns
Xcitium Clean
Arcabit Trojan.Zusy.D6D0DA
ViRobot Trojan.Win.Z.Zusy.104448.C
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
GData Win32.Trojan.Amadey.C
Google Detected
AhnLab-V3 Trojan/Win.FUUW.C5509968
Acronis Clean
BitDefenderTheta Gen:NN.ZedlaF.36792.gu4@aK0AsCpi
ALYac Gen:Variant.Zusy.446682
TACHYON Trojan/W32.Agent.104448.YW
VBA32 Clean
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJL23
Rising Trojan.Agent!8.B1E (TFE:5:UaFrdoZ2D2N)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
AVG Win32:BotX-gen [Trj]
DeepInstinct MALICIOUS
No IRMA results available.