Static | ZeroBOX

PE Compile Time

2009-06-18 11:30:17

PE Imphash

481f47bbb2c9c21e108d65f52b04c448

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000a966 0x0000b000 7.02518458314
.rdata 0x0000c000 0x00000fe6 0x00001000 5.31839035374
.data 0x0000d000 0x0000705c 0x00004000 4.4078410232
.rsrc 0x00015000 0x000007c8 0x00001000 1.95829602517

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00015060 0x00000768 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVCRT.dll:
0x40c0c8 _iob
0x40c0cc _except_handler3
0x40c0d0 __set_app_type
0x40c0d4 __p__fmode
0x40c0d8 __p__commode
0x40c0dc _adjust_fdiv
0x40c0e0 __setusermatherr
0x40c0e4 _initterm
0x40c0e8 __getmainargs
0x40c0ec __p___initenv
0x40c0f0 _XcptFilter
0x40c0f4 _exit
0x40c0f8 _onexit
0x40c0fc __dllonexit
0x40c100 strrchr
0x40c104 wcsncmp
0x40c108 _close
0x40c10c wcslen
0x40c110 wcscpy
0x40c114 strerror
0x40c118 modf
0x40c11c strspn
0x40c120 realloc
0x40c124 __p__environ
0x40c128 __p__wenviron
0x40c12c _errno
0x40c130 free
0x40c134 strncmp
0x40c138 strstr
0x40c13c strncpy
0x40c140 _ftol
0x40c144 qsort
0x40c148 fopen
0x40c14c perror
0x40c150 fclose
0x40c154 fflush
0x40c158 calloc
0x40c15c malloc
0x40c160 signal
0x40c164 printf
0x40c168 _isctype
0x40c16c atoi
0x40c170 exit
0x40c174 __mb_cur_max
0x40c178 _pctype
0x40c17c strchr
0x40c180 fprintf
0x40c184 _controlfp
0x40c188 _strdup
0x40c18c _strnicmp
Library KERNEL32.dll:
0x40c00c PeekNamedPipe
0x40c010 ReadFile
0x40c014 WriteFile
0x40c018 LoadLibraryA
0x40c01c GetProcAddress
0x40c020 GetVersionExA
0x40c024 GetExitCodeProcess
0x40c028 TerminateProcess
0x40c030 SetEvent
0x40c034 ReleaseMutex
0x40c044 CreateMutexA
0x40c048 GetFileType
0x40c04c SetLastError
0x40c058 GlobalFree
0x40c05c GetCommandLineW
0x40c060 TlsAlloc
0x40c064 TlsFree
0x40c068 DuplicateHandle
0x40c06c GetCurrentProcess
0x40c074 CloseHandle
0x40c090 Sleep
0x40c094 FormatMessageA
0x40c098 GetLastError
0x40c09c WaitForSingleObject
0x40c0a0 CreateEventA
0x40c0a4 SetStdHandle
0x40c0a8 SetFilePointer
0x40c0ac CreateFileA
0x40c0b0 CreateFileW
0x40c0b4 GetOverlappedResult
0x40c0b8 DeviceIoControl
0x40c0c0 LocalFree
Library ADVAPI32.dll:
0x40c000 FreeSid
Library WSOCK32.dll:
0x40c1a0 getsockopt
0x40c1a4 connect
0x40c1a8 htons
0x40c1ac gethostbyname
0x40c1b0 ntohl
0x40c1b4 inet_ntoa
0x40c1b8 setsockopt
0x40c1bc socket
0x40c1c0 closesocket
0x40c1c4 select
0x40c1c8 ioctlsocket
0x40c1cc __WSAFDIsSet
0x40c1d0 WSAStartup
0x40c1d4 WSACleanup
0x40c1d8 WSAGetLastError
Library WS2_32.dll:
0x40c194 WSARecv
0x40c198 WSASend

!This program cannot be run in DOS mode.
`.rdata
@.data
SSShL@
HAK@KK
MGLUAP
:PPnhf
$PPQhh
byVnJk
QRh@S@
u|RPQh
_^3)[E
]f<%t<
t.fEWr
]v{@Dyx@
D$$[[aYZQ
hwiniThLw&
Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Mobile/15E148 Safari/604.1
/-55P7pqBpQdijWOMB9Nd5w7x4wsLqUJqZS-N33VLPVJhDR2Aa4VA
SSSWSVh
_SSSSVh-
193.117.208.148
KUvPVI
V ;|uA
EKj(Pj
SSSSSS|
V8]FvW=
E1_^W]
E^h W@
DjiPLE
Q4PS!3
jgQPSR
YW)=@=
W$U+D$
(null)
0123456789abcdef
0123456789ABCDEF
0123456789abcdef
0123456789ABCDEF
0123456789
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
@@@@@@
 !"#$%&'()*+,-./0123@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
fprintf
strchr
_pctype
__mb_cur_max
_isctype
printf
signal
malloc
calloc
fflush
fclose
perror
strncpy
strstr
strncmp
_errno
__p__wenviron
__p__environ
realloc
strspn
strerror
wcscpy
wcslen
_close
wcsncmp
strrchr
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
GetFileType
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
SetEvent
LeaveCriticalSection
TerminateProcess
GetExitCodeProcess
GetVersionExA
GetProcAddress
LoadLibraryA
WriteFile
ReadFile
PeekNamedPipe
KERNEL32.dll
AllocateAndInitializeSid
FreeSid
ADVAPI32.dll
WSOCK32.dll
WSASend
WSARecv
WS2_32.dll
_strnicmp
_strdup
%s: Cannot use concurrency level greater than total number of requests
%s: Invalid Concurrency [Range 0..%d]
%s: invalid URL
%s: wrong number of arguments
User-Agent:
Accept:
Proxy-Authorization: Basic
Proxy credentials too long
Authorization: Basic
Authentication credentials too long
Cookie:
Cannot mix PUT and HEAD
Cannot mix POST and HEAD
Cannot mix POST/PUT and HEAD
Invalid number of requests
n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
bgcolor=white
Total of %d requests completed
..done
Finished %d requests
apr_socket_connect()
Test aborted after 10 failures
Server timed out
apr_poll
apr_sockaddr_info_get() for %s
error creating request buffer: out of memory
INFO: %s header ==
Request too long
%s %s HTTP/1.0
%s%s%sContent-length: %u
Content-type: %s
text/plain
%s %s HTTP/1.0
%s%s%s%s
Connection: Keep-Alive
Accept: */*
User-Agent: ApacheBench/
Host:
apr_pollset_create failed
(be patient)%s
[through %s:%d]
Benchmarking %s
%s: %s (%d)
Send request failed!
Send request timed out!
starttime
seconds
Cannot open gnuplot output file
%d,%.3f
Percentage served,Time in ms
Cannot open CSV output file
%d%% %5I64d
100%% %5I64d (longest request)
0%% <0> (never)
Percentage of the requests served within a certain time (ms)
Total: %5I64d %5I64d%5I64d
Processing: %5I64d %5I64d%5I64d
Connect: %5I64d %5I64d%5I64d
min avg max
WARNING: The median and mean for the total time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the total time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the waiting time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the processing time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the processing time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the initial connection time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the initial connection time are more than twice the standard
deviation apart. These results are NOT reliable.
Total: %5I64d %4I64d %5.1f %6I64d %7I64d
Waiting: %5I64d %4I64d %5.1f %6I64d %7I64d
Processing: %5I64d %4I64d %5.1f %6I64d %7I64d
Connect: %5I64d %4I64d %5.1f %6I64d %7I64d
min mean[+/-sd] median max
Connection Times (ms)
%.2f kb/s total
%.2f kb/s sent
Transfer rate: %.2f [Kbytes/sec] received
Time per request: %.3f [ms] (mean, across all concurrent requests)
Time per request: %.3f [ms] (mean)
Requests per second: %.2f [#/sec] (mean)
HTML transferred: %I64d bytes
Total PUT: %I64d
Total POSTed: %I64d
Total transferred: %I64d bytes
Keep-Alive requests: %d
Non-2xx responses: %d
Write errors: %d
(Connect: %d, Receive: %d, Length: %d, Exceptions: %d)
Failed requests: %d
Complete requests: %d
Time taken for tests: %.3f seconds
Concurrency Level: %d
Document Length: %u bytes
Document Path: %s
Server Port: %hu
Server Hostname: %s
Server Software: %s
</table>
<tr %s><th %s>Total:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s>Processing:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s>Connect:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s>&nbsp;</th> <th %s>min</th> <th %s>avg</th> <th %s>max</th></tr>
<tr %s><th %s colspan=4>Connnection Times (ms)</th></tr>
<tr %s><td colspan=2 %s>&nbsp;</td><td colspan=2 %s>%.2f kb/s total</td></tr>
<tr %s><td colspan=2 %s>&nbsp;</td><td colspan=2 %s>%.2f kb/s sent</td></tr>
<tr %s><th colspan=2 %s>Transfer rate:</th><td colspan=2 %s>%.2f kb/s received</td></tr>
<tr %s><th colspan=2 %s>Requests per second:</th><td colspan=2 %s>%.2f</td></tr>
<tr %s><th colspan=2 %s>HTML transferred:</th><td colspan=2 %s>%I64d bytes</td></tr>
<tr %s><th colspan=2 %s>Total PUT:</th><td colspan=2 %s>%I64d</td></tr>
<tr %s><th colspan=2 %s>Total POSTed:</th><td colspan=2 %s>%I64d</td></tr>
<tr %s><th colspan=2 %s>Total transferred:</th><td colspan=2 %s>%I64d bytes</td></tr>
<tr %s><th colspan=2 %s>Keep-Alive requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Non-2xx responses:</th><td colspan=2 %s>%d</td></tr>
<tr %s><td colspan=4 %s > (Connect: %d, Length: %d, Exceptions: %d)</td></tr>
<tr %s><th colspan=2 %s>Failed requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Complete requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Time taken for tests:</th><td colspan=2 %s>%.3f seconds</td></tr>
<tr %s><th colspan=2 %s>Concurrency Level:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Document Length:</th><td colspan=2 %s>%u bytes</td></tr>
<tr %s><th colspan=2 %s>Document Path:</th><td colspan=2 %s>%s</td></tr>
<tr %s><th colspan=2 %s>Server Port:</th><td colspan=2 %s>%hu</td></tr>
<tr %s><th colspan=2 %s>Server Hostname:</th><td colspan=2 %s>%s</td></tr>
<tr %s><th colspan=2 %s>Server Software:</th><td colspan=2 %s>%s</td></tr>
<table %s>
socket receive buffer
socket send buffer
socket nonblock
socket
Completed %d requests
Content-length:
Content-Length:
keep-alive
Keep-Alive
LOG: Response code = %s
WARNING: Response code not 2xx (%s)
Server:
LOG: header received:
apr_socket_recv
Licensed to The Apache Software Foundation, http://www.apache.org/<br>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>
This is ApacheBench, Version %s <i>&lt;%s&gt;</i><br>
$Revision: 655654 $
Licensed to The Apache Software Foundation, http://www.apache.org/
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
This is ApacheBench, Version %s
2.3 <$Revision: 655654 $>
-h Display usage information (this message)
-r Don't exit on socket receive errors.
-e filename Output CSV file with percentages served
-g filename Output collected data to gnuplot format file.
-S Do not show confidence estimators and warnings.
-d Do not show percentiles served table.
-k Use HTTP KeepAlive feature
-V Print version number and exit
-X proxy:port Proxyserver and port number to use
-P attribute Add Basic Proxy Authentication, the attributes
are a colon separated username and password.
-A attribute Add Basic WWW Authentication, the attributes
Inserted after all normal header lines. (repeatable)
-H attribute Add Arbitrary header line, eg. 'Accept-Encoding: gzip'
-C attribute Add cookie, eg. 'Apache=1234. (repeatable)
-z attributes String to insert as td or th attributes
-y attributes String to insert as tr attributes
-x attributes String to insert as table attributes
-i Use HEAD instead of GET
-w Print out results in HTML tables
-v verbosity How much troubleshooting info to print
Default is 'text/plain'
'application/x-www-form-urlencoded'
-T content-type Content-type header for POSTing, eg.
-u putfile File containing data to PUT. Remember also to set -T
-p postfile File containing data to POST. Remember also to set -T
-b windowsize Size of TCP send/receive buffer, in bytes
-t timelimit Seconds to max. wait for responses
-c concurrency Number of multiple requests to make
-n requests Number of requests to perform
Options are:
Usage: %s [options] [http://]hostname[:port]/path
SSL not compiled in; no https support
https://
http://
ab: Could not read POST data file: %s
ab: Could not allocate POST data buffer
ab: Could not stat POST data file (%s): %s
ab: Could not open POST data file (%s): %s
apr_global_pool
%d.%d%c
KMGTPE
%s: illegal option -- %c
%s: option requires an argument -- %c
CommandLineToArgvW
apr_initialize
0123456789.
0.0.0.0
bogus %p
No host data of that type was found
Host not found
Graceful shutdown in progress
WSAStartup not yet called
Winsock version out of range
Network system is unavailable
Too many levels of remote in path
Stale NFS file handle
Disc quota exceeded
Too many users
Too many processes
Directory not empty
No route to host
Host is down
File name too long
Too many levels of symbolic links
Connection refused
Connection timed out
Too many references, can't splice
Can't send after socket shutdown
Socket is not connected
Socket is already connected
No buffer space available
Connection reset by peer
Software caused connection abort
Net connection reset
Network is unreachable
Network is down
Can't assign requested address
Address already in use
Address family not supported
Protocol family not supported
Operation not supported on socket
Socket type not supported
Protocol not supported
Bad protocol option
Protocol wrong type for socket
Message too long
Destination address required
Socket operation on non-socket
Operation already in progress
Operation now in progress
Operation would block
Too many open sockets
Invalid argument
Bad address
Permission denied
Bad file number
Interrupted system call
APR does not understand this error code
Error string not specified yet
passwords do not match
This function has not been implemented on this platform
There is no error, this value signifies an initialized error code
Shared memory is implemented using a key system
Shared memory is implemented using files
Shared memory is implemented anonymously
Could not find specified socket in poll list.
End of file found
Missing parameter for the specified command line option
Bad character specified on command line
Partial results are valid but processing is incomplete
The timeout specified has expired
The specified child process is not done executing
The specified child process is done executing
The specified thread is not detached
The specified thread is detached
Your code just forked, and you are currently executing in the parent process
Your code just forked, and you are currently executing in the child process
Internal error
The process is not recognized.
The given path contained wildcard characters
The given path is misformatted or contained invalid characters
The given path was above the root path
The given path is incomplete
The given path is relative
The given path is absolute
The specified network mask is invalid.
The specified IP address is invalid.
DSO load failed
No shared memory is currently available
No thread key structure was provided and one was required.
No thread was provided and one was required.
No socket was provided and one was required.
No poll structure was provided and one was required.
No lock was provided and one was required.
No directory was provided and one was required.
No time was provided and one was required.
No process was provided and one was required.
An invalid socket was returned
An invalid date has been provided
A new pool could not be created.
Unrecognized Win32 error code %d
CancelIo
GetCompressedFileSizeA
GetCompressedFileSizeW
ZwQueryInformationFile
GetSecurityInfo
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
ntdll.dll
shell32
ws2_32
mswsock
advapi32
kernel32
C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb
\\?\UNC\
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName
Apache Software Foundation
FileDescription
ApacheBench command line utility
FileVersion
2.2.14
InternalName
ab.exe
LegalCopyright
Copyright 2009 The Apache Software Foundation.
OriginalFilename
ab.exe
ProductName
Apache HTTP Server
ProductVersion
2.2.14
VarFileInfo
Translation
Antivirus Signature
Bkav W32.FamVT.RorenNHc.Trojan
Lionic Trojan.Win32.Swrort.4!c
tehtris Clean
MicroWorld-eScan Trojan.CryptZ.Marte.1.Gen
ClamAV Win.Trojan.Swrort-5710536-0
CMC Clean
CAT-QuickHeal Trojan.Swrort.A
Skyhigh BehavesLike.Win32.Swrort.lh
McAfee Swrort.i
Malwarebytes Trojan.Rozena
Zillya Trojan.RozenaGen.Win32.2
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 001172b51 )
BitDefender Trojan.CryptZ.Marte.1.Gen
K7GW Trojan ( 001172b51 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.CryptZ.Marte.1.Gen
Baidu Clean
VirIT Clean
Symantec Trojan Horse
Elastic Windows.Trojan.Metasploit
ESET-NOD32 a variant of Win32/Rozena.ZL
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win32/CobaltStrike.5c89
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
ViRobot Trojan.Win32.Elzob.Gen
Rising HackTool.Swrort!1.6477 (CLASSIC)
TACHYON Clean
Sophos Mal/EncPk-ACE
F-Secure Trojan.TR/Patched.Gen2
DrWeb Clean
VIPRE Trojan.CryptZ.Marte.1.Gen
TrendMicro Backdoor.Win32.SWRORT.SMAL01
Emsisoft Trojan.CryptZ.Marte.1.Gen (B)
Ikarus Trojan.Win32.Swrort
Jiangmin Clean
Webroot W32.Malware.Gen
Google Detected
Avira TR/Patched.Gen2
Antiy-AVL GrayWare/Win32.Tampering.a
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Swrort.zv!s2
Xcitium TrojWare.Win32.Rozena.A@4jwdqr
Microsoft Trojan:Win32/Meterpreter.O
SUPERAntiSpyware Trojan.Backdoor-Shell
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Win32.Trojan.PSE.19A8VV2
Varist W32/Swrort.A.gen!Eldorado
AhnLab-V3 Trojan/Win32.Shell.R1283
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.36680.eq1@aGaydNfi
MAX malware (ai score=88)
DeepInstinct MALICIOUS
VBA32 Trojan.Meterpreter
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.SWRORT.SMAL01
Tencent Trojan.Win32.CobaltStrike.16001078
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Rozena.ABV!tr
AVG Win32:MsfShell-C [Trj]
Cybereason malicious.636cef
Avast Win32:MsfShell-C [Trj]
No IRMA results available.