popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-07-13 16:57:48

PDB Path

D:\杂项工具存放\免杀\viper\CallbackEnumChildWindows_1657683863\x64\Release\viper.pdb

PE Imphash

07e4d3f8fedafc070f7b31eddac6ba20

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000f9c 0x00001000 6.04648483369
.rdata 0x00002000 0x0000133a 0x00001400 4.47416884213
.data 0x00004000 0x00000648 0x00000200 0.464663027264
.pdata 0x00005000 0x00000198 0x00000200 3.09940934828
.rsrc 0x00006000 0x00000570 0x00000600 4.17946605739
.reloc 0x00007000 0x0000002c 0x00000200 0.651957191717

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000060f0 0x000002e8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4170156168, next used block 0
RT_GROUP_ICON 0x000063d8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_MANIFEST 0x000063f0 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140002000 HeapCreate
0x140002008 HeapAlloc
0x140002010 RtlLookupFunctionEntry
0x140002018 RtlVirtualUnwind
0x140002020 UnhandledExceptionFilter
0x140002030 GetCurrentProcess
0x140002038 TerminateProcess
0x140002048 QueryPerformanceCounter
0x140002050 GetModuleHandleW
0x140002058 IsDebuggerPresent
0x140002060 InitializeSListHead
0x140002068 GetSystemTimeAsFileTime
0x140002070 GetCurrentThreadId
0x140002078 GetCurrentProcessId
0x140002080 RtlCaptureContext
Library USER32.dll:
0x140002090 EnumChildWindows
Library VCRUNTIME140.dll:
0x1400020a0 __C_specific_handler
0x1400020a8 __current_exception
0x1400020b8 memset
0x1400020c0 memcpy
Library api-ms-win-crt-string-l1-1-0.dll:
0x1400021b0 _strrev
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140002100 _initialize_onexit_table
0x140002108 terminate
0x140002110 _seh_filter_exe
0x140002120 _set_app_type
0x140002128 _c_exit
0x140002130 _crt_atexit
0x140002138 _cexit
0x140002140 __p___argv
0x140002148 __p___argc
0x140002158 _exit
0x140002160 exit
0x140002168 _initterm_e
0x140002170 _initterm
0x140002188 _configure_narrow_argv
Library api-ms-win-crt-math-l1-1-0.dll:
0x1400020f0 __setusermatherr
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140002198 __p__commode
0x1400021a0 _set_fmode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x1400020e0 _configthreadlocale
Library api-ms-win-crt-heap-l1-1-0.dll:
0x1400020d0 _set_new_mode
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
H3E H3E
u0HcH<H
7eff141e576f58846c92843c10845dfff58c9d20ab149f9884ad98840f98949c13d47c98943c98845dff5e354a85ab149c13842f988485140000010086951404a66f98e5024c38845dfff58c9d20ab149f9884851440a69c13d42e988401ce38845dff652a5b0f865e57ecff94c0470c585dff16475a99ab149f98842e98c4851401a67c98845dff0efdf0aeab141c98840cff842c98840cff840c13d49c13d40505e514a0a65dff00b60892ab14950000101086ae98c45dff706277c4ab141f98c44e98944514eb05be13f3900020cb945e98940000100ace18846e9894651400002333f5233777eb94d5ffffffb49e21b884a59514850eff251402ce3884a51495148514a595e5851485140d10848840b8140d1094c104b84484c0b814660d10944204b844858d571d93548042c430c41f570e831c1014d09c1c14ca0c13846d10848843b8149cff849c13d4653e0d10948184b80204b844050d108476470c58840000008808b80000002758f020b0818718660d1084c324b80225b884151425de2e1c1014d09c1c1402c220c716c3ca0c1384a4a47bf0840527b8849c13d4650225b884158125b8840625b884562d13842505141514000000cc8e0f4e3884cf
\viper\CallbackEnumChildWindows_1657683863\x64\Release\viper.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.rsrc$01
.rsrc$02
HeapCreate
HeapAlloc
KERNEL32.dll
EnumChildWindows
USER32.dll
__C_specific_handler
__current_exception
__current_exception_context
memset
VCRUNTIME140.dll
_strrev
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
memcpy
wwwwwwwwwwwwp
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav W32.Common.E21A115B
Lionic Trojan.Win32.Generic.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh RDN/Generic Dropper
ALYac Trojan.GenericKD.70777269
Cylance unsafe
Zillya Clean
Sangfor Dropper.Win32.Agent.Vifj
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 Clean
APEX Clean
Avast Win64:DropperX-gen [Drp]
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.70777269
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.70777269
Tencent Clean
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Clean
VIPRE Trojan.GenericKD.70777269
TrendMicro TROJ_GEN.R011C0PLM23
Emsisoft Trojan.GenericKD.70777269 (B)
SentinelOne Clean
GData Trojan.GenericKD.70777269
Jiangmin Trojan.Generic.hsbyw
Webroot W32.Malware.Gen
Varist W64/ABRisk.SPAC-2977
Avira Clean
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D437F9B5
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic Dropper
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R011C0PLM23
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.7164915.susgen
Fortinet PossibleThreat.MU
BitDefenderTheta Clean
AVG Win64:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.