Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00000857	0x00000a00	5.44351670249
.rdata	0x00002000	0x0000089e	0x00000a00	4.31133542715
.rsrc	0x00003000	0x00001838	0x00001a00	4.06772867584
.reloc	0x00005000	0x000000b4	0x00000200	2.81077549901

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00000857

0x00000a00

5.44351670249

.rdata

0x00002000

0x0000089e

0x00000a00

4.31133542715

.rsrc

0x00003000

0x00001838

0x00001a00

4.06772867584

.reloc

0x00005000

0x000000b4

0x00000200

2.81077549901

Name	Offset	Size	Language	Sub-language	File type
EXE	0x000030b0	0x00001600	LANG_ENGLISH	SUBLANG_ENGLISH_US	PE32+ executable (GUI) x86-64, for MS Windows
RT_MANIFEST	0x000046b0	0x00000188	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document text

Name

Offset

Size

Language

Sub-language

File type

EXE

0x000030b0

0x00001600

LANG_ENGLISH

SUBLANG_ENGLISH_US

PE32+ executable (GUI) x86-64, for MS Windows

RT_MANIFEST

0x000046b0

0x00000188

LANG_ENGLISH

SUBLANG_ENGLISH_US

XML 1.0 document text

!This program cannot be run in DOS mode.

`.rdata

@.rsrc

@.reloc

t6VVVVVV

XSVWjD

PSSSSSSSR

ntdll.dll

NtCreateThreadEx

.text$mn

.idata$5

.rdata

.rdata$voltmd

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

.rsrc$01

.rsrc$02

PathCombineW

StrCatW

SHLWAPI.dll

HeapFree

HeapAlloc

GetProcessHeap

TerminateProcess

WaitForSingleObject

K32EnumProcessModulesEx

OpenProcess

CloseHandle

K32EnumProcesses

ReadProcessMemory

SizeofResource

GetCurrentProcess

WriteFile

GetTempPathW

FindResourceA

CreateFileW

GetModuleHandleA

GetLastError

LockResource

DeleteFileW

LoadResource

GetProcAddress

GetCurrentProcessId

CreateProcessW

IsWow64Process

ExitProcess

KERNEL32.dll

RegOpenKeyExW

RegEnumKeyExW

RegDeleteKeyW

RegDeleteKeyExW

RegCloseKey

CryptReleaseContext

OpenProcessToken

CryptGenRandom

CryptAcquireContextW

AdjustTokenPrivileges

LookupPrivilegeValueW

RegDeleteValueW

ADVAPI32.dll

CoUninitialize

CoCreateInstance

CoInitializeSecurity

CoInitializeEx

ole32.dll

OLEAUT32.dll

!This program cannot be run in DOS mode.

`.rdata

@.pdata

@USVWAVH

A^_^[]

USVWATAUAVAWH

D!t$0L

A_A^A]A\_^[]

D;0s9A

ntdll.dll

NtCreateThreadEx

.text$mn

.idata$5

.rdata

.rdata$voltmd

.rdata$zzzdbg

.xdata

.idata$2

.idata$3

.idata$4

.idata$6

.pdata

ExitProcess

HeapFree

HeapAlloc

GetProcessHeap

TerminateProcess

K32EnumProcessModulesEx

OpenProcess

CloseHandle

K32EnumProcesses

ReadProcessMemory

GetModuleHandleA

GetLastError

GetProcAddress

GetCurrentProcessId

KERNEL32.dll

RegDeleteValueW

RegOpenKeyExW

OpenProcessToken

AdjustTokenPrivileges

LookupPrivilegeValueW

ADVAPI32.dll

CoUninitialize

CoCreateInstance

CoInitializeSecurity

CoInitializeEx

ole32.dll

OLEAUT32.dll

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

0$0:0Z0g0n0y0

363D3P3`3l3

4"4)4Y4c4r4

55?5\5u5~5

6$6,636E6_6z6

6&727J7k7v7

HARDWARE\UEFI\$embrconfig

Microsoft Base Cryptographic Provider v1.0

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

SeDebugPrivilege

HARDWARE\UEFI

$embrstager

$embrdll32

$embrdll64

$embrsvc32

HARDWARE\UEFI

$embrstager

$embrdll32

$embrdll64

$embrsvc64

SeDebugPrivilege

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Rootkit.4!c
Elastic	Windows.Rootkit.R77
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Trojan.Win64
Skyhigh	Artemis
ALYac	Trojan.GenericKD.72187981
Cylance	unsafe
Sangfor	Rootkit.Win64.Agent.Vna3
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Rootkit:Win32/MalwareX.07182e02
K7GW	RootKit ( 005a64441 )
K7AntiVirus	RootKit ( 005a64441 )
Baidu	Clean
VirIT	Trojan.Win32.Genus.VNN
Paloalto	Clean
Symantec	ML.Attribute.HighConfidence
tehtris	Clean
ESET-NOD32	a variant of Win32/Rootkit.Agent.OEJ
APEX	Malicious
McAfee	Artemis!6A2C09749219
Avast	Win64:MalwareX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win64.Convagent.gen
BitDefender	Trojan.GenericKD.72187981
NANO-Antivirus	Clean
ViRobot	Trojan.Win.Z.Babar.13312
MicroWorld-eScan	Trojan.GenericKD.72187981
Tencent	Clean
TACHYON	Clean
Sophos	Mal/Generic-S
F-Secure	Trojan.RKIT/Agent.tlptm
DrWeb	Clean
Zillya	Rootkit.Agent.Win32.52076
TrendMicro	TROJ_GEN.R002C0XD524
Trapmine	Clean
FireEye	Generic.mg.0c550ce9bb3efa8c
Emsisoft	Trojan.GenericKD.72187981 (B)
SentinelOne	Static AI - Suspicious PE
GData	Trojan.GenericKD.72187981
Jiangmin	Clean
Varist	W32/ABRisk.WVVH-0379
Avira	RKIT/Agent.tlptm
Antiy-AVL	Trojan/Win64.Convagent
Kingsoft	Win32.HeurC.KVM003.a
Gridinsoft	Ransom.Win32.Sabsik.sa
Xcitium	Clean
Arcabit	Trojan.Generic.D44D804D
SUPERAntiSpyware	Clean
ZoneAlarm	VHO:Trojan.Win64.Convagent.gen
Microsoft	Trojan:Win32/Casdet!rfn
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5605648
Acronis	Clean
BitDefenderTheta	Gen:NN.ZexaF.36802.aqW@aOgyjOni
MAX	malware (ai score=89)
VBA32	Clean
Malwarebytes	Malware.Heuristic.2045
Panda	Trj/Chgt.AD
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H09CV24
Rising	Rootkit.Agent!8.F5 (TFE:2:RpZwAEZYoLL)
Yandex	Clean
Ikarus	Trojan.Win32.Rootkit
MaxSecure	Trojan.Malware.109946137.susgen
Fortinet	W32/Rootkit_Agent.OEJ!tr
AVG	Win64:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Rootkit:Win/Tlptm

Antivirus

Signature

Bkav

W32.AIDetectMalware

Lionic

Trojan.Win32.Rootkit.4!c

Elastic

Windows.Rootkit.R77

ClamAV

Clean

CMC

Clean

CAT-QuickHeal

Trojan.Win64

Skyhigh

Artemis

ALYac

Trojan.GenericKD.72187981

Cylance

unsafe

Sangfor

Rootkit.Win64.Agent.Vna3

CrowdStrike

win/malicious_confidence_100% (W)

Alibaba

Rootkit:Win32/MalwareX.07182e02

K7GW

RootKit ( 005a64441 )

K7AntiVirus

RootKit ( 005a64441 )

Baidu

Clean

VirIT

Trojan.Win32.Genus.VNN

Paloalto

Clean

Symantec

ML.Attribute.HighConfidence

tehtris

Clean

ESET-NOD32

a variant of Win32/Rootkit.Agent.OEJ

APEX

Malicious

McAfee

Artemis!6A2C09749219

Avast

Win64:MalwareX-gen [Trj]

Cynet

Malicious (score: 100)

Kaspersky

VHO:Trojan.Win64.Convagent.gen

BitDefender

Trojan.GenericKD.72187981

NANO-Antivirus

Clean

ViRobot

Trojan.Win.Z.Babar.13312

MicroWorld-eScan

Trojan.GenericKD.72187981

Tencent

Clean

TACHYON

Clean

Sophos

Mal/Generic-S

F-Secure

Trojan.RKIT/Agent.tlptm

DrWeb

Clean

Zillya

Rootkit.Agent.Win32.52076

TrendMicro

TROJ_GEN.R002C0XD524

Trapmine

Clean

FireEye

Generic.mg.0c550ce9bb3efa8c

Emsisoft

Trojan.GenericKD.72187981 (B)

SentinelOne

Static AI - Suspicious PE

GData

Trojan.GenericKD.72187981

Jiangmin

Clean

Varist

W32/ABRisk.WVVH-0379

Avira

RKIT/Agent.tlptm

Antiy-AVL

Trojan/Win64.Convagent

Kingsoft

Win32.HeurC.KVM003.a

Gridinsoft

Ransom.Win32.Sabsik.sa

Xcitium

Clean

Arcabit

Trojan.Generic.D44D804D

SUPERAntiSpyware

Clean

ZoneAlarm

VHO:Trojan.Win64.Convagent.gen

Microsoft

Trojan:Win32/Casdet!rfn

Google

Detected

AhnLab-V3

Trojan/Win.Generic.C5605648

Acronis

Clean

BitDefenderTheta

Gen:NN.ZexaF.36802.aqW@aOgyjOni

MAX

malware (ai score=89)

VBA32

Clean

Malwarebytes

Malware.Heuristic.2045

Panda

Trj/Chgt.AD

Zoner

Clean

TrendMicro-HouseCall

TROJ_GEN.R002H09CV24

Rising

Rootkit.Agent!8.F5 (TFE:2:RpZwAEZYoLL)

Yandex

Clean

Ikarus

Trojan.Win32.Rootkit

MaxSecure

Trojan.Malware.109946137.susgen

Fortinet

W32/Rootkit_Agent.OEJ!tr

AVG

Win64:MalwareX-gen [Trj]

DeepInstinct

MALICIOUS

alibabacloud

Rootkit:Win/Tlptm

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports