popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-04-22 13:29:12

PDB Path

D:\Coding\Junk\msgbox\x64\Release\msgbox.pdb

PE Imphash

a5f6bfcb177d74a13b44500e58164334

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d1c 0x00000e00 5.75683503538
.rdata 0x00002000 0x00000f4e 0x00001000 4.02081983885
.data 0x00003000 0x00000678 0x00000200 0.444405306177
.pdata 0x00004000 0x00000168 0x00000200 2.78608199134
.rsrc 0x00005000 0x000001e0 0x00000200 4.6961226186
.reloc 0x00006000 0x00000030 0x00000200 0.708392069187

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00005060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library USER32.dll:
0x140002080 MessageBoxA
Library VCRUNTIME140.dll:
0x140002090 __C_specific_handler
0x140002098 __current_exception
0x1400020a8 memset
0x1400020b0 memcpy
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x1400020f0 terminate
0x1400020f8 _seh_filter_exe
0x140002100 _set_app_type
0x140002118 _c_exit
0x140002120 _cexit
0x140002128 __p___argv
0x140002130 __p___argc
0x140002138 _crt_atexit
0x140002140 _exit
0x140002148 exit
0x140002150 _initterm_e
0x140002158 _initterm
0x140002170 _configure_narrow_argv
0x140002178 _initialize_onexit_table
Library api-ms-win-crt-math-l1-1-0.dll:
0x1400020e0 __setusermatherr
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140002188 __p__commode
0x140002190 _set_fmode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x1400020d0 _configthreadlocale
Library api-ms-win-crt-heap-l1-1-0.dll:
0x1400020c0 _set_new_mode
Library KERNEL32.dll:
0x140002000 GetSystemTimeAsFileTime
0x140002008 RtlLookupFunctionEntry
0x140002010 RtlVirtualUnwind
0x140002018 UnhandledExceptionFilter
0x140002028 GetCurrentProcess
0x140002030 TerminateProcess
0x140002040 GetModuleHandleW
0x140002048 IsDebuggerPresent
0x140002050 InitializeSListHead
0x140002058 RtlCaptureContext
0x140002060 GetCurrentThreadId
0x140002068 GetCurrentProcessId
0x140002070 QueryPerformanceCounter
!This program cannot be run in DOS mode.
!Richi
`.rdata
@.data
.pdata
@.rsrc
@.reloc
u/HcH<H
RATTED!!!
D:\Coding\Junk\msgbox\x64\Release\msgbox.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.rsrc$01
.rsrc$02
MessageBoxA
USER32.dll
__C_specific_handler
__current_exception
__current_exception_context
memset
VCRUNTIME140.dll
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
KERNEL32.dll
memcpy
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec ML.Attribute.HighConfidence
Elastic Clean
ESET-NOD32 Clean
APEX Malicious
Avast Clean
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
Trapmine Clean
FireEye Clean
Emsisoft Clean
SentinelOne Clean
GData Clean
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
BitDefenderTheta Clean
AVG Clean
DeepInstinct Clean
CrowdStrike Clean
alibabacloud Clean
No IRMA results available.