Static | ZeroBOX

PE Compile Time

2024-05-07 01:06:45

PE Imphash

e1d340e0eb29e7f598c6c5c9d9038cae

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00013e2a 0x00014000 6.33486391793
.rdata 0x00015000 0x00007330 0x00007400 4.57769278955
.data 0x0001d000 0x00004230 0x00001c00 2.73349708745
.pdata 0x00022000 0x000013a4 0x00001400 4.982701268
.reloc 0x00024000 0x00000642 0x00000800 4.00284887336
.rsrc 0x00025000 0x0004b03c 0x0004b200 3.84856937354

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x0006f0cc 0x00000988 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x0006fa54 0x00000076 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x0006facc 0x00000570 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x140015000 CreateFileA
0x140015008 GetFileSize
0x140015010 VirtualFree
0x140015018 ReadFile
0x140015020 VirtualAlloc
0x140015028 CloseHandle
0x140015030 DeleteFileA
0x140015038 SetEndOfFile
0x140015040 LoadLibraryW
0x140015048 SetStdHandle
0x140015050 WriteConsoleW
0x140015058 EncodePointer
0x140015060 DecodePointer
0x140015068 Sleep
0x140015078 DeleteCriticalSection
0x140015080 EnterCriticalSection
0x140015088 LeaveCriticalSection
0x140015090 GetCommandLineW
0x140015098 GetStartupInfoW
0x1400150a0 RaiseException
0x1400150a8 RtlPcToFileHeader
0x1400150b0 RtlLookupFunctionEntry
0x1400150b8 RtlUnwindEx
0x1400150c0 GetLastError
0x1400150c8 HeapFree
0x1400150d0 WideCharToMultiByte
0x1400150d8 LCMapStringW
0x1400150e0 MultiByteToWideChar
0x1400150e8 GetCPInfo
0x1400150f0 HeapAlloc
0x140015100 UnhandledExceptionFilter
0x140015110 IsDebuggerPresent
0x140015118 RtlVirtualUnwind
0x140015120 RtlCaptureContext
0x140015128 TerminateProcess
0x140015130 GetCurrentProcess
0x140015138 WriteFile
0x140015140 GetConsoleCP
0x140015148 GetConsoleMode
0x140015150 GetProcAddress
0x140015158 GetModuleHandleW
0x140015160 ExitProcess
0x140015168 GetStdHandle
0x140015170 GetModuleFileNameW
0x140015178 FreeEnvironmentStringsW
0x140015180 GetEnvironmentStringsW
0x140015188 SetHandleCount
0x140015190 GetFileType
0x140015198 FlsGetValue
0x1400151a0 FlsSetValue
0x1400151a8 FlsFree
0x1400151b0 SetLastError
0x1400151b8 GetCurrentThreadId
0x1400151c0 FlsAlloc
0x1400151c8 HeapSetInformation
0x1400151d0 GetVersion
0x1400151d8 HeapCreate
0x1400151e0 QueryPerformanceCounter
0x1400151e8 GetTickCount
0x1400151f0 GetCurrentProcessId
0x1400151f8 GetSystemTimeAsFileTime
0x140015200 GetLocaleInfoW
0x140015208 HeapSize
0x140015210 FlushFileBuffers
0x140015218 SetFilePointer
0x140015220 GetACP
0x140015228 GetOEMCP
0x140015230 IsValidCodePage
0x140015238 GetStringTypeW
0x140015240 HeapReAlloc
0x140015248 GetUserDefaultLCID
0x140015250 GetLocaleInfoA
0x140015258 EnumSystemLocalesA
0x140015260 IsValidLocale
0x140015268 CreateFileW
0x140015270 GetProcessHeap
Library WININET.dll:
0x140015280 InternetOpenA
0x140015288 InternetReadFile
0x140015290 InternetOpenUrlA
0x140015298 InternetCloseHandle

!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.reloc
B.rsrc
l$0rHH
|$ ATH
SVWATAUH
@A]A\_^[
@VWATAUAVH
@A^A]A\_^
SVWATH
hA\_^[
L9L$(L
tcH91u^
L9m'sE
UVWATAUH
A]A\_^]
W L9"u
L$0H9_
L$0H9{
l$ VWATH
fffffff
fffffff
WATAUH
fD9.u"
0A]A\_
t$ WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
p WATAUH
A]A\_
WATAUH
A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
ATAUAVH
A^A]A\
ATAUAWH
0A_A]A\
WATAUH
A]A\_
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
L!l$HL!l$@
D$PL9oXt
D$8HcH
A_A^A]A\_^[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
E9,$~T3
A_A^A]A\_^]
WATAVH
@A^A\_
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
s WATAUAVAWH
~/8\$vt)H
9t$P~98\$vt3H
A_A^A]A\_
L$ SUVWH
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVAWH
?CuND8g
A_A^A]A\_^][
\$ UVWATAUAVAWH
A_A^A]A\_^]
H9L$Xt'H
@SUVWATAUAVH
A^A]A\_^][
!t$(H!t$ H
|$ ATAUAVH
0A^A]A\
WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
A^A]A\_^
WATAUAVAWH
@A_A^A]A\_
t$ WATAUH
fD9#tSH
CfD9#u
fD91u:A
Hct$PH
shHcD$XH
tLf9t
ATAUAVH
fD9t$b
A^A]A\
@SUVWATAUAVH
zux!l$ E3
A^A]A\_^][
t$ WATAUAVAW
A_A^A]A\_
VWATAUAVH
A^A]A\_^
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
@UATAUAVAWH
A_A^A]A\]
UATAUH
@A]A\]
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
x ATAUAVH
A^A]A\
7;|$0t,
WATAUAVAWH
0A_A^A]A\_
LcA<E3
UVWATAUAVAWH
A_A^A]A\_^]
\$ E9c
D8d$8t
D8"u%H
ATAUAVH
@A^A]A\
@SUVWATAUAVH
PA^A]A\_^][
@UATAUAVAWH
A_A^A]A\]
USVWATAUAVAWH
XA_A^A]A\_^[]
WATAUAVAWH
A_A^A]A\_
x ATAUAWH
A_A]A\
|$ UATAUAVAWH
A_A^A]A\]
H(H9J(u
generic
iostream
system
iostream stream error
bad locale name
bad cast
Unknown exception
bad allocation
Visual C++ CRT: Not enough memory to complete call to strerror.
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
RookIE/1.0
http://8.134.180.138/123.conf
C:\Users\Public\Downloads\1.conf
Failed to open shellcode file
Failed to get file size
Failed to allocate memory for shellcode
Failed to read shellcode from file
invalid string position
string too long
CreateFileA
GetFileSize
VirtualFree
ReadFile
VirtualAlloc
CloseHandle
DeleteFileA
KERNEL32.dll
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
WININET.dll
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
HeapAlloc
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
SetEndOfFile
GetProcessHeap
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVbad_cast@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AVbad_alloc@std@@
^@4S<?(
@>K=AW
H0mYg'6J
pP/Xx:
aL/Xx&L
XeXuy}]T
ypT?Xr6|n
Y0T|BP
miXWg.v
K@4X5%S
~U}a\a
d<MA$u
~U{t#$
5~/us
((((( H
h(((( H
H
UTF-16LE
UNICODE
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
USER32.DLL
CONOUT$
C:\Users\Public\Downloads\1.conf
VS_VERSION_INFO
StringFileInfo
000904b0
CompanyName
Alibaba Group.
FileDescription
DingtalkDoctor
FileVersion
1.0.0.0
InternalName
DingtalkDoctor.exe
LegalCopyright
DingTalk Copyright@2017. Alibaba Group All rights reserved.
OriginalFilename
DingtalkDoctor.exe
ProductName
DingtalkDoctor
ProductVersion
1.0.0.0
080404b0
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
DingtalkDoctor.exe
LegalCopyright
Copyright@2017.
All rights reserved.
OriginalFilename
DingtalkDoctor.exe
ProductName
ProductVersion
1.0.0.0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Agent.Y!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Gen:Variant.Doina.74560
Cylance Unsafe
Zillya Downloader.Agent.Win64.6323
Sangfor Trojan.Win32.SilverFoxPrompt.swkaa
K7AntiVirus Trojan-Downloader ( 005607fa1 )
Alibaba TrojanDownloader:Win64/DropperX.c05607a1
K7GW Trojan-Downloader ( 005607fa1 )
Cybereason Clean
Baidu Clean
VirIT Trojan.Win64.Genus.GRJ
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/TrojanDownloader.Agent.EJ
APEX Malicious
Avast Win64:DropperX-gen [Drp]
Cynet Malicious (score: 99)
Kaspersky Trojan-Downloader.Win32.Agent.xycslo
BitDefender Gen:Variant.Doina.74560
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.434688.F
MicroWorld-eScan Gen:Variant.Doina.74560
Tencent Malware.Win32.Gencirc.11c0072e
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Agent.ihhav
DrWeb Clean
VIPRE Gen:Variant.Doina.74560
TrendMicro TROJ_GEN.R053C0XEC24
McAfeeD ti!20A035C052C1
Trapmine Clean
FireEye Gen:Variant.Doina.74560
Emsisoft Gen:Variant.Doina.74560 (B)
SentinelOne Clean
GData Gen:Variant.Doina.74560
Jiangmin Clean
Webroot Clean
Varist W64/ABDownloader.OMOR-4271
Avira TR/Dldr.Agent.ihhav
Antiy-AVL Trojan/Win32.Wacatac
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Doina.D12340
SUPERAntiSpyware Clean
ZoneAlarm Trojan-Downloader.Win32.Agent.xycslo
Microsoft Trojan:Win32/Znyonm
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5619520
Acronis Clean
McAfee Clean
MAX malware (ai score=82)
VBA32 TrojanDownloader.Agent
Malwarebytes Trojan.ShellCode
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R053C0XEC24
Rising Downloader.Agent!8.B23 (TFE:5:u1ZK0LTan7U)
Yandex Clean
Ikarus Trojan-Downloader.Win64.Agent
MaxSecure Trojan.Malware.248600720.susgen
Fortinet W64/Agent.EJ!tr.dldr
BitDefenderTheta Clean
AVG Win64:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (W)
alibabacloud Trojan[downloader]:Win/Agent.EG
No IRMA results available.