popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2017-07-07 00:45:56

PE Imphash

b417d74ecba642ca8eceadf01d18afc0

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00004f24 0x00005000 5.97663176613
.rdata 0x00006000 0x000008f0 0x00001000 3.21785135048
.data 0x00007000 0x00001580 0x00002000 3.77801973657

Imports

Library KERNEL32.dll:
0x406044 MoveFileA
0x406048 GetTempPathA
0x40604c GetModuleFileNameA
0x406050 lstrlenA
0x406054 MoveFileExA
0x406058 GlobalMemoryStatus
0x40605c GetModuleHandleA
0x406060 GetStartupInfoA
0x406064 WaitForSingleObject
0x406068 GetSystemInfo
0x40606c CreateThread
0x406070 CreateProcessA
0x406074 GetFileAttributesA
0x406078 GetLastError
0x40607c LoadLibraryA
0x406080 GetProcAddress
0x406084 FreeLibrary
0x406088 CreateFileA
0x40608c WriteFile
0x406090 CloseHandle
0x406094 ExitThread
0x406098 Sleep
0x40609c GetCurrentProcessId
0x4060a0 CopyFileA
0x4060a4 GetTickCount
Library USER32.dll:
0x40612c MessageBoxA
0x406130 wsprintfA
Library ADVAPI32.dll:
0x406000 CreateServiceA
0x40600c OpenServiceA
0x406010 StartServiceA
0x406014 RegSetValueExA
0x406018 CloseServiceHandle
0x406024 SetServiceStatus
0x406028 RegOpenKeyExA
0x40602c RegOpenKeyA
0x406030 RegQueryValueExA
0x406034 RegCloseKey
0x406038 OpenSCManagerA
0x40603c LockServiceDatabase
Library WS2_32.dll:
0x406138 select
0x40613c __WSAFDIsSet
0x406140 recv
0x406144 WSAIoctl
0x406148 send
0x40614c WSAStartup
0x406150 WSASocketA
0x406154 WSAGetLastError
0x406158 setsockopt
0x40615c htonl
0x406160 sendto
0x406164 WSACleanup
0x406168 gethostbyname
0x40616c socket
0x406170 htons
0x406174 connect
0x406178 closesocket
0x40617c inet_addr
Library MSVCRT.dll:
0x4060ac strlen
0x4060b0 strcat
0x4060b4 _controlfp
0x4060b8 __set_app_type
0x4060bc strcpy
0x4060c0 __p__fmode
0x4060c4 __p__commode
0x4060c8 _adjust_fdiv
0x4060cc __setusermatherr
0x4060d0 _initterm
0x4060d4 __getmainargs
0x4060d8 _acmdln
0x4060dc exit
0x4060e0 _XcptFilter
0x4060e4 _exit
0x4060e8 _iob
0x4060ec malloc
0x4060f0 free
0x4060f4 rand
0x4060f8 sprintf
0x4060fc memset
0x406100 printf
0x406104 fprintf
0x406108 memcpy
0x40610c _except_handler3
0x406110 _local_unwind2
0x406114 strstr
0x406118 ??3@YAXPAX@Z
0x40611c strrchr
0x406120 ??2@YAPAXI@Z
0x406124 strncmp
Library iphlpapi.dll:
0x406184 GetIfTable
!This program cannot be run in DOS mode.
Rich!l
`.rdata
@.data
aPhD{@
aPhX{@
GetTickCount
GetCurrentProcessId
ExitThread
CloseHandle
WriteFile
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetFileAttributesA
CreateProcessA
CreateThread
GetSystemInfo
WaitForSingleObject
MoveFileExA
MoveFileA
GetTempPathA
GetModuleFileNameA
lstrlenA
CopyFileA
GlobalMemoryStatus
GetModuleHandleA
KERNEL32.dll
wsprintfA
MessageBoxA
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
RegSetValueExA
StartServiceA
OpenServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
OpenSCManagerA
ADVAPI32.dll
WSASocketA
WSAIoctl
WS2_32.dll
sprintf
memset
printf
fprintf
memcpy
_except_handler3
_local_unwind2
strlen
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
strstr
strcpy
strcat
strncmp
malloc
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetIfTable
iphlpapi.dll
GetStartupInfoA
Eliminate small Japanese
164.155.205.99
phqghumeay
lnlfdxfircvscxggbwkf
nqduxwfnfozvsrtkjprepggxrpnrvy
WSAStartup failed: %d
WSASocket() failed: %d
Set IP_HDRINCL Error!
%d.%d.%d.%d
GET %s HTTP/1.1
%c%c%c%c%c%c%c%c%s
%c%c%c%c%c%c%c%c.%s
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Host: %s:%d
Connection: Keep-Alive
POST %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Host: %s:%d
Connection: Keep-Alive
GET %s HTTP/1.1
Host: %s
GET %s HTTP/1.1
Host: %s:%d
WSAStartup failed: %d
WSASocket() failed: %d
Set IP_HDRINCL Error!
%d.%d.%d.%d
GET %s HTTP/1.1
%c%c%c%c%c%c%c%c%s
%c%c%c%c%c%c%c%c.%s
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Host: %s:%d
Connection: Keep-Alive
POST %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Host: %s:%d
Connection: Keep-Alive
GET %s HTTP/1.1
Host: %s
GET %s HTTP/1.1
Host: %s:%d
wininet.dll
InternetOpenA
MSIE 6.0
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
WinSta0\Default
HARDWARE\DESCRIPTION\System\CentralProcessor\0
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Windows Server 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows 2012
Windows 8
Windows 10
Windows NT
XXOOXXOO:%s|%d|%d|%s
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Windows Server 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows 2012
Windows 8
Windows 10
Windows NT
XXOOXXOO:%s|%d|%d|%s
KERNEL32.dll
System%c%c%c.exe
NtQuerySystemInformation
jjjjjj
jjjjjj
No antivirus signatures available.
No IRMA results available.