popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-05-27 22:49:47

PE Imphash

5e2d8ff302ecf8ed0528a463eb95501d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00009b36 0x00009c00 6.50295546126
.rdata 0x0000b000 0x00001e0c 0x00002000 4.9657614445
.data 0x0000d000 0x000012cc 0x00000a00 6.42337219478
.pdata 0x0000f000 0x00000444 0x00000600 3.27361813053
.00cfg 0x00010000 0x00000038 0x00000200 0.39143769782
.retplne 0x00011000 0x0000008c 0x00000200 1.05058324797
.rsrc 0x00012000 0x00012468 0x00012600 7.2169791686
.reloc 0x00025000 0x00000218 0x00000400 3.42729269694

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00023df8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00024260 0x000000bc LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_VERSION 0x00012370 0x000002f0 LANG_ENGLISH SUBLANG_ENGLISH_UK SysEx File - IDP
RT_MANIFEST 0x00024320 0x00000143 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library KERNEL32.dll:
0x14000bc50 CloseHandle
0x14000bc58 CreateFileW
0x14000bc60 EnumCalendarInfoW
0x14000bc68 FindClose
0x14000bc70 FindFirstFileW
0x14000bc78 FindNextFileW
0x14000bc80 GetCurrentProcess
0x14000bc88 GetCurrentProcessId
0x14000bc90 GetCurrentThreadId
0x14000bc98 GetFileSize
0x14000bca0 GetModuleFileNameW
0x14000bca8 GetModuleHandleA
0x14000bcb0 GetModuleHandleW
0x14000bcb8 GetProcAddress
0x14000bcc0 GetStartupInfoW
0x14000bcc8 GetSystemDirectoryW
0x14000bcd0 GetSystemTimeAsFileTime
0x14000bcd8 InitializeSListHead
0x14000bce0 IsDebuggerPresent
0x14000bcf0 QueryPerformanceCounter
0x14000bcf8 ReadFile
0x14000bd08 RtlCaptureContext
0x14000bd10 RtlLookupFunctionEntry
0x14000bd18 RtlVirtualUnwind
0x14000bd20 SetFilePointer
0x14000bd30 TerminateProcess
0x14000bd38 UnhandledExceptionFilter
0x14000bd40 VirtualProtect
0x14000bd48 WriteProcessMemory
Library ADVAPI32.dll:
0x14000bd58 RegOpenKeyExW
0x14000bd60 RegSetValueExA
Library MSVCP140.dll:
Library api-ms-win-core-path-l1-1-0.dll:
0x14000bd80 PathCchRemoveFileSpec
Library VCRUNTIME140.dll:
0x14000bd90 _CxxThrowException
0x14000bd98 __C_specific_handler
0x14000bda0 __CxxFrameHandler3
0x14000bda8 __current_exception
0x14000bdb8 __std_exception_copy
0x14000bdc0 __std_exception_destroy
0x14000bdc8 memcpy
0x14000bdd0 memmove
0x14000bdd8 memset
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x14000bde8 __p__commode
0x14000bdf0 __stdio_common_vswprintf
0x14000bdf8 _set_fmode
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x14000be08 _c_exit
0x14000be10 _cexit
0x14000be18 _configure_narrow_argv
0x14000be20 _crt_atexit
0x14000be28 _exit
0x14000be40 _initialize_onexit_table
0x14000be48 _initterm
0x14000be50 _initterm_e
0x14000be70 _seh_filter_exe
0x14000be78 _set_app_type
0x14000be80 exit
0x14000be88 terminate
Library api-ms-win-crt-string-l1-1-0.dll:
0x14000be98 _stricmp
0x14000bea0 strlen
0x14000bea8 wcscat_s
Library api-ms-win-crt-heap-l1-1-0.dll:
0x14000beb8 _callnewh
0x14000bec0 _set_new_mode
0x14000bec8 free
0x14000bed0 malloc
Library api-ms-win-crt-math-l1-1-0.dll:
0x14000bee0 __setusermatherr
Library api-ms-win-crt-locale-l1-1-0.dll:
0x14000bef0 _configthreadlocale
!This program cannot be run in DOS mode.$
`.rdata
@.data
.pdata
@.00cfg
@.retplne
@.reloc
UAWAVAUATVWSH
fffff.
fffff.
fffff.
fffff.
fffff.
fffff.
fffff.
fffff.
eX[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVAUATVWSH
h[_^A\A]A^A_]
UAWAVVWSH
fffff.
fffff.
fffff.
8[_^A^A_]
UAWAVVWSH
([_^A^A_]
AWAVATVWSH
fffff.
ffffff.
([_^A\A^A_
fffff.
UAWAVAUATVWSH
Affff.
fffff.
fffff.
fffff.
fffff.
EHE28D
fffff.
`F24:D
`F24:D
42F24*D
42D24:D
eh[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
ffffff.
UAWAVAUATVWSH
8[_^A\A]A^A_]
ffffff.
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
ffffff.
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
UAWAVAUATVWSH
8[_^A\A]A^A_]
AWAVAUATVWUSH
u:ffff.
fffff.
uDffff.
fffff.
([]_^A\A]A^A_
AWAVAUATVWSH
/ffff.
@[_^A\A]A^A_
>ffffff.
AWAVAUATVWUSH
fffff.
([]_^A\A]A^A_
UAWAVAUATVWSH
[_^A\A]A^A_]
fffff.
AVVWSH
>ffff.
([_^A^
fffff.
AVVWSH
([_^A^
AWAVVWSH
ffffff.
[_^A^A_
AVVWSH
([_^A^
AVVWSH
([_^A^
fffff.
sffff.
fffff.
fffff.
UAWAVAUATVWSH
[_^A\A]A^A_]
fffff.
UAWAVAUATVWSH
([_^A\A]A^A_]
fffff.
AWAVAUATVWSH
0[_^A\A]A^A_
AWAVAUATVWUSH
|$ ffff.
T$(ffffff.
fffff.
T$(ffff.
*fffff.
ffffff.
8[]_^A\A]A^A_
u/HcH<H
v@Z](=G
*+z\uT
gzB9]^
bad allocation
CloseHandle
CreateFileW
EnumCalendarInfoW
FindClose
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemDirectoryW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
ReadFile
RegisterApplicationRestart
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
WriteProcessMemory
RegOpenKeyExW
RegSetValueExA
?_Xlength_error@std@@YAXPEBD@Z
PathCchRemoveFileSpec
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
memcpy
memmove
memset
__p__commode
__stdio_common_vswprintf
_set_fmode
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
terminate
_stricmp
strlen
wcscat_s
_callnewh
_set_new_mode
malloc
__setusermatherr
_configthreadlocale
KERNEL32.dll
ADVAPI32.dll
MSVCP140.dll
api-ms-win-core-path-l1-1-0.dll
VCRUNTIME140.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
.?AVbad_array_new_length@std@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
RetpolineV1
RetpolineV1
RetpolineV1
RetpolineV1
wwwwxx
wwwwww
DLL||v
tDDDDDDDddel|l|||
tDDDDD
\FGtlw
GGGG|vV
GvVXellx
DLLfvx
wwDDDGee||lx
"",,99,
"!,,,::;;;;;
!5==?===@@@@<
Q0??[[\\\\\_>
Q?__cccccf]v
bcccggggfv
lnnnynygz
mzzzz{{yn
N-1112
-22277
.1111.
6-16HMX
Su3816.
N-18MXh
Su3883.
-6JPss
78M^81N
-MNsuu
8^^^`8`
d^`````dddt
``dada
waaee`
$$%((9b
$$%(())*o
$$((())+}
$$%&&'''*f
&++.999@
4:;PPTTCr
ZLssuuVu
gmFFwF-S
6%21$fm''
f2\\fd,E,
2`]hbEE,M
3c]kbOOEM
"<<=>>W
!$%%&%'
SQSSQQS
\KK486J
22&&$#
>>9;9:5:5584444
##$:#
>>>>>>>>>>9>:9
GEZ_9:<<Ad
ROGq,8
`q4[--
5ek#ak
?8f<I~4
1PX0v.
'#4cR9$
2Nppp@
Zkt:mZ
*JR)I!X
o}{Ba4Ya
)O:Zyw
`Xp2*0f
NpNa%F
[Pd$z^
i_oHZn
w8>IPZ
XOh64Z/k}
BI0f>7AQ@
*'I"l`
XW`9Sp*[
g&$QDV
+DgQ(:
;$E^`u
Jd}\@B
ub:mO&Scp
A3JB&F
Hse;e<9
hLPJ(f
eo~k-Ea
' QenV
0/\/obe
dfc-e5@
1x>DJg
`n)@{
gP*S'@X
{b)PK@
B } QP
}WwBM5
w.MX[[
Jvv' e
7"3uF#
^f%`\[rEJ]
ljY?zT
g21$IrH
iD;<}!
y+1-\4
(]BE-d
U/@H-v
L[_D5ca.TC:\
`Tq)R,
lm9yhj
\Y8-.}U)
(cX^^6[[[
I)+E&)#
7-{#li%L
"9-~E
eQk}Zk
IDATW&
bB6a!8
h$N{;l
{pil@$
Lqbbbj
pjDNLJ
^z1z<c
d(o`\@
e.\uh
t*ERjLLL
\n`$y
*mD4}(
*0\pU-
3gN,,,`
dIDATJ+'
MEFfG6
?bv_9E
uwwwXttt*ttt
E899a99:ZnnnZ
#FFFtyyy
@@B0ooq
JJL5jjlf
??A0[[^L}}
pps7tuxf
M++,K0001
222-[[Z
JJLP||
?>@8__ajxy|
322/ihi
##$#XX[Iy}
<?xml version="1.0" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<trustInfo>
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false'/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Atradius N.V.1
www.atradius.com1
Atradius Group0
130801110000Z
380115110000Z0Y1
Atradius N.V.1
www.atradius.com1
Atradius Group0
www.atradius.com0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
230714000000Z
341013235959Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20230
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
l2|X/gGe
Atradius N.V.1
www.atradius.com1
Atradius Group
EdV>+r
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
240527134948Z0/
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
:AM:am:PM:pm
C:\Windows\System32\mfc140.dll
\*.dll
%s\crashdump20240312.log
VS_VERSION_INFO
StringFileInfo
080904b0
CompanyName
StarTech Semiconductors
FileDescription
Service Presentation Pointer
FileVersion
1.2.1.1
InternalName
spphost.exe
LegalCopyright
Copyright (C) 2023
OriginalFilename
spphost.exe
ProductName
spphost.exe
ProductVersion
1.2.1.2
VarFileInfo
Translation
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec Clean
Elastic Clean
ESET-NOD32 Clean
APEX Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD Clean
Trapmine Clean
FireEye Clean
Emsisoft Clean
SentinelOne Clean
GData Clean
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet Clean
BitDefenderTheta Clean
AVG Clean
DeepInstinct MALICIOUS
CrowdStrike Clean
alibabacloud Clean
No IRMA results available.