popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-10-10 23:56:09

PDB Path

\\192.168.0.111\работа\414\driver\x64\Debug\hwid.pdb

PE Imphash

fe698619e8737fed9feabf638933fac1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001bf2 0x00001c00 5.57043039747
.rdata 0x00003000 0x000002cc 0x00000400 3.36965119559
.data 0x00004000 0x00000010 0x00000000 0.0
.pdata 0x00005000 0x000001c8 0x00000200 3.50859756717
INIT 0x00006000 0x000000fc 0x00000200 2.36957576087

Imports

Library ntoskrnl.exe:
0x140003000 ExAllocatePool
0x140003008 ExFreePoolWithTag
0x140003010 ObfDereferenceObject
0x140003018 ObReferenceObjectByName
0x140003020 IoDriverObjectType
0x140003028 __chkstk
0x140003030 DbgPrint
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
$9D$ r
L$@H;A
UUUUUUUUH
|$(@sEH
H9D$ w
H3D$ H
T$PH3D
D$ H;D$Hs7
D$0H;D$(s9
D$4H;D$(sN
D$8H;D$(sD3
D$<H;D$(sq
completed_storage_query
%s %d : Context was nullptr
%s %d : Device doesn't have unique ID
%s %d : Malformed buffer (should never happen) size: %d
%s %d : Serial0: %s
%s %d : Serial1: %s
completed_smart
apply_hook
%s %d : ObReferenceObjectByName returned 0x%08X driver_object: 0x%016X
Randomizing subserial: seed: %016llX len: %d
old:
%02hhX
new:
\\192.168.0.111\
\414\driver\x64\Debug\hwid.pdb
.text$mn
.text$s
.idata$5
.rdata
.rdata$zzzdbg
.xdata
.pdata
.idata$2
.idata$3
.idata$4
.idata$6
DbgPrint
ExAllocatePool
ExFreePoolWithTag
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
__chkstk
ntoskrnl.exe
0/1-0+
$WDKTestCert Admin,1327835106811721800
211010145109Z
311010000000Z0/1-0+
$WDKTestCert Admin,1327835106811721800
ADt(r)
0C0/1-0+
$WDKTestCert Admin,132783510681172180
NeTI
t\Driver\Disk
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Hitbrovi.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
McAfee Artemis!ECE894602EE9
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Agent.V1ks
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason malicious.02ee93
Baidu Clean
Paloalto Clean
Symantec Trojan.Gen.MBT
Elastic Clean
ESET-NOD32 Clean
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Cynet Clean
Kaspersky Clean
BitDefender Gen:Variant.Tedy.576430
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Tedy.576430
Tencent Clean
TACHYON Clean
Sophos Generic Reputation PUA (PUA)
F-Secure Trojan.TR/Hitbrovi.xacle
DrWeb Clean
VIPRE Gen:Variant.Tedy.576430
TrendMicro Clean
McAfeeD ti!93A516EBDD6B
Trapmine Clean
FireEye Gen:Variant.Tedy.576430
Emsisoft Gen:Variant.Tedy.576430 (B)
SentinelOne Clean
GData Gen:Variant.Tedy.576430
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/Hitbrovi.xacle
Antiy-AVL Trojan/Win32.Hitbrovi
Kingsoft Clean
Gridinsoft Malware.Win64.AI.sa
Xcitium Clean
Arcabit Trojan.Tedy.D8CBAE
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft PUA:Win32/Packunwan
Google Detected
AhnLab-V3 Clean
Acronis Clean
ALYac Gen:Variant.Tedy.576430
MAX malware (ai score=87)
VBA32 Clean
Malwarebytes Malware.AI.2073742914
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09E124
Rising Clean
Yandex Clean
Ikarus Trojan.Hitbrovi
MaxSecure Trojan.Malware.249102189.susgen
Fortinet Clean
BitDefenderTheta Clean
AVG Win64:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike Clean
alibabacloud Trojan:Win/Tedy.Gen
No IRMA results available.