popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-02-26 11:45:03

PE Imphash

5a8728b723b0530e453fdd22443260ae

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000acb6 0x0000ae00 6.55127891586
.rdata 0x0000c000 0x000247ce 0x00024800 6.96289680784
.data 0x00031000 0x01b4ae28 0x00002400 1.18919574324
.tls 0x01b7c000 0x000009cd 0x00000a00 0.00498607082918
.rsrc 0x01b7d000 0x000047a8 0x00004800 3.46122903124

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x01b7e4c0 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_CURSOR 0x01b7e4c0 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_ICON 0x01b7d2d0 0x000010a8 LANG_TURKISH SUBLANG_DEFAULT data
RT_DIALOG 0x01b80c78 0x00000098 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x01b816f0 0x000000b6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x01b816f0 0x000000b6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x01b816f0 0x000000b6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x01b816f0 0x000000b6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_CURSOR 0x01b80a68 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x01b7e378 0x00000014 LANG_TURKISH SUBLANG_DEFAULT data
RT_VERSION 0x01b80a90 0x000001e4 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x40c000 SetLocaleInfoA
0x40c010 SetErrorMode
0x40c01c GetModuleHandleW
0x40c020 GetTickCount
0x40c024 GetConsoleAliasesA
0x40c028 ReadConsoleOutputA
0x40c02c EnumTimeFormatsW
0x40c030 ActivateActCtx
0x40c034 LoadLibraryW
0x40c038 Sleep
0x40c03c FindNextVolumeW
0x40c040 WriteConsoleW
0x40c044 CompareStringW
0x40c048 SetConsoleTitleA
0x40c04c VirtualUnlock
0x40c050 RaiseException
0x40c054 GetShortPathNameA
0x40c058 GetConsoleAliasesW
0x40c05c SetLastError
0x40c060 GetProcAddress
0x40c064 VerLanguageNameW
0x40c068 BuildCommDCBW
0x40c06c LoadLibraryA
0x40c074 PurgeComm
0x40c080 SetCalendarInfoA
0x40c084 FindAtomW
0x40c088 GlobalReAlloc
0x40c08c CommConfigDialogW
0x40c090 CreateFileA
0x40c094 GetLastError
0x40c098 HeapReAlloc
0x40c09c HeapAlloc
0x40c0a0 GetCommandLineA
0x40c0a4 GetStartupInfoA
0x40c0a8 TerminateProcess
0x40c0ac GetCurrentProcess
0x40c0b8 IsDebuggerPresent
0x40c0c4 HeapCreate
0x40c0c8 VirtualFree
0x40c0cc HeapFree
0x40c0d0 VirtualAlloc
0x40c0d4 ExitProcess
0x40c0d8 WriteFile
0x40c0dc GetStdHandle
0x40c0e0 GetModuleFileNameA
0x40c0ec WideCharToMultiByte
0x40c0f4 SetHandleCount
0x40c0f8 GetFileType
0x40c0fc TlsGetValue
0x40c100 TlsAlloc
0x40c104 TlsSetValue
0x40c108 TlsFree
0x40c110 GetCurrentThreadId
0x40c118 GetCurrentProcessId
0x40c120 RtlUnwind
0x40c124 GetCPInfo
0x40c128 GetACP
0x40c12c GetOEMCP
0x40c130 IsValidCodePage
0x40c134 MultiByteToWideChar
0x40c13c GetConsoleCP
0x40c140 GetConsoleMode
0x40c144 FlushFileBuffers
0x40c148 LCMapStringA
0x40c14c LCMapStringW
0x40c150 GetStringTypeA
0x40c154 GetStringTypeW
0x40c158 GetLocaleInfoA
0x40c15c ReadFile
0x40c160 SetFilePointer
0x40c164 HeapSize
0x40c168 CloseHandle
0x40c16c WriteConsoleA
0x40c170 GetConsoleOutputCP
0x40c174 SetStdHandle
Library USER32.dll:
0x40c17c SetActiveWindow
!This program cannot be run in DOS mode.
`.rdata
@.data
uL9=H7C
^F<-uB
<xtX<XtT
HHtXHHt
>If90t
>=Yt1j
j@j ^V
URPQQh
0A@@Ju
^SSSSS
j"^SSSSS
0SSSSS
0SSSSS
0SSSSS
;t$,v-
UQPXY]Y[
t"SS9]
PPPPPPPP
PPPPPPPP
t+WWVPV
(null)
`h````
xpxxxx
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
bad allocation
&%-w8Y
aC=;g/
_<Zl"#
-<3>"
oez\M'
&aTYvf
;Qc66}%
<#Y'}W
>'JF*VCM
/xZc+G
dnI6@l
qqV6s.C
}YW:u#
`8D8X!
=n'CXP
x*A-}66
9cFajF
&^mpFY
8\5d:bJ4
f}Z@/z]
-t?T4d
JIy5D0(
1nT/6
LW9qlHk=
EL,fr6
~,IG9Q
h8?L?^z
gsa,uub
@+i"cs
4I0)P
1x})tj
;d"{B'
=Zqy`5e
&w~nGN
E9k4S"1
$NPHp}
'UnFC.
>YN($R
mz.RK
o}>hl(
V\V7R?
@lc9][
>oo\ k
C>Y&"
ekHh}P
.GLUsy
U[\c-ERsJw
K_EOFt5
W$Eb$[
KNr/(8
M2=z-k
,LYra3
G}2S/=
8F c8?
jT#3\w
ykudSQ)
in=3o)
4A[4a|
6kU/#s
r7bF4
?O_+y4ji_
Z1d/1'
5(2^vR
LZLF6n*
c1kFE
[S~v"h
1xgqxA
}v{|n/~d*
.ejYfS
cJ`XLL
ww7;\u
g1b{5iO
a+namP
wv{A4i
4EIO]'X!
)pbgDf
b@Y;_I
-bn3`JD
-Z|dZ$
?M}="?
~8RG`2
5]jbW'
>JwaDLv
tXXx3U
BBL:Y7'J
eh)cmV
[UNun5H
(Z5*p2
;` Bics
a5'xp+A
#%iKJH
X^sY(7N
MQ/A?z
24ksMS
-R0!EOu
p,7;RN
7Y"PxOlFF;WOxh
Qce2;|
Q*2 {Q
1VR)2{D
'?.#U^
5"af8\?\
1,"/UZ
7Ks+H.
DZZ<nm
Ai?Uoi
&^4(4e
zFkyTv
%}p-<%N
75a!IN
I37lRb
mS#!fO:
1r0gU=P]
xTJHK(
V1|L4Q
.3`MeS
~Y+q+L
\$qvF4P
3q/7B]
2=?og=
7rsf`&O
\/+>|.
vvtT,|n
3AFm4Bp
FsCC6Gb
ZZ{=B_
l:#>g};
T0ywb/u
#5T5pH
I{.1(R
QEYx-I
/7+Ox'
_Em0S
|l^VX
A:!0`8
39CUe^
VVJZX|
eIdPw
_x3,18?2
oYQx@
JXE]\a
c:xNY^
\?)v$qB
U\!uT9;-i
+s{*tB
DD<|A"
!3W MJ
B)4Gl7
>"}?_Q1
z;=Ud_u
=)iTS-m
vdl,q^
{@h'yz
`^s+'^w
I~tW%
~ufy7%
xZ}YTdb
GsD`<V
%0c5@T
i0FbE#o\
6yN@ZK*
n{1&L3
6>Edd$UH
m`&N%T
P^X]!36
=//QK!
HH}8KY
W28L[X
`)LqGR?
J:4L&S
NWH=MG
i5k`cp
s(EaL=$
x+Cv62
{F4hbi=
5S;xji
B`8pUTq|;
U"C i
Q24%v>=
Ka?~l}T5
sobugo
tuwovih kugupolumaxuxuceyajaba xepanegazof liyegemeta juj
GlobalAlloc
0 %s %d %f
SetLocaleInfoA
GetConsoleAliasesLengthW
GetNumaProcessorNode
DebugActiveProcessStop
SetErrorMode
InterlockedDecrement
SetConsoleScreenBufferSize
GetModuleHandleW
GetTickCount
GetConsoleAliasesA
ReadConsoleOutputA
EnumTimeFormatsW
ActivateActCtx
LoadLibraryW
FindNextVolumeW
WriteConsoleW
CompareStringW
SetConsoleTitleA
VirtualUnlock
RaiseException
GetShortPathNameA
GetConsoleAliasesW
SetLastError
GetProcAddress
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
FreeEnvironmentStringsW
PurgeComm
GetCurrentDirectoryA
DeleteCriticalSection
SetCalendarInfoA
FindAtomW
GlobalReAlloc
CommConfigDialogW
KERNEL32.dll
SetActiveWindow
USER32.dll
GetLastError
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
gYV*KK'**
~{|}{|
z}z{z~}z
{}z{|~y
C(null)
mscoree.dll
KERNEL32.DLL
((((( H
h(((( H
H
kernel32.dll
msimg32.dll
VS_VERSION_INFO
StringFileInform
040501E4
FileVersions
97.70.2.54
ProductVersion
32.78.55.23
InternalName
Change
LegalCopyrights
CompanyNames
VarFileInfo
Translation
Select:
&Retry
&Ignore
PFibife kon jupewetigik lukopigubigohe mixoluyuvufiv tayuyix magas wijiguhovoloyoFSupohakavo huyed piyotu bogojizabo xetoseya welapesekab hiropiliwizixi
Zuyizumave yeheruk vatuh culi
Ragozaduwijuh xugow
cXatela naduzuw pejujiwafisifo dejogoxehupog maluma cevamupe bowegef rugomubu vayocibufolek fovaboci@Nugibodufebori sovi lubabozubikufoz cun yujop zucom sexarodasawo Zuminebonoy hop cop dalevegahetu
Korivozisukogoh johusohut tegu
hXayulo cabokeduner yamuvagedu kujacazagela julasoxazi rixova ziluxaci kujeyiyupi vivodoga gugazubefagodu
JebetokefohahojAKeli buxezomumijel tubawa barug kitagapelilibud buzijet wumacimep
Tetegusi niha rocidabahofe huj
EMalacixa fofijaboxakuna jebehidefumabe kajekiwufiy pagelihiwezu nobal`Hajikexagusojo xovunoyunagor nigeloz hileye bonivu cuwopecome vudohepokivej wixudezo ficuxagusuf
Vita lurovit cojozimaba leroniYipid cufikivexahepeb fotuhu vog vikasibovapuhu kapekoleguja mufowubemaruv vujati govoyiruw peketelerupodCelejefoxodaz peviwug fuferogofuRaludif nucuvoferi lojicofuwajo lofovateholah nitifofimo gevepifusonotam ciwumitemesef savecuzedebujoj gecegaxorenowa
Fesumi
VBagupudumupix pubifiwecel gagaxeducet guwopil sazefanus danilamevitab wenagacavi rebux!Tuluzoxafek fogam det nevaxarukoh
Miyavolihirica fayato
Jizeri tegewe bosowiluhorud
Zejitozeja hupuz jecokanowo
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Tepfer.i!c
tehtris Generic.Malware
ClamAV Win.Packed.Fareit-10030127-0
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Lockbit.dh
ALYac Gen:Variant.Zusy.546962
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.4802624
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005b5da91 )
Alibaba Ransom:Win32/StopCrypt.f3f823bc
K7GW Trojan ( 005b5da91 )
Cybereason malicious.5ea4fd
Baidu Clean
VirIT Trojan.Win32.Stealc.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HXCL
APEX Malicious
Avast Win32:Evo-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.Win32.Tepfer.gen
BitDefender Gen:Variant.Zusy.546962
NANO-Antivirus Trojan.Win32.Kryptik.knmghx
ViRobot Trojan.Win.Z.Kryptik.225280.AY
MicroWorld-eScan Gen:Variant.Zusy.546962
Tencent Malware.Win32.Gencirc.140ca108
TACHYON Clean
Sophos Troj/Krypt-AEE
F-Secure Heuristic.HEUR/AGEN.1318112
DrWeb Trojan.DownLoader46.64773
VIPRE Gen:Variant.Zusy.546962
TrendMicro Trojan.Win32.GCLEANER.YXEEUZ
McAfeeD Real Protect-LS!CD0FD465EA4F
Trapmine malicious.high.ml.score
FireEye Generic.mg.cd0fd465ea4fd58c
Emsisoft Gen:Variant.Zusy.546962 (B)
SentinelOne Clean
GData Gen:Variant.Zusy.546962
Jiangmin Clean
Webroot W32.Tepfer
Varist W32/ABTrojan.EHMW-5987
Avira HEUR/AGEN.1318112
Antiy-AVL Trojan[PSW]/Win32.Tepfer
Kingsoft Win32.Trojan-PSW.Tepfer.gen
Gridinsoft Malware.Win32.Gen.tr
Xcitium Clean
Arcabit Trojan.Zusy.D85892
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.Win32.Tepfer.gen
Microsoft Ransom:Win32/StopCrypt.RV!MTB
Google Detected
AhnLab-V3 Ransomware/Win.StopCrypt.R649030
Acronis Clean
McAfee Artemis!CD0FD465EA4F
MAX malware (ai score=86)
VBA32 Malware-Cryptor.2LA.gen
Malwarebytes Trojan.MalPack.GS
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.GCLEANER.YXEEUZ
Rising Stealer.Tepfer!8.13357 (CLOUD)
Yandex Trojan.Kryptik!0V0057yNeFQ
Ikarus Trojan.Win32.Stealc
MaxSecure Trojan.Malware.6071356.susgen
Fortinet W32/Kryptik.HCOV!tr
BitDefenderTheta Gen:NN.ZexaF.36808.nu0@auBWSpnG
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan:Win/Zusy.Gen
No IRMA results available.