popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-05-26 17:53:01

PDB Path

C:\Users\Administrator1\Desktop\BypassUAC-master\x64\Release\BypassUAC.pdb

PE Imphash

96b0c1e02ce3ed7a099cdb20098fd023

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000f480 0x0000f600 6.4463883992
.rdata 0x00011000 0x00009b00 0x00009c00 4.71752014557
.data 0x0001b000 0x00001c18 0x00000c00 1.87753322394
.pdata 0x0001d000 0x00001074 0x00001200 4.59190494303
_RDATA 0x0001f000 0x0000015c 0x00000200 2.78624247865
.rsrc 0x00020000 0x000001e0 0x00000200 4.70150325825
.reloc 0x00021000 0x00000658 0x00000800 4.86112233119

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00020060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140011000 GetModuleFileNameW
0x140011008 OpenProcess
0x140011010 CloseHandle
0x140011018 GetWindowsDirectoryW
0x140011020 GetProcAddress
0x140011028 ReadProcessMemory
0x140011030 GetCurrentProcessId
0x140011038 GetModuleHandleW
0x140011040 CreateFileW
0x140011048 SetFilePointerEx
0x140011050 QueryPerformanceCounter
0x140011058 GetCurrentThreadId
0x140011060 GetSystemTimeAsFileTime
0x140011068 InitializeSListHead
0x140011070 RtlCaptureContext
0x140011078 RtlLookupFunctionEntry
0x140011080 RtlVirtualUnwind
0x140011088 IsDebuggerPresent
0x140011090 UnhandledExceptionFilter
0x1400110a0 GetStartupInfoW
0x1400110b0 RtlUnwindEx
0x1400110b8 GetLastError
0x1400110c0 SetLastError
0x1400110c8 EnterCriticalSection
0x1400110d0 LeaveCriticalSection
0x1400110d8 DeleteCriticalSection
0x1400110e8 TlsAlloc
0x1400110f0 TlsGetValue
0x1400110f8 TlsSetValue
0x140011100 TlsFree
0x140011108 FreeLibrary
0x140011110 LoadLibraryExW
0x140011118 EncodePointer
0x140011120 RaiseException
0x140011128 RtlPcToFileHeader
0x140011130 GetStdHandle
0x140011138 WriteFile
0x140011140 GetCurrentProcess
0x140011148 ExitProcess
0x140011150 TerminateProcess
0x140011158 GetModuleHandleExW
0x140011160 GetCommandLineA
0x140011168 GetCommandLineW
0x140011170 HeapAlloc
0x140011178 HeapFree
0x140011180 FindClose
0x140011188 FindFirstFileExW
0x140011190 FindNextFileW
0x140011198 IsValidCodePage
0x1400111a0 GetACP
0x1400111a8 GetOEMCP
0x1400111b0 GetCPInfo
0x1400111b8 MultiByteToWideChar
0x1400111c0 WideCharToMultiByte
0x1400111c8 GetEnvironmentStringsW
0x1400111d0 FreeEnvironmentStringsW
0x1400111d8 SetEnvironmentVariableW
0x1400111e0 SetStdHandle
0x1400111e8 GetFileType
0x1400111f0 GetStringTypeW
0x1400111f8 FlsAlloc
0x140011200 FlsGetValue
0x140011208 FlsSetValue
0x140011210 FlsFree
0x140011218 CompareStringW
0x140011220 LCMapStringW
0x140011228 GetProcessHeap
0x140011230 HeapSize
0x140011238 HeapReAlloc
0x140011240 FlushFileBuffers
0x140011248 GetConsoleOutputCP
0x140011250 GetConsoleMode
0x140011258 WriteConsoleW
Library ole32.dll:
0x140011268 CoUninitialize
0x140011270 CoInitializeEx
0x140011278 CoGetObject
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
@USVWATAUAVAWH
A_A^A]A\_^[]
H3E H3E
u/HcH<H
WATAUAVAWH
A_A^A]A\_
fffffff
ffffff
vKfffff
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
ffffff
fffffff
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
B(I9A(
SVWATAUAVAWH
0A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
WAVAWH
@A_A^_
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
p0R^G'
u3HcH<H
t$ WAVAWH
A_A^_
WAVAWH
A_A^_
D$0@8{
p*W4H
p*W4H
T$`fA;
u$D8r(t
D81uUL9r
uED8r(t
vAD8s(t
u$D8r(t
fD91uTL9r
uED8r(t
v@D8s(t
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
@USVWATAUAVH
D8t$ht
D8t$ht
A^A]A\_^[]
f9)u4H9j
u%@8j(t
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
UVWATAUAVAWH
xWI96tRI
0A_A^A]A\_^]
fD9t$b
@UATAUAVAWH
e0A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
p0R^G'
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
L$ VWAVH
fD94H}aD
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
H!T$0D
u,!T$(H!T$
A_A^A]A\]
x UAVAWH
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<A}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
AUAVAWH
@A_A^A]
@USVWATAUAVAWH
H!D$ I
hA_A^A]A\_^[]
WATAUAVAWH
0A_A^A]A\_
@USVWATAUAVAWH
eHA_A^A]A\_^[]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
USVWAVH
A^_^[]
LcA<E3
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
Unknown exception
bad exception
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
NtQueryInformationProcess
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
C:\Users\Administrator1\Desktop\BypassUAC-master\x64\Release\BypassUAC.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
.rsrc$01
.rsrc$02
GetModuleFileNameW
OpenProcess
CloseHandle
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetModuleHandleW
KERNEL32.dll
CoUninitialize
CoInitializeEx
CoGetObject
ole32.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
((((( H
(
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Elevation:Administrator!new:
{3E5FC7F9-9A51-4367-9063-A120244FBEC7}
ntdll.dll
\explorer.exe
c:\ProgramData\Tencent\QQUpdateMgr\files\QQupdate.exe
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Gen:Variant.Midie.141517
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason malicious.df6c8f
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec Clean
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/HackTool.Agent.FB
APEX Malicious
Avast Clean
Cynet Clean
Kaspersky VHO:Trojan.Win32.Agent.gen
BitDefender Gen:Variant.Midie.141517
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Midie.141517
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Midie.141517
TrendMicro Clean
McAfeeD ti!E77881389E4A
Trapmine Clean
FireEye Gen:Variant.Midie.141517
Emsisoft Gen:Variant.Midie.141517 (B)
SentinelOne Clean
GData Gen:Variant.Midie.141517
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Midie.D228CD
SUPERAntiSpyware Clean
ZoneAlarm VHO:Trojan.Win32.Agent.gen
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX malware (ai score=89)
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
BitDefenderTheta Clean
AVG Clean
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (D)
alibabacloud Clean
No IRMA results available.