Static | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 10:11
Understanding and Iden...
11.13 10:11
Using Bitsight Cyberse...
11.13 10:11
Avoid the URL Phishing...
11.13 10:11
Microsoft 365: Guide T...
11.13 10:11
Accel Leads $145 Milli...
11.13 10:11
Super Micro Delays Ano...
11.13 10:11
Study Reveals Security...
11.13 10:11
Microsoft’s November 2...
11.13 10:11
Microsoft Patchday Nov...
11.13 10:11
Intel Prozessor (Xeon)...

Static | ZeroBOX

PE Compile Time

2024-07-09 20:02:10

PE Imphash

b1874c9a3c2f9ea9fff951a67f099e1c

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00001216	0x00001400	5.58436215442
.rdata	0x00003000	0x00000c98	0x00000e00	3.8494124996
.data	0x00004000	0x000009e0	0x00000400	7.46467615819
.pdata	0x00005000	0x000001a4	0x00000200	3.22313764061
.retplne	0x00006000	0x0000008c	0x00000200	1.05058324797
.voltbl	0x00007000	0x0000000f	0x00000200	0.275711231109
.reloc	0x00008000	0x0000002c	0x00000200	0.603054249525
.rsrc	0x00009000	0x0001f96a	0x0001fa00	7.9849758909

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x000095dc	0x0001f2df	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON	0x000288bc	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

Imports

Library KERNEL32.dll:

• 0x1400034a8 CloseHandle

• 0x1400034b0 CreateThread

• 0x1400034b8 FreeLibrary

• 0x1400034c0 GetCurrentProcess

• 0x1400034c8 GetCurrentProcessId

• 0x1400034d0 GetCurrentThreadId

• 0x1400034d8 GetModuleHandleW

• 0x1400034e0 GetProcAddress

• 0x1400034e8 GetStartupInfoW

• 0x1400034f0 GetSystemTimeAsFileTime

• 0x1400034f8 InitializeSListHead

• 0x140003500 IsDebuggerPresent

• 0x140003508 IsProcessorFeaturePresent

• 0x140003510 LoadLibraryA

• 0x140003518 QueryPerformanceCounter

• 0x140003520 RtlCaptureContext

• 0x140003528 RtlLookupFunctionEntry

• 0x140003530 RtlVirtualUnwind

• 0x140003538 SetUnhandledExceptionFilter

• 0x140003540 TerminateProcess

• 0x140003548 UnhandledExceptionFilter

• 0x140003550 VirtualProtect

• 0x140003558 WaitForSingleObject

Library VCRUNTIME140.dll:

• 0x140003568 __C_specific_handler

• 0x140003570 __current_exception

• 0x140003578 __current_exception_context

• 0x140003580 memcpy

• 0x140003588 memset

Library api-ms-win-crt-stdio-l1-1-0.dll:

• 0x140003598 __acrt_iob_func

• 0x1400035a0 __p__commode

• 0x1400035a8 __stdio_common_vfprintf

• 0x1400035b0 _set_fmode

Library api-ms-win-crt-heap-l1-1-0.dll:

• 0x1400035c0 _set_new_mode

• 0x1400035c8 free

• 0x1400035d0 malloc

Library api-ms-win-crt-math-l1-1-0.dll:

• 0x1400035e0 __setusermatherr

Library api-ms-win-crt-runtime-l1-1-0.dll:

• 0x1400035f0 _c_exit

• 0x1400035f8 _cexit

• 0x140003600 _configure_narrow_argv

• 0x140003608 _crt_atexit

• 0x140003610 _exit

• 0x140003618 _get_narrow_winmain_command_line

• 0x140003620 _initialize_narrow_environment

• 0x140003628 _initialize_onexit_table

• 0x140003630 _initterm

• 0x140003638 _initterm_e

• 0x140003640 _register_onexit_function

• 0x140003648 _register_thread_local_exe_atexit_callback

• 0x140003650 _seh_filter_exe

• 0x140003658 _set_app_type

• 0x140003660 exit

• 0x140003668 terminate

Library api-ms-win-crt-locale-l1-1-0.dll:

• 0x140003678 _configthreadlocale

!This program cannot be run in DOS mode.$

`.rdata

@.data

.pdata

@.retplne

.voltbl

.reloc

B.rsrc

AVVWSH

H[_^A^

H3E H3E

u0HcH<H

Setupapi.dll

SetupScanFileQueueA

Error: LoadLibrary failed

CloseHandle

CreateThread

FreeLibrary

GetCurrentProcess

GetCurrentProcessId

GetCurrentThreadId

GetModuleHandleW

GetProcAddress

GetStartupInfoW

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

IsProcessorFeaturePresent

LoadLibraryA

QueryPerformanceCounter

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

SetUnhandledExceptionFilter

TerminateProcess

UnhandledExceptionFilter

VirtualProtect

WaitForSingleObject

__C_specific_handler

__current_exception

__current_exception_context

memcpy

memset

__acrt_iob_func

__p__commode

__stdio_common_vfprintf

_set_fmode

_set_new_mode

malloc

__setusermatherr

_c_exit

_cexit

_configure_narrow_argv

_crt_atexit

_get_narrow_winmain_command_line

_initialize_narrow_environment

_initialize_onexit_table

_initterm

_initterm_e

_register_onexit_function

_register_thread_local_exe_atexit_callback

_seh_filter_exe

_set_app_type

terminate

_configthreadlocale

KERNEL32.dll

VCRUNTIME140.dll

api-ms-win-crt-stdio-l1-1-0.dll

api-ms-win-crt-heap-l1-1-0.dll

api-ms-win-crt-math-l1-1-0.dll

api-ms-win-crt-runtime-l1-1-0.dll

api-ms-win-crt-locale-l1-1-0.dll

kde'6!102*5O

a?#Zuz

[$6<JJ

FNnC4p]gr

TC^TH>

@/6CISODX-

_E\Ce@DO

eFg.1Z

nohy73

726/00$3,,,7+##

RetpolineV1

RetpolineV1

RetpolineV1

RetpolineV1

07,Lz}

) Xp&N

Y\ZXVE?/^

4`6NA7a

$sR>./F"

p$6,rqY

(!L/:b?

x<&|sa>

YZHim

~nF6NC

V8rC)T.

,m$tXL

ka@mf>+

QTai[#

K%7Cqe2

hp(~LF-

22P#*PQ

6hop>L+'

sePwOj

PVRio4

1!QGa8:

:mxr)8n\

W?T?s<r

e&ch'7K

7C~'B2h9

^`h%9>u

P(gZ2S

R+`-}d\

ds@sl-

cCkAF!_

LnX.HI

,ue=vT

Z#QP[)

!^,I"=ER

F+1Y6i<

]Hy._n

;?-Mx1

\@A.ob|

vJWFQv

*0&9];B

Q.{fo.

<{9#3-

T,~\hVq

*pXGjf

ysc0d:7

"' A

BqkHlv\

[|c|`{

)L=(Ln

<I[gZG4/r

JQ4Ab`

^'~4|Kk

vjo0pL

]P/e->

t"f(~D

j M<J%

3+*/vQ

Kg=3b:

%N$`'4

s.tWQ~

Pba7o,

,E+0Ha]

">mji8

*SLp_f

~]}BZHm%2%

<!`8{

LN[8tbz

U>hx!~

<:3/z.

n "O\6^

95l-lx

g^}#uG

0n."AO

mOL+h8W

vj,tnB7

Dih>@O

JEEyZa

v7$[yld;

38HL=Q

y,G*tUXoG

&$FYp="t

w:qbPy

#fGj"iAE

Q[bW(;f

xAM~7ZO

iIPcc+

5y^*YwN

1g~Fg$

U,S{lq

>4SRjA

Tfz/RH

gQ(63U|tE

:yq?6D'Z/T

{8L9H#

G}:K;H

o0q2cQ

N};ZVL+,e~

)Zhv0\

(;H2s

Hl3pem

Ax]@yMy:

{XLk(5

a3A9Bih

ntO(us

UX{a]C

]+f]1X

\q:`k%.

2!0wcM

Ms:XE

n,}Cnp

XvU9GE

7f[@5M

,BQu^5|c0

VkI?,q

Rid51^

l?^\<Q

iO>Tcy3

4Xi0`m

zC}=Dy

$+{nX_

wV%<NC

JUSjQu

VC;2:f

#A*.iP

)XN6n*

lr iP[

Q`:bf7

?,_Zp)

Ve(vp.

vrI ;h.3.

D849z<7*{F0

NcZD|C

N=:O[0

V*os!~N

`@f xz

dK1 K#

ja1<gE

eIhZxX

eRth[1

#w|XuF

l]a{au

0@]g_!

,lC#}C'!

?q)ERP

q<*Q{A

r,xUI5StA\

cy0#A=

|zArDy

a9"W28

&0R'4M

zEgEj+

{k;hCC

83<j$z

(!KB9G

mdT{Qu

s8Qh-H

ZrLX26

!Y0-`J

&9b/<]Q

#a>m}D

(/K^=.B

H}PKz*

:C~?$=h

3wj|91|^

qC/_rt

GUl~0<l(

F`T.5p

khm\C)y`

%SrcHB

73$v5|

7h^wz0T

TR-t71

H}V:Ov

i(xjn+

3O6{1M _

_a%<gPj

lcu(4k

81@DL^

x4.`hz

j>0'3z

i7v1<S

,~m.;`

NhWe6P

m!]lr2

|M"VEw

>wN&_F

|cdG=ua

L{'>Zl

:h;3LrW

uEyg$fC

/Bhh[/

0;2<CA

A@>'f(

LZt f(K

#L^:~_

Aid<~,

yW4)=^

8saG#Va

9#6:LU

~5mO3h

2,}RbX?

phqKJf2Hq'

,AfF|#

`,ZA'W

V*S*#8|2j14

k^8kh}`f

htyK}8

6O RFc

}^X&)|

}`R %G

r$%G5(b

b'90FiH^

*]u8YQ

I}Uf?(

|oP'}E

n^~#W!

f8Mc3P

"VuBh*

X$d>8>

CWuDu!

{jrJ-h

C#&Gv3

lDw"i'

3vC)_\X

SrL$U1

ux/Xo

b[jZr5

*tHah?

N &|~i

0k{zD=3

`BVy1L

d^6cbcda

R:n?Xm

C[VaX})U

eX4f*0

a9!vK1

vQwO{i6f

Do!@B-

;Zbx>P

E$H^k

o8r~cO

"0K'@yF

<Y"R,GV

MAINICON

Antivirus	Signature
Bkav	W64.AIDetectMalware
Lionic	Clean
tehtris	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	BehavesLike.Win64.Trojan.cc
McAfee	Clean
Cylance	Clean
Zillya	Clean
Sangfor	Clean
K7AntiVirus	Clean
Alibaba	Clean
K7GW	Clean
Cybereason	Clean
Baidu	Clean
Symantec	Clean
Elastic	malicious (high confidence)
ESET-NOD32	Clean
APEX	Clean
Avast	Clean
Cynet	Clean
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Clean
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Clean
Tencent	Clean
Sophos	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Clean
TrendMicro	Clean
McAfeeD	Clean
Trapmine	Clean
FireEye	Clean
Emsisoft	Clean
Paloalto	Clean
Jiangmin	Clean
Webroot	Clean
Varist	Clean
Avira	Clean
MAX	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Clean
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
ALYac	Clean
TACHYON	Clean
VBA32	Clean
Malwarebytes	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Clean
Yandex	Clean
Ikarus	Clean
MaxSecure	Clean
Fortinet	Clean
BitDefenderTheta	Clean
AVG	Clean
DeepInstinct	MALICIOUS
CrowdStrike	Clean
alibabacloud	Clean

No IRMA results available.