popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-05-15 23:33:28

PE Imphash

7fda7734b056db13fe95f35927509e47

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000c7a 0x00000e00 5.66845741827
.rdata 0x00002000 0x00000a34 0x00000c00 4.35884092744
.data 0x00003000 0x0000038c 0x00000200 0.352759488216
.rsrc 0x00004000 0x000002b0 0x00000400 5.19445966972
.reloc 0x00005000 0x000001fe 0x00000200 5.56826048273

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x4020d0 PathFileExistsW
Library MSVCR90.dll:
0x402054 __set_app_type
0x402058 ?terminate@@YAXXZ
0x40205c _unlock
0x402060 _encode_pointer
0x402064 _lock
0x402068 _onexit
0x40206c _decode_pointer
0x402074 _invoke_watson
0x402078 _controlfp_s
0x40207c __p__fmode
0x402080 __p__commode
0x402084 _adjust_fdiv
0x402088 __setusermatherr
0x40208c _configthreadlocale
0x402090 _initterm_e
0x402094 _initterm
0x402098 _acmdln
0x40209c exit
0x4020a0 _ismbblead
0x4020a4 _XcptFilter
0x4020a8 _exit
0x4020ac _cexit
0x4020b0 __getmainargs
0x4020b4 _amsg_exit
0x4020b8 srand
0x4020bc rand
0x4020c0 memset
0x4020c4 __dllonexit
0x4020c8 _crt_debugger_hook
Library WININET.dll:
0x4020e0 InternetOpenA
0x4020e4 InternetOpenUrlA
0x4020e8 InternetOpenW
0x4020ec InternetOpenUrlW
0x4020f0 InternetReadFile
0x4020f4 InternetCloseHandle
Library urlmon.dll:
0x4020fc URLDownloadToFileW
Library KERNEL32.dll:
0x402004 GetStartupInfoA
0x402008 GetTickCount
0x402010 CreateFileW
0x402014 WriteFile
0x402018 CloseHandle
0x40201c DeleteFileW
0x402020 CreateProcessW
0x402024 Sleep
0x40202c GetCurrentThreadId
0x402030 GetCurrentProcessId
0x402038 TerminateProcess
0x40203c GetCurrentProcess
0x402044 IsDebuggerPresent
0x40204c InterlockedExchange
Library USER32.dll:
0x4020d8 wsprintfW
!This program cannot be run in DOS mode.
`pRich#
`.rdata
@.data
@.reloc
L$$QRj
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
http://twizt.net/peinstall.php
PathFileExistsW
SHLWAPI.dll
memset
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetOpenUrlA
InternetOpenA
WININET.dll
URLDownloadToFileW
urlmon.dll
CreateProcessW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
ExpandEnvironmentStringsW
GetTickCount
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
wsprintfW
USER32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
1/1S1d1
2$2,222}2
3"3)3d3j3{3
4 4&4+40454:4@4H4\4s4
5*50585N5S5
6@6K6Q6
7f7l7v7}7
7:8?8`8e8
8(9-9?9]9q9w9
;%;0;6;<;B;H;X;^;d;t;z;
<%<*<:<?<E<K<a<h<p<v<
4 4(4,4H4d4h4
%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
%temp%
%s\33573537.jpg
http://twizt.net/newtpp.exe
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Phorpiex.7!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Clean
Cylance Unsafe
Zillya Trojan.GenKryptik.Win32.658875
Sangfor Banker.Win32.Phorpiex.Vou2
K7AntiVirus Trojan ( 005aface1 )
Alibaba TrojanBanker:Win32/Phorpiex.24e78959
K7GW Trojan ( 005aface1 )
Cybereason malicious.952a9d
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/GenKryptik.GPGJ
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Banker.Win32.ClipBanker.gen
BitDefender Gen:Heur.Mint.Zard.39
NANO-Antivirus Trojan.Win32.Phorpiex.knavfq
ViRobot Clean
MicroWorld-eScan Gen:Heur.Mint.Zard.39
Tencent Malware.Win32.Gencirc.140c0078
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.Phorpiex.hesfh
DrWeb Trojan.DownLoader46.63386
VIPRE Gen:Heur.Mint.Zard.39
TrendMicro Mal_DLDER
McAfeeD ti!FEB4C3AE4566
Trapmine Clean
FireEye Gen:Heur.Mint.Zard.39
Emsisoft Gen:Heur.Mint.Zard.39 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Heur.Mint.Zard.39
Jiangmin Clean
Webroot Clean
Varist W32/S-c70f2e64!Eldorado
Avira TR/AD.Phorpiex.hesfh
Antiy-AVL Trojan/Win32.GenKryptik
Kingsoft Win32.HeurC.KVMH017.a
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Mint.Zard.39
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Banker.Win32.ClipBanker.gen
Microsoft Trojan:Win32/Phorpiex.RB!MTB
Google Detected
AhnLab-V3 Trojan/Win.Dlder.C5472688
Acronis Clean
McAfee Artemis!8D8E6C7952A9
MAX malware (ai score=86)
VBA32 BScope.Trojan.Caynamer
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Mal_DLDER
Rising Downloader.Agent!1.F26F (CLASSIC)
Yandex Trojan.GenKryptik!lKXkZXT+0Hk
Ikarus Worm.Win32.Phorpiex
MaxSecure Trojan.Malware.73484953.susgen
Fortinet W32/GenKryptik.GPGJ!tr
BitDefenderTheta Gen:NN.ZexaCO.36808.auW@aSv79Qii
AVG Win32:CrypterX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (D)
alibabacloud Trojan:Win/Phorpiex.RK8PHU
No IRMA results available.