popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-06-12 19:47:11

PE Imphash

2e23372b9869b74c90162a6fda4f170d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000e8aa 0x0000ea00 6.11401492737
.rdata 0x00010000 0x00003a62 0x00003c00 5.4050152387
.data 0x00014000 0x000047d8 0x00003600 4.53641807002

Imports

Library WS2_32.dll:
0x410220 gethostname
0x410224 recvfrom
0x410228 setsockopt
0x41022c closesocket
0x410230 htons
0x410234 shutdown
0x410238 WSAStartup
0x41023c connect
0x410244 listen
0x410248 WSASocketA
0x41024c WSACreateEvent
0x410254 WSAEventSelect
0x41025c WSAGetLastError
0x410260 WSASend
0x410264 WSARecv
0x410268 WSACloseEvent
0x41026c accept
0x410270 getpeername
0x410274 getsockname
0x410278 inet_addr
0x41027c gethostbyname
0x410280 inet_ntoa
0x410284 socket
0x410288 bind
0x41028c sendto
0x410290 ioctlsocket
0x410294 recv
0x410298 send
Library SHLWAPI.dll:
0x410168 StrStrIA
0x41016c StrCmpNW
0x410170 StrStrW
0x410174 PathFileExistsW
0x410178 StrChrA
0x41017c PathFindFileNameW
0x410180 StrCmpNIA
0x410184 PathMatchSpecW
Library urlmon.dll:
0x410318 URLDownloadToFileW
Library WININET.dll:
0x4101e4 HttpOpenRequestA
0x4101e8 HttpSendRequestA
0x4101ec InternetConnectA
0x4101f0 InternetCloseHandle
0x4101f4 DeleteUrlCacheEntry
0x4101f8 InternetReadFile
0x4101fc InternetOpenA
0x410200 InternetCrackUrlA
0x410208 HttpQueryInfoA
0x41020c InternetOpenUrlA
0x410214 InternetOpenUrlW
0x410218 InternetOpenW
Library ntdll.dll:
0x4102b0 strlen
0x4102b4 isdigit
0x4102b8 isalpha
0x4102bc memcpy
0x4102c0 memset
0x4102c8 RtlUnwind
0x4102cc _chkstk
0x4102d0 _aulldiv
0x4102d4 wcslen
0x4102d8 wcscmp
0x4102dc _allshl
0x4102e0 _aullshr
0x4102e4 strstr
0x4102e8 strcmp
0x4102ec memmove
0x4102f0 memcmp
0x4102f8 NtQuerySystemTime
0x4102fc mbstowcs
Library msvcrt.dll:
0x4102a0 srand
0x4102a4 rand
0x4102a8 _vscprintf
Library KERNEL32.dll:
0x410034 GetSystemInfo
0x410038 lstrcmpW
0x41003c SetEvent
0x410040 CreateProcessW
0x410044 GetLocaleInfoA
0x41004c GetCurrentThread
0x410050 GetThreadPriority
0x410054 SetThreadPriority
0x410058 GetCurrentProcess
0x41005c DuplicateHandle
0x410060 IsBadReadPtr
0x41006c WaitForSingleObject
0x410074 InterlockedExchange
0x410078 HeapFree
0x41007c HeapValidate
0x410080 HeapReAlloc
0x410084 GetProcessHeaps
0x410088 HeapCreate
0x41008c HeapSetInformation
0x410090 GetCurrentProcessId
0x410094 HeapAlloc
0x410098 CreateMutexA
0x41009c GetLastError
0x4100a0 ExitProcess
0x4100a8 CreateEventA
0x4100ac CreateThread
0x4100b0 GetModuleFileNameW
0x4100b8 GetDiskFreeSpaceExW
0x4100bc SetFileAttributesW
0x4100c0 DeleteFileW
0x4100c4 CopyFileW
0x4100c8 lstrcmpiW
0x4100cc CreateDirectoryW
0x4100d0 FindFirstFileW
0x4100d8 MoveFileExW
0x4100dc FindNextFileW
0x4100e0 FindClose
0x4100e4 RemoveDirectoryW
0x4100e8 GetLogicalDrives
0x4100ec GetDriveTypeW
0x4100f0 QueryDosDeviceW
0x4100f4 lstrcpyW
0x4100f8 WriteFile
0x4100fc FlushFileBuffers
0x41010c CreateFileW
0x410110 CreateFileMappingW
0x410114 MapViewOfFile
0x410118 GlobalUnlock
0x41011c GlobalLock
0x410120 GlobalAlloc
0x410124 lstrlenA
0x410128 lstrlenW
0x41012c lstrcpynW
0x410130 MultiByteToWideChar
0x410134 ExitThread
0x410138 GetTickCount
0x41013c Sleep
0x410140 GetModuleHandleW
0x410144 CloseHandle
0x410148 UnmapViewOfFile
0x41014c GetFileSize
Library USER32.dll:
0x41018c RegisterClassExW
0x410190 CreateWindowExW
0x410194 GetMessageA
0x410198 TranslateMessage
0x41019c wsprintfW
0x4101a0 DefWindowProcA
0x4101ac GetClipboardData
0x4101b0 DispatchMessageA
0x4101b4 EmptyClipboard
0x4101b8 SetClipboardData
0x4101bc CloseClipboard
0x4101c4 SendMessageA
0x4101c8 SetWindowLongW
0x4101cc SetClipboardViewer
0x4101d0 GetWindowLongW
0x4101d4 wsprintfA
0x4101d8 wvsprintfA
0x4101dc OpenClipboard
Library ADVAPI32.dll:
0x410000 CryptReleaseContext
0x410004 RegQueryValueExW
0x410008 RegOpenKeyExW
0x41000c RegOpenKeyExA
0x410010 RegCreateKeyExW
0x410018 CryptGenRandom
0x41001c RegCloseKey
0x410020 RegSetValueExW
0x410024 RegSetValueExA
Library SHELL32.dll:
0x410160 ShellExecuteW
Library ole32.dll:
0x410304 CoInitializeEx
0x410308 CoUninitialize
0x41030c CoInitialize
0x410310 CoCreateInstance
Library OLEAUT32.dll:
0x410154 SysFreeString
0x410158 SysAllocString
!This program cannot be run in DOS mode.
9Rich)
`.rdata
@.data
>ilciuo
L$$QRP
;PCOIu^
>ilciu
F(;F$s
>ilciu2
tHh` A
VC20XC00U
;t$(v(
UQPXY]Y[
0xCa90599132C4D88907Bd8E046540284aa468a035
TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6
qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
XryzFMFVpDUvU7famUGf214EXD3xNUSmQf
LLeT2zkStY3cvxMBFhoWXkG5VuZPoezduv
rwc4LVd9ABpULQ1CuCpDkgX2xVB1fUijyb
hxea3dcc10944cee2544aff9b377e0479d7f797494
QaBvbNAuoU52qCgbqsgoLAbK5P21L6dn5Y
RLefLLmDAZZb5ZynfPMjZ475pQdHVZNz9J
NASUHUTM7J5HNOJVZ2EULOP6INPNPSE4KN6AQNRI
Cz6xMbBst86mjM44qAaE5ahkD3F8JpLY7LFGHMiKYzwS6mn
via1qs8zt7jr4sgru6r8dqtdpc93c5d8wmwu8rkz94z
dgb1qnyphwne0t26mmxh2amyzzxzerxarj6jmf8wpmr
grs1qscr354fdfddglta2hgajrcryl4gqh6ey360d3u
NYrK5XBV24JHrojN4ABNkZxNsDEcegofxc
n1HHGP3YmZp3YA7VgqVgfJqyKBV86d9SaJo
4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK
82gtgWB2n6yPeqTrAsvDunAH7cbbiTYw1ccN6FvPPHEFNLcBoQUWTx5SoWSHayK8ViH7WzMgVoYQLQzGxQhrTvzRDU32z8t
SP1GK1GES8EXB6E15KQJ0EM169NQQNDZG8A2GDRZQ
aPFoyg69vKYCfnKGo1eLBo5XAmoyuZniGc
f1sz5wwh6urr3gsycgkki7ns5iino3a7bu3chsgly
f53ea9bd3352fd3b24be04fa27ce2171b21d1378e658c50553d804cfa70ceb64
15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC
17hgMFyLDwMjxWqw5GhijhnPdJDyFDqecY
lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w
ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp
zil19delrukejtr306u0s7ludxrwk434jcl6ghpng3
cro1xq0gkfldclds7y7fa2x6x25zu7ttnxxkjs66gf
erd1hwcnscv0tldljl68upajgfqrcrmtznth4n6ee46le43cqpe5tatqw96dnx
kava1r9xek0h0vkfra44lg3rp07teh9elxg2n6vsdzn
inj1e2g9nyfjcnvgjpaa3czx2spgf2jx3gp4gk0nl9
osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3
one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x
3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc
3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3
DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA
DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe
t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh
terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5
thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur
tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2
stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj
stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0
sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz
bnb1epx67ne4vckqmaj4gwke8m322f4yjr6eh52wqw
band1f05d98dvehkecw6ex3yd4pxqssw3uemx09sg2n
bc1qmpkehfffkr6phuklsksnd7nhgx0369sxu772m3
ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd17
bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr
addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg
nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb
G35598989
GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3
Ge7amzjabAHdubjUYS2Cw84hNScLVRHmHg
E36963824
EQDYiebztC06Lpo9y1-m-g_bOsJ2KN3I-1mOgllNNIlIPZLi
B36461211
B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA
U33390790
http://185.215.113.66/
http://77.91.77.92/
http://91.202.233.141/
DisableWindowsUpdateAccess
DisableWindowsUpdateAccess
NoAutoUpdate
NoAutoUpdate
CheckedValue
SOFTWARE\Microsoft\Security Center
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
SOFTWARE\Microsoft\Security Center\Svc
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
www.update.microsoft.com
0.0.0.0
TCP: P2P_SendGETLPacket(0,%s) failed!
HTTP/1.1 200 OK
LOCATION:
239.255.255.250
M-SEARCH * HTTP/1.1
ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
Man:"ssdp:discover"
HOST: 239.255.255.250:1900
Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Content-Type: text/xml; charset="utf-8"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetExternalIPAddress xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost></NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
<NewInternalPort>%d</NewInternalPort>
<NewInternalClient>%s</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewPortMappingDescription></NewPortMappingDescription>
<NewLeaseDuration>0</NewLeaseDuration>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:DeletePortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost>%s</NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
</m:DeletePortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping"
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
WS2_32.dll
StrStrW
StrCmpNW
PathMatchSpecW
PathFileExistsW
StrChrA
PathFindFileNameW
StrStrIA
StrCmpNIA
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
WININET.dll
memcpy
strlen
memset
isdigit
isalpha
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
ntdll.dll
RtlUnwind
NtQueryVirtualMemory
_vscprintf
msvcrt.dll
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
WriteFile
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
lstrcmpW
FindFirstFileW
CreateDirectoryW
lstrcmpiW
CopyFileW
DeleteFileW
SetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetModuleFileNameW
CreateThread
CreateEventA
ExpandEnvironmentStringsW
ExitProcess
GetLastError
CreateMutexA
HeapAlloc
GetCurrentProcessId
HeapSetInformation
HeapCreate
GetProcessHeaps
HeapReAlloc
HeapValidate
HeapFree
InterlockedExchange
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
InterlockedExchangeAdd
IsBadReadPtr
DuplicateHandle
GetCurrentProcess
SetThreadPriority
GetThreadPriority
GetCurrentThread
DeleteCriticalSection
GetLocaleInfoA
CreateProcessW
KERNEL32.dll
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExW
RegisterClassExW
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegSetValueExA
RegSetValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSASend
WSARecv
WSACloseEvent
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
Jun 12 2024 03:46:54
Jun 12 2024 03:46:55
0123456789
0123456789abcdef
55a4er5wo
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
0123456789abcdef
gYhfu%
Y#{5dA^O
jjjjjj
bitcoincash:
cosmos
bitcoincash:
ronin:
ronin:
bitcoincash:
cosmos
gnano_
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
/c start %s & start %s\VolDrvConfig.exe
%comspec%
%s.lnk
%s\%s\VolDrvConfig.exe
shell32.dll
shell32.dll
Thumbs.db
$RECYCLE.BIN
desktop.ini
System Volume Information
%s\%s\%s
(%dGB)
Unnamed volume
Microsoft Corporation
%s:Zone.Identifier
%userprofile%
%windir%
Software\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\Run\
%temp%
Software\Microsoft\Windows\CurrentVersion\Run\
SYSTEM\CurrentControlSet\Services\UsoSvc
SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
SYSTEM\CurrentControlSet\Services\DoSvc
SYSTEM\CurrentControlSet\Services\wuauserv
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows
WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
SOFTWARE\Policies\Microsoft\Windows
WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
SYSTEM\CurrentControlSet\Services\BITS
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
%s\tbtnds.dat
%s\tbtcmds.dat
service
serviceType
serviceList
device
deviceType
deviceList
urn:schemas-upnp-org:device:InternetGatewayDevice:1
urn:schemas-upnp-org:device:WANDevice:1
urn:schemas-upnp-org:device:WANConnectionDevice:1
urn:schemas-upnp-org:service:WANIPConnection:1
urn:schemas-upnp-org:service:WANPPPConnection:1
controlURL
URLBase
GetExternalIPAddressResponse
NewExternalIPAddress
6%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
sysmablsvr.exe
Windows Settings
Antivirus Signature
Bkav W32.BeeyWcsjvulF.Trojan
Lionic Trojan.Win32.Phorpiex.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Trojan.Multi
ALYac Clean
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005533551 )
K7GW Trojan ( 005533551 )
Cybereason malicious.d12d96
Baidu Clean
VirIT Trojan.Win32.Genus.VXH
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Phorpiex.V
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Phorpiex-10030343-0
Alibaba Worm:Win32/Phorpiex.5c685c46
NANO-Antivirus Trojan.Win32.Phorpiex.koniga
ViRobot Clean
MicroWorld-eScan Gen:Heur.Mint.Zard.39
Tencent Malware.Win32.Gencirc.10c01086
TACHYON Clean
Sophos W32/Trizt-Gen
F-Secure Heuristic.HEUR/AGEN.1366496
DrWeb Trojan.DownLoader46.2135
VIPRE Gen:Heur.Mint.Zard.39
McAfeeD Real Protect-LS!ABABCA6D12D9
Trapmine malicious.high.ml.score
FireEye Generic.mg.ababca6d12d96e8d
Emsisoft Gen:Heur.Mint.Zard.39 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1366496
Antiy-AVL Trojan/Win32.Phorpiex
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Malware@#2w9v0gjci7x32
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Google Detected
AhnLab-V3 Trojan/Win.Generic.C4630408
Acronis Clean
BitDefenderTheta AI:Packer.46E3DD1D1E
MAX malware (ai score=82)
VBA32 BScope.Worm.Propriex
Malwarebytes Phorpiex.Trojan.Bot.DDS
Panda Adware/SecurityProtection
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CC0DFC24
Rising Worm.Phorpiex!8.48D (TFE:3:2wXnuqqcioP)
Yandex Trojan.Agent!d7bZodg/Ml0
Ikarus Trojan.Win32.Phorpiex
MaxSecure Clean
Fortinet W32/Malicious_Behavior.SBX
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan:Win/Phorpiex.RM8PHU
No IRMA results available.