popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-25 07:36:58

PE Imphash

fb0ee5bafbb99ce467989526f0be15c6

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002484 0x00002600 6.07376769556
.rdata 0x00004000 0x00001bf2 0x00001c00 5.51054707093
.data 0x00006000 0x0000038c 0x00000200 0.352759488216
.rsrc 0x00007000 0x000002b0 0x00000400 5.19021307251
.reloc 0x00008000 0x0000028a 0x00000400 3.82757801397

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00007058 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x40411c PathCombineW
0x404120 StrCmpNW
Library MSVCR90.dll:
0x4040a0 _crt_debugger_hook
0x4040a4 _controlfp_s
0x4040a8 _invoke_watson
0x4040b0 _decode_pointer
0x4040b4 _onexit
0x4040b8 _lock
0x4040bc __dllonexit
0x4040c0 _unlock
0x4040c4 ?terminate@@YAXXZ
0x4040c8 __set_app_type
0x4040cc _encode_pointer
0x4040d0 __p__fmode
0x4040d4 __p__commode
0x4040d8 _adjust_fdiv
0x4040dc __setusermatherr
0x4040e0 _configthreadlocale
0x4040e4 _initterm_e
0x4040e8 _initterm
0x4040ec _acmdln
0x4040f0 exit
0x4040f4 _ismbblead
0x4040f8 _XcptFilter
0x4040fc _exit
0x404100 _cexit
0x404104 __getmainargs
0x404108 _amsg_exit
0x40410c wcsstr
0x404110 memcpy
0x404114 memset
Library KERNEL32.dll:
0x404010 IsDebuggerPresent
0x404018 GetCurrentProcess
0x40401c TerminateProcess
0x404024 GetCurrentProcessId
0x404028 GetCurrentThreadId
0x40402c GetTickCount
0x404038 GetStartupInfoA
0x404040 InterlockedExchange
0x404044 ExitThread
0x404048 FindFirstFileW
0x40404c lstrcmpW
0x404050 FindNextFileW
0x404054 GetLogicalDrives
0x404058 GetDriveTypeW
0x40405c QueryDosDeviceW
0x404060 lstrcpyW
0x404064 GetFileSize
0x404068 CreateFileMappingA
0x40406c MapViewOfFile
0x404070 FlushViewOfFile
0x404074 UnmapViewOfFile
0x404078 SetFilePointer
0x40407c SetEndOfFile
0x404080 CreateFileW
0x404084 CloseHandle
0x404088 CreateThread
0x40408c ExitProcess
0x404090 GetLastError
0x404094 CreateMutexA
0x404098 Sleep
Library USER32.dll:
0x404128 CharLowerW
Library ADVAPI32.dll:
0x404000 RegCloseKey
0x404004 RegOpenKeyExW
0x404008 RegQueryValueExW
Library ole32.dll:
0x404130 CoInitializeEx
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
tXh,T@
t=h0T@
6246464
D$89D$
D$0Hc@<H
9D$XsbH
9D$Tu H
D$HH9D$(
H9D$Pu
StrCmpNW
PathCombineW
SHLWAPI.dll
memset
memcpy
wcsstr
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
CreateThread
ExitProcess
GetLastError
CreateMutexA
CloseHandle
CreateFileW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
FindNextFileW
lstrcmpW
FindFirstFileW
ExitThread
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
CharLowerW
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
CoInitializeEx
ole32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0#020<0G0Q0\0
B1s1n4
5-575k6
7$7.787
9#9*91989?9F9M9T9
;";';];r;
<!<+<2<8<=<B<G<L<R<Z<n<
==,=<=B=J=`=e=
>>+>R>]>c>
?#?x?~?
0L0Q0r0w0
081=1O1m1
3-353@3F3L3R3X3h3n3t3
4)454:4J4O4U4[4q4x4
<1H1L1
jjjjjjj
4%appdata%
\windrx.txt
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
windows
system
programdata
program files
appdata
application data
default
msocache
config.msi
perflogs
$recycle.bin
VolDrvCo
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Patched.trwY
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Generic.mm
ALYac Gen:Variant.Ransom.GandCrab.2664
Cylance Unsafe
Zillya Downloader.AgentAGen.Win32.24465
Sangfor Downloader.Win32.GandCrab.Vslo
K7AntiVirus Trojan-Downloader ( 005b43121 )
Alibaba TrojanDownloader:Win32/GandCrab.c9c98f88
K7GW Trojan-Downloader ( 005b43121 )
Cybereason malicious.593de2
huorong TrojanDownloader/W64.MalDownload.a
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent_AGen.GG
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Virus.Win32.Zeropi.gen
BitDefender Gen:Variant.Ransom.GandCrab.2664
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Ransom.GandCrab.2664
Tencent Malware.Win32.Gencirc.11c2ee4d
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.Phorpiex.ybjxr
DrWeb Trojan.DownLoader46.2135
VIPRE Gen:Variant.Ransom.GandCrab.2664
TrendMicro TROJ_GEN.R002C0DGP24
McAfeeD ti!6C19C61DD69A
Trapmine Clean
FireEye Gen:Variant.Ransom.GandCrab.2664
Emsisoft Gen:Variant.Ransom.GandCrab.2664 (B)
Ikarus Trojan.Win32.Krypt
GData Win32.Trojan.PSE.17C6J32
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/AD.Phorpiex.ybjxr
Antiy-AVL Trojan/Win32.GandCrab
Kingsoft Win32.Virus.Zeropi.gen
Gridinsoft Ransom.Win32.Gandcrab.sa
Xcitium Clean
Arcabit Trojan.Ransom.GandCrab.DA68
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
ZoneAlarm HEUR:Virus.Win32.Zeropi.gen
Microsoft Trojan:Win32/GandCrab.NA!MTB
Google Detected
AhnLab-V3 Malware/Win.Generic.C5472676
Acronis Clean
McAfee Trojan-FWOA!EED7347593DE
MAX malware (ai score=84)
VBA32 BScope.Worm.Propriex
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DGP24
Rising Trojan.Phorpiex!1.EB7A (CLASSIC)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/GrandCrab.NA!tr.ransom
BitDefenderTheta Clean
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Virus:Win/GandCrab.NM8PHU
No IRMA results available.