popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-30 22:12:56

PE Imphash

37ef2436c289dfdb700eec05dbef66a5

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003674 0x00004000 4.56627334614
.data 0x00005000 0x00001228 0x00001000 0.0
.rsrc 0x00007000 0x0000088c 0x00001000 1.84273582223

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000734c 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0000734c 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0000734c 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0000731c 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00007150 0x000001cc LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaAryMove
0x40100c __vbaFreeVar
0x401010 __vbaStrVarMove
0x401014 __vbaLenBstr
0x401018 __vbaFreeVarList
0x40101c _adj_fdiv_m64
0x401020 None
0x401024 _adj_fprem1
0x401028 __vbaStrCat
0x40102c __vbaSetSystemError
0x401030 None
0x401034 _adj_fdiv_m32
0x401038 __vbaAryDestruct
0x40103c _adj_fdiv_m16i
0x401040 __vbaObjSetAddref
0x401044 _adj_fdivr_m16i
0x401048 _CIsin
0x40104c None
0x401050 None
0x401054 __vbaChkstk
0x401058 EVENT_SINK_AddRef
0x401060 __vbaVarTstEq
0x401064 __vbaI2I4
0x401068 __vbaObjVar
0x40106c DllFunctionCall
0x401070 __vbaLbound
0x401074 _adj_fpatan
0x401078 __vbaRedim
0x40107c EVENT_SINK_Release
0x401080 __vbaUI1I2
0x401084 _CIsqrt
0x40108c __vbaExceptHandler
0x401090 _adj_fprem
0x401094 _adj_fdivr_m64
0x401098 None
0x40109c None
0x4010a0 __vbaFPException
0x4010a4 __vbaUbound
0x4010a8 __vbaStrVarVal
0x4010ac __vbaVarCat
0x4010b0 None
0x4010b4 None
0x4010b8 _CIlog
0x4010bc __vbaErrorOverflow
0x4010c0 __vbaVar2Vec
0x4010c4 _adj_fdiv_m32i
0x4010c8 _adj_fdivr_m32i
0x4010cc __vbaStrCopy
0x4010d0 __vbaFreeStrList
0x4010d4 _adj_fdivr_m32
0x4010d8 _adj_fdiv_r
0x4010dc None
0x4010e0 __vbaLateMemCall
0x4010e4 __vbaAryLock
0x4010e8 __vbaLateMemCallLd
0x4010ec _CIatan
0x4010f0 __vbaStrMove
0x4010f4 __vbaUI1Str
0x4010f8 _allmul
0x4010fc _CItan
0x401100 __vbaAryUnlock
0x401104 _CIexp
0x401108 __vbaFreeObj
0x40110c __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Project1
Project1
Project1
MDIForm1
Module1
Module2
Project1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
MDIForm
user32
CallWindowProcW
VBA6.DLL
__vbaUI1I2
__vbaFreeVar
__vbaFreeStr
__vbaErrorOverflow
__vbaAryDestruct
__vbaSetSystemError
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaUI1Str
__vbaGenerateBoundsError
__vbaLenBstr
__vbaRedim
__vbaStrCat
__vbaStrMove
__vbaStrCopy
__vbaVar2Vec
__vbaFreeObj
__vbaLateMemCallLd
__vbaVarTstEq
__vbaLateMemCall
__vbaObjVar
__vbaObjSetAddref
__vbaVarCat
__vbaStrVarMove
__vbaI2I4
__vbaAryMove
__vbaFreeVarList
__vbaStrVarVal
__vbaLbound
__vbaUbound
MDIForm1
MDIForm1
MDIForm1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaLateMemCall
__vbaAryLock
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaUI1Str
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
@*\AProject1
SORRURRRRRRRRRRRRRRRRRRRRRR
http://poslisoubor.cz/gf.php?33f6c54a9a525e2c37453931c2aadebe/9.txt
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
WinHttp.WinHttpRequest.5.1
Status
ResponseBody
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
ProductName
Project1
FileVersion
ProductVersion
InternalName
OriginalFilename
23.exe
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Infected.mz
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba TrojanDownloader:Win32/Generic.2ddb76ed
K7GW Clean
Cybereason Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Clean
Elastic Clean
ESET-NOD32 a variant of Win32/TrojanDownloader.VB.RVB
APEX Clean
Avast MalwareX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Win32.Trojan.Dropper.Timw
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.Gen
DrWeb Clean
VIPRE Clean
TrendMicro Backdoor.Win32.REMCOS.YXEG5Z
McAfeeD ti!ACE74890B732
Trapmine malicious.high.ml.score
FireEye Generic.mg.367009ea6fe948f4
Emsisoft Clean
Ikarus Clean
GData Win32.Trojan.Injector.VCTBTR
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/Dropper.Gen
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft TrojanDownloader:Win32/DCRat.A!MTB
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!367009EA6FE9
MAX Clean
VBA32 BScope.Trojan.VBKrypt
Malwarebytes Backdoor.Bot
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Downloader.VB!8.1EB (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat
BitDefenderTheta Gen:NN.ZevbaF.36810.bm0@aeC7m4ji
AVG MalwareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Clean
No IRMA results available.