popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-19 08:27:34

PDB Path

E:\IDDE\pon\x64\Release\pon.pdb

PE Imphash

0141624ec75102605a71ad2282c112f2

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000018cc 0x00001a00 5.7095178228
.rdata 0x00003000 0x00002b02 0x00002c00 3.89787041936
.data 0x00006000 0x00000720 0x00000200 2.0665233777
.pdata 0x00007000 0x000001f8 0x00000200 3.69111962556
.rsrc 0x00008000 0x000001e0 0x00000200 4.6961226186
.reloc 0x00009000 0x00000060 0x00000200 1.21824914851

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00008060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140003020 Sleep
0x140003028 GetConsoleWindow
0x140003030 AllocConsole
0x140003038 SetFileAttributesW
0x140003040 RtlVirtualUnwind
0x140003048 UnhandledExceptionFilter
0x140003058 GetCurrentProcess
0x140003060 RtlLookupFunctionEntry
0x140003068 TerminateProcess
0x140003078 GetModuleHandleW
0x140003080 GetStartupInfoW
0x140003088 IsDebuggerPresent
0x140003090 QueryPerformanceCounter
0x140003098 GetCurrentProcessId
0x1400030a0 GetCurrentThreadId
0x1400030a8 GetSystemTimeAsFileTime
0x1400030b0 InitializeSListHead
0x1400030b8 RtlCaptureContext
Library USER32.dll:
0x1400030d8 ShowWindow
0x1400030e0 GetKeyState
0x1400030e8 SendInput
Library ADVAPI32.dll:
0x140003000 RegSetValueExA
0x140003008 RegOpenKeyExA
0x140003010 RegCloseKey
Library SHELL32.dll:
0x1400030c8 SHEmptyRecycleBinW
Library ole32.dll:
0x140003230 CoCreateInstance
0x140003238 CoInitializeEx
Library VCRUNTIME140.dll:
0x140003100 __std_exception_copy
0x140003108 memset
0x140003110 memcpy
0x140003118 __C_specific_handler
0x140003120 __current_exception
0x140003128 __std_exception_destroy
0x140003130 _CxxThrowException
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140003140 _callnewh
0x140003148 free
0x140003150 malloc
0x140003158 _set_new_mode
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140003188 _initialize_onexit_table
0x140003198 _exit
0x1400031a0 _crt_atexit
0x1400031a8 _cexit
0x1400031b0 terminate
0x1400031c0 _seh_filter_exe
0x1400031c8 exit
0x1400031e0 _configure_narrow_argv
0x1400031e8 _c_exit
0x1400031f0 _set_app_type
0x1400031f8 _initterm_e
0x140003200 system
0x140003208 _initterm
Library api-ms-win-crt-math-l1-1-0.dll:
0x140003178 __setusermatherr
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140003218 _set_fmode
0x140003220 __p__commode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140003168 _configthreadlocale
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
u/HcH<H
bad allocation
Unknown exception
bad array new length
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
start explorer.exe
del /q "C:\Windows\System32\SRU" >nul 2>nul
del /q "C:\Windows\Prefetch" >nul 2>nul
taskkill /F /IM SystemInformer.exe >nul 2>nul
taskkill /F /IM ProcessHacker.exe >nul 2>nul
taskkill /F /IM JournalTrace.exe >nul 2>nul
taskkill /F /IM RegScanner.exe >nul 2>nul
taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
taskkill /F /IM Everything.exe >nul 2>nul
taskkill /F /IM Taskmgr.exe >nul 2>nul
taskkill /F /IM WinRAR.exe >nul 2>nul
start C:\Hider\ChilledWindows.exe
start C:\Hider\CockroachOnDesktop.exe
RSDSa%
E:\IDDE\pon\x64\Release\pon.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
SetFileAttributesW
GetConsoleWindow
AllocConsole
KERNEL32.dll
SendInput
ShowWindow
GetKeyState
USER32.dll
RegOpenKeyExA
RegSetValueExA
RegCloseKey
ADVAPI32.dll
SHEmptyRecycleBinW
SHELL32.dll
CoCreateInstance
CoInitializeEx
ole32.dll
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
VCRUNTIME140.dll
system
_callnewh
malloc
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
memcpy
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
C:\Hider
C:\Nurik
C:\Expensive
C:\Excellent
C:\Wild
C:\Arbuz
C:\Akrien
C:\AkrienAntiLeak
C:\Celestial
C:\Rockstar
C:\RockAntiLeak
C:\Users\%USERNAME%\AppData\Roaming\.wex
C:\Celka
C:\baritone
C:\Games\Minecraft\versions\Rockstar
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Rockstar
C:\Games\Minecraft\Expensive
C:\Games\Minecraft\Avalon
C:\Games\Minecraft\Dark
C:\Games\Minecraft\Exclusive
C:\Games\Minecraft\arbuz
C:\Games\Minecraft\Rise
C:\Games\Minecraft\StarLine
C:\Games\Minecraft\Impact
C:\Games\Minecraft\Inertia
C:\Games\Minecraft\Gothaj
C:\Games\Minecraft\FPDCLEINT-1.8
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Wissend
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Verist
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Vendex
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Exclusive
C:\CarbonaraAntiLeak
C:\Carbonara
C:\Sk3dGuard
C:\Delta
C:\MoonHackFree
C:\DeadCode
C:\Nova
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\arbuz
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\Dark
C:\ANL\Verist
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Expensive Reloaded
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\KwishFree
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Centric Free
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\Expensive
C:\Games\Minecraft\versions\Expensive Reloaded
C:\Games\Minecraft\versions\KwishFree
C:\Games\Minecraft\versions\Centric Free
C:\Games\Minecraft\versions\Expensive
C:\Games\Minecraft\versions\FlugerClient
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\
ptiFine 1.16.5.jar.bak
C:\Users\zxcro\AppData\Roaming\.tlauncher\legacy\Minecraft\game\versions\
ptiFine 1.16.5\Rockstar_lib
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\
ptiFine 1.16.5.jar
C:\Users%username%\AppData\Roaming.tlauncher\legacy\Minecraft\game\versions\
ptiFine 1.16.5.json
C:\Program Files (x86)\Everything
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.Dropper.mt
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Clean
Elastic Clean
ESET-NOD32 Clean
APEX Malicious
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Trojan.KillFiles2.3011
VIPRE Clean
TrendMicro Clean
McAfeeD Clean
Trapmine Clean
FireEye Clean
Emsisoft Clean
huorong Clean
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Casdet
Varist Clean
Avira Clean
Antiy-AVL Trojan/Win32.Agent
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Casdet!rfn
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!3FBAD097793F
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.PALLAS.H
BitDefenderTheta Clean
AVG Clean
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (W)
alibabacloud Clean
No IRMA results available.