popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-30 08:16:49

PE Imphash

f41da4b94d694d1773335d690e8c3ce8

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00009cd0 0x00009e00 6.35393242563
.rdata 0x0000b000 0x00008a82 0x00008c00 4.71803877771
.data 0x00014000 0x00001a70 0x00000a00 1.82429438461
.pdata 0x00016000 0x00000c90 0x00000e00 4.43252297741
.rsrc 0x00017000 0x000006a8 0x00000800 3.80523400983
.reloc 0x00018000 0x0000060c 0x00000800 4.73258487879

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000170a0 0x000003dc LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00017480 0x00000224 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

Imports

Library ADVAPI32.dll:
0x18000b000 CreateProcessAsUserW
0x18000b008 OpenProcessToken
0x18000b010 SetTokenInformation
0x18000b018 DuplicateTokenEx
Library USERENV.dll:
0x18000b240 CreateEnvironmentBlock
0x18000b248 DestroyEnvironmentBlock
Library WINSTA.dll:
0x18000b258 WinStationEnumerateW
0x18000b260 WinStationFreeMemory
Library KERNEL32.dll:
0x18000b028 CreateFileW
0x18000b030 WriteConsoleW
0x18000b038 SetLastError
0x18000b040 GetCurrentProcess
0x18000b048 CloseHandle
0x18000b050 QueryPerformanceCounter
0x18000b058 GetCurrentProcessId
0x18000b060 GetCurrentThreadId
0x18000b068 GetSystemTimeAsFileTime
0x18000b070 InitializeSListHead
0x18000b078 RtlCaptureContext
0x18000b080 RtlLookupFunctionEntry
0x18000b088 RtlVirtualUnwind
0x18000b090 IsDebuggerPresent
0x18000b098 UnhandledExceptionFilter
0x18000b0a8 GetStartupInfoW
0x18000b0b8 GetModuleHandleW
0x18000b0c0 SetFilePointerEx
0x18000b0c8 RtlUnwindEx
0x18000b0d0 InterlockedFlushSList
0x18000b0d8 GetLastError
0x18000b0e0 EnterCriticalSection
0x18000b0e8 LeaveCriticalSection
0x18000b0f0 DeleteCriticalSection
0x18000b100 TlsAlloc
0x18000b108 TlsGetValue
0x18000b110 TlsSetValue
0x18000b118 TlsFree
0x18000b120 FreeLibrary
0x18000b128 GetProcAddress
0x18000b130 LoadLibraryExW
0x18000b138 RaiseException
0x18000b140 ExitProcess
0x18000b148 TerminateProcess
0x18000b150 GetModuleHandleExW
0x18000b158 GetModuleFileNameA
0x18000b160 MultiByteToWideChar
0x18000b168 WideCharToMultiByte
0x18000b170 LCMapStringW
0x18000b178 HeapAlloc
0x18000b180 HeapFree
0x18000b188 FindClose
0x18000b190 FindFirstFileExA
0x18000b198 FindNextFileA
0x18000b1a0 IsValidCodePage
0x18000b1a8 GetACP
0x18000b1b0 GetOEMCP
0x18000b1b8 GetCPInfo
0x18000b1c0 GetCommandLineA
0x18000b1c8 GetCommandLineW
0x18000b1d0 GetEnvironmentStringsW
0x18000b1d8 FreeEnvironmentStringsW
0x18000b1e0 GetProcessHeap
0x18000b1e8 GetStdHandle
0x18000b1f0 GetFileType
0x18000b1f8 GetStringTypeW
0x18000b200 HeapSize
0x18000b208 HeapReAlloc
0x18000b210 SetStdHandle
0x18000b218 WriteFile
0x18000b220 FlushFileBuffers
0x18000b228 GetConsoleCP
0x18000b230 GetConsoleMode

Exports

Ordinal Address Name
1 0x180001018 DrvDisableDriver
2 0x18000105c DrvEnableDriver
3 0x18000101c DrvQueryDriverInfo
4 0x180001018 DrvResetConfigCache
5 0x180001094 GenerateCopyFilePaths
6 0x180001098 SpoolerCopyFileEvent
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
|$ AVH
H3E H3E
WATAUAVAWH
A_A^A]A\_
t<ffff
WATAUAVAWH
A_A^A]A\_
fffffff
u3HcH<H
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
A86taH
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
x ATAVAWH
0A_A^A\
\$ UVWAVAWH
A_A^_^]
@8|$^t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
fD94Fu
fD9t$b
SVWATAUAWH
HA_A]A\_^[
D82u&H
D8t$Ht
l$ WAVAWH
A_A^_
@UATAVH
@UATAUAVAWH
e0A_A^A]A\]
@UATAUAVAWH
H!T$0D
uf!T$(H!T$
A_A^A]A\]
WAVAWH
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
`A_A^A]A\_^]
ffffff
fffffff
USVWAVH
A^_^[]
LcA<E3
u HcA<H
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetCurrentPackageId
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.rsrc$01
.rsrc$02
mimispool.dll
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo
DrvResetConfigCache
GenerateCopyFilePaths
SpoolerCopyFileEvent
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
SetTokenInformation
ADVAPI32.dll
DestroyEnvironmentBlock
CreateEnvironmentBlock
USERENV.dll
WinStationEnumerateW
WinStationFreeMemory
WINSTA.dll
SetLastError
GetCurrentProcess
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
KERNEL32.dll
RtlUnwindEx
InterlockedFlushSList
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
ext-ms-
mscoree.dll
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
cmd.exe
winsta0\default
VS_VERSION_INFO
StringFileInfo
040904b0
ProductName
mimispool (mimikatz)
ProductVersion
2.2.0.0
CompanyName
gentilkiwi (Benjamin DELPY)
FileDescription
mimispool for Windows (mimikatz)
FileVersion
0.3.0.0
InternalName
mimispool
LegalCopyright
Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)
OriginalFilename
mimispool.dll
PrivateBuild
Build with love for POC only
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Mimikatz.i!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Gen:Variant.Mimikatz.10
Cylance Unsafe
Zillya Tool.Mimikatz.Win32.2698
Sangfor Clean
K7AntiVirus Trojan ( 005821131 )
Alibaba TrojanPSW:Win64/Mimikatz.e8ec8578
K7GW Trojan ( 005821131 )
Cybereason Clean
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/RiskWare.Mimikatz.BG
APEX Clean
Avast Win32:CVE-2021-1675-G [Expl]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.Win64.Mimikatz.gen
BitDefender Gen:Variant.Mimikatz.10
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Mimikatz.10
Tencent Trojan.Win64.Mimikatz.a
Sophos ATK/Mimikatz-CR
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Mimikatz.10
TrendMicro HKTL_MIMIKATZ64
McAfeeD ti!8CB1AC82F4EC
Trapmine Clean
FireEye Gen:Variant.Mimikatz.10
Emsisoft Gen:Variant.Mimikatz.10 (B)
Paloalto Clean
GData Gen:Variant.Mimikatz.10
Jiangmin Trojan.PSW.Mimikatz.cxj
Webroot W32.Hacktool.Gen
Varist W64/ABTrojan.UQBP-0786
Avira Clean
MAX malware (ai score=87)
Antiy-AVL RiskWare/Win32.Mimikatz
Kingsoft Win64.Trojan-PSW.Mimikatz.gen
Gridinsoft Trojan.Win64.Downloader.sa
Xcitium Clean
Arcabit Trojan.Mimikatz.10
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.Win64.Mimikatz.gen
Microsoft VirTool:Win64/Mimispoolz.A!MTB
Google Detected
AhnLab-V3 Trojan/Win.Mimikatz.R439082
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall HKTL_MIMIKATZ64
Rising Trojan.Agent!8.B1E (TFE:6:Z7hKCBfrpcB)
Yandex RiskWare.Mimikatz!/EnXYkTDFmc
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG Win32:CVE-2021-1675-G [Expl]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (D)
alibabacloud HackTool:Win/Mimikatz.k
No IRMA results available.