Static | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 04:11
가트너, “AI 데이터센터 40%, 20...
11.13 04:11
미라트 쇼룸, DDP에서 약 1.5만명 방문
11.13 04:11
IBM, AI와 복잡내성 보안 강화한 I...
11.13 04:11
Fake Job Ads and Fake ...
11.13 04:11
노크, 전국 30만 대학생 소통의 장 열어
11.13 04:11
종로 골드게이트, 예물반지용 랩다이아몬드...
11.13 04:11
코오롱베니트, 글로벌 소프트웨어 기업 에...
11.13 04:11
사회복지법인 대한사회복지회, 한양대학교 ...
11.13 04:11
한싹, AI 답변 생성 솔루션 ‘블루러닝...
11.13 04:11
'바툼 시스템 히터' 오는15일 현대홈쇼...

Static | ZeroBOX

PE Compile Time

2010-04-15 07:06:53

PE Imphash

b4c6fff030479aa3b12625be67bf4914

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0000104e	0x00001200	0.168100494025
.rdata	0x00003000	0x00000084	0x00000200	0.963086734599
.jdlj	0x00004000	0x00000278	0x00000400	4.29803757344

Imports

Library KERNEL32.dll:

• 0x140003000 VirtualAlloc

• 0x140003008 ExitProcess

!This program cannot be run in DOS mode.

Rich}E

`.rdata

@.jdlj

PAYLOAD:

ExitProcess

VirtualAlloc

KERNEL32.dll

AQAPRH1

R QVM1

AXAX^YZAXAYAZH

ws2_32

A^PPM1

}(XAWYh

KERNEL32.dll

VirtualAlloc

ExitProcess

Antivirus	Signature
Bkav	W64.AIDetectMalware
Lionic	Clean
tehtris	Clean
MicroWorld-eScan	Trojan.Metasploit.A
CMC	Clean
CAT-QuickHeal	HackTool.Metasploit.S9212471
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
Zillya	Clean
Sangfor	HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus	Trojan ( 004fae881 )
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.578101
Baidu	Clean
Symantec	Trojan Horse
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Paloalto	Clean
Cynet	Malicious (score: 100)
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Sophos	ATK/Meter-A
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
VIPRE	Trojan.Metasploit.A
TrendMicro	Clean
McAfeeD	Real Protect-LS!58840F757810
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Metasploit.A (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.auyjj
Webroot	Clean
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	malware.kb.b.980
Gridinsoft	Trojan.Win64.ShellCode.sd!s1
Xcitium	Clean
Arcabit	Trojan.Metasploit.A
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
Google	Detected
AhnLab-V3	Trojan/Win32.RL_Generic.R357794
Acronis	suspicious
BitDefenderTheta	Clean
TACHYON	Clean
VBA32	Clean
Malwarebytes	Trojan.Dropper.Generic
Panda	Clean
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Clean
Tencent	Hacktool.Win64.Rozena.a
Yandex	Trojan.GenAsa!RZuPNlUDbQk
Ikarus	Trojan.Win64.Meterpreter
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/Rozena.J!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Backdoor:Win/shellcode.api(dyn)

No IRMA results available.