popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-08-01 16:50:11

PE Imphash

38ca2cef077b08d131c2be3bfd70789c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001054 0x00001200 5.70131258186
.rdata 0x00003000 0x00000da6 0x00000e00 4.74370689185
.data 0x00004000 0x000003a8 0x00000200 0.877770791117
.rsrc 0x00005000 0x000002b0 0x00000400 5.1876721105
.reloc 0x00006000 0x00000284 0x00000400 4.08153671946

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00005058 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library MSVCR90.dll:
0x40307c _invoke_watson
0x403084 memset
0x403088 _decode_pointer
0x40308c _onexit
0x403090 _lock
0x403094 __dllonexit
0x403098 _unlock
0x40309c ?terminate@@YAXXZ
0x4030a0 _crt_debugger_hook
0x4030a4 __set_app_type
0x4030a8 _encode_pointer
0x4030ac __p__fmode
0x4030b0 __p__commode
0x4030b4 _adjust_fdiv
0x4030b8 __setusermatherr
0x4030bc _configthreadlocale
0x4030c0 _initterm_e
0x4030c4 _initterm
0x4030c8 _acmdln
0x4030cc exit
0x4030d0 _ismbblead
0x4030d4 _XcptFilter
0x4030d8 _exit
0x4030dc _cexit
0x4030e0 __getmainargs
0x4030e4 _amsg_exit
0x4030e8 wcscmp
0x4030ec wcslen
0x4030f0 srand
0x4030f4 rand
0x4030f8 _controlfp_s
Library urlmon.dll:
0x40313c URLDownloadToFileW
Library WININET.dll:
0x40311c InternetOpenUrlW
0x403120 HttpQueryInfoA
0x403124 InternetReadFile
0x403128 InternetOpenA
0x40312c InternetOpenUrlA
0x403130 InternetCloseHandle
0x403134 InternetOpenW
Library SHLWAPI.dll:
0x403108 PathFindFileNameW
0x40310c PathFileExistsW
Library KERNEL32.dll:
0x403010 CreateMutexA
0x403014 GetLastError
0x403018 ExitProcess
0x40301c GetModuleFileNameW
0x403020 CopyFileW
0x403024 SetFileAttributesW
0x403028 GetTickCount
0x403030 CreateFileW
0x403034 WriteFile
0x403038 InterlockedExchange
0x40303c DeleteFileW
0x403040 CreateProcessW
0x403044 Sleep
0x40304c IsDebuggerPresent
0x403054 GetCurrentThreadId
0x403058 GetCurrentProcessId
0x40305c GetCurrentProcess
0x403068 GetStartupInfoA
0x40306c CloseHandle
0x403074 TerminateProcess
Library USER32.dll:
0x403114 wsprintfW
Library ADVAPI32.dll:
0x403000 RegSetValueExW
0x403004 RegCloseKey
0x403008 RegOpenKeyExW
Library SHELL32.dll:
0x403100 ShellExecuteW
!This program cannot be run in DOS mode.
Richbe
`.rdata
@.data
@.reloc
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
http://twizt.net/vncinstall.php
PreLoad
memset
wcslen
wcscmp
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
URLDownloadToFileW
urlmon.dll
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
InternetOpenUrlW
InternetOpenW
InternetReadFile
WININET.dll
PathFileExistsW
PathFindFileNameW
SHLWAPI.dll
CreateProcessW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
ExpandEnvironmentStringsW
GetTickCount
SetFileAttributesW
CopyFileW
GetModuleFileNameW
ExitProcess
GetLastError
CreateMutexA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
freeukraine
http://fuckput.in/
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0+050C0M0X0b0
13191X1
2?2L2\2b2
2!30383D3Q3a3l3
4@4M4]4
5:5L5c5o5z5
6+686J6W6g6
7A7N7l7
8"8'8,828:8N8e8
9"9*9@9E9
:2:=:C:
;!;';-;3;9;?;F;M;T;[;b;i;p;x;
<^<d<n<u<
<2=7=X=]=|=
>/>M>a>g>
0 0&0,02080>0D0J0P0
H1T1X1
5,60686<6X6t6x6
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
%temp%
%s\525352353.jpg
dwinsvc.exe
Windows Service
http://twizt.net/lbslut.exe
%s:Zone.Identifier
%userprofile%
Software\Microsoft\Windows\CurrentVersion\Run\
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Phorpiex.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Dropped:Generic.Malware.S!dld!.4D40BE06
Cylance Unsafe
Zillya Clean
Sangfor Worm.Win32.Phorpiex.Vqq8
K7AntiVirus Clean
Alibaba Worm:Win32/Zonidel.ff4dbf9e
K7GW Clean
Cybereason malicious.d4c9a0
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Phorpiex.BB
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Zonidel.gen
BitDefender Dropped:Generic.Malware.S!dld!.4D40BE06
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Dropped:Generic.Malware.S!dld!.4D40BE06
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Worm.WORM/Phorpiex.xapjy
DrWeb Clean
VIPRE Dropped:Generic.Malware.S!dld!.4D40BE06
TrendMicro Mal_DLDER
McAfeeD ti!3860E4BC7A35
Trapmine Clean
FireEye Generic.mg.5381689d4c9a0ce9
Emsisoft Dropped:Generic.Malware.S!dld!.4D40BE06 (B)
SentinelOne Static AI - Malicious PE
GData Win32.Trojan.Phorpiex.D
Jiangmin Clean
Webroot Clean
Varist W32/S-c70f2e64!Eldorado
Avira WORM/Phorpiex.xapjy
Antiy-AVL Clean
Kingsoft malware.kb.a.999
Gridinsoft Clean
Xcitium Clean
Arcabit Generic.Malware.S!dld!.4D40BE06
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Zonidel.gen
Microsoft Trojan:Win32/Zusy.HNB!MTB
Google Detected
AhnLab-V3 Trojan/Win.Dlder.R637818
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.36810.auW@aikI5Phi
MAX malware (ai score=88)
Malwarebytes Trojan.Phorpiex
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Mal_DLDER
Tencent Win32.Trojan.Zonidel.Gdhl
Yandex Clean
Ikarus Worm.Win32.Phorpiex
MaxSecure Clean
Fortinet W32/Phorpiex.BB!worm
AVG Win32:WormX-gen [Wrm]
Avast Win32:WormX-gen [Wrm]
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Worm:Win/Phorpiex.BK
No IRMA results available.