popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2015-06-14 23:38:45

PE Imphash

66127c8a0e4f3b844b33ef0b6236f9dd

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001f3c 0x00002000 6.1048857383
.rdata 0x00003000 0x00000770 0x00000800 4.06822702493
.data 0x00004000 0x000005b4 0x00000600 2.13665432739
.rsrc 0x00005000 0x000015c0 0x00001600 4.04306714994

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00005500 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_ICON 0x00005500 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_DIALOG 0x00006020 0x000005a0 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00006020 0x000005a0 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00005a68 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x00005a68 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x403000 HeapAlloc
0x403004 GetProcessHeap
0x403008 VirtualAlloc
0x40300c Sleep
0x403010 VirtualProtect
0x403014 GetProcAddress
0x403018 LoadLibraryA
0x40301c IsBadReadPtr
0x403020 HeapFree
0x403024 WriteFile
0x403028 GetFileSize
0x40302c GetStartupInfoA
0x403030 GetModuleHandleA
Library MSVCRT.dll:
0x403038 malloc
0x40303c strlen
0x403040 ??2@YAPAXI@Z
0x403044 memset
0x403048 __CxxFrameHandler
0x40304c _CxxThrowException
0x403050 ??3@YAXPAX@Z
0x403054 free
0x403058 memcpy
0x403060 _exit
0x403064 _XcptFilter
0x403068 exit
0x40306c _acmdln
0x403070 __getmainargs
0x403074 _initterm
0x403078 __setusermatherr
0x40307c _adjust_fdiv
0x403080 __p__commode
0x403084 __p__fmode
0x403088 __set_app_type
0x40308c _except_handler3
0x403090 _controlfp
0x403094 __dllonexit
0x403098 _onexit
0x40309c realloc
0x4030a0 strcmp
0x4030a4 _stricmp
Library imagehlp.dll:
Library WININET.dll:
0x4030ac InternetOpenUrlA
0x4030b0 InternetReadFile
!This program cannot be run in DOS mode.
`.rdata
@.data
D$ UWP
t(h@@@
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
WriteFile
GetFileSize
KERNEL32.dll
realloc
malloc
strlen
??2@YAPAXI@Z
memset
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strcmp
memcpy
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
MakeSureDirectoryPathExists
imagehlp.dll
InternetReadFile
InternetOpenUrlA
WININET.dll
GetModuleHandleA
GetStartupInfoA
_stricmp
KERNEL32.dll
VirtualFree
FreeLibrary
TTTTTTTTTTTT
YYYYYYYYYYYY
InternetOpenA
wininet.dll
CreateFileA
KERNEL32.dll
CloseHandle
KERNEL32.dll
InternetCloseHandle
wininet.dll
SetFilePointer
KERNEL32.dll
ReadFile
KERNEL32.dll
CreateFileA
KERNEL32.dll
CloseHandle
KERNEL32.dll
CloseHandle
KERNEL32.dll
CreateFileA
KERNEL32.dll
CloseHandle
KERNEL32.dll
CreateFileA
KERNEL32.dll
ReadFile
KERNEL32.dll
CloseHandle
KERNEL32.dll
.?AVtype_info@@
biknnr
B6CPC!V
WQBfgk
WQHCdhz
YWQH@y
3YWQHEWM2
BDDEDDDDDD:
\Server\Release\DHLDAT.pdb
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
100510000000Z
150510235959Z0~1
Greater Manchester1
Salford1
COMODO CA Limited1$0"
COMODO Time Stamping Signer0
GS@(YC
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130311000000Z
160310235959Z0
Beijing1
Beijing1503
,Qihoo 360 Software (Beijing) Company Limited1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Tech. Dev. Dept.1503
,Qihoo 360 Software (Beijing) Company Limited0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
fjYMtk
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!00
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.360.cn 0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
140821032827Z0#
Property Page
MS Sans Serif
TODO: layout property page
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
Property Page
MS Sans Serif
TODO: layout property page
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
msctls_updown32
<<<Obsolete>>
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Trojan.Redosdru.18846
Skyhigh Trojan-FJYJ!0C8848C11A91
ALYac Clean
Cylance Unsafe
Zillya Downloader.Agent.Win32.262615
Sangfor Trojan.Win32.Agent.8
K7AntiVirus Trojan-Downloader ( 0055e3da1 )
Alibaba Backdoor:Win32/Zlob.180910
K7GW Trojan-Downloader ( 0055e3da1 )
Cybereason Clean
huorong Clean
Baidu Clean
VirIT Trojan.Win32.Generic.ABBG
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.BIX
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Clean
NANO-Antivirus Trojan.Win32.Agent.envewf
ViRobot Clean
Tencent Malware.Win32.Gencirc.10b1031d
TACHYON Clean
Sophos Troj/AutoG-HV
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.Packed2.40991
VIPRE Clean
TrendMicro BKDR_ZEGOST.SM17
McAfeeD ti!6CBBF236B6AA
Trapmine Clean
FireEye Generic.mg.0c8848c11a91ab74
Emsisoft Clean
Ikarus Trojan-Downloader.Win32.Agent
GData Clean
Jiangmin Backdoor.Generic.aczi
Webroot Clean
Varist W32/Agent.BVY.gen!Eldorado
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Trojan/Win32.SGeneric
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Agent.vb!s1
Xcitium TrojWare.Win32.Redosdru.A@5su6ps
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Redosdru.AB
Google Detected
AhnLab-V3 Trojan/Win32.RL_Redosdru.R365250
Acronis Clean
McAfee Trojan-FJYJ!0C8848C11A91
MAX Clean
VBA32 BScope.Trojan.Dynamer
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall BKDR_ZEGOST.SM17
Rising Backdoor.Generic!8.CE (TFE:5:baEM1NflA5J)
Yandex Trojan.GenAsa!NAwRIH/jhGU
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet W32/Agent.CGT!tr
BitDefenderTheta Gen:NN.ZexaF.36810.bqX@au7XQllj
AVG Win32:Malware-gen
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan[downloader]:Win/Redosdru.6eac1ded
No IRMA results available.