Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00001f3c	0x00002000	6.1048857383
.rdata	0x00003000	0x00000770	0x00000800	4.06822702493
.data	0x00004000	0x000005b4	0x00000600	2.13665432739
.rsrc	0x00005000	0x000015c0	0x00001600	4.04306714994

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00001f3c

0x00002000

6.1048857383

.rdata

0x00003000

0x00000770

0x00000800

4.06822702493

.data

0x00004000

0x000005b4

0x00000600

2.13665432739

.rsrc

0x00005000

0x000015c0

0x00001600

4.04306714994

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00005500	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	GLS_BINARY_LSB_FIRST
RT_ICON	0x00005500	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	GLS_BINARY_LSB_FIRST
RT_DIALOG	0x00006020	0x000005a0	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_DIALOG	0x00006020	0x000005a0	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_GROUP_ICON	0x00005a68	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	data
RT_GROUP_ICON	0x00005a68	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	data

Name

Offset

Size

Language

Sub-language

File type

RT_ICON

0x00005500

0x00000568

LANG_CHINESE

SUBLANG_CHINESE_SIMPLIFIED

GLS_BINARY_LSB_FIRST

RT_ICON

0x00005500

0x00000568

LANG_CHINESE

SUBLANG_CHINESE_SIMPLIFIED

GLS_BINARY_LSB_FIRST

RT_DIALOG

0x00006020

0x000005a0

LANG_ENGLISH

SUBLANG_ENGLISH_US

data

RT_DIALOG

0x00006020

0x000005a0

LANG_ENGLISH

SUBLANG_ENGLISH_US

data

RT_GROUP_ICON

0x00005a68

0x00000014

LANG_CHINESE

SUBLANG_CHINESE_SIMPLIFIED

data

RT_GROUP_ICON

0x00005a68

0x00000014

LANG_CHINESE

SUBLANG_CHINESE_SIMPLIFIED

data

!This program cannot be run in DOS mode.

`.rdata

@.data

D$ UWP

t(h@@@

HeapAlloc

GetProcessHeap

VirtualAlloc

VirtualProtect

GetProcAddress

LoadLibraryA

IsBadReadPtr

HeapFree

WriteFile

GetFileSize

KERNEL32.dll

realloc

malloc

strlen

??2@YAPAXI@Z

memset

__CxxFrameHandler

_CxxThrowException

??3@YAXPAX@Z

strcmp

memcpy

MSVCRT.dll

??1type_info@@UAE@XZ

_XcptFilter

_acmdln

__getmainargs

_initterm

__setusermatherr

_adjust_fdiv

__p__commode

__p__fmode

__set_app_type

_except_handler3

_controlfp

__dllonexit

_onexit

MakeSureDirectoryPathExists

imagehlp.dll

InternetReadFile

InternetOpenUrlA

WININET.dll

GetModuleHandleA

GetStartupInfoA

_stricmp

KERNEL32.dll

VirtualFree

FreeLibrary

TTTTTTTTTTTT

YYYYYYYYYYYY

InternetOpenA

wininet.dll

CreateFileA

KERNEL32.dll

CloseHandle

KERNEL32.dll

InternetCloseHandle

wininet.dll

SetFilePointer

KERNEL32.dll

ReadFile

KERNEL32.dll

CreateFileA

KERNEL32.dll

CloseHandle

KERNEL32.dll

CloseHandle

KERNEL32.dll

CreateFileA

KERNEL32.dll

CloseHandle

KERNEL32.dll

CreateFileA

KERNEL32.dll

ReadFile

KERNEL32.dll

CloseHandle

KERNEL32.dll

.?AVtype_info@@

biknnr

B6CPC!V

WQBfgk

WQHCdhz

YWQH@y

3YWQHEWM2

BDDEDDDDDD:

\Server\Release\DHLDAT.pdb

Salt Lake City1

The USERTRUST Network1!0

http://www.usertrust.com1

UTN-USERFirst-Object0

100510000000Z

150510235959Z0~1

Greater Manchester1

Salford1

COMODO CA Limited1$0"

COMODO Time Stamping Signer0

GS@(YC

1http://crl.usertrust.com/UTN-USERFirst-Object.crl05

http://ocsp.usertrust.com0

VeriSign, Inc.10

VeriSign Trust Network1;09

2Terms of use at https://www.verisign.com/rpa (c)101.0,

%VeriSign Class 3 Code Signing 2010 CA0

130311000000Z

160310235959Z0

Beijing1

Beijing1503

,Qihoo 360 Software (Beijing) Company Limited1>0<

5Digital ID Class 3 - Microsoft Software Validation v21

Tech. Dev. Dept.1503

,Qihoo 360 Software (Beijing) Company Limited0

/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

https://www.verisign.com/rpa0

http://ocsp.verisign.com0;

/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0

fjYMtk

VeriSign, Inc.10

VeriSign Trust Network1:08

<VeriSign Class 3 Public Primary Certification Authority - G50

100208000000Z

200207235959Z0

VeriSign, Inc.10

VeriSign Trust Network1;09

2Terms of use at https://www.verisign.com/rpa (c)101.0,

%VeriSign Class 3 Code Signing 2010 CA0

https://www.verisign.com/cps0*

https://www.verisign.com/rpa0

[0Y0W0U

image/gif0!00

#http://logo.verisign.com/vslogo.gif04

#http://crl.verisign.com/pca3-g5.crl04

http://ocsp.verisign.com0

VeriSignMPKI-2-80

VeriSign, Inc.10

VeriSign Trust Network1;09

2Terms of use at https://www.verisign.com/rpa (c)101.0,

%VeriSign Class 3 Code Signing 2010 CA

http://www.360.cn 0

Salt Lake City1

The USERTRUST Network1!0

http://www.usertrust.com1

UTN-USERFirst-Object

140821032827Z0#

Property Page

MS Sans Serif

TODO: layout property page

msctls_updown32

Property Page

MS Sans Serif

TODO: layout property page

msctls_updown32

<<<Obsolete>>

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Clean
tehtris	Clean
MicroWorld-eScan	Clean
CMC	Clean
CAT-QuickHeal	Trojan.Redosdru.18846
Skyhigh	Trojan-FJYJ!0C8848C11A91
ALYac	Clean
Cylance	Unsafe
Zillya	Downloader.Agent.Win32.262615
Sangfor	Trojan.Win32.Agent.8
K7AntiVirus	Trojan-Downloader ( 0055e3da1 )
Alibaba	Backdoor:Win32/Zlob.180910
K7GW	Trojan-Downloader ( 0055e3da1 )
Cybereason	Clean
huorong	Clean
Baidu	Clean
VirIT	Trojan.Win32.Generic.ABBG
Paloalto	generic.ml
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.BIX
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Clean
NANO-Antivirus	Trojan.Win32.Agent.envewf
ViRobot	Clean
Tencent	Malware.Win32.Gencirc.10b1031d
TACHYON	Clean
Sophos	Troj/AutoG-HV
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Packed2.40991
VIPRE	Clean
TrendMicro	BKDR_ZEGOST.SM17
McAfeeD	ti!6CBBF236B6AA
Trapmine	Clean
FireEye	Generic.mg.0c8848c11a91ab74
Emsisoft	Clean
Ikarus	Trojan-Downloader.Win32.Agent
GData	Clean
Jiangmin	Backdoor.Generic.aczi
Webroot	Clean
Varist	W32/Agent.BVY.gen!Eldorado
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Agent.vb!s1
Xcitium	TrojWare.Win32.Redosdru.A@5su6ps
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Redosdru.AB
Google	Detected
AhnLab-V3	Trojan/Win32.RL_Redosdru.R365250
Acronis	Clean
McAfee	Trojan-FJYJ!0C8848C11A91
MAX	Clean
VBA32	BScope.Trojan.Dynamer
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Genetic.gen
Zoner	Clean
TrendMicro-HouseCall	BKDR_ZEGOST.SM17
Rising	Backdoor.Generic!8.CE (TFE:5:baEM1NflA5J)
Yandex	Trojan.GenAsa!NAwRIH/jhGU
SentinelOne	Static AI - Malicious PE
MaxSecure	Clean
Fortinet	W32/Agent.CGT!tr
BitDefenderTheta	Gen:NN.ZexaF.36810.bqX@au7XQllj
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan[downloader]:Win/Redosdru.6eac1ded

Antivirus

Signature

Bkav

W32.AIDetectMalware

Lionic

Clean

tehtris

Clean

MicroWorld-eScan

Clean

CMC

Clean

CAT-QuickHeal

Trojan.Redosdru.18846

Skyhigh

Trojan-FJYJ!0C8848C11A91

ALYac

Clean

Cylance

Unsafe

Zillya

Downloader.Agent.Win32.262615

Sangfor

Trojan.Win32.Agent.8

K7AntiVirus

Trojan-Downloader ( 0055e3da1 )

Alibaba

Backdoor:Win32/Zlob.180910

K7GW

Trojan-Downloader ( 0055e3da1 )

Cybereason

Clean

huorong

Clean

Baidu

Clean

VirIT

Trojan.Win32.Generic.ABBG

Paloalto

generic.ml

Symantec

ML.Attribute.HighConfidence

Elastic

malicious (high confidence)

ESET-NOD32

a variant of Win32/TrojanDownloader.Agent.BIX

APEX

Malicious

Avast

Win32:Malware-gen

Cynet

Malicious (score: 100)

Kaspersky

UDS:DangerousObject.Multi.Generic

BitDefender

Clean

NANO-Antivirus

Trojan.Win32.Agent.envewf

ViRobot

Clean

Tencent

Malware.Win32.Gencirc.10b1031d

TACHYON

Clean

Sophos

Troj/AutoG-HV

F-Secure

Trojan.TR/Crypt.XPACK.Gen

DrWeb

Trojan.Packed2.40991

VIPRE

Clean

TrendMicro

BKDR_ZEGOST.SM17

McAfeeD

ti!6CBBF236B6AA

Trapmine

Clean

FireEye

Generic.mg.0c8848c11a91ab74

Emsisoft

Clean

Ikarus

Trojan-Downloader.Win32.Agent

GData

Clean

Jiangmin

Backdoor.Generic.aczi

Webroot

Clean

Varist

W32/Agent.BVY.gen!Eldorado

Avira

TR/Crypt.XPACK.Gen

Antiy-AVL

Trojan/Win32.SGeneric

Kingsoft

malware.kb.a.1000

Gridinsoft

Trojan.Win32.Agent.vb!s1

Xcitium

TrojWare.Win32.Redosdru.A@5su6ps

Arcabit

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

UDS:DangerousObject.Multi.Generic

Microsoft

Trojan:Win32/Redosdru.AB

Google

Detected

AhnLab-V3

Trojan/Win32.RL_Redosdru.R365250

Acronis

Clean

McAfee

Trojan-FJYJ!0C8848C11A91

MAX

Clean

VBA32

BScope.Trojan.Dynamer

Malwarebytes

Generic.Malware/Suspicious

Panda

Trj/Genetic.gen

Zoner

Clean

TrendMicro-HouseCall

BKDR_ZEGOST.SM17

Rising

Backdoor.Generic!8.CE (TFE:5:baEM1NflA5J)

Yandex

Trojan.GenAsa!NAwRIH/jhGU

SentinelOne

Static AI - Malicious PE

MaxSecure

Clean

Fortinet

W32/Agent.CGT!tr

BitDefenderTheta

Gen:NN.ZexaF.36810.bqX@au7XQllj

AVG

Win32:Malware-gen

DeepInstinct

MALICIOUS

CrowdStrike

win/malicious_confidence_100% (W)

alibabacloud

Trojan[downloader]:Win/Redosdru.6eac1ded

Static Analysis

PE Compile Time

PE Imphash

PEiD Signatures

Sections

Resources

Imports