popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2016-04-08 21:51:37

PE Imphash

20dd26497880c05caed9305b3c8b9109

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000fd10 0x0000fe00 6.38464243967
.itext 0x00011000 0x00000f6c 0x00001000 5.74547465495
.data 0x00012000 0x00000cb4 0x00000e00 2.35781438872
.bss 0x00013000 0x000056c0 0x00000000 0.0
.idata 0x00019000 0x00000e04 0x00001000 4.59781255771
.tls 0x0001a000 0x00000008 0x00000000 0.0
.rdata 0x0001b000 0x00000018 0x00000200 0.20448815744
.reloc 0x0001c000 0x0000137c 0x00000000 0.0
.rsrc 0x0001e000 0x00017988 0x00017a00 6.50147748074

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002bbc8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_ICON 0x0002bbc8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_ICON 0x0002bbc8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_ICON 0x0002bbc8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_ICON 0x0002bbc8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED GLS_BINARY_LSB_FIRST
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x0002c808 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00034ee4 0x0000002c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00034ee4 0x0000002c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00034ee4 0x0000002c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00034ee4 0x0000002c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00034f10 0x0000004c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x00034f5c 0x00000488 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_MANIFEST 0x000353e4 0x000005a4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library oleaut32.dll:
0x419304 SysFreeString
0x419308 SysReAllocStringLen
0x41930c SysAllocStringLen
Library advapi32.dll:
0x419314 RegQueryValueExW
0x419318 RegOpenKeyExW
0x41931c RegCloseKey
Library user32.dll:
0x419324 GetKeyboardType
0x419328 LoadStringW
0x41932c MessageBoxA
0x419330 CharNextW
Library kernel32.dll:
0x419338 GetACP
0x41933c Sleep
0x419340 VirtualFree
0x419344 VirtualAlloc
0x419348 GetSystemInfo
0x41934c GetTickCount
0x419354 GetVersion
0x419358 GetCurrentThreadId
0x41935c VirtualQuery
0x419360 WideCharToMultiByte
0x419364 MultiByteToWideChar
0x419368 lstrlenW
0x41936c lstrcpynW
0x419370 LoadLibraryExW
0x419374 GetThreadLocale
0x419378 GetStartupInfoA
0x41937c GetProcAddress
0x419380 GetModuleHandleW
0x419384 GetModuleFileNameW
0x419388 GetLocaleInfoW
0x41938c GetCommandLineW
0x419390 FreeLibrary
0x419394 FindFirstFileW
0x419398 FindClose
0x41939c ExitProcess
0x4193a0 WriteFile
0x4193a8 RtlUnwind
0x4193ac RaiseException
0x4193b0 GetStdHandle
0x4193b4 CloseHandle
Library kernel32.dll:
0x4193bc TlsSetValue
0x4193c0 TlsGetValue
0x4193c4 LocalAlloc
0x4193c8 GetModuleHandleW
Library user32.dll:
0x4193d0 CreateWindowExW
0x4193d4 TranslateMessage
0x4193d8 SetWindowLongW
0x4193dc PeekMessageW
0x4193e4 MessageBoxW
0x4193e8 LoadStringW
0x4193ec GetSystemMetrics
0x4193f0 ExitWindowsEx
0x4193f4 DispatchMessageW
0x4193f8 DestroyWindow
0x4193fc CharUpperBuffW
0x419400 CallWindowProcW
Library kernel32.dll:
0x419408 WriteFile
0x41940c WideCharToMultiByte
0x419410 WaitForSingleObject
0x419414 VirtualQuery
0x419418 VirtualProtect
0x41941c VirtualFree
0x419420 VirtualAlloc
0x419424 SizeofResource
0x419428 SignalObjectAndWait
0x41942c SetLastError
0x419430 SetFilePointer
0x419434 SetEvent
0x419438 SetErrorMode
0x41943c SetEndOfFile
0x419440 ResetEvent
0x419444 RemoveDirectoryW
0x419448 ReadFile
0x41944c MultiByteToWideChar
0x419450 LockResource
0x419454 LoadResource
0x419458 LoadLibraryW
0x419460 GetVersionExW
0x419464 GetVersion
0x41946c GetThreadLocale
0x419470 GetSystemInfo
0x419474 GetSystemDirectoryW
0x419478 GetStdHandle
0x41947c GetProcAddress
0x419480 GetModuleHandleW
0x419484 GetModuleFileNameW
0x419488 GetLocaleInfoW
0x41948c GetLastError
0x419490 GetFullPathNameW
0x419494 GetFileSize
0x419498 GetFileAttributesW
0x41949c GetExitCodeProcess
0x4194a4 GetDiskFreeSpaceW
0x4194a8 GetCurrentProcess
0x4194ac GetCommandLineW
0x4194b0 GetCPInfo
0x4194b4 InterlockedExchange
0x4194bc FreeLibrary
0x4194c0 FormatMessageW
0x4194c4 FindResourceW
0x4194c8 EnumCalendarInfoW
0x4194cc DeleteFileW
0x4194d0 CreateProcessW
0x4194d4 CreateFileW
0x4194d8 CreateEventW
0x4194dc CreateDirectoryW
0x4194e0 CloseHandle
Library advapi32.dll:
0x4194e8 RegQueryValueExW
0x4194ec RegOpenKeyExW
0x4194f0 RegCloseKey
0x4194f4 OpenProcessToken
Library comctl32.dll:
0x419500 InitCommonControls
Library kernel32.dll:
0x419508 Sleep
Library advapi32.dll:
No antivirus signatures available.
No IRMA results available.