Static | ZeroBOX

PE Compile Time

2019-07-30 17:52:50

PE Imphash

5877688b4859ffd051f6be3b8e0cd533

PEiD Signatures

PureBasic 4.x -> Neil Hodgson

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.code 0x00001000 0x000037f0 0x00003800 5.60877613077
.text 0x00005000 0x0000d2c2 0x0000d400 6.55808372928
.rdata 0x00013000 0x0000339d 0x00003400 7.11064033873
.data 0x00017000 0x0000172c 0x00001200 4.99817396787
.rsrc 0x00019000 0x00000ffc 0x00001000 7.53906068286

Resources

Name Offset Size Language Sub-language File type
RT_RCDATA 0x00019d8c 0x00000009 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00019d8c 0x00000009 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00019d8c 0x00000009 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00019d8c 0x00000009 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00019d98 0x00000263 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library MSVCRT.dll:
0x417470 memset
0x417474 wcsncmp
0x417478 memmove
0x41747c wcsncpy
0x417480 wcsstr
0x417484 _wcsnicmp
0x417488 _wcsdup
0x41748c free
0x417490 _wcsicmp
0x417494 wcslen
0x417498 wcscpy
0x41749c wcscmp
0x4174a0 memcpy
0x4174a4 tolower
0x4174a8 wcscat
0x4174ac malloc
Library KERNEL32.dll:
0x4174b4 GetModuleHandleW
0x4174b8 HeapCreate
0x4174bc GetStdHandle
0x4174c0 HeapDestroy
0x4174c4 ExitProcess
0x4174c8 WriteFile
0x4174cc GetTempFileNameW
0x4174d0 LoadLibraryExW
0x4174d4 EnumResourceTypesW
0x4174d8 FreeLibrary
0x4174dc RemoveDirectoryW
0x4174e0 GetExitCodeProcess
0x4174e4 EnumResourceNamesW
0x4174e8 GetCommandLineW
0x4174ec LoadResource
0x4174f0 SizeofResource
0x4174f4 FreeResource
0x4174f8 FindResourceW
0x4174fc GetNativeSystemInfo
0x417500 GetShortPathNameW
0x417508 GetSystemDirectoryW
0x417510 CloseHandle
0x41751c WaitForSingleObject
0x417520 TerminateThread
0x417524 CreateThread
0x417528 Sleep
0x41752c GetProcAddress
0x417530 GetVersionExW
0x417534 WideCharToMultiByte
0x417538 HeapAlloc
0x41753c HeapFree
0x417540 LoadLibraryW
0x417544 GetCurrentProcessId
0x417548 GetCurrentThreadId
0x41754c GetModuleFileNameW
0x417558 GetCurrentProcess
0x41755c TerminateProcess
0x417564 HeapSize
0x417568 MultiByteToWideChar
0x41756c CreateDirectoryW
0x417570 SetFileAttributesW
0x417574 GetTempPathW
0x417578 DeleteFileW
0x417584 CreateFileW
0x417588 SetFilePointer
0x41758c TlsFree
0x417590 TlsGetValue
0x417594 TlsSetValue
0x417598 TlsAlloc
0x41759c HeapReAlloc
0x4175a8 InterlockedExchange
0x4175ac GetLastError
0x4175b0 SetLastError
0x4175b4 UnregisterWait
0x4175b8 GetCurrentThread
0x4175bc DuplicateHandle
Library USER32.DLL:
0x4175c8 CharUpperW
0x4175cc CharLowerW
0x4175d0 MessageBoxW
0x4175d4 DefWindowProcW
0x4175d8 DestroyWindow
0x4175dc GetWindowLongW
0x4175e4 GetWindowTextW
0x4175e8 UnregisterClassW
0x4175ec LoadIconW
0x4175f0 LoadCursorW
0x4175f4 RegisterClassExW
0x4175f8 IsWindowEnabled
0x4175fc EnableWindow
0x417600 GetSystemMetrics
0x417604 CreateWindowExW
0x417608 SetWindowLongW
0x41760c SendMessageW
0x417610 SetFocus
0x417618 SetForegroundWindow
0x41761c BringWindowToTop
0x417620 GetMessageW
0x417628 TranslateMessage
0x41762c DispatchMessageW
0x417634 PostMessageW
0x417638 GetForegroundWindow
0x417640 IsWindowVisible
0x417644 EnumWindows
0x417648 SetWindowPos
Library GDI32.DLL:
0x417650 GetStockObject
Library COMCTL32.DLL:
Library SHELL32.DLL:
0x417660 ShellExecuteExW
0x417664 SHGetFolderLocation
Library WINMM.DLL:
0x417670 timeBeginPeriod
Library OLE32.DLL:
0x417678 CoInitialize
0x41767c CoTaskMemFree
Library SHLWAPI.DLL:
0x417684 PathAddBackslashW
0x41768c PathQuoteSpacesW
0x417690 PathRemoveArgsW

!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
\$TK;\$(
PPPPPP
PPPPPP
PPPPPP
PPPPPP
PPPPPP
[_;\$(u
t3Ot"Ot
D$ PVW
{_^][Y
VW9l$4u
D$4$0A
\$89l$<u
D$<$0A
L$@9l$D
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
jPjCjnh
D$$PVS
f9LD6u
j\Xf9D~
QQSUVW
tcj"Zf;
_^][YY
!~(_^[
j\Xf9Ds
QVVh qA
j\Xf9Dw
HtOHt5
t9V@Pj
<_^][YY
3D$H3D$<
3D$$3D$@
3T$(3T$D3T$<
3T$,3T$
3T$03T$
3T$ 3T$
3T$H3T$
3T$$3T$ 3P
L$X3P$
3T$,3P,3P
3T$03P03P
3P43P
3P83P$
3P<3P(
3W83W 3W
3S<3S$3S
13q(3q 3q
3q,3q$
3q03q(3q
3q43q,3q
3q83q03q$
q<3q43q(3q
13q83q,3q
3q<3q03q
313q43q
3q83q$
3q<3q(
3r83r 3r
3r<3r$3r
13q(3q 3q
3q,3q$3q
3p43p,3p
3P83P03P$
3P83P$
3P<3P(
D$h3H03H
\$03\$X3\$
3P(3P
l$X3P,3P$3P
3T$L3T$D3P
3T$H3T$@3P
3P83T$L
P(3P<3T$H3P
D$,3A<3A
?vMj@[+
wI;O(wDj
D$DRSP
WD;P s
s@u';i
WD;P(s
Gl;G`sX
Gl;G`r
M;t$Dr
T$8#\$
T$8#\$
|$ 9OD
D$(+D$
D$(+D$,
D$,^][_
t@90u<
t}9;uy
N,9N4u
F0][_3
D$,xbA
D$(8bA
t$H;t$<
_^][YY
RtlGetVersion
SHBrowseForFolderW
SHGetPathFromIDListW
GetLongPathNameW
SHGetKnownFolderPath
0123456789abcdefK
InitOnceExecuteOnce
1.2.11
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
Qkkbal
[-&LMb#{'
w+OQvr
INSKyu
)\ZEo^m/
H*0"ZOW
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
inflate 1.2.11 Copyright 1995-2017 Mark Adler
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
memset
MSVCRT.dll
GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
KERNEL32.dll
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
USER32.DLL
GetStockObject
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
CoInitialize
CoTaskMemFree
OLE32.DLL
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
SHLWAPI.DLL
DK6qyw
9{=G?v5
WudQtD
.!IEf}
D'COME$J~
PAD<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="CompanyName.ProductName.YourApp"
type="win32" />
<description></description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*" />
</dependentAssembly>
</dependency>
</assembly>PPADD
ntdll.dll
2147483648
InputRequester
STATIC
BUTTON
SHELL32.DLL
AInvalid memory access
Array bounds exceeded
Debugger breakpoint reached
Misaligned data access
Denormal floating-point operand
Division by zero (floating-point)
Inexact floating-point result
Invalid floating-point operation
Floating-point overflow (exponent to great)
Floating-point stack overflow or underflow
Floating-point underflow (exponent too small)
Illegal instruction
Memory page error
Division by zero
Integer overflow
Exception handler returned unknown value
Exception handler tried to continue after non-continuable exception
Privileged instruction
Single step trap
Stack overflow
Unknown error code
Kernel32.DLL
Shell32.DLL
Downloads\
Kernel32.dll
#+3;CScs
sysnative
35A40A60CDB82961CB1CD0E5C0FC3A37 4317A1A21C6B3DEDDEFDD76C2C25E054
47503AC50D(52E0C785B5B6668AC3A6D45EB541804B9CE6ECBE
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.IGENERICPMF.S2481492
Skyhigh BehavesLike.Win32.Generic.mh
ALYac Clean
Cylance Unsafe
Zillya Tool.Lazagne.Win32.102
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
huorong HEUR:Trojan/BAT.Agent.da
Baidu Clean
VirIT Trojan.Win32.Genus.IHW
Paloalto Clean
Symantec Clean
Elastic malicious (high confidence)
ESET-NOD32 BAT/Agent.QJD
APEX Malicious
Avast Win32:Evo-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Trojan.Bat.Agent.ha
TACHYON Clean
Sophos Generic ML PUA (PUA)
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD Real Protect-LS!FB5E045C6E6D
Trapmine Clean
FireEye Generic.mg.fb5e045c6e6d9f55
Emsisoft Clean
Ikarus Trojan.Win32
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist W32/Kryptik.FDM.gen!Eldorado
Avira Clean
Kingsoft malware.kb.a.984
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Babadeda.AMD!MTB
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee GenericRXWO-YL!FB5E045C6E6D
MAX Clean
VBA32 Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Clean
Zoner Trojan.Win32.85523
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Babadeda.SS!tr
BitDefenderTheta Clean
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (D)
alibabacloud Clean
No IRMA results available.