Static | ZeroBOX

PE Compile Time

2024-05-08 17:26:56

PE Imphash

2c2c290b31d72b5de180c9426897666e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000028ee 0x00002a00 5.94713573479
.rdata 0x00004000 0x00001f74 0x00002000 4.38152217234
.data 0x00006000 0x00000718 0x00000200 1.99064791797
.pdata 0x00007000 0x000002d0 0x00000400 3.00530559205
.rsrc 0x00008000 0x000001e8 0x00000200 4.75076579254
.reloc 0x00009000 0x00000058 0x00000200 1.1701018158

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00008060 0x00000188 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140004010 CloseHandle
0x140004018 GetFileSize
0x140004020 WriteProcessMemory
0x140004028 RtlAddFunctionTable
0x140004030 Sleep
0x140004038 GetLastError
0x140004040 LoadLibraryA
0x140004048 VirtualProtectEx
0x140004050 GetProcAddress
0x140004058 VirtualAllocEx
0x140004060 ReadProcessMemory
0x140004068 CreateFileA
0x140004070 VirtualFreeEx
0x140004078 GetExitCodeProcess
0x140004080 TerminateProcess
0x140004088 GetCurrentDirectoryA
0x140004090 ResumeThread
0x140004098 SetCurrentDirectoryA
0x1400040a8 CreateProcessA
0x1400040b0 GetPrivateProfileStringA
0x1400040b8 RtlLookupFunctionEntry
0x1400040c0 RtlVirtualUnwind
0x1400040c8 UnhandledExceptionFilter
0x1400040d0 CreateRemoteThread
0x1400040d8 ReadFile
0x1400040e8 RtlCaptureContext
0x1400040f0 GetCurrentProcess
0x140004100 QueryPerformanceCounter
0x140004108 GetCurrentProcessId
0x140004110 GetCurrentThreadId
0x140004118 GetSystemTimeAsFileTime
0x140004120 InitializeSListHead
0x140004128 IsDebuggerPresent
0x140004130 GetModuleHandleW
Library USER32.dll:
0x140004160 FindWindowA
Library COMDLG32.dll:
0x140004000 GetOpenFileNameA
Library MSVCP140.dll:
Library SHLWAPI.dll:
0x140004150 PathRemoveFileSpecA
Library VCRUNTIME140.dll:
0x140004170 __current_exception
0x140004178 __std_exception_copy
0x140004180 memmove
0x140004188 _CxxThrowException
0x140004190 memset
0x140004198 __C_specific_handler
0x1400041a0 __std_exception_destroy
0x1400041a8 memcpy
Library VCRUNTIME140_1.dll:
0x1400041c0 __CxxFrameHandler4
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x1400042c0 __stdio_common_vfprintf
0x1400042c8 __acrt_iob_func
0x1400042d0 _set_fmode
0x1400042d8 __p__commode
Library api-ms-win-crt-heap-l1-1-0.dll:
0x1400041d0 malloc
0x1400041d8 free
0x1400041e0 _set_new_mode
0x1400041e8 _callnewh
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140004218 _initterm_e
0x140004220 _initialize_onexit_table
0x140004230 _crt_atexit
0x140004240 exit
0x140004248 __p___argv
0x140004250 _exit
0x140004258 system
0x140004260 _cexit
0x140004268 _c_exit
0x140004280 _configure_narrow_argv
0x140004288 terminate
0x140004290 _set_app_type
0x140004298 _seh_filter_exe
0x1400042a0 __p___argc
0x1400042b0 _initterm
Library api-ms-win-crt-string-l1-1-0.dll:
0x1400042e8 strcat_s
Library api-ms-win-crt-math-l1-1-0.dll:
0x140004208 __setusermatherr
Library api-ms-win-crt-locale-l1-1-0.dll:
0x1400041f8 _configthreadlocale

!This program cannot be run in DOS mode.
I=%7I8]
IRich4]
`.rdata
@.data
.pdata
@.rsrc
@.reloc
WAVAWH
L$ SWH
D$(Hc@<H
D$p9D$Ht^H
UVWAVAWH
PA_A^_^]
UATAUAVAWH
A_A^A]A\]
@SVATAUAWH
0A_A]A\^[
u/HcH<H
bad allocation
Invalid file
Target process memory allocation failed (ex) 0x%X
Can't write file header 0x%X
Can't map sections: 0x%x
Target process mapping allocation failed (ex) 0x%X
Can't write mapping 0x%X
Memory shellcode allocation failed (ex) 0x%X
Can't write shellcode 0x%X
Mapped DLL at %p
Mapping info at %p
Shell code at %p
Data allocated
Thread creation failed 0x%X
Thread created at: %p, waiting for return...
Process crashed, exit code: 0x%X
Wrong mapping ptr
WARNING: Exception support failed!
Unable to allocate memory
WARNING: Can't clear shellcode
WARNING: can't release shell code memory
WARNING: can't release mapping data memory
Unknown exception
bad array new length
string too long
Injecting %s..
Unable to load/find %s
Failed to inject %s
%s successfully injected!
\GameAssembly.dll
Unable to generate checksum.
Checksum of your game: %X
Your game version is not supported.
Use the china version of the cheat.
\Pipsi-HSR.ini
ExecutablePath
Executable Files
StarRail.exe
All Files (*.*)
Executable Path: %s
Bypass.dll
Waiting for the game to initialize..
UnityWndClass
Cheat.dll
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
ReadFile
CreateFileA
CloseHandle
GetFileSize
WriteProcessMemory
RtlAddFunctionTable
GetLastError
LoadLibraryA
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
TerminateProcess
GetCurrentDirectoryA
ResumeThread
SetCurrentDirectoryA
WritePrivateProfileStringA
CreateProcessA
GetPrivateProfileStringA
KERNEL32.dll
FindWindowA
USER32.dll
GetOpenFileNameA
COMDLG32.dll
?_Xlength_error@std@@YAXPEBD@Z
MSVCP140.dll
PathRemoveFileSpecA
SHLWAPI.dll
__C_specific_handler
__CxxFrameHandler4
__std_exception_destroy
__std_exception_copy
_CxxThrowException
__current_exception
__current_exception_context
memset
VCRUNTIME140.dll
VCRUNTIME140_1.dll
__acrt_iob_func
__stdio_common_vfprintf
malloc
system
strcat_s
_invalid_parameter_noinfo_noreturn
_callnewh
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
memcpy
memmove
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.ShellcodeRunner.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.Injector.mm
McAfee Artemis!8E9D1161D84A
Cylance Unsafe
Zillya Trojan.ShellcodeRunner.Win64.2815
Sangfor Trojan.Win64.Shellcoderunner.Vzbk
K7AntiVirus Trojan ( 00595ee81 )
Alibaba Trojan:Win64/ShellcodeRunner.12d27718
K7GW Trojan ( 00595ee81 )
Cybereason malicious.1d84aa
huorong Trojan/ShellLoader.df
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/ShellcodeRunner.AO
APEX Malicious
Avast Win64:HacktoolX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky Trojan.Win64.Agent.dhhal
BitDefender Gen:Variant.Zusy.556753
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Zusy.556753
Tencent Malware.Win32.Gencirc.14158053
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Swrort.kudvo
DrWeb Clean
VIPRE Gen:Variant.Zusy.556753
TrendMicro TROJ_GEN.R002C0DE824
McAfeeD ti!B9B78B3CA186
Trapmine malicious.moderate.ml.score
FireEye Gen:Variant.Zusy.556753
Emsisoft Gen:Variant.Zusy.556753 (B)
Ikarus Trojan.Win64.Shellcoderunner
GData Gen:Variant.Zusy.556753
Jiangmin Clean
Webroot W32.Trojan.TR.Swrort.gouuf
Varist W64/Agent.IMP.gen!Eldorado
Avira TR/Swrort.kudvo
Antiy-AVL Trojan/Win64.ShellcodeRunner
Kingsoft Win64.Trojan.Agent.dhhal
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Zusy.D87ED1
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win64.Agent.dhhal
Microsoft Trojan:Win64/ShellcodeRunner.ASDF!MTB
Google Detected
AhnLab-V3 Trojan/Win.ShellcodeRunner.R641641
Acronis Clean
BitDefenderTheta Clean
MAX malware (ai score=86)
VBA32 Clean
Malwarebytes Trojan.ShellCode.Runner
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DE824
Rising Trojan.ShellcodeRunner!8.6166 (TFE:5:GNzgW5uk77Q)
Yandex Trojan.ShellcodeRunner!Vfi+PqJ7IWE
SentinelOne Clean
MaxSecure Trojan.Malware.248767962.susgen
Fortinet W64/ShellcodeRunner.AO!tr
AVG Win64:HacktoolX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (W)
alibabacloud Trojan:Win/ShellcodeRunner.AP
No IRMA results available.