Static | ZeroBOX

PE Compile Time

2010-04-15 07:06:53

PE Imphash

b4c6fff030479aa3b12625be67bf4914

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000104e 0x00001200 0.168100494025
.rdata 0x00003000 0x00000084 0x00000200 1.00326268867
.rdqu 0x00004000 0x000314c0 0x00031600 6.03970720932

Imports

Library KERNEL32.dll:
0x140003000 VirtualAlloc
0x140003008 ExitProcess

!This program cannot be run in DOS mode.
Rich}E
`.rdata
@.rdqu
PAYLOAD:
ExitProcess
VirtualAlloc
KERNEL32.dll
MZARUH
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.reloc
u)9C8u$H
WAVAWH
J@H9J8t
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
x ATAVAWH
A_A^A\
t$ WAVAWH
A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
x ATAVAWH
A_A^A\
t$ WAVAWH
@A_A^_
VWATAVAWH
@A_A^A\_^
WAVAWH
A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
WAVAWH
WAVAWH
WAVAWH
WAVAWH
WAVAWH
WAVAWH
VWATAVAWH
@A_A^A\_^
WATAUAVAWH
0A_A^A]A\_
x ATAVAWH
A_A^A\
L$ USH
WATAUAVAWH
0A_A^A]A\_
SUVWATAUAVAWH
(A_A^A]A\_^][
VWATAVAWH
0A_A^A\_^
WATAUAVAWH
A_A^A]A\_
x AUAVAWH
A_A^A]
UVWAVAWH
0A_A^_^]
` AUAVAWH
\$0HcA<
@A_A^A]
x ATAVAWH
HcA<H
A_A^A\
H#L$ H
ATAVAWH
A_A^A\
@USVWATAUAVAWH
EwIc@<A
L9?tqH
t(IcF<A
A_A^A]A\_^[]
HcJ<E3
tMD;R,s
UVWATAUAVAWH
@A_A^A]A\_^]
h VWATAUAWH
A_A]A\_^
@SUVWATAVAWH
0A_A^A\_^][
K UVWATAVH
D$(H!\$ E
`A^A\_^]
t$ WATAUAVAWH
A_A^A]A\_
WAVAWH
A_A^_
t$x+|$xu
Z(H;Z0t)D
WAVAWH
A_A^_
WAVAWH
A_A^_
t$ WATAUAVAWH
0A_A^A]A\_
t$ WAVAWH
0A_A^_
t$ WAVAWH
0A_A^_
VWATAVAWH
A_A^A\_^
@USVWATH
A\_^[]
t$ WAVAWH
!\$0H9
fD92t&L
WATAUAVAWH
A_A^A]A\_
p WAVAWH
0A_A^_
UWAUAVAWH
H!t$ A
A_A^A]_]
p WAVAWH
A_A^_
u~!D$@3
t$ WAVAWH
9H9>t2H
WAVAWH
A_A^_
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
UWAUAVAWH
A_A^A]_]
x UATAUAVAWH
@8|$#uh
A_A^A]A\]
p WAVAWH
A_A^_
WAVAWH
A_A^_
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
@A_A^_
w&H91u
ATAVAWH
A_A^A\
WAVAWH
C`D#CtD
A_A^_
tdL9A0t^L9A8tXD
C D9C,}
WAVAWH
A_A^_
WATAUAVAWH
S H9S0u
C0H9S8u
H9OHtJH9OXtDH9O`t>H
A_A^A]A\_
i H9i0u
A0H9i8u
~ZHcS(D
C(HcS(H
~ZHcS(D
C(HcS(H
~MIcR(A
B(IcR(I
~YIcR(A
B(IcR(I
~]IcR(A
B(IcR(I
~[IcS(A
C(IcS(I
C8D+C|-
x AUAVAWH
A_A^A]
WATAUAVAWH
D+C|E3
t89{||
A_A^A]A\_
A(LcA(H
x ATAUAVAWD
A_A^A]A\
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
\$XA_A^A]A\_^]
x ATAVAWH
A_A^A\
x ATAUAVAW
~bIcQ(E
y(IcQ(I
~bIcQ(E
y(IcQ(I
~_IcQ(E
y(IcQ(I
|$@A_A^A]A\
k(HcS(H
~YHcS(A
k(HcS(H
~ZHcS(E
k(HcS(H
k(HcS(H
x ATAVAW3
~\IcR(
~^IcR(A
A_A^A\
u6LcA(
A(HcQ(A
|.HcQ(A
tOLcK(H
C(HcK(H
C(HcK(H
C(HcK(H
C(HcK(L
@USVWATAUAVAWH
L;N@u,H
F8H9FHt"L
MHL;N@u*H
F8H9FHt L
NPL9NHt8D
xA_A^A]A\_^[]
UVWATAUAVAWH
D$`H;wHs
wHH;w@u
A_A^A]A\_^]
c AUAVAWH
@A_A^A]
x UAVAWH
WATAUAVAWH
+C8A;F
L;K@u%H
C8H9CHt
L;K@uH;K8t
L;K@u%H
C8H9CHt
L;K@uH;K8t
KPL9KHt
0A_A^A]A\_
WATAUAVAWH
~8H9FPu
A_A^A]A\_
USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
NPA_A^A]A\_^]
ASATAUH
WATAUAVAWH
A_A^A]A\_
fffffff
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
\$ UVWATAUAVAWH
A_A^A]A\_^]
A:8uiI
t"A88t
fA;8utI
fA;0t)fA98t
WATAUAVAWH
@A_A^A]A\_
t$ WAVAWH
LcA<E3
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
WATAUAVAWH
gfffffffH
D8L$Ht
A_A^A]A\_
x AUAVAWH
A_A^A]
@SUVWH
@SUVWH
@SUVWAVH
A^_^][
WAVAWH
0A_A^_
UAVAWH
UAVAWH
VWATAVAWH
A_A^A\_^
` AUAVAWH
t$8Hc0I
\$0D9=R
A_A^A]
Hct$@H
sYHcL$HH
x ATAVAWH
A_A^A\
H3E H3E
ATAVAWH
A_A^A\
t$ WATAUAVAWH
D!l$h3
0A_A^A]A\_
@SUVWATAVAWH
PA_A^A\_^][
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
VWATAVAWH
A_A^A\_^
\$ UVWATAUAVAWH
D9l$dtXH
HcD$PH;
HcD$PH;
A_A^A]A\_^]
VWATAVAWH
A_A^A\_^
@USVWH
UVWATAUAVAWH
9D$XumE
A_A^A]A\_^]
WAVAWH
A_A^_
l$ VWAVH
9\$ ~>L
D82u&H
D8t$Ht
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
WAVAWH
A_A^_
AUAVAWH
0A_A^A]
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
WATAVH
NtQueueApcThread
NtMapViewOfSection
NtQueryAttributesFile
NtOpenFile
NtCreateSection
NtOpenSection
NtClose
NtLockVirtualMemory
RtlCreateUserThread
advapi32.dll
AddMandatoryAce
\\%s\pipe\%s
kernel32.dll
ProcessIdToSessionId
PACKET TRANSMIT
PACKET RECEIVE
OpenThread
ntdll.dll
NtOpenThread
SetThreadErrorMode
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
need dictionary
1.0.4P
unknown compression method
invalid window size
incorrect header check
incorrect data check
need more for packet flush
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
invalid literal/length code
invalid distance code
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
`h`hhh
xppwpp
1#SNAN
1#QNAN
server.dll
WSADuplicateSocketA
getaddrinfo
freeaddrinfo
WS2_32.dll
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertGetCertificateContextProperty
CRYPT32.dll
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
WININET.dll
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WINHTTP.dll
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
OpenThread
SetLastError
SuspendThread
ResumeThread
LoadLibraryA
GetVersionExW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
VirtualProtectEx
ExitProcess
SetUnhandledExceptionFilter
CreateRemoteThread
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
GetCurrentThreadId
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
KERNEL32.dll
GetThreadDesktop
GetProcessWindowStation
GetUserObjectInformationA
USER32.dll
ImpersonateLoggedOnUser
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptDuplicateKey
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetEntriesInAclW
OpenThreadToken
ADVAPI32.dll
CoCreateGuid
ole32.dll
HeapFree
HeapAlloc
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
EncodePointer
DecodePointer
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
AQAPRQVH1
AXAX^YZAXAYAZH
D$$[[aYZQ
6QQh8h
AQAPRQVH1
AXAX^YZAXAYAZH
inflate 1.0.4 Copyright 1995-1996 Mark Adler
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
KERNEL32.dll
VirtualAlloc
ExitProcess
SeDebugPrivilege
Microsoft Enhanced RSA and AES Cryptographic Provider
Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
Microsoft Enhanced Cryptographic Provider v1.0
%04x-%04x:%s
eSeSecurityPrivilege
\\%s\pipe\%s
mscoree.dll
- floating point support not loaded
- not enough space for arguments
- not enough space for environment
- abort() has been called
- not enough space for thread data
- unexpected multithread lock error
- unexpected heap error
- unable to open console device
- not enough space for _onexit/atexit table
- pure virtual function call
- not enough space for stdio initialization
- not enough space for lowio initialization
- unable to initialize heap
- CRT not initialized
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- not enough space for locale information
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
(null)
kernel32.dll
USER32.DLL
((((( H
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
tcp://80.76.176.23:4440
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Metasploit.4!c
tehtris Clean
ClamAV Win.Exploit.D388a-9756522-0
CMC Clean
CAT-QuickHeal HackTool.Metasploit.S9212471
Skyhigh BehavesLike.Win64.Trojan.dm
McAfee Trojan-FPJE!C457B64B8FAF
Cylance Unsafe
Zillya Trojan.Rozena.Win64.37648
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 004fae881 )
Alibaba Trojan:Win64/Meterpreter.500ed1c0
K7GW Trojan ( 004fae881 )
Cybereason malicious.b8faf9
huorong Backdoor/Meterpreter.fb
Baidu Clean
Paloalto generic.ml
Symantec Meterpreter
Elastic Windows.Trojan.Metasploit
ESET-NOD32 Win64/Riskware.Meterpreter.S
APEX Malicious
Avast Win32:Metasploit-C [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win64.Packed.gen
BitDefender Trojan.Metasploit.A
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Rozena.208384.JM
MicroWorld-eScan Trojan.Metasploit.A
Tencent Hacktool.Win64.Rozena.a
TACHYON Trojan/W64.Packed.208384.AR
Sophos ATK/Swrort-J
F-Secure Trojan.TR/Crypt.XPACK.Gen7
DrWeb BackDoor.Shell.244
VIPRE Trojan.Metasploit.A
TrendMicro Clean
McAfeeD Real Protect-LS!C457B64B8FAF
Trapmine malicious.high.ml.score
FireEye Generic.mg.c457b64b8faf93fb
Emsisoft Trojan.Metasploit.A (B)
Ikarus Trojan.Win64.Rozena
GData Win64.Trojan.Rozena.A
Jiangmin Trojan.Packed.bjp
Webroot W32.Trojan.Gen
Varist W64/Agent.JDE.gen!Eldorado
Avira TR/Crypt.XPACK.Gen7
Antiy-AVL GrayWare/Win32.Rozena.j
Kingsoft malware.kb.b.963
Gridinsoft Trojan.Win64.ShellCode.sd!s1
Xcitium Clean
Arcabit Trojan.Metasploit.A
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win64.Packed.gen
Microsoft Trojan:Win64/Meterpreter!pz
Google Detected
AhnLab-V3 Trojan/Win.Generic.R421008
Acronis suspicious
ALYac Trojan.Metasploit.A
MAX malware (ai score=82)
VBA32 Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Clean
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall Clean
Rising Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Yandex Trojan.GenAsa!RZuPNlUDbQk
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Rozena.J!tr
BitDefenderTheta Clean
AVG Win32:Metasploit-C [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Backdoor:Win/Meterpreter.CZ
No IRMA results available.