popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-05-13 20:58:23

PE Imphash

be49a2411263045f8ee0c442783b5f83

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000500cb 0x00050200 4.99772117583
.textbss 0x00052000 0x00010000 0x00000000 0.0
.rdata 0x00062000 0x00007de6 0x00007e00 3.28168672178
.data 0x0006a000 0x00000044 0x00000200 0.0203931352361
.rsrc 0x0006b000 0x000003e8 0x00000400 3.24760786486
.reloc 0x0006c000 0x000000ec 0x00000200 3.44068026059

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006b060 0x00000384 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x462008 HeapAlloc
0x46200c HeapFree
0x462010 GetProcessHeap
0x462014 WaitForSingleObject
0x462018 HeapDestroy
0x46201c MulDiv
0x462020 lstrlenW
0x462024 CreateEventA
0x462028 GetModuleFileNameW
0x46202c GetModuleHandleA
0x462030 CloseHandle
0x462034 HeapCreate
0x462038 GetStartupInfoA
Library USER32.dll:
0x462088 AdjustWindowRect
0x46208c GetDlgItem
0x462090 GetIconInfo
0x462094 SendDlgItemMessageA
0x462098 InflateRect
0x46209c DialogBoxParamA
0x4620a4 SendMessageW
0x4620ac LoadImageA
0x4620b0 SetForegroundWindow
0x4620b4 EndDialog
0x4620b8 OffsetRect
0x4620bc GetWindowLongA
0x4620c0 SetWindowPos
0x4620c4 UnionRect
0x4620c8 SetWindowTextW
Library GDI32.dll:
0x462000 GetObjectA
Library ole32.dll:
0x4620d0 CoCreateGuid
0x4620d4 CoTaskMemFree
0x4620d8 CoInitializeEx
Library MSVCRT.dll:
0x462040 __set_app_type
0x462044 __p__fmode
0x462048 __p__commode
0x46204c _adjust_fdiv
0x462050 __setusermatherr
0x462054 _initterm
0x462058 __getmainargs
0x46205c _acmdln
0x462060 exit
0x462064 _XcptFilter
0x462068 _exit
0x46206c memset
0x462070 memcpy
0x462074 wcsrchr
0x462078 wcschr
0x46207c _controlfp
0x462080 _except_handler3
!This program cannot be run in DOS mode.
`.textbss
.rdata
@.data
@.reloc
9L$Pvd
D$Dj\P
Rt9kDXYnjITseKcP5sqxAbq4aAbzn-f86YukaramhBa7Bm0l7mkDWxsQITfFHJT22fpPtzeSFUro|IHOKAK8tiyzkvclLonCCLH5Z2iY4-foLFfAhLgzgUsGDwM0wshRo6zZRiTsMKhR9GdhyNMcCsj4N7OodSFNeSY-EMhal8Mau|scEcaPEkXIJOaFH2Jp|CevLkKq|O-HiHLQEyoeuZ0vo2jI0UE45gDvd3JYuF88x7Qjq3dl3kshiD6EvVrx
xxxxxxxxxxxxxxxx
.text$mn
.textbss
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.rsrc$01
.rsrc$02
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
CloseHandle
MulDiv
lstrlenW
CreateEventA
GetModuleFileNameW
GetModuleHandleA
KERNEL32.dll
GetDlgItem
GetIconInfo
SetWindowTextW
UnionRect
SetWindowPos
GetWindowLongA
OffsetRect
EndDialog
SetForegroundWindow
LoadImageA
LookupIconIdFromDirectoryEx
SendMessageW
CreateIconFromResourceEx
DialogBoxParamA
InflateRect
SendDlgItemMessageA
AdjustWindowRect
USER32.dll
GetObjectA
GDI32.dll
CoCreateGuid
CoTaskMemFree
CoInitializeEx
ole32.dll
wcschr
wcsrchr
memcpy
memset
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetStartupInfoA
R8X8^8d8j8p8v8|8
9 9&9-949?9F9L9W9\9f9s9
:(:_:f:
=#=`=e=
>>%>+>7>Y>l>
VS_VERSION_INFO
StringFileInfo
000004e4
Comments
TCP/IP Half Open Connection Limit Patch & Monitor
CompanyName
deepxw
FileDescription
TCP-Z, TCP/IP Connection Patch and Monitor.
FileVersion
2.6.2.75
InternalName
TCPZ.exe
LegalCopyright
(c) 2009 deepxw. All rights reserved.
OriginalFilename
TCPZ.exe
ProductName
ProductVersion
2.6.2.75
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Zbot.lx9X
Elastic malicious (high confidence)
ClamAV Win.Packed.Zusy-10024420-0
CMC Clean
CAT-QuickHeal Trojan.Rhadaman.S33183739
Skyhigh Artemis!Trojan
ALYac Gen:Variant.Zusy.537695
Cylance Unsafe
Zillya Trojan.KryptikAGen.Win32.123793
Sangfor Infostealer.Win32.Rhadamanthys.Vtir
CrowdStrike Clean
Alibaba Trojan:Win32/Rhadamanthys.1198a1a8
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
huorong Trojan/Agent.bnp
Baidu Clean
VirIT Trojan.Win32.GenusT.DVAD
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Kryptik.HXAU
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Strab.gen
BitDefender Gen:Variant.Zusy.537695
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Zusy.363520.AP
MicroWorld-eScan Gen:Variant.Zusy.537695
Tencent Trojan.Win32.Strab.he
Sophos Mal/Generic-S
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.PWS.Siggen3.36250
VIPRE Gen:Variant.Zusy.537695
TrendMicro TrojanSpy.Win32.RHADAMANTHYS.YXEIOZ
McAfeeD ti!95897F8814E4
Trapmine malicious.moderate.ml.score
CTX exe.trojan.rhadamanthys
Emsisoft Gen:Variant.Zusy.537695 (B)
Ikarus Trojan.Win32.Crypt
FireEye Generic.mg.8da6d3f4326ca248
Jiangmin Trojan.Strab.cnp
Webroot Clean
Varist W32/Kryptik.LSA.gen!Eldorado
Avira TR/Crypt.XPACK.Gen
Fortinet W32/Kryptik.DLV!tr
Antiy-AVL Trojan/Win32.Strab
Kingsoft malware.kb.a.991
Gridinsoft Malware.Win32.Gen.tr
Xcitium Clean
Arcabit Trojan.Zusy.D8345F
SUPERAntiSpyware Trojan.Agent/Gen-Crypt
ZoneAlarm HEUR:Trojan.Win32.Strab.gen
Microsoft Trojan:Win32/Rhadamanthys.ESAA!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.R637359
Acronis Clean
McAfee Artemis!8DA6D3F4326C
TACHYON Trojan/W32.Strab.363520
VBA32 Adware.StartSurf
Malwarebytes Trojan.Crypt
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.RHADAMANTHYS.YXEIOZ
Rising Trojan.Rhadamanthys!8.178A1 (TFE:1:EE65rmTGwTO)
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.124015119.susgen
GData Gen:Variant.Zusy.537695
AVG Win32:PWSX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Rhadamanthys.a8ca2180
No IRMA results available.