popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-01-19 17:28:33

PDB Path

C:\Users\admin\Desktop\Project\reverse_tcp_c\reverse\x64\Release\reverse.pdb

PE Imphash

a6d84f352ba25f867567969527b4e319

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000123c 0x00001400 5.70268826756
.rdata 0x00003000 0x00001798 0x00001800 4.4867899626
.data 0x00005000 0x00000718 0x00000200 1.98359783892
.pdata 0x00006000 0x000001ec 0x00000200 3.60441618273
.rsrc 0x00007000 0x000044b1 0x00004600 3.53150500648
.reloc 0x0000c000 0x00000058 0x00000200 1.18396041005

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000070f8 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 8454143, next used block 4294902528
RT_GROUP_ICON 0x0000b320 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000b334 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140003000 WriteProcessMemory
0x140003008 OpenProcess
0x140003010 CreateToolhelp32Snapshot
0x140003018 Process32NextW
0x140003020 Process32FirstW
0x140003028 CloseHandle
0x140003030 VirtualAllocEx
0x140003038 CreateRemoteThread
0x140003040 RtlLookupFunctionEntry
0x140003048 RtlVirtualUnwind
0x140003050 UnhandledExceptionFilter
0x140003058 GetModuleHandleW
0x140003068 GetCurrentProcess
0x140003070 TerminateProcess
0x140003080 QueryPerformanceCounter
0x140003088 GetCurrentProcessId
0x140003090 RtlCaptureContext
0x140003098 GetCurrentThreadId
0x1400030a0 GetSystemTimeAsFileTime
0x1400030a8 IsDebuggerPresent
0x1400030b0 InitializeSListHead
Library VCRUNTIME140.dll:
0x1400030c0 __C_specific_handler
0x1400030d0 __std_exception_copy
0x1400030d8 __std_exception_destroy
0x1400030e0 _CxxThrowException
0x1400030e8 memset
0x1400030f0 __current_exception
0x1400030f8 memcpy
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140003158 _crt_atexit
0x140003160 _initialize_onexit_table
0x140003170 _c_exit
0x140003178 __p___argc
0x140003180 exit
0x140003188 _cexit
0x140003190 _initterm_e
0x140003198 _initterm
0x1400031b0 _configure_narrow_argv
0x1400031b8 __p___argv
0x1400031c0 _set_app_type
0x1400031c8 _seh_filter_exe
0x1400031d0 _exit
0x1400031d8 terminate
Library api-ms-win-crt-string-l1-1-0.dll:
0x140003208 _wcsicmp
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140003108 _set_new_mode
0x140003110 _callnewh
0x140003118 malloc
0x140003120 free
Library api-ms-win-crt-math-l1-1-0.dll:
0x140003140 __setusermatherr
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x1400031f0 _set_fmode
0x1400031f8 __p__commode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140003130 _configthreadlocale
!This program cannot be run in DOS mode.
{.Cw~/]
{.Cwx/F
{.Cwz/C
{.(wr/D
{.(wy/D
{.RichE
`.rdata
@.data
.pdata
@.rsrc
@.reloc
u/HcH<H
bad allocation
Unknown exception
bad array new length
RBRCA["
RKRKMJIRKRJRI[
d`!L !
RMCC^"
n;KRDJ{
C:\Users\admin\Desktop\Project\reverse_tcp_c\reverse\x64\Release\reverse.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
WriteProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
VirtualAllocEx
CreateRemoteThread
KERNEL32.dll
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
VCRUNTIME140.dll
_wcsicmp
_invalid_parameter_noinfo_noreturn
_callnewh
malloc
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
memcpy
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
explorer.exe
GOGOGO
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Marte.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.Injector.nt
ALYac Generic.Shellcode.Ode.Marte.C.789C8C32
Cylance Unsafe
Zillya Trojan.Generic.Win32.1863877
Sangfor Trojan.Win32.Meterpreter.V9iu
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win64/Meterpreter.633a601d
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
huorong Trojan/Rozena.j
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Meterpreter
tehtris Clean
ESET-NOD32 Clean
APEX Clean
Avast Win32:MsfEncode-D [Hack]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.Shellcode.Ode.Marte.C.789C8C32
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Generic.Shellcode.Ode.Marte.C.789C8C32
Tencent Malware.Win32.Gencirc.14136010
Sophos ATK/Meter-Z
F-Secure Trojan.TR/Swrort.amdjm
DrWeb Clean
VIPRE Generic.Shellcode.Ode.Marte.C.789C8C32
TrendMicro TROJ_GEN.R002C0DIE24
McAfeeD ti!18BA6CD59749
Trapmine Clean
CTX exe.trojan.meterpreter
Emsisoft Generic.Shellcode.Ode.Marte.C.789C8C32 (B)
Ikarus Trojan.Win64.Meterpreter
FireEye Generic.Shellcode.Ode.Marte.C.789C8C32
Jiangmin Clean
Webroot W32.Trojan.TR.Swrort.amdjm
Varist Clean
Avira TR/Swrort.amdjm
Fortinet W32/PossibleThreat
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Clean
Xcitium Clean
Arcabit Generic.Shellcode.Ode.Marte.C.789C8C32
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win64/Meterpreter.E
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!E9DC029457E9
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIE24
Rising Trojan.Kryptik@AI.94 (RDML:hdWqJjnPkCvDw69O3Bq+WA)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Generic.Shellcode.Ode.Marte.C.789C8C32
AVG Win32:MsfEncode-D [Hack]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.