popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-09-05 04:41:09

PE Imphash

6ddb56a17b85852e3b74b88dc840b184

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000aea8 0x0000b000 6.32330827502
.data 0x0000c000 0x000007a0 0x00000800 5.06007779876
.rdata 0x0000d000 0x00001680 0x00001800 4.62188557657
.pdata 0x0000f000 0x00000bd0 0x00000c00 4.76684227305
.xdata 0x00010000 0x00000a18 0x00000c00 3.73729414228
.bss 0x00011000 0x00000ce0 0x00000000 0.0
.idata 0x00012000 0x000008f4 0x00000a00 3.98451507894
.CRT 0x00013000 0x00000060 0x00000200 0.28508543466
.tls 0x00014000 0x00000010 0x00000200 0.0
.rsrc 0x00015000 0x00001398 0x00001398 6.56330591832
.reloc 0x00017000 0x000000dc 0x00000200 2.61173193315

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000150f8 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4280634497, next used block 4280767373
RT_GROUP_ICON 0x000161a0 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000161b8 0x000001ca LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x140012258 DeleteCriticalSection
0x140012260 EnterCriticalSection
0x140012268 GetLastError
0x140012270 GetProcAddress
0x140012278 GetStartupInfoA
0x140012288 IsDBCSLeadByteEx
0x140012290 LeaveCriticalSection
0x140012298 LoadLibraryA
0x1400122a0 MultiByteToWideChar
0x1400122a8 SetLastError
0x1400122b8 Sleep
0x1400122c0 TlsAlloc
0x1400122c8 TlsGetValue
0x1400122d0 TlsSetValue
0x1400122d8 VirtualAlloc
0x1400122e0 VirtualFree
0x1400122e8 VirtualProtect
0x1400122f0 VirtualQuery
0x1400122f8 WideCharToMultiByte
Library msvcrt.dll:
0x140012308 __C_specific_handler
0x140012310 ___lc_codepage_func
0x140012318 ___mb_cur_max_func
0x140012320 __getmainargs
0x140012328 __initenv
0x140012330 __iob_func
0x140012338 __set_app_type
0x140012340 __setusermatherr
0x140012348 _acmdln
0x140012350 _amsg_exit
0x140012358 _cexit
0x140012360 _commode
0x140012368 _errno
0x140012370 _fileno
0x140012378 _fmode
0x140012380 _initterm
0x140012388 _ismbblead
0x140012390 _lock
0x140012398 _onexit
0x1400123a0 _setmode
0x1400123a8 _unlock
0x1400123b0 abort
0x1400123b8 calloc
0x1400123c0 exit
0x1400123c8 fflush
0x1400123d0 fprintf
0x1400123d8 fputc
0x1400123e0 free
0x1400123e8 fwrite
0x1400123f0 localeconv
0x1400123f8 malloc
0x140012400 memcpy
0x140012408 memset
0x140012410 realloc
0x140012418 signal
0x140012420 strerror
0x140012428 strlen
0x140012430 strncmp
0x140012438 vfprintf
0x140012440 wcslen
Library USER32.dll:
0x140012450 MessageBoxA
!This program cannot be run in DOS mode.
`.data
.rdata
@.pdata
@.xdata
.idata
@.reloc
ATUWVSH
[^_]A\
[^_]A\
AVAUATUWVSH
@[^_]A\A]A^
B8I)Z0I9Z0}1L
AUATUWVSH
([^_]A\A]
AUATUWVSH
([^_]A\A]
l$ H9;~VH
AWAVAUATUWVSH
H[^_]A\A]A^A_
H[^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
AWAVAUATUWVSH
([^_]A\A]A^A_
H9CHu9
([^_]A\A]A^A_
([^_]A\A]A^A_
ukHk\$X
H;\$`}
AUUWVSH
0[^_]A]
0[^_]A]
AVAUATUWVSH
[^_]A\A]A^
[^_]A\A]A^
AUATUWVSH
X[^_]A\A]
AUATUWVSH
([^_]A\A]
ATUWVSH
could noH
t load: H
AVAUATUWVSH
[^_]A\A]A^
AWAVAUATUWVSH
TL+d$0
H[^_]A\A]A^A_
ATUWVSH
Error: uH
nhandledH
eption: H
dled excH
[^_]A\
AUATUWVSH
h[^_]A\A]
fpFWALeIH
D$^UwoV
UAWAVAUATWVSH
[^_A\A]A^A_]
ATUWVSH
[^_]A\H
:MZuYHcB<H
AUATUWVSH
([^_]A\A]
C$9C(~
u HcS$
AWAVAUATUWVSH
C$9C(~
H[^_]A\A]A^A_
S$9S(~
S$9S(~
UAWAVAUATWVSH
C$9C(~
C$9C(~
[^_A\A]A^A_]
UAWAVAUATWVSH
C$9C(~
S$9S(~
[^_A\A]A^A_]
UATWVSH
C$9C(~
[^_A\]
[^_A\]
=UUUUw
S$9S(~
AUATUWVSH
X[^_]A\A]
AWAVAUATUWVSH
[^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
AWAVAUATUWVSH
[^_]A\A]A^A_
[^_]A\A]A^A_
xnHcD$hA;E
D)d$pH
ATUWVSHcY
[^_]A\
[^_]A\
AWAVAUATUWVSH
([^_]A\A]A^A_
AVAUATUWVSH
[^_]A\A]A^
AUATUWVSH
([^_]A\A]
([^_]A\A]
WVSHcA
AVAUATUWVSH
0[^_]A\A]A^
ATUWVSH
@[^_]A\
AVAUATUWVSH
@[^_]A\A]A^
L'+C`E
/KChdo~K:9
-f1%4$<
_.#, I(%
2>."J1=
RfHIj}nf^8hGAnkz
'0$vE,;Z:
(l0qUg`ze
#%$>_i=
&\_i4.(
h4.!JD_6
1\P!-(<Ii1
7IEhgad2 ;
azKznW;$
#95cRgeLO$
Jwfo|Li9
3F7#4*#hCUe5
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
virtualFree failing!
out of memory
OverflowDefect
fatal.nim
sysFatal
RangeDefect
IndexDefect
SIGSEGV: Illegal storage access. (Attempt to read from nil?)
SIGINT: Interrupted by Ctrl-C.
unknown signal
SIGILL: Illegal operation.
SIGFPE: Arithmetic error.
SIGABRT: Abnormal termination.
could not load:
(bad format; library may be wrong architecture)
could not import:
@[[reraised from:
@over- or underflow
@ notin
@ not in 0 ..
@index
@index out of bounds, the container is empty
@value out of range:
@value out of range
GetCurrentProcessId
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualProtect
CreateThread
WaitForSingleObject
@kernel32
@kernel32
inet_ntop
GetModuleFileNameW
@kernel32
@kernel32
@Ws2_32.dll
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Unknown error
_matherr(): %s in %s(%g, %g) (retval=%g)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
(null)
Infinity
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
GCC: (GNU) 13-win32
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fileno
_fmode
_initterm
_ismbblead
_onexit
_setmode
_unlock
calloc
fflush
fprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen
MessageBoxA
KERNEL32.dll
msvcrt.dll
USER32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="winim" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/></dependentAssembly></dependency></assembly>
(null)
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Trojan.Win64.Inject.Vd6m
CrowdStrike win/malicious_confidence_70% (D)
Alibaba Trojan:Win64/Inject.e1523a48
K7GW Trojan ( 005b27411 )
K7AntiVirus Trojan ( 005b27411 )
huorong HVM:Trojan/Injector.cj
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/Inject.AQ
APEX Clean
Avast Win64:MalwareX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Generic.36830440
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.Generic.36830440
Tencent Win32.Trojan.Generic.Sgil
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.MeterpreterSC.xmayo
DrWeb Clean
VIPRE Trojan.Generic.36830440
TrendMicro Backdoor.Win64.COBEACON.YXEI2Z
McAfeeD ti!66A52DE66FEE
Trapmine Clean
CTX exe.trojan.inject
Emsisoft Trojan.Generic.36830440 (B)
Ikarus Trojan.Win64.Inject
FireEye Generic.mg.e5852100b1ecba5f
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/AD.MeterpreterSC.xmayo
Fortinet W64/Inject.AQ!tr
Antiy-AVL Trojan/Win64.CobaltStrike
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win64.CobaltStrike.tr
Xcitium Clean
Arcabit Trojan.Generic.D231FCE8
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win64/Meterpreter.E
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!E5852100B1EC
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Backdoor.Win64.COBEACON.YXEI2Z
Rising Trojan.Inject!8.103 (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData MSIL.Backdoor.Rozena.YL5W41
AVG Win64:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Inject.AR
No IRMA results available.