popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

1999-12-03 07:54:53

PE Imphash

0e73ec669a8245790d02f257deaa91e9

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000662e 0x00006800 6.36778728301
.data 0x00008000 0x00003c34 0x00002a00 0.477652815979
.rsrc 0x0000c000 0x000003d8 0x00000400 3.28305607956
.fzcz 0x0000d000 0x00000bf8 0x00000c00 5.81908475072

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000d878 0x00000374 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ADVAPI32.dll:
0x1001000 IsValidSid
0x1001008 LookupAccountSidW
0x100100c GetSidSubAuthority
0x1001018 LookupPrivilegeNameW
0x100101c CopySid
0x1001020 GetLengthSid
0x1001024 GetTokenInformation
0x1001028 OpenProcessToken
Library KERNEL32.dll:
0x1001030 FormatMessageW
0x1001034 LoadLibraryExW
0x1001038 GetLastError
0x100103c CloseHandle
0x1001040 GetCurrentProcess
0x1001044 GetVersion
0x1001048 ExitProcess
0x100104c TerminateProcess
0x1001050 HeapFree
0x1001054 HeapReAlloc
0x1001058 HeapAlloc
0x100105c MultiByteToWideChar
0x1001060 RtlUnwind
0x1001068 GetModuleFileNameW
0x1001074 GetEnvironmentStrings
0x100107c WideCharToMultiByte
0x1001080 GetCommandLineW
0x1001084 GetCommandLineA
0x1001088 SetHandleCount
0x100108c GetStdHandle
0x1001090 GetFileType
0x1001094 GetStartupInfoA
0x1001098 HeapDestroy
0x100109c HeapCreate
0x10010a0 VirtualFree
0x10010a4 WriteFile
0x10010a8 GetModuleFileNameA
0x10010ac VirtualAlloc
0x10010b0 GetProcAddress
0x10010b4 LoadLibraryA
0x10010b8 LCMapStringA
0x10010bc LCMapStringW
0x10010c0 FlushFileBuffers
0x10010c4 SetFilePointer
0x10010c8 GetStringTypeA
0x10010cc GetStringTypeW
0x10010d0 SetStdHandle
!This program cannot be run in DOS mode.
`.data
@.fzcz
Getting privileges
Getting user information
Opening access token
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
`h````
ppxxxx
(null)
@@f90t
SVWj2_jd[S
f90t&P
SVWj2_jd[S
GY;~$|
9~ ~ S
YG;~ |
GY;~ Y|
CY;^$Y
t.;t$$t(
VC20XC00U
HSUVWh
T$ RPS
D$XPUWV
L$ QVSj
T$ RVSj0
T$@QWR
D$ PQR
L$ QVWU
T$ RPSj
WUVQh
|$$UWQ
L$ PPVQj
D$$RVPj
+D$ _^][
T$(SSSSWQh
VUWPh
T$$WSR
LookupPrivilegeNameW
LookupPrivilegeDisplayNameW
LookupAccountSidW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
ADVAPI32.dll
FormatMessageW
LoadLibraryExW
GetLastError
CloseHandle
GetCurrentProcess
GetVersion
ExitProcess
TerminateProcess
HeapFree
HeapReAlloc
HeapAlloc
MultiByteToWideChar
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetModuleFileNameA
VirtualAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
KERNEL32.dll
BFBGQFU_2
V[V[IZMBOBNBMK
`p%\$1
V]GSZ2
j+OB@Z
ADVAPI32.dll
IsValidSid
LookupPrivilegeDisplayNameW
LookupAccountSidW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupPrivilegeNameW
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
KERNEL32.dll
FormatMessageW
LoadLibraryExW
GetLastError
CloseHandle
GetCurrentProcess
GetVersion
ExitProcess
TerminateProcess
HeapFree
HeapReAlloc
HeapAlloc
MultiByteToWideChar
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetModuleFileNameA
VirtualAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
LOGONID
GROUPS
NOVERBOSE
WHOAMI [/option] [/option] ...
Where /option is one of the following:
/ALL = Display all information in the current access token.
/NOVERBOSE = Display minimal information. *
/USER = Display user.
/GROUPS = Display groups.
/PRIV = Display privileges.
/LOGONID = Display Logon ID.
/SID = Display SIDs. *
/HELP = Display help.
* Must be used with option /USER, /GROUPS, /PRIV or/LOGONID
Samples are as follows:
WHOAMI
WHOAMI /ALL
WHOAMI /USER /SID
WHOAMI /GROUPS
WHOAMI /GROUPS /NOVERBOSE
WHOAMI /USER /GROUPS /SID
WHOAMI /PRIV /NOVERBOSE
WHOAMI /USER /GROUPS /PRIV
WHOAMI /HELP
Must use option /USER, /GROUPS, /PRIV or /LOGONID.
Invalid argument: %s
WHOAMI 2.0 @1997. Written by Christophe Robert(chrisrob@microsoft.com).
%s failed. %s
Error %d.
netmsg.dll
0x%02hx%02hx%02hx%02hx%02hx%02hx
Invalid SID
[Group %2d] =
[User] =
(null)
((((( H
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Whoami - queries user information
FileVersion
5.00.2128.1
InternalName
WhoAmI.exe
LegalCopyright
Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename
WHOAMI.EXE
ProductName
Microsoft(R) Windows (R) 2000 Operating System
ProductVersion
5.00.2128.1
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Whoami - queries user information
FileVersion
5.00.2128.1
InternalName
WhoAmI.exe
LegalCopyright
Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename
WHOAMI.EXE
ProductName
Microsoft(R) Windows (R) 2000 Operating System
ProductVersion
5.00.2128.1
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Meterpreter.4!c
Elastic malicious (high confidence)
ClamAV Win.Packed.Metasploit-9805971-0
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Infected.pm
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Meterpreter.Veat
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win64/Meterpreter.0f7cad13
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
huorong Trojan/Rozena.j
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Meterpreter
tehtris Clean
ESET-NOD32 Clean
APEX Malicious
Avast Win32:MsfEncode-D [Hack]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Malware.Win32.Gencirc.13afd544
Sophos ATK/Swrort-J
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Clean
VIPRE Clean
TrendMicro TROJ_GEN.R002C0DIR24
McAfeeD ti!33021E02DA39
Trapmine suspicious.low.ml.score
CTX exe.trojan.meterpreter
Emsisoft Clean
Ikarus Clean
FireEye Generic.mg.29130d815c8858e5
Jiangmin Clean
Webroot Clean
Varist W32/Rozena.GK.gen!Eldorado
Avira TR/Crypt.XPACK.Gen
Fortinet W32/PossibleThreat
Antiy-AVL Virus/Win32.Expiro.rsrc
Kingsoft Win32.HeurC.KVMH008.a
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win64/Meterpreter.B
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.R291649
Acronis Clean
McAfee GenericRXAA-AA!29130D815C88
TACHYON Clean
VBA32 TScope.Malware-Cryptor.SB
Malwarebytes Generic.Malware/Suspicious
Panda Clean
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ_GEN.R002C0DIR24
Rising Trojan.Generic!8.C3 (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Win32.Trojan.Agent.4GKWGU
AVG Win32:MsfEncode-D [Hack]
DeepInstinct MALICIOUS
alibabacloud Exploit:Win/Agent.AM
No IRMA results available.