Static | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Static | ZeroBOX

PE Compile Time

2061-04-08 02:38:19

PDB Path

Family.Authentication.pdb

PE Imphash

045d5fcdf29e1bd670205872ddd84e75

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000101e3	0x00010200	6.04638867057
.rdata	0x00012000	0x00007136	0x00007200	4.77497125184
.data	0x0001a000	0x00000910	0x00000200	0.965801615175
.pdata	0x0001b000	0x00000c24	0x00000e00	4.43308037999
.rsrc	0x0001c000	0x00000438	0x00000600	2.57885996823
.reloc	0x0001d000	0x0000072c	0x00000800	5.25025332781

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x0001c060	0x000003d8	LANG_ENGLISH	SUBLANG_ENGLISH_US	data

Imports

Library msvcrt.dll:

• 0x180014908 _callnewh

• 0x180014910 memcmp

• 0x180014918 __CxxFrameHandler3

• 0x180014920 realloc

• 0x180014928 _purecall

• 0x180014930 free

• 0x180014938 _XcptFilter

• 0x180014940 _onexit

• 0x180014948 malloc

• 0x180014950 _initterm

• 0x180014958 __C_specific_handler

• 0x180014960 memcpy_s

• 0x180014968 _lock

• 0x180014970 _unlock

• 0x180014978 _vsnwprintf

• 0x180014980 __dllonexit

• 0x180014988 _amsg_exit

• 0x180014990 memset

Library ntdll.dll:

• 0x1800149a0 RtlVirtualUnwind

• 0x1800149a8 RtlLookupFunctionEntry

• 0x1800149b0 RtlCaptureContext

• 0x1800149b8 _wcstoui64

• 0x1800149c0 memmove_s

Library api-ms-win-core-winrt-l1-1-0.dll:

• 0x180014858 RoActivateInstance

• 0x180014860 RoGetActivationFactory

Library api-ms-win-core-winrt-string-l1-1-0.dll:

• 0x180014870 WindowsDuplicateString

• 0x180014878 WindowsDeleteString

• 0x180014880 HSTRING_UserUnmarshal

• 0x180014888 HSTRING_UserMarshal64

• 0x180014890 HSTRING_UserFree

• 0x180014898 HSTRING_UserSize64

• 0x1800148a0 HSTRING_UserFree64

• 0x1800148a8 WindowsCreateString

• 0x1800148b0 WindowsCreateStringReference

• 0x1800148b8 HSTRING_UserUnmarshal64

• 0x1800148c0 WindowsGetStringRawBuffer

• 0x1800148c8 HSTRING_UserMarshal

• 0x1800148d0 HSTRING_UserSize

• 0x1800148d8 WindowsIsStringEmpty

• 0x1800148e0 WindowsStringHasEmbeddedNull

Library api-ms-win-core-com-l1-1-0.dll:

• 0x180014730 CreateStreamOnHGlobal

• 0x180014738 CoCreateInstance

• 0x180014740 CoTaskMemAlloc

• 0x180014748 CoGetApartmentType

• 0x180014750 CoMarshalInterface

• 0x180014758 CoGetInterfaceAndReleaseStream

• 0x180014760 CoReleaseMarshalData

• 0x180014768 CoCreateFreeThreadedMarshaler

Library api-ms-win-core-com-l1-1-1.dll:

• 0x180014778 RoGetAgileReference

Library api-ms-win-core-winrt-error-l1-1-0.dll:

• 0x180014808 SetRestrictedErrorInfo

• 0x180014810 GetRestrictedErrorInfo

• 0x180014818 RoOriginateErrorW

• 0x180014820 RoOriginateError

• 0x180014828 RoTransformError

Library api-ms-win-core-winrt-error-l1-1-1.dll:

• 0x180014838 IsErrorPropagationEnabled

• 0x180014840 RoGetMatchingRestrictedErrorInfo

• 0x180014848 RoReportFailedDelegate

Library api-ms-win-core-registry-l1-1-0.dll:

• 0x1800147e8 RegOpenKeyExW

• 0x1800147f0 RegCloseKey

• 0x1800147f8 RegGetValueW

Library api-ms-win-shcore-taskpool-l1-1-0.dll:

• 0x1800148f0 SHTaskPoolAllowThreadReuse

• 0x1800148f8 SHTaskPoolQueueTask

Library ADVAPI32.dll:

• 0x1800144e0 EventUnregister

• 0x1800144e8 EventRegister

• 0x1800144f0 EventWriteTransfer

• 0x1800144f8 EventActivityIdControl

• 0x180014500 OpenProcessToken

• 0x180014508 GetTokenInformation

• 0x180014510 EventSetInformation

Library KERNEL32.dll:

• 0x180014520 GetCurrentProcess

• 0x180014528 SetUnhandledExceptionFilter

• 0x180014530 UnhandledExceptionFilter

• 0x180014538 Sleep

• 0x180014540 EncodePointer

• 0x180014548 CreateSemaphoreExW

• 0x180014550 ReleaseSRWLockShared

• 0x180014558 CreateMutexExW

• 0x180014560 GetCurrentProcessId

• 0x180014568 InitOnceComplete

• 0x180014570 InitOnceExecuteOnce

• 0x180014578 InitOnceBeginInitialize

• 0x180014580 ReleaseSRWLockExclusive

• 0x180014588 DecodePointer

• 0x180014590 DisableThreadLibraryCalls

• 0x180014598 OpenSemaphoreW

• 0x1800145a0 WaitForSingleObject

• 0x1800145a8 QueryPerformanceCounter

• 0x1800145b0 AcquireSRWLockExclusive

• 0x1800145b8 WaitForSingleObjectEx

• 0x1800145c0 ReleaseMutex

• 0x1800145c8 ReleaseSemaphore

• 0x1800145d0 CloseHandle

• 0x1800145d8 SetLastError

• 0x1800145e0 OutputDebugStringW

• 0x1800145e8 IsDebuggerPresent

• 0x1800145f0 GetLastError

• 0x1800145f8 GetProcAddress

• 0x180014600 GetModuleHandleW

• 0x180014608 DebugBreak

• 0x180014610 GetModuleFileNameA

• 0x180014618 HeapFree

• 0x180014620 GetProcessHeap

• 0x180014628 HeapAlloc

• 0x180014630 GetCurrentThreadId

• 0x180014638 FormatMessageW

• 0x180014640 TerminateProcess

• 0x180014648 GetSystemTimeAsFileTime

• 0x180014650 GetTickCount

• 0x180014658 InitializeSRWLock

• 0x180014660 RaiseException

• 0x180014668 OpenProcess

• 0x180014670 AcquireSRWLockShared

• 0x180014678 GetModuleHandleExW

Library RPCRT4.dll:

• 0x180014688 CStdStubBuffer_Connect

• 0x180014690 CStdStubBuffer_IsIIDSupported

• 0x180014698 NdrStubCall3

• 0x1800146a0 IUnknown_QueryInterface_Proxy

• 0x1800146a8 CStdStubBuffer_Disconnect

• 0x1800146b0 CStdStubBuffer_DebugServerRelease

• 0x1800146b8 NdrOleAllocate

• 0x1800146c0 CStdStubBuffer_QueryInterface

• 0x1800146c8 CStdStubBuffer_CountRefs

• 0x1800146d0 IUnknown_Release_Proxy

• 0x1800146d8 CStdStubBuffer_AddRef

• 0x1800146e0 NdrCStdStubBuffer2_Release

• 0x1800146e8 CStdStubBuffer_DebugServerQueryInterface

• 0x1800146f0 IUnknown_AddRef_Proxy

• 0x1800146f8 NdrStubForwardingFunction

• 0x180014700 CStdStubBuffer_Invoke

• 0x180014708 NdrCStdStubBuffer_Release

• 0x180014710 NdrDllCanUnloadNow

• 0x180014718 NdrDllGetClassObject

• 0x180014720 NdrOleFree

Library api-ms-win-core-com-midlproxystub-l1-1-0.dll:

• 0x180014788 ObjectStublessClient6

• 0x180014790 NdrProxyForwardingFunction5

• 0x180014798 NdrProxyForwardingFunction4

• 0x1800147a0 CStdStubBuffer2_Connect

• 0x1800147a8 NdrProxyForwardingFunction3

• 0x1800147b0 CStdStubBuffer2_QueryInterface

• 0x1800147b8 ObjectStublessClient7

• 0x1800147c0 CStdStubBuffer2_Disconnect

• 0x1800147c8 ObjectStublessClient3

• 0x1800147d0 CStdStubBuffer2_CountRefs

• 0x1800147d8 ObjectStublessClient8

Exports

Ordinal	Address	Name
1	0x180003f10	DllCanUnloadNow
2	0x180003c00	DllGetActivationFactory
3	0x180003de0	DllGetClassObject

No antivirus signatures available.

No IRMA results available.