popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2070-03-28 21:25:14

PDB Path

RpcNs4.pdb

PE Imphash

e06944c518403f775c9c3d3b5156ca77

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000562 0x00000600 5.01119788515
.rdata 0x00002000 0x00001074 0x00001200 4.61924493903
.data 0x00004000 0x00000600 0x00000200 0.281091870762
.pdata 0x00005000 0x00000090 0x00000200 1.19609252399
.rsrc 0x00006000 0x00000538 0x00000600 2.97432110566
.reloc 0x00007000 0x00000018 0x00000200 0.311727131029

Resources

Name Offset Size Language Sub-language File type
MUI 0x00006470 0x000000c8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x000060b0 0x000003c0 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ntdll.dll:
0x1800021b0 RtlVirtualUnwind
0x1800021b8 RtlLookupFunctionEntry
0x1800021c0 RtlCaptureContext
0x1800021c8 DbgPrint
0x1800021d0 WinSqmIncrementDWORD
0x1800021d8 WinSqmIsOptedIn
0x1800021e0 DbgPrintEx
Library ADVAPI32.dll:
0x180002128 DeregisterEventSource
0x180002130 ReportEventW
0x180002138 RegisterEventSourceW
Library KERNEL32.dll:
0x180002148 TerminateProcess
0x180002150 GetTickCount
0x180002158 GetSystemTimeAsFileTime
0x180002160 GetCurrentThreadId
0x180002170 UnhandledExceptionFilter
0x180002178 GetCurrentProcess
0x180002180 GetCommandLineW
0x180002188 GetLastError
0x180002190 GetCurrentProcessId
0x180002198 QueryPerformanceCounter

Exports

Ordinal Address Name
1 0x180001010 I_RpcNsGetBuffer
2 0x180001010 I_RpcNsNegotiateTransferSyntax
3 0x180001050 I_RpcNsRaiseException
4 0x180001010 I_RpcNsSendReceive
5 0x180001010 I_RpcReBindBuffer
6 0x18000285c RpcIfIdVectorFree
7 0x180001030 RpcNsBindingExportA
8 0x180001010 RpcNsBindingExportPnPA
9 0x180001010 RpcNsBindingExportPnPW
10 0x180001010 RpcNsBindingExportW
11 0x180001010 RpcNsBindingImportBeginA
12 0x180001010 RpcNsBindingImportBeginW
13 0x180001010 RpcNsBindingImportDone
14 0x180001010 RpcNsBindingImportNext
15 0x180001010 RpcNsBindingLookupBeginA
16 0x180001010 RpcNsBindingLookupBeginW
17 0x180001010 RpcNsBindingLookupDone
18 0x180001010 RpcNsBindingLookupNext
19 0x180001010 RpcNsBindingSelect
20 0x180001030 RpcNsBindingUnexportA
21 0x180001010 RpcNsBindingUnexportPnPA
22 0x180001010 RpcNsBindingUnexportPnPW
23 0x180001010 RpcNsBindingUnexportW
24 0x180001010 RpcNsEntryExpandNameA
25 0x180001010 RpcNsEntryExpandNameW
26 0x180001010 RpcNsEntryObjectInqBeginA
27 0x180001010 RpcNsEntryObjectInqBeginW
28 0x180001010 RpcNsEntryObjectInqDone
29 0x180001010 RpcNsEntryObjectInqNext
30 0x180001010 RpcNsGroupDeleteA
31 0x180001010 RpcNsGroupDeleteW
32 0x180001010 RpcNsGroupMbrAddA
33 0x180001010 RpcNsGroupMbrAddW
34 0x180001010 RpcNsGroupMbrInqBeginA
35 0x180001010 RpcNsGroupMbrInqBeginW
36 0x180001010 RpcNsGroupMbrInqDone
37 0x180001010 RpcNsGroupMbrInqNextA
38 0x180001010 RpcNsGroupMbrInqNextW
39 0x180001010 RpcNsGroupMbrRemoveA
40 0x180001010 RpcNsGroupMbrRemoveW
41 0x180001010 RpcNsMgmtBindingUnexportA
42 0x180001010 RpcNsMgmtBindingUnexportW
43 0x180001010 RpcNsMgmtEntryCreateA
44 0x180001010 RpcNsMgmtEntryCreateW
45 0x180001010 RpcNsMgmtEntryDeleteA
46 0x180001010 RpcNsMgmtEntryDeleteW
47 0x180001010 RpcNsMgmtEntryInqIfIdsA
48 0x180001010 RpcNsMgmtEntryInqIfIdsW
49 0x180001010 RpcNsMgmtHandleSetExpAge
50 0x180001010 RpcNsMgmtInqExpAge
51 0x180001010 RpcNsMgmtSetExpAge
52 0x180001010 RpcNsProfileDeleteA
53 0x180001010 RpcNsProfileDeleteW
54 0x180001010 RpcNsProfileEltAddA
55 0x180001010 RpcNsProfileEltAddW
56 0x180001010 RpcNsProfileEltInqBeginA
57 0x180001010 RpcNsProfileEltInqBeginW
58 0x180001010 RpcNsProfileEltInqDone
59 0x180001010 RpcNsProfileEltInqNextA
60 0x180001010 RpcNsProfileEltInqNextW
61 0x180001010 RpcNsProfileEltRemoveA
62 0x180001010 RpcNsProfileEltRemoveW
No antivirus signatures available.
No IRMA results available.