popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2020-06-09 09:17:26

PE Imphash

17b461a082950fc6332228572138b80c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000020f0 0x00002200 5.93323547782
.data 0x00004000 0x00000490 0x00000600 5.81324367204
.rdata 0x00005000 0x000002d0 0x00000400 3.98670186067
.pdata 0x00006000 0x0000027c 0x00000400 2.7281247889
.xdata 0x00007000 0x00000238 0x00000400 2.65379684452
.bss 0x00008000 0x00000a30 0x00000000 0.0
.idata 0x00009000 0x00000958 0x00000a00 3.87466906816
.CRT 0x0000a000 0x00000068 0x00000200 0.256446748701
.tls 0x0000b000 0x00000048 0x00000200 0.217769955458

Imports

Library KERNEL32.dll:
0x409244 CloseHandle
0x40924c ConnectNamedPipe
0x409254 CreateFileA
0x40925c CreateNamedPipeA
0x409264 CreateThread
0x40927c GetCurrentProcess
0x409284 GetCurrentProcessId
0x40928c GetCurrentThreadId
0x409294 GetLastError
0x40929c GetModuleHandleA
0x4092a4 GetProcAddress
0x4092ac GetStartupInfoA
0x4092bc GetTickCount
0x4092d4 LoadLibraryW
0x4092e4 ReadFile
0x4092ec RtlAddFunctionTable
0x4092f4 RtlCaptureContext
0x409304 RtlVirtualUnwind
0x409314 Sleep
0x40931c TerminateProcess
0x409324 TlsGetValue
0x409334 VirtualAlloc
0x40933c VirtualProtect
0x409344 VirtualQuery
0x40934c WriteFile
Library msvcrt.dll:
0x409364 __dllonexit
0x40936c __getmainargs
0x409374 __initenv
0x40937c __iob_func
0x409384 __lconv_init
0x40938c __set_app_type
0x409394 __setusermatherr
0x40939c _acmdln
0x4093a4 _amsg_exit
0x4093ac _cexit
0x4093b4 _fmode
0x4093bc _initterm
0x4093c4 _lock
0x4093cc _onexit
0x4093d4 _unlock
0x4093dc abort
0x4093e4 calloc
0x4093ec exit
0x4093f4 fprintf
0x4093fc free
0x409404 fwrite
0x40940c malloc
0x409414 memcpy
0x40941c signal
0x409424 sprintf
0x40942c strlen
0x409434 strncmp
0x40943c vfprintf
!This program cannot be run in DOS mode.
P`.data
.rdata
P@.pdata
0@.xdata
0@.bss
.idata
ffffff.
ATUWVSH
[^_]A\
ATUWVSH
@[^_]A\
ATUWVSH
[^_]A\
ATUWVSH
@[^_]A\
ffffff.
AUATUWVSH
[^_]A\A]
[^_]A\A]
[^_]A\A]
ATWVSH
[^_A\]
ATUWVSH
@[^_]A\
L3d$0H
@[^_]A\
([^_]H
e|j>a\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp
_set_invalid_parameter_handler
%c%c%c%c%c%c%c%c%cMSSE-%d-server
.pdata
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Unknown error
_matherr(): %s in %s(%g, %g) (retval=%g)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
CloseHandle
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
ReadFile
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WriteFile
__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
_unlock
calloc
fprintf
fwrite
malloc
memcpy
signal
sprintf
strlen
strncmp
vfprintf
KERNEL32.dll
msvcrt.dll
msvcrt.dll
Antivirus Signature
Bkav Clean
Lionic Trojan.Win64.Shelma.tsgG
Elastic Windows.Trojan.CobaltStrike
ClamAV Win.Trojan.CobaltStrike-9044898-1
CMC Clean
CAT-QuickHeal Trojan.CobaltStr.S17675256
Skyhigh BehavesLike.Win64.Trojan.lm
ALYac Trojan.GenericKDZ.107133
Cylance Unsafe
Zillya Tool.CobaltStrike.Win64.273
Sangfor Trojan.Win32.CobaltStrike
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Trojan:Win32/CozyDuke.1012
K7GW Trojan ( 0058fadf1 )
K7AntiVirus Trojan ( 0058fadf1 )
huorong Backdoor/CobaltStrike.d
Baidu Clean
VirIT Trojan.Win32.Genus.DDA
Paloalto generic.ml
Symantec Backdoor.Cobalt!gen1
tehtris Clean
ESET-NOD32 a variant of Win64/CobaltStrike.Artifact.A
APEX Malicious
Avast Win64:Evo-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win64.CobaltStrike.gen
BitDefender Trojan.GenericKDZ.107133
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Cobaltstrike.17920.BUX
MicroWorld-eScan Trojan.GenericKDZ.107133
Tencent Trojan.Win64.CobaltStrike.hb
Sophos ATK/Cobalt-CC
F-Secure Trojan.TR/AVI.CobaltStrike.bikjb
DrWeb BackDoor.CobaltStrike.86
VIPRE Trojan.GenericKDZ.107133
TrendMicro Backdoor.Win64.COBEACON.SMA
McAfeeD ti!65B69EB0077B
Trapmine Clean
CTX exe.trojan.cobaltstrike
Emsisoft Trojan.CobaltStrike (A)
Ikarus Trojan.Win64.Cobaltstrike
FireEye Generic.mg.cecc2b6b3bd5983b
Jiangmin Trojan.Generic.fsibr
Webroot W32.Trojan.Cobaltstrike
Varist W64/Agent.NDUP
Avira TR/AVI.CobaltStrike.bikjb
Fortinet W64/Agent.CY!tr
Antiy-AVL RiskWare/Win64.Artifact.a
Kingsoft malware.kb.a.939
Gridinsoft Trojan.Win64.CobaltStrike.tr
Xcitium Clean
Arcabit Trojan.Generic.D1A27D
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win64.CobaltStrike.gen
Microsoft Trojan:Win64/Bulz.SPVV!MTB
Google Detected
AhnLab-V3 Backdoor/Win.CobaltStrike.R360995
Acronis Clean
McAfee Artemis!CECC2B6B3BD5
TACHYON Trojan/W64.Agent.17920.C
VBA32 Trojan.Win64.CobaltStrike
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Backdoor.Win64.COBEACON.SMA
Rising Backdoor.CobaltStrike/x64!1.D04A (CLASSIC)
Yandex Trojan.GenAsa!ZICJWVi3Ujg
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData Trojan.GenericKDZ.107133
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Hacktool:Win/Cobaltstrike.dd0d4187
No IRMA results available.