popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-04-01 12:58:43

PE Imphash

c39234ff2245e05d4a92d8a0891a5638

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00011b50 0x00012000 6.19500245855
.data 0x00013000 0x00000a08 0x00001000 0.0
.rsrc 0x00014000 0x00010b30 0x00011000 6.13833771204

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00014308 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000142f4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000140f0 0x00000204 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaFreeVar
0x40100c __vbaEnd
0x401010 _adj_fdiv_m64
0x401014 _adj_fprem1
0x401018 __vbaStrCat
0x40101c __vbaSetSystemError
0x401024 _adj_fdiv_m32
0x401028 _adj_fdiv_m16i
0x40102c _adj_fdivr_m16i
0x401030 _CIsin
0x401034 __vbaChkstk
0x401038 __vbaFileClose
0x40103c EVENT_SINK_AddRef
0x401040 __vbaStrCmp
0x401044 DllFunctionCall
0x401048 _adj_fpatan
0x40104c EVENT_SINK_Release
0x401050 None
0x401054 _CIsqrt
0x40105c __vbaExceptHandler
0x401060 __vbaInputFile
0x401064 __vbaStrToUnicode
0x401068 _adj_fprem
0x40106c _adj_fdivr_m64
0x401070 __vbaFPException
0x401074 None
0x401078 _CIlog
0x40107c __vbaFileOpen
0x401080 __vbaNew2
0x401084 None
0x401088 _adj_fdiv_m32i
0x40108c _adj_fdivr_m32i
0x401090 __vbaFreeStrList
0x401094 _adj_fdivr_m32
0x401098 _adj_fdiv_r
0x40109c None
0x4010a0 __vbaStrToAnsi
0x4010a4 _CIatan
0x4010a8 __vbaStrMove
0x4010ac _allmul
0x4010b0 _CItan
0x4010b4 _CIexp
0x4010b8 __vbaFreeObj
0x4010bc __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
update
vb6chs.dll
update
update
update
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
urlmon.dll
URLDownloadToFileA
Wininet.dll
DeleteUrlCacheEntryA
kernel32
DeleteFileA
VBA6.DLL
__vbaEnd
__vbaHresultCheckObj
__vbaFreeVar
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeStr
__vbaStrCmp
__vbaFileClose
__vbaInputFile
__vbaFreeObj
__vbaFreeStrList
__vbaNew2
__vbaStrCat
__vbaStrMove
__vbaFileOpen
jPh|"A
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
A*\AC:\Users\xzh\Desktop\
\update.txt
http://101.126.11.168/xsh/xsh.exe
cmd /c
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
080404B0
CompanyName
ProductName
FileVersion
ProductVersion
InternalName
update
OriginalFilename
update.exe
Antivirus Signature
Bkav W32.Common.9169E44C
Lionic Trojan.Win32.Generic.4!c
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Trojan.GenericKD.73844191
Cylance Unsafe
Zillya Clean
Sangfor Downloader.Win32.Agent.V7u2
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Clean
K7GW Trojan-Downloader ( 005b92441 )
K7AntiVirus Trojan-Downloader ( 005b92441 )
huorong Trojan/Generic!1853AD45E108A4CF
Baidu Clean
VirIT Trojan.Win32.VBGenus.HCW
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Win32/TrojanDownloader.VB.RVD
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Trojan.GenericKD.73844191
NANO-Antivirus Trojan.Win32.VB.kqsyqz
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.73844191
Tencent Malware.Win32.Gencirc.1418f5d3
Sophos Mal/Generic-S
F-Secure Trojan.TR/VB.Downloader.Gen
DrWeb Clean
VIPRE Trojan.GenericKD.73844191
TrendMicro Clean
McAfeeD ti!1D8AD7A7F0B0
Trapmine malicious.high.ml.score
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.73844191 (B)
Ikarus Trojan.VB.Downloader
FireEye Generic.mg.340efe524c957a5c
Jiangmin Clean
Webroot W32.Trojan.GenKD
Varist W32/Trojan.CSVN-7817
Avira TR/VB.Downloader.Gen
Fortinet PossibleThreat.PALLAS.H
Antiy-AVL Trojan/Win32.Agent
Kingsoft malware.kb.a.855
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D466C5DF
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Phonzy.A!ml
Google Detected
AhnLab-V3 Trojan/Win.Phonzy.C5659817
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R03BH09FT24
Rising Downloader.VB!8.1EB (CLOUD)
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.274032410.susgen
GData Trojan.GenericKD.73844191
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Suspicious
No IRMA results available.