popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2003-02-15 23:14:29

PE Imphash

a3f02717021f5e48dcf6e9998900d2c7

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00007cf4 0x00008000 6.57027633725
.rdata 0x00009000 0x0000278a 0x00003000 4.46210237148
.data 0x0000c000 0x00001e5c 0x00001000 1.14378029508

Imports

Library WSOCK32.dll:
0x409120 ioctlsocket
Library NETAPI32.dll:
0x4090fc NetUserEnum
0x409100 NetShareEnum
0x409104 NetUserGetInfo
0x409108 NetUserModalsGet
0x40910c NetWkstaGetInfo
0x409110 NetSessionEnum
0x409114 NetWkstaUserEnum
0x409118 NetApiBufferFree
Library MPR.dll:
0x4090f4 WNetAddConnection2A
Library KERNEL32.dll:
0x409014 CompareStringW
0x409018 CompareStringA
0x40901c CloseHandle
0x409020 SetStdHandle
0x409028 GetStringTypeW
0x40902c GetStringTypeA
0x409030 LCMapStringW
0x409034 MultiByteToWideChar
0x409038 GetLocaleInfoA
0x40903c VirtualProtect
0x409040 GetSystemInfo
0x409044 RtlUnwind
0x40904c ExitProcess
0x409050 GetProcAddress
0x409054 GetModuleHandleA
0x409058 TerminateProcess
0x40905c GetCurrentProcess
0x409060 GetCommandLineA
0x409064 GetVersionExA
0x409068 WideCharToMultiByte
0x409070 WriteFile
0x409074 GetStdHandle
0x409078 GetModuleFileNameA
0x40908c GetLastError
0x409090 VirtualQuery
0x409094 SetHandleCount
0x409098 GetFileType
0x40909c GetStartupInfoA
0x4090a0 HeapDestroy
0x4090a4 HeapCreate
0x4090a8 VirtualFree
0x4090ac HeapFree
0x4090b0 HeapAlloc
0x4090b4 HeapReAlloc
0x4090b8 HeapSize
0x4090bc LoadLibraryA
0x4090c0 GetACP
0x4090c4 GetOEMCP
0x4090c8 GetCPInfo
0x4090cc VirtualAlloc
0x4090d0 FlushFileBuffers
0x4090d8 GetTickCount
0x4090dc GetCurrentThreadId
0x4090e0 GetCurrentProcessId
0x4090e8 SetFilePointer
0x4090ec LCMapStringA
Library ADVAPI32.dll:
0x409008 LsaFreeMemory
0x40900c LsaOpenPolicy
!This program cannot be run in DOS mode.
`.rdata
@.data
L$HQh,
D$$Pj j
u,h!C@
HHtZHHtV
>:u>FV
WWWWWSRSSj
WWWWWj
QQSVW3
t#SSUP
t$$VSS
_^][YY
VC20XC00U
t-WWSPj
t!SS9]
t.;t$$t(
WWWWVSW
t2WWVPVSW
Reason : Unknown.
Reason : Access denied.
Warning: Unable to retrieve the list of logged in users.
LOGGED IN USERS:
Warning: Unable to retrieve sessions.
SESSIONS:
- OS version: %ld.%ld
Warning: Unable to retrieve system information.
SYSTEM INFORMATION:
- Lockout threshold: %ld
- Reset lockout counter after %ld minutes
- Lockout duration: %ld minutes
Warning: Unable to retrieve lockout policy.
LOCOUT POLICY:
- Minimum password length: %ld characters
- Password history length: %ld passwords
- Minimum password age: %ld days
- Maximum password age: %ld days
- Time between end of logon time and forced logoff: %ld seconds
- Time between end of logon time and forced logoff: No forced logoff
Warning: Unable to retrieve password policy.
PASSWORD POLICY:
Reason : Not supported by your OS.
Reason : Not supported by the remote OS.
Warning: Unable to retrieve domain DNS information.
Warning: Unable to retrieve accounts domain.
Warning: Unable to retrieve legacy domain information.
Reason : Unknown (%d).
Warning: Unable to retrieve policy.
DOMAIN INFORMATION:
- Group
- Password has expired: Yes
- Password has expired: No
- Failed logins in a row to this DC / computer: %ld
- Failed logins in a row to this DC / computer: Unavailable
- Max disk space: %ld
- Max disk space: Unlimited
- Account expires: %s
- Account expires: Never
- Last logoff from this DC / computer: %s
- Last logon to this DC / computer: %s
- Last logon to this DC / computer: None
- Can log in from workstations: All
- Account is: Accounts operator
- Account is: Server operator
- Account is: Communications operator
- Account is: Print operator
- The account is: Unknown type
- The account is: Interdomain trust account
- The account is: BDC trust account
- The account is: Computer account
- The account is: Duplicate user
- The account is: Normal user
- Password never expires: No
- Password never expires: Yes
- Account is locked out: No
- Account is locked out: Yes
- User can change password: Yes
- User can change password: No
- Account is: Enabled
- Account is: Disabled
- Privilege level: Guest
- Privilege level: User
- Privilege level: Administrator
- Password age: %ld days
Warning: Unable to enumerate shares.
- Type: Unknown
- Type: Special share reserved for IPC or administrative share
- Type: Interprocess communication
- Type: Communication device
- Type: Print queue
- Type: Disk drive
SHARES:
Warning: Unable to enumerate server trust accounts.
SERVER TRUST ACCOUNTS:
Warning: Unable to enumerate interdomain trust accounts.
INTERDOMAIN TRUST ACCOUNTS:
Warning: Unable to enumerate workstation trust accounts.
WORKSTATION TRUST ACCOUNTS:
Reason : Too small buffer.
Reason : Invalid computer name.
Warning: Unable to enumerate users.
(This account is the built-in guest account)
(This account is the built-in administrator account)
USER ACCOUNTS:
Null session established.
Please write down the error and the code %d.
Reason: Check the FAQ at http://www.ntsecurity.nu/toolbox/winfo/faq.html
Reason: The stub received bad data.
Reason: RPC error.
Reason: No service running at the target system.
Reason: Winfo doesn't work on this Windows version.
Reason: You may already be connected with another account.
Reason: Access denied, null sessions seem to have been restricted.
Reason: The computer may not have sharing enabled at all or may be down.
Error : Unable to establish a null session.
Trying to establish null session...
-v = verbose mode, show detailed account information.
Without -n, any session already established will be used.
-n = establish null session before trying to dump info.
Usage: winfo <IP> [-n] [-v]
- http://www.ntsecurity.nu/toolbox/winfo/
Winfo 2.0 - copyright (c) 1999-2003, Arne Vidstrom
CorExitProcess
mscoree.dll
`h````
ppxxxx
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
Program:
A buffer overrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state. The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
WSOCK32.dll
NetApiBufferFree
NetWkstaUserEnum
NetSessionEnum
NetWkstaGetInfo
NetUserModalsGet
NetUserGetInfo
NetShareEnum
NetUserEnum
NETAPI32.dll
WNetAddConnection2A
MPR.dll
MultiByteToWideChar
KERNEL32.dll
LsaFreeMemory
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
ADVAPI32.dll
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
WideCharToMultiByte
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
SetStdHandle
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
- User: %s
- Computer: %s
- Forest DNS name for primary domain: %s
- DNS name for primary domain: %s
- Primary domain: %s
- Account domain: %s
- Primary domain (legacy): %s
- Path to user profile: %s
- Can log in from workstations: %s
- User comment: %s
- Full name: %s
- Logon script path: %s
- Comment: %s
- Home directory mapped as: %s
- Home directory: %s
- Remark: %s
(null)
((((( H
h(((( H
H
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec Clean
tehtris Clean
ESET-NOD32 Clean
APEX Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD Clean
Trapmine Clean
CTX Clean
Emsisoft Clean
Ikarus Clean
FireEye Clean
Jiangmin Trojan.Generic.hpuzc
Webroot Clean
Varist Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft malware.kb.a.973
Gridinsoft Malware.Win32.GenericMC.cc
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.300983.susgen
GData Clean
AVG Clean
DeepInstinct Clean
alibabacloud Clean
No IRMA results available.