popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-10-16 17:54:04

PE Imphash

9dee5c6e2779603605dedf99c35cff63

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00027698 0x00027800 6.32581191997
.data 0x00029000 0x00000150 0x00000200 1.95032657945
.rdata 0x0002a000 0x00010c00 0x00010c00 7.20620523444
.eh_fram 0x0003b000 0x00000004 0x00000200 0.0
.pdata 0x0003c000 0x00001824 0x00001a00 5.06639821561
.xdata 0x0003e000 0x00001634 0x00001800 4.23722992392
.bss 0x00040000 0x00015fa0 0x00000000 0.0
.edata 0x00056000 0x000000b4 0x00000200 2.18134760083
.idata 0x00057000 0x00000730 0x00000800 3.84666876375
.CRT 0x00058000 0x00000058 0x00000200 0.254705591457
.tls 0x00059000 0x00000010 0x00000200 0.0
.reloc 0x0005a000 0x000001e0 0x00000200 4.76706945546

Imports

Library KERNEL32.dll:
0x3576771e4 DeleteCriticalSection
0x3576771ec EnterCriticalSection
0x3576771f4 FreeLibrary
0x3576771fc GetLastError
0x357677204 GetModuleHandleA
0x35767720c GetProcAddress
0x35767721c IsDBCSLeadByteEx
0x357677224 LeaveCriticalSection
0x35767722c LoadLibraryA
0x357677234 MultiByteToWideChar
0x35767723c Sleep
0x357677244 TlsGetValue
0x35767724c VirtualAlloc
0x357677254 VirtualFree
0x35767725c VirtualProtect
0x357677264 VirtualQuery
0x35767726c WideCharToMultiByte
Library msvcrt.dll:
0x35767727c ___lc_codepage_func
0x357677284 ___mb_cur_max_func
0x35767728c __iob_func
0x357677294 _amsg_exit
0x35767729c _errno
0x3576772a4 _fileno
0x3576772ac _initterm
0x3576772b4 _lock
0x3576772bc _setjmp
0x3576772c4 _setmode
0x3576772cc _unlock
0x3576772d4 abort
0x3576772dc calloc
0x3576772e4 exit
0x3576772ec fflush
0x3576772f4 fputc
0x3576772fc free
0x357677304 fwrite
0x35767730c localeconv
0x357677314 longjmp
0x35767731c malloc
0x357677324 memchr
0x35767732c memcpy
0x357677334 memset
0x35767733c realloc
0x357677344 signal
0x35767734c strcmp
0x357677354 strerror
0x35767735c strlen
0x357677364 strncmp
0x35767736c strstr
0x357677374 vfprintf
0x35767737c wcslen

Exports

Ordinal Address Name
1 0x35763ebd0 DllInstall
2 0x35763eb70 DllRegisterServer
3 0x35763eba0 DllUnregisterServer
4 0x35763eb40 NimMain
5 0x357648640 main
!This program cannot be run in DOS mode.
P`.data
.rdata
`@.eh_fram
.pdata
0@.xdata
0@.bss
.edata
0@.idata
.reloc
UAUATSH
([A\A]]
ATUWVSH
[^_]A\
ATWVSH
([^_A\
ATWVSH
([^_A\
AUATUWVSH
([^_]A\A]
AUATWVSH
[^_A\A]
@ L9B u
J H9H tGH
J H9H
AUATUWVSH
([^_]A\A]
b@H;z(
AVAUATUWVSH
[^_]A\A]A^
P H;Q }
r H9q u
A M9A u"L
A L9@ u#H
r I9p
ATWVSH
([^_A\
ATWVSH
([^_A\
([^_A\
ATUWVSH
[^_]A\
AUATSH
[A\A]
[A\A]
[A\A]
ATUWVSH
[^_]A\
[^_]A\
[^_]A\
AUATUWVSH
([^_]A\A]
([^_]A\A]
([^_]A\A]
ATUWVSH
[^_]A\I
[^_]A\
[^_]A\
AVAUATUWVSH
[^_]A\A]A^
@H9Q0v
AWAVAUATUWVSH
[^_]A\A]A^A_
AUATUWVSH
([^_]A\A]
AVAUATUWVSH
@[^_]A\A]A^
AVAUATUWVSH
@[^_]A\A]A^
AWAVAUATUWVSH
8[^_]A\A]A^A_
AWAVAUATUWVSH
D$@H9D$H
X[^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
AUATVSH
8[^A\A]
AUATSH
)t$ E1
0[A\A]
ATUWVSH
[^_]A\
ATWVSH
([^_A\
([^_A\
AUATUWVSH
([^_]A\A]
AUATUWVSH
([^_]A\A]
AWAVAUATUWVSH
H[^_]A\A]A^A_
AUATUWVSH
8[^_]A\A]
ATUWVSH
@[^_]A\
@[^_]A\
ATUWVSH
@[^_]A\
@[^_]A\
AWAVAUATUWVSH
D$(H9D$0
h[^_]A\A]A^A_
[[reraisH
ed from:
AUATSH
[A\A]
AUATUWVSH
Error: u
nhandledH
exceptiH
[^_]A\A]
ATUWVSH
[^_]A\
AVAUATSH
ATUWVSH
[^_]A\
AUATSH
AUATSH
[A\A]
[A\A]
AUATSH
0[A\A]
AWAVAUATUWVSH
8[^_]A\A]A^A_
AVAUATUWVSH
[^_]A\A]A^
AUATSH
Parsed iI
nteger oL
utside oI
f valid L
@0rangf
0[A\A]
AVAUATUWVSH
gfffffffH9
[^_]A\A]A^
AVUWVSL
[^_]A^
AVWVSH
AVAUATWVSH
H[^_A\A]A^
integer:H
invalid H
integer:H
invalid H
ATUWVSH
P[^_]A\
ATWVSH
H[^_A\
AUATUWVSH
H[^_]A\A]
AUATVSH
([^A\A]
AUATSH
[A\A]
AUATSH
[A\A]
AWAVAUATUWVSH
invalid H
format sH
tring, cH
annot paH
@0rse:
H[^_]A\A]A^A_
AWAVAUATUWVSH
8[^_]A\A]A^A_
8[^_]A\A]A^A_
AWAVAUATSH
`[A\A]A^A_
invalid H
type in H
format sH
tring foH
r stringH
, expectH
ed 's', H
but got H
`[A\A]A^A_
AUATUWVSI
UUUUUUUUH
33333333M!
K8[^_]A\A]
AWAVAUATUWVSH
t$PH#t$XH1
d$@L#d$`M1
H#l$pL#T$HI!
|$hL#\$@L3T$`L
H#|$pL3l$HL1
H3|$HI1
H#D$XI1
t$xH3t$`M1
[^_]A\A]A^A_
AWAVAUATUWVSH
\$0L#\$(H!
H3\$(H1
d$HL#d$XH1
L#T$ L3T$XH1
H#T$hL1
|$hL3L$ H#
H3|$ L#\$HM1
H#D$PH1
T$pH3T$XL!
L#T$ H1
L3\$ L
L#t$`I1
H#L$8H3
d$@L3L$8H1
H3t$8I1
H#D$PH1
T$pH3T$(H
""""""""L
DDDDDDDDL!
[^_]A\A]A^A_
AUATUWVSH
([^_]A\A]
([^_]A\A]
HcD$,H
AWAVAUATUWVSH
H3L$(H1
L#\$(M!
d$(H#\$8L!
L#L$pH#t$XL1
H#l$pM1
H#L$`I1
H3D$(I1
H3\$PH3\$0H1
H3\$0M1
L3t$pH
L3T$XL3T$hL1
H3L$pL1
H3L$XM1
L3D$8H
l$H@I1
\$8L#\$HH
L3L$8L3L$HI1
L#T$@H
L#L$pM1
H#\$(I1
L#|$pL#\$XL1
H3D$hM1
H#T$`L1
L3|$hH1
L3o(M1
L3G8M1
[^_]A\A]A^A_
ATUWVSH
0[^_]A\
AUATSH
[A\A]
AVUWVSH
[^_]A^
AUATSH
[A\A]
AWAVAUATUWVSH
H[^_]A\A]A^A_
ATWVSH
convert H
([^_A\
convert H
convert
AWAVAUATUWVSH
8[^_]A\A]A^A_
AUATUWVSH
([^_]A\A]
AWAVAUATUWVSH
MZt!E1
[^_]A\A]A^A_
D$4HcG B
HcD$0N
AUATUWVSH
([^_]A\A]
([^_]A\A]
AUATUWSH
[_]A\A]
AUATSH
AdditionM
al info:I
OS errorH
unknown H
P[A\A]
P[A\A]
unknown H
OS errorH
P[A\A]
AWAVAUATWVSH
@[^_A\A]A^A_
@[^_A\A]A^A_
not in H
0 ..fD
not in H
not in
indefD
0 ..fD
AUATUWVSH
VT_ARRAY
8[^_]A\A]
VT_BYREF
VT_VECTO
VT_RESER
VT_ARRAYH
8[^_]A\A]
8[^_]A\A]
VT_ARRAYH
ATWVSH
([^_A\
([^_A\
ATWVSH
([^_A\
AWAVAUATUWVSH
x[^_]A\A]A^A_
Hc|$8H
ATUWVSH
P[^_]A\
AVAUATSH
8[A\A]A^
8[A\A]A^
AVAUATUWVSH
@[^_]A\A]A^
AUATSH
[A\A]
AVAUATSH
8[A\A]A^
8[A\A]A^
AUATSH
[A\A]
AVAUATUWVSH
@[^_]A\A]A^
AWAVAUATUWVSH
[^_]A\A]A^A_
AUATSH
[A\A]
AVAUATUWVSH
@[^_]A\A]A^
AWAVAUATUWVSH
X[^_]A\A]A^A_
unable tH
o invokeH
specifiH
ed membeH
AUATUWVSH
[^_]A\A]
AWAVAUATH
A\A]A^A_
AWAVAUATUWVSH
[^_]A\A]A^A_
AVAUATUWVSH
P[^_]A\A]A^
AWAVAUATUWVSH
HcT$xH
[^_]A\A]A^A_
AWAVAUATUWVSH
t$XHcL$@HcS
[^_]A\A]A^A_
H+L$pH
AWAVAUATUWVSH
H[^_]A\A]A^A_
ATUWVS
[^_]A\A]
[^_]A\A]
AWAVAUATUWVSH
[^_]A\A]A^A_
ATUWVSH
@[^_]A\
AVAUATSH
8[A\A]A^
ATWVSH
ATUWVSH
[^_]A\
[^_]A\
ATWVSH
([^_A\
([^_A\
AVAUATUWVSH
0[^_]A\A]A^
AVAUATUWVSH
[^_]A\A]A^
AWAVAUATUWVSH
X[^_]A\A]A^A_
ATUWVSH
[^_]A\
AVAUATUWVSH
@[^_]A\A]A^
} ouH
} ot0H
UAUATWVSH
[^_A\A]]
EL;E`|
E(H;E u
E(H;E u%H
9El~)H
E(H;E t
H;E s?H
H;E s]
libgcc_s_dw2-1.dll
__register_frame_info
__deregister_frame_info
out of memory
virtualFree failing!
IOError
io.nim
raiseEIO
OverflowDefect
fatal.nim
sysFatal
ReraiseDefect
SIGINT: Interrupted by Ctrl-C.
SIGSEGV: Illegal storage access. (Attempt to read from nil?)
SIGABRT: Abnormal termination.
SIGFPE: Arithmetic error.
unknown signal
SIGILL: Illegal operation.
could not load:
(bad format; library may be wrong architecture)
could not import:
parent
procname
filename
errorCode
[GC] cannot register thread local variable; too many thread local variables
[GC] cannot register global variable; too many global variables
IsEqualGUID
ValueError
parseutils.nim
integerOutOfRangeError
strutils.nim
parseInt
WideCharToMultiByte
SysStringLen
MultiByteToWideChar
lstrlenW
GetCurrentThread
GetThreadContext
HeapCreate
HeapAlloc
GetProcessHeap
LoadLibraryA
GetProcAddress
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
GetCurrentProcess
ResumeThread
WaitForSingleObject
GetForegroundWindow
GetWindowThreadProcessId
AttachConsole
strformat.nim
parseStandardFormatSpecifier
formatValue
@kernel32
@kernel32
@user32
@user32
@kernel32
@kernel32
@oleaut32
@oleaut32
@kernel32
@kernel32
@0123456789ABCDEF
@ole32
@ole32
@no exception to reraise
@over- or underflow
@cannot write string to file
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
inet_ntop
Field0
Field1
zonedTimeFromTimeImpl
zonedTimeFromAdjTimeImpl
bCryptGenRandom
queryProcessCycleTime
queryUnbiasedInterruptTime
queryIdleProcessorCycleTime
coresCount
hIntel
Field2
counter
hresult
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
FormatMessageW
LocalFree
GetLastError
GetTypeInfo
lpVtbl
struct1
union1
wReserved1
wReserved2
wReserved3
fltVal
dblVal
boolVal
bstrVal
QueryInterface
AddRef
Release
punkVal
GetTypeInfoCount
GetIDsOfNames
Invoke
pdispVal
fFeatures
cbElements
cLocks
pvData
cElements
lLbound
rgsabound
parray
pllVal
pfltVal
pdblVal
pboolVal
pscode
pcyVal
pbstrVal
ppunkVal
ppdispVal
pparray
pvarVal
ullVal
intVal
uintVal
wReserved
signscale
union2
pdecVal
puiVal
pulVal
pullVal
pintVal
puintVal
pvRecord
RecordInit
RecordClear
RecordCopy
GetGuid
GetName
GetSize
GetField
GetFieldNoCopy
PutField
PutFieldNoCopy
GetFieldNames
IsMatchingType
RecordCreate
RecordCreateCopy
RecordDestroy
pRecInfo
decVal
DispGetIDsOfNames
SysFreeString
CoInitialize
VariantClear
VariantCopy
SysAllocString
SafeArrayCreate
SafeArrayPutElement
CLRCreateInstance
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OSError
oserr.nim
raiseOSError
IndexDefect
os.nim
paramStr
VariantConversionError
com.nim
newVariant
toVariant
CLRError
clr.nim
clrError
@System.Drawing.dll
@System.dll
@Invoke
@EntryPoint
@$>3++!/<&<=?(2&)&3&;<:&(;'"-=>-?8&3.);?;)-(20%8:)=8--',0)&=->30>>39:)<# ;&(!-.23& <$&)&8!",9;.>-0))2.08>:-/:+33"288!)8/=3&!2?(.+$!'.893:((==+-(.3"":(8?3?"/.!)<-!&"$ "=! :<&.),?++='/!3>:3&<:90!# "%=)):22<>3$))(<+=(>)03)88+%>##."?";?!2(-',;/);' =)!$-8.'(%.8))2&9+%$%)>?2!.%?'$,%>=?-<><2$2(3?>.>:9/=2??#>#83,0(;+:$8'$&;>9';'&-%&(%0$2$) 9,03!3%#>. =.-9%;9/&((<=+,"$=/, /'>/ -8-/8"& ?=
@MGCUKXQKLWLFXIZSUZQZBPOVXMXLUDDLEHYWIYVLRARNUJKZMNDZUYEJVBLLFFDSXEMDHCATGHPZPHIHBJNBNXAUXDNQBBMHHAXCLUYRFNIGIREAOMYSEWYWNSBHWXGNUWCFQHCVWCURYXAELNFBZORBIRGZHQRFRQUETHOAGDESJUQCXQKLPYSXNCQVAZQSDDWBRVKBJBFLBMAVGQVTZJUTYQTZGXUFZXMUECQVBOBCRHDFPGBSLLIXYRJFSHNSTXPKXDYGMCGXZJEHLIQPCQYBOQVQTQAXEZHURVUPNTNPZLABDGSSUQVNZWLCYDCECFFLFAGNTGVGPMMDOCMFADDJYYGQIOCRLIHOXTFFKAMUEXAXTESNOVFOUQGVOFVCOOQIGFOXKJWZBGENRHFFOOGKOKKEUKROXNWIPNCSORZUJXHUHGSEZPJYDAAGGBRECXKEFBUMLVSDQTXTWIQODJSRNHBWYZNZJRPOSQB
@H@AFRX_LKX^XLGMDKCABDSBR\]@MPPZ\DYG@ZELERPLOS[DFAHOESABN^I[XL_YPILN_IDGLGGBMAAH[Z\GL[O_OKL]OAMBGSM_\ZZYRD@LIM[NDS@BM[_^
@WHMGHQCEKHGAUOGDQP@RNHD\PRSIDRMUBTHV_NQKTGQRDBKP@B_NOMT_UTDDKJGVUJECD@GEEKDGCVPPCGGJQUDHWSDMN\TUINW@U^QCMLES
@]I]MIXRF@YHZF]AOMZCXGB_^P@ZDF^AOBDFYCDO\HPC^OYX^BBI\C@GO]ZIH@]CK^CD\OERZ[YASGHK[M[EM@]BYD\R^[Z[^[FGHLXZN@ECINHR[_[O^OF^BMMR\FL\BPR_]IX]YBCRCBBDFIMDP_NAH\Y\R^^@]S^GGXDZA\OE]XCFG^AOM]^]NBY_SICPX]E[XEDRDEZOR^KA[]ZB@HNI\KZAYBNSDAS_\\IZBRSHML^E@M\PNFMBYIFCEGOMERBY[\P]LGCXLKXYLX^[HXMILYHA_OXDXRF^OB[YBEN^LHHYS
ZA^AVI
[^_A\A]A^]
\$0AVAYM
amsi.dll
cyvera.dA
cyvrtrapH
ntnativeH
api.dll
EpMPThe.H
EpMPApi.H
HipHandlH
ers64.dl
MfeAmsiPH
rovider.H
LogLib.dARAZM
McVarianH
tExport.H
ATPAmsiGH
uard.dllH
mfehida.H
mfehctheM
mfehcinjf
GDAMSIx6H
GDAMSIx8H
fsamsi64
spapi64.
TmUmEvt6H
tmmon64.H
TMAMSIPrH
ovider64M
WRusr.dlH
bdhkm64.H
atcuf64.H
mbae.dllH
awshook.fD
ashShellH
antimalw
are_provH
ider.dllM
ScriptCoH
ctiuser.H
cbamsi.dH
PowerreaH
son.dll
PowerBufH
crsi.dllH
crcem.dlH
InProcesH
sClient
SentinelH
ams.dll
D$[umpp
SophosAmH
siProvidH
hmpalertH
symamsi.H
ccVrTrstH
ccLib.dlH
IPSEng32
cpICC.dlM
A_AZH1
AVA^AUA]
T$aAWY
T$aAWY
ARAZV^
_]A\A]
bEMHA@
E@@VAWW
jPbHQWLmJWPVQGPMKJgEGLA
@hRwRKVIzG\\]KFiAKIRY
AETWFEF@]G_AYJFQEUFXIG[ZAHJNLDXStcwdydy{b|humnfoubicq~rbpc|`iutm
?</"-$.+<#./86)2"?%-# ': !#*3+,8
^YGYGDX[L\PTBAMWF[YXQYRKBVEVQLCQ{al
@+7-%<"')9.%-
@LVH@B
@'!=)0.%-5"5)#
@/3)2.?%-=*(*#1/
@[TI[PNQEUBBHLHUTMLFESA.
lVdNWQJkLQVPWAVKMLaCAJG
QWAAGQQ
`Z~\AZKMZxG\Z[OBcKCA\W
\K]ZA\K
^K\CG]]GA@]
HOGBKJ
@Y)_"LvRpmvgavTkpvwcnOgomp{"qwaaggfgf."rceg"rgpokqqkmlq"*PZ+"pgqvmpgf
@1A7J$
@7A1L"
@C:\Windows\system32\
@.rdata
;' $/51
7?5<-'y~
@CGX_MFAJKOPWEN
@O6^RROATEz8V_a`jc{QcPPU
kzzmzol|atfevwpoeffu{n|qwbvfvuycEYXV_GX[GWBIVNVTZKOX\LCFKWPR@HSC+#%9".$-
'?!&,'?
@laiasudiauszdashdajksl
'=$"$0;1%0-4(2!1
@Assembly
@unable to get default domain
@unable to start CorRuntimeHost
@unable to get interface of CorRuntimeHost
@unable to start CLRRuntimeHost
@unable to get interface of CLRRuntimeHost
@specified runtime is not loadable
@unable to get runtime of
@unable to find a installed CLR
@unable to enumerate installed runtimes
@unable to create metahost instance
@unable to get type of object
@variant is not an object
@wrapAny
@unable to convert to object
@GetType
@RuntimeHelper
@CompiledAssembly
@Microsoft.CSharp.CSharpCodeProvider
@ using System;using System.Drawing;using System.Runtime.InteropServices;abstract class RuntimeHelper{public static IntPtr wrapIntPtr(Int64 i){return Marshal.GetIUnknownForObject((IntPtr)i);}
public static IntPtr wrapIntPtr(Int32 i){return Marshal.GetIUnknownForObject((IntPtr)i);}
public static IntPtr wrapAny(Object o){return Marshal.GetIUnknownForObject(o);}
public static T Cast<T>(Object o){return(T)o;}
public static IntPtr wrapAny(Object o,Type t){try{if(t==o.GetType()){return wrapAny(o);}
else if(t.IsEnum){return wrapAny(Enum.ToObject(t,o));}
else if(t==typeof(Color)){int i=(int)Convert.ChangeType(o,typeof(int));return wrapAny(Color.FromArgb(i&0xff,(i>>8)&0xff,(i>>16)&0xff));}
else{try{return wrapAny(Convert.ChangeType(o,t));}
catch(System.InvalidCastException){return wrapAny(typeof(RuntimeHelper).GetMethod("Cast").MakeGenericMethod(t).Invoke(null,new object[]{o}));}}}
catch{return IntPtr.Zero;}}
public static IntPtr wrapAny(Object o,String type){try{return wrapAny(o,Type.GetType(type,true,true));}
catch{return IntPtr.Zero;}}}
@CompileAssemblyFromSource
@IncludeDebugInformation
@CompilerOptions
@GenerateExecutable
@GenerateInMemory
@OutputAssembly
@System.CodeDom.Compiler.CompilerParameters
@System
@CreateInstance
@LoadWithPartialName
@LoadFrom
@variant is not a type object
@variant is not a type
@variant is nil
@openarray
@uncatched exception inside event hander:
@VT_ILLEGAL
@VT_BSTR_BLOB
@VT_CLSID
@VT_CF
@VT_BLOB_OBJECT
@VT_STORED_OBJECT
@VT_STREAMED_OBJECT
@VT_STORAGE
@VT_STREAM
@VT_BLOB
@VT_FILETIME
@VT_UINT_PTR
@VT_INT_PTR
@VT_RECORD
@VT_LPWSTR
@VT_LPSTR
@VT_USERDEFINED
@VT_CARRAY
@VT_SAFEARRAY
@VT_PTR
@VT_HRESULT
@VT_VOID
@VT_UINT
@VT_INT
@VT_UI8
@VT_I8
@VT_UI4
@VT_UI2
@VT_UI1
@VT_I1
@VT_DECIMAL
@VT_UNKNOWN
@VT_VARIANT
@VT_BOOL
@VT_ERROR
@VT_DISPATCH
@VT_BSTR
@VT_DATE
@VT_CY
@VT_R8
@VT_R4
@VT_I4
@VT_I2
@VT_NULL
@VT_EMPTY
@kernel32
@kernel32
@mscoree
@mscoree
@ole32
@ole32
@oleaut32
@oleaut32
@index out of bounds, the container is empty
@kernel32
@kernel32
@Ws2_32.dll
L
virtualFree failing!
:state
tProcess1
remoteProcID2
treadHandle3
NtFlushInstructionCache4
cipher
RtlGetVersion
GetFileAttributesW
OpenProcess
hresult
GetForegroundWindow
GetWindowThreadProcessId
AttachConsole
CLRCreateInstance
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LdrLoadDll
RtlInitUnicodeString
GetCurrentProcessId
VirtualProtect
GetProcessHeap
GetProcAddress
RtlAddVectoredExceptionHandler
GetModuleHandleA
GetThreadContext
SetThreadContext
CloseHandle
OpenThread
GetCurrentThreadId
WaitForSingleObject
MultiByteToWideChar
GetTickCount
CreateFileA
GetFileSize
RtlAllocateHeap
ReadFile
GetComputerNameExA
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
inet_ntop
VariantConversionError
com.nim
toVariant
'%6,#(.,93!94#?=3-!6!+5'$0+<:7 &GRJIBQQMM_KODTJXNCHYL_FR_PNF^@C^orkld||sy
@kernel32.dll
@bAUCpLXOILg@EXvJUNM
@kernel32.dll
858(+%3"3'#67!&(.5*4*#>8%633)!;#
aodhrxeiolbcic`
@ntdll.dll
GYFUS^^NXIIBKUM_CIGGKBTEYQKGXAEFkqamstljx{e|h`eefjrmpjjt
didycl{
3,''74.3- 2+/: ;.5%)&%37)!!+5?--
@('$" :>#8(22+"#01,"-+/
I]T@_CKY@OTCQWHHJOWFXMP]T]MCWHOKvn
@ytpoatifkgx
nbuxh}
."&,'($/!8-,.-'>7-'556-1$)?%=9<#
81,"62)7)&<#*%+
Dx#51;
f9=@kv
>Uv1a1
wYv*kC
?$)5oL
h[bou.
c#3Y"v
B){!"8<U9
FKACW%
O0'8g=/!
fp0KR7X
{;bjcd
7JoP_E
+s5/XeD
=.b40$E
+{ql6-
QCM;SB
w(1[,WR
S=I-Xz
'|48H_Rv@
$Bhj)y
3Vj(e|
yWidO>
b|j;+8
2=53fe
{|<kJ BW
n{o3PEtM
-GgQ`v
M^tQ*
=e6+9.
~K!|$"
geM/Wc *l
Y0/f|zZ
ctD!.*<f
>T0TZU
gu}aO
sfIBGC
VL UEoZ
N+p9_q
(P0``(6
!)X(JX
"td?My
|uY+]>
OU%NTq
D^J. b
y'.(?=it
Og!O2\
l9.=_R
CrrTXV
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
(null)
Infinity
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
GCC: (MinGW-W64 x86_64-posix-seh, built by Brecht Sanders) 11.1.0
interactivePS-ruy-lopez.dll
DllInstall
DllRegisterServer
DllUnregisterServer
NimMain
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fileno
_initterm
_setjmp
_setmode
_unlock
calloc
fflush
fwrite
localeconv
longjmp
malloc
memchr
memcpy
memset
realloc
signal
strcmp
strerror
strlen
strncmp
strstr
vfprintf
wcslen
KERNEL32.dll
msvcrt.dll
(null)
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.Ramnit.dh
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win64/Agent.DUU
APEX Clean
Avast Clean
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Win64.Trojan.Agent.Agow
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD ti!FDE4F048BB01
Trapmine Clean
CTX Clean
Emsisoft Clean
Ikarus Win32.Outbreak
FireEye Clean
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Program:Win32/Wacapew.C!ml
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Kryptik!8.8 (TFE:6:JN7h59ZJssG)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Clean
AVG Clean
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Injector.DYD
No IRMA results available.