Static | ZeroBOX

PE Compile Time

2024-10-10 14:40:13

PE Imphash

fb0ee5bafbb99ce467989526f0be15c6

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000024b4 0x00002600 6.09021596151
.rdata 0x00004000 0x00001c02 0x00001e00 5.25802308628
.data 0x00006000 0x0000038c 0x00000200 0.352759488216
.rsrc 0x00007000 0x000002b0 0x00000400 5.19021307251
.reloc 0x00008000 0x00000290 0x00000400 3.89864044559

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00007058 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x40411c PathCombineW
0x404120 StrCmpNW
Library MSVCR90.dll:
0x4040a0 _crt_debugger_hook
0x4040a4 _controlfp_s
0x4040a8 _invoke_watson
0x4040b0 _decode_pointer
0x4040b4 _onexit
0x4040b8 _lock
0x4040bc __dllonexit
0x4040c0 _unlock
0x4040c4 ?terminate@@YAXXZ
0x4040c8 __set_app_type
0x4040cc _encode_pointer
0x4040d0 __p__fmode
0x4040d4 __p__commode
0x4040d8 _adjust_fdiv
0x4040dc __setusermatherr
0x4040e0 _configthreadlocale
0x4040e4 _initterm_e
0x4040e8 _initterm
0x4040ec _acmdln
0x4040f0 exit
0x4040f4 _ismbblead
0x4040f8 _XcptFilter
0x4040fc _exit
0x404100 _cexit
0x404104 __getmainargs
0x404108 _amsg_exit
0x40410c wcsstr
0x404110 memcpy
0x404114 memset
Library KERNEL32.dll:
0x404010 IsDebuggerPresent
0x404018 GetCurrentProcess
0x40401c TerminateProcess
0x404024 GetCurrentProcessId
0x404028 GetCurrentThreadId
0x40402c GetTickCount
0x404038 GetStartupInfoA
0x404040 InterlockedExchange
0x404044 ExitThread
0x404048 FindFirstFileW
0x40404c lstrcmpW
0x404050 FindNextFileW
0x404054 GetLogicalDrives
0x404058 GetDriveTypeW
0x40405c QueryDosDeviceW
0x404060 lstrcpyW
0x404064 GetFileSize
0x404068 CreateFileMappingA
0x40406c MapViewOfFile
0x404070 FlushViewOfFile
0x404074 UnmapViewOfFile
0x404078 SetFilePointer
0x40407c SetEndOfFile
0x404080 CreateFileW
0x404084 CloseHandle
0x404088 CreateThread
0x40408c ExitProcess
0x404090 GetLastError
0x404094 CreateMutexA
0x404098 Sleep
Library USER32.dll:
0x404128 CharLowerW
Library ADVAPI32.dll:
0x404000 RegCloseKey
0x404004 RegOpenKeyExW
0x404008 RegQueryValueExW
Library ole32.dll:
0x404130 CoInitializeEx

!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
tXh,T@
t=h0T@
6246464
D$89D$
D$0Hc@<H
9D$XsbH
9D$Tu H
D$HH9D$(
H9D$Pu
StrCmpNW
PathCombineW
SHLWAPI.dll
memset
memcpy
wcsstr
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
CreateThread
ExitProcess
GetLastError
CreateMutexA
CloseHandle
CreateFileW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
FindNextFileW
lstrcmpW
FindFirstFileW
ExitThread
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
CharLowerW
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
CoInitializeEx
ole32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0#020<0G0Q0\0
B1s1n4
5-575k6
7$7.787
9#9*91989?9F9M9T9
;&;+;F;K;f;
;3<@<F<L<Q<[<b<h<m<r<w<|<
=!=&=<=A=J=O=\=l=r=z=
>0>6>@>F>O>[>
?.?6?<?H?S?
020?0|0
1 2&2-2J2
3%3-393]3e3p3v3|3
4'40454;4E4N4Y4e4j4z4
<1H1L1
5(5D5H5
jjjjjjj
4%appdata%
\windrx.txt
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
windows
system
programdata
program files
appdata
application data
default
msocache
config.msi
perflogs
$recycle.bin
VolDrvCo
Antivirus Signature
Bkav W32.Common.7D1FD2FB
Lionic Trojan.Win32.Patched.trwY
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Generic.mm
ALYac Trojan.GenericKD.74282596
Cylance Unsafe
Zillya Downloader.AgentAGen.Win32.24721
CrowdStrike Clean
Alibaba TrojanDownloader:Win32/GandCrab.dfd2be85
K7GW Trojan-Downloader ( 005b43121 )
K7AntiVirus Trojan-Downloader ( 005b43121 )
huorong TrojanDownloader/W64.MalDownload.a
Baidu Clean
VirIT Trojan.Win32.Genus.WPW
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Win32/TrojanDownloader.Phorpiex.D
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Virus.Win32.Zeropi.gen
BitDefender Trojan.GenericKD.74282596
NANO-Antivirus Trojan.Win32.AgentAGen.kspuob
ViRobot Trojan.Win.Z.Ransom.20992.A
MicroWorld-eScan Trojan.GenericKD.74282596
Tencent Malware.Win32.Gencirc.141d0b86
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1374896
DrWeb Trojan.DownLoader46.2135
VIPRE Trojan.GenericKD.74282596
TrendMicro TROJ_GEN.R002C0DJA24
McAfeeD ti!D9CB527841E9
Trapmine Clean
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.74282596 (B)
Ikarus Trojan.Win32.Krypt
FireEye Generic.mg.c2159769dc80fa8b
Jiangmin Clean
Webroot Clean
Varist W32/ABTrojan.RBHQ-4239
Avira HEUR/AGEN.1374896
Fortinet W32/Agent_AGen.GG!tr
Antiy-AVL Trojan[Ransom]/Win32.Gen
Kingsoft Win32.Virus.Zeropi.gen
Gridinsoft Ransom.Win32.Gandcrab.sa
Xcitium Malware@#1q348smp4khh0
Arcabit Trojan.Generic.D46D7664
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
ZoneAlarm HEUR:Virus.Win32.Zeropi.gen
Microsoft Trojan:Win32/GandCrab.NA!MTB
Google Detected
AhnLab-V3 Malware/Win.Generic.C5472676
Acronis Clean
McAfee Trojan-FWOA!C2159769DC80
TACHYON Clean
VBA32 BScope.Worm.Propriex
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJA24
Rising Trojan.Phorpiex!1.EB7A (CLASSIC)
Yandex Trojan.DL.Agent_AGen!eH2Z4tmnI/o
SentinelOne Clean
MaxSecure Clean
GData Trojan.GenericKD.74282596
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.