popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-11-05 11:41:14

PE Imphash

87bed5a7cba00c7e1f4015f1bdae2183

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000335f 0x00003400 5.51451126571
.rdata 0x00005000 0x000017d0 0x00001800 4.31565671732
.data 0x00007000 0x00000540 0x00000200 0.101910425663
.pdata 0x00008000 0x0000021c 0x00000400 2.37804833143
.rsrc 0x00009000 0x00000328 0x00000400 2.61816405626
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00009060 0x000002c4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x140005000 LoadLibraryA
0x140005008 GetProcAddress
!This program cannot be run in DOS mode.
:,EF:&=
:JK~:-=
:JKO:$=
:JKH:$=
:Rich%=
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$pHc@<H
D$pHc@<H
D$pHc@<H
D$8Hc@<H
9D$0rT
9D$0s,
D$8Hc@<H
D$(H9D$
9D$Ps'
ZeroX64
Made in Algeria <3
ReflectiveLoader
Software\Microsoft\Windows\CurrentVersion\Run
wcscpy
LoadLibraryA
kernel32.dll
GetProcAddress
kernel32.dll
msvcrt.dll
wcscat
msvcrt.dll
wcscmp
msvcrt.dll
wcsncpy
msvcrt.dll
wcslen
msvcrt.dll
strlen
msvcrt.dll
realloc
msvcrt.dll
msvcrt.dll
wcsstr
msvcrt.dll
CloseHandle
kernel32.dll
CreateDirectoryA
kernel32.dll
GetFileAttributesA
kernel32.dll
GetModuleFileNameA
kernel32.dll
CopyFileA
kernel32.dll
GetWindowsDirectoryA
kernel32.dll
CreateFileA
kernel32.dll
HeapAlloc
kernel32.dll
GetProcessHeap
kernel32.dll
ExpandEnvironmentStringsW
kernel32.dll
ResumeThread
kernel32.dll
SetThreadContext
kernel32.dll
RtlCompareMemory
kernel32.dll
VirtualAllocEx
kernel32.dll
GetModuleHandleA
kernel32.dll
GetThreadContext
kernel32.dll
GetModuleFileNameW
kernel32.dll
VirtualProtectEx
kernel32.dll
GetLastError
kernel32.dll
ReleaseMutex
kernel32.dll
CreateMutexA
kernel32.dll
HeapFree
kernel32.dll
WaitForSingleObject
kernel32.dll
CreateThread
kernel32.dll
CheckRemoteDebuggerPresent
kernel32.dll
GetCurrentProcess
kernel32.dll
IsDebuggerPresent
kernel32.dll
ExitProcess
kernel32.dll
DeleteFileA
kernel32.dll
Process32NextW
kernel32.dll
TerminateProcess
kernel32.dll
OpenProcess
kernel32.dll
Process32FirstW
kernel32.dll
CreateToolhelp32Snapshot
kernel32.dll
SetEndOfFile
kernel32.dll
lstrcmpA
kernel32.dll
WriteProcessMemory
kernel32.dll
ReadProcessMemory
kernel32.dll
GetFileSize
kernel32.dll
WriteFile
kernel32.dll
AdjustTokenPrivileges
Advapi32.dll
OpenProcessToken
Advapi32.dll
LookupPrivilegeValueW
Advapi32.dll
GetTokenInformation
Advapi32.dll
CreateFileW
kernel32.dll
SHGetFolderPathW
shell32.dll
SHGetFolderPathA
shell32.dll
lstrcatA
kernel32.dll
SetFileAttributesA
kernel32.dll
SHGetKnownFolderPath
shell32.dll
FreeLibrary
kernel32.dll
MoveFileW
kernel32.dll
GetFileSizeEx
kernel32.dll
GetWindowsDirectoryA
kernel32.dll
GetVolumeInformationA
kernel32.dll
GetTickCount
kernel32.dll
wsprintfW
user32.dll
wsprintfA
user32.dll
VirtualAlloc
kernel32.dll
ReadFile
kernel32.dll
kernel32.dll
VirtualFree
kernel32.dll
SetFilePointer
kernel32.dll
CreateDirectoryW
kernel32.dll
FindFirstFileW
kernel32.dll
FindNextFileW
kernel32.dll
FindClose
kernel32.dll
CopyFileW
kernel32.dll
WriteFile
kernel32.dll
GetSystemDirectoryW
kernel32.dll
ExitProcess
kernel32.dll
CreateRemoteThread
kernel32.dll
InternetOpenUrlW
wininet.dll
InternetReadFile
wininet.dll
HttpQueryInfoA
wininet.dll
InternetOpenW
wininet.dll
InternetConnectW
wininet.dll
HttpOpenRequestW
wininet.dll
HttpSendRequestA
wininet.dll
InternetCloseHandle
wininet.dll
PathIsURLW
shlwapi.dll
PathCombineW
shlwapi.dll
PathFindFileNameW
shlwapi.dll
StrStrA
shlwapi.dll
URLDownloadToFileW
urlmon.dll
CreateProcessW
kernel32.dll
ShellExecuteW
shell32.dll
GetModuleFileNameW
kernel32.dll
GetShortPathNameW
kernel32.dll
GetEnvironmentVariableW
kernel32.dll
GetUserNameA
Advapi32.dll
RegDeleteKeyW
Advapi32.dll
RegOpenKeyExA
Advapi32.dll
RegSetValueExA
Advapi32.dll
RegCloseKey
Advapi32.dll
MessageBoxA
user32.dll
.reloc
NtUnmapViewOfSection
AlreadyInTask
rbNSpGEsyb
Services
worker_VznLpbPuTg
worker_ZLpjbmHstE
worker_pPCJtqmKMc
%08lX%04lX%lu
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
Services
GetProcAddress
LoadLibraryA
KERNEL32.dll
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
%SystemRoot%\system32\svchost.exe
%SystemRoot%\system32\msiexec.exe
%SystemRoot%\system32\audiodg.exe
http://176.111.174.140/api/xloader.bin
http://176.111.174.140/api/xloader.bin
ProcessHacker.exe
procexp.exe
procexp64.exe
TOTALCMD.exe
x64dbg.exe
idaq64.exe
idaq.exe
autoruns.exe
procmon.exe
http://176.111.174.140/api/xloader.bin
http://176.111.174.140/api/xloader.bin
svchost.exe
msiexec.exe
audiodg.exe
Unknown
explorer.exe
SeDebugPrivilege
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
System
FileVersion
1.0.0.1
InternalName
Services.exe
LegalCopyright
Copyright (C) 2024
OriginalFilename
Services.exe
ProductName
Services
ProductVersion
1.3.0.1
VarFileInfo
Translation
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Androm.m!c
Elastic Clean
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Clean
Cylance Unsafe
Zillya Clean
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong HEUR:Trojan/Agent.ac
Baidu Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Generik.BBJFNGG
APEX Malicious
Avast Win32:Dh-A [Heur]
ClamAV Clean
Kaspersky Backdoor.Win32.Androm.vteo
BitDefender Trojan.GenericKD.74667022
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.74667022
Tencent Clean
Sophos ML/PE-A
F-Secure Clean
DrWeb Trojan.Inject5.11432
VIPRE Clean
TrendMicro Clean
McAfeeD ti!247004604614
Trapmine Clean
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.74667022 (B)
Ikarus Win32.Outbreak
FireEye Generic.mg.5c02b91b95c1dec8
Jiangmin Clean
Webroot Clean
Avira Clean
Fortinet W32/PossibleThreat
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Kingsoft malware.kb.a.914
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:Backdoor.Win32.Androm.vteo
Microsoft Trojan:Win32/Wacatac.B!ml
Varist Clean
AhnLab-V3 Trojan/Win.Injection.C5690155
Acronis Clean
McAfee Artemis!5C02B91B95C1
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Kryptik@AI.89 (RDML:osYPPtjcT0a1us2m5FMC3w)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData Win64.Trojan.Agent.LLID4G
AVG Win32:Dh-A [Heur]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.