Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00011000	0x00000000	0.0
UPX1	0x00012000	0x0000b000	0x0000a800	7.91433366384
.rsrc	0x0001d000	0x00001000	0x00000a00	3.49538303912

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

UPX0

0x00001000

0x00011000

0x00000000

0.0

UPX1

0x00012000

0x0000b000

0x0000a800

7.91433366384

.rsrc

0x0001d000

0x00001000

0x00000a00

3.49538303912

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0001d0ec	0x000002e8	LANG_ENGLISH	SUBLANG_ENGLISH_CAN	data
RT_GROUP_ICON	0x0001d3d8	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_CAN	data
RT_VERSION	0x0001d3f0	0x00000424	LANG_ENGLISH	SUBLANG_ENGLISH_CAN	data

Name

Offset

Size

Language

Sub-language

File type

RT_ICON

0x0001d0ec

0x000002e8

LANG_ENGLISH

SUBLANG_ENGLISH_CAN

data

RT_GROUP_ICON

0x0001d3d8

0x00000014

LANG_ENGLISH

SUBLANG_ENGLISH_CAN

data

RT_VERSION

0x0001d3f0

0x00000424

LANG_ENGLISH

SUBLANG_ENGLISH_CAN

data

!This program cannot be run in DOS mode.

&$6%?&i

[9\J]LY

T!{fi

8v9[fi

L]MeNi

fQpRHS

mr[q^Iw

Ont+2l#

QJSjA7

uoh9h7

qdrNNN

stuvNNNNwxyz}5

c`|KPL

dddddd

TP$###TTTd

\\#9dd\\X

<0VbPy

A4+#(lGr

,\vp9

'7rq%0-

YH|BU[

%^S`4e

8P6oC:/

BP_W1.

`(INL=

{#7 hq4

KX;H<|

=/Fv&Z:

,:u'K-

JT=!g7

U#9AtJ

_t3cnB

d@Y~B$

oh(;8Q&$

x\YG}i

eYentCo-X

lSet\SY

eYervic

Zc;;;Y

2' jJH

u:sP=18

F\GCHw

4KuIrJK0K

4KeLnMtNr

oPQKwvvR7S

lUggg'VLW)X}Y4g'g

:Ks`sagb

ddddll

T\\)9dd\\X

}D@D#S22DDLLr

$LLHdi

44<9dd

'+,lW_

u(<,@F

vGCwA[

yYEtH

`!^.JH

/om07I

*z8euR

v95c}R

)J&86^[

V9~p,u

sO;>|C;{

l#fj<Pn

VcwtQ

)`6D(~

Kj:SP-RcU

z3:+Lh

uY$s){

1v*U@2

I;\+\9

eYYKYY\ey

aytUK&N

)Ehr4m

;3(P.Z23

=A8tn

+djt+,iU

Tf}[w9j

L}[8o{

l/v D>9

0:uNF-

V4Q,=H

;|(R0QO

n=u)1e

UP)6U4T

Qet,GQ

I-9t"b

2mU4y

yIIPPP

iWCl?t<

tO-o[y

S,A WP

NXX@:H

FWWE[S3M

} s2

hs'<gD1

2222 $(,2222048<2222@DHL2222PTX\2222`dhl2222

?cmd.exe

command.

/coCOMSPEC

^V\8PX

GAIsProcessorFeature

nt KERNEL32

__GLOBAL_HEAP_SR

~3ru~ime er

*}TASS

- Kablm

to iniValiz

7'7not=

spac#f{lowi8

std5pj

virr!3

_*o\/X

p@gram

Jm6/09O

9.+8argu(

%,klwn>

TueWuThuFrv

{TZ(ul

GetLavAFv

ageBox30h\Z

.dnws%

1#QNAN

s5A9F76

F57B7E1E9`

64B211C5F1980FC12'

26)A8ACEE7.B937(3B

ddos.tfPo

qrsx Cdefgh

Bc Jklmnop R

) Uab Hijq S

Mozio

a/5.0 (WrNT 6

) Gecko/2010

.1CMacE

9_7_4LAppl

KHTML, liken(Ve

u.Lux i

83}?d 4

.NE$CLR 2_50p

*#@76_8

#64Chr

908,6:

924 2~

G26m-

yXPuobP>9

+A,2nK

glrd/2L

Q[h->4

FOiAhD

isLd]1

4_3_3x

BIDUBrU

52oY0

/P_HDRIN

6`ANO(

7ud: %d

E\DESC

PTION\SyZ

Keep-Al

>-La`u

](4C67

html,!n

ol:>-c

/ktp://w

%.fKb/bps|

H377Ah

NtQu9yERh

Ix<@o

(dUsAUR

WaitFor

nA-La1v

?lobalMM

Ctus%M

are rfW

Defa8tUIs

Eepjick

Hx&EAddrILY

+OEMCP

jUnhid8_

mrhc[7k

02vDisp

B\ag;|

XPTPSW

wwwwww

pwwwwwp

KERNEL32.DLL

ADVAPI32.dll

iphlpapi.dll

USER32.dll

WININET.dll

WS2_32.dll

LoadLibraryA

GetProcAddress

VirtualProtect

VirtualAlloc

VirtualFree

ExitProcess

RegOpenKeyA

GetIfTable

wsprintfA

InternetOpenA

VS_VERSION_INFO

StringFileInfo

080904b0

Comments

CompanyName

Microsoft Corporation

FileDescription

Windows Enhanced Storage Password Authentication Program

FileVersion

6.1.7600.16385 (win7_rtm.090713-1255)

InternalName

LegalCopyright

LegalTrademarks

OriginalFilename

Authn.exe

PrivateBuild

ProductName

Microsoft Operating System

ProductVersion

6.1.7600.16385

SpecialBuild

VarFileInfo

Translation

Antivirus	Signature
Bkav	W32.Common.339390D0
Lionic	Trojan.Win32.ServStart.4!c
Elastic	Windows.Generic.Threat
ClamAV	Win.Malware.Nitol-6802818-0
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	BehavesLike.Win32.Generic.pc
ALYac	Generic.ServStart.A.A23BB552
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.799880
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Worm:Win32/AutoRun.ad23b205
K7GW	Trojan ( 000170ae1 )
K7AntiVirus	Trojan ( 000170ae1 )
Baidu	Clean
VirIT	Trojan.Win32.Dnldr25.PNR
Paloalto	generic.ml
Symantec	SMG.Heur!gen
tehtris	Clean
ESET-NOD32	a variant of Win32/Agent.RTQ
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Generic.ServStart.A.A23BB552
NANO-Antivirus	Trojan.Win32.Ric.etbkiz
ViRobot	Clean
MicroWorld-eScan	Generic.ServStart.A.A23BB552
Tencent	Malware.Win32.Gencirc.11abff2f
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Downloader.Gen
DrWeb	Trojan.DownLoader25.10495
VIPRE	Generic.ServStart.A.A23BB552
TrendMicro	DDoS.Win32.NITOL.SMG
McAfeeD	Real Protect-LS!61FE809E805E
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Emsisoft	Generic.ServStart.A.A23BB552 (B)
huorong	HVM:Trojan/MalBehav.gen!C
FireEye	Generic.mg.61fe809e805e74c4
Jiangmin	Trojan.Generic.bjpij
Webroot	W32.Trojan.Gen
Varist	W32/Trojan.CZR.gen!Eldorado
Avira	TR/Downloader.Gen
Fortinet	W32/Agent.RTQ!tr
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.b.998
Gridinsoft	Trojan.Win32.Gen.vl!i
Xcitium	Clean
Arcabit	Generic.ServStart.A.A23BB552
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Worm:Win32/AutoRun!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Nitol.R215641
Acronis	Clean
McAfee	GenericRXAA-AA!61FE809E805E
TACHYON	Clean
VBA32	BScope.TrojanDDoS.Macri
Malwarebytes	Malware.AI.1112599291
Panda	Trj/Genetic.gen
Zoner	Clean
TrendMicro-HouseCall	DDoS.Win32.NITOL.SMG
Rising	Trojan.Agent!8.B1E (TFE:5:87fVyGeA1oT)
Yandex	Trojan.GenAsa!dQdgt8kAsB4
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.300983.susgen
GData	Generic.ServStart.A.A23BB552
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Clean

Antivirus

Signature

Bkav

W32.Common.339390D0

Lionic

Trojan.Win32.ServStart.4!c

Elastic

Windows.Generic.Threat

ClamAV

Win.Malware.Nitol-6802818-0

CMC

Clean

CAT-QuickHeal

Clean

Skyhigh

BehavesLike.Win32.Generic.pc

ALYac

Generic.ServStart.A.A23BB552

Cylance

Unsafe

Zillya

Trojan.Agent.Win32.799880

Sangfor

Suspicious.Win32.Save.a

CrowdStrike

win/malicious_confidence_100% (W)

Alibaba

Worm:Win32/AutoRun.ad23b205

K7GW

Trojan ( 000170ae1 )

K7AntiVirus

Trojan ( 000170ae1 )

Baidu

Clean

VirIT

Trojan.Win32.Dnldr25.PNR

Paloalto

generic.ml

Symantec

SMG.Heur!gen

tehtris

Clean

ESET-NOD32

a variant of Win32/Agent.RTQ

APEX

Malicious

Avast

Win32:TrojanX-gen [Trj]

Cynet

Malicious (score: 100)

Kaspersky

HEUR:Trojan.Win32.Generic

BitDefender

Generic.ServStart.A.A23BB552

NANO-Antivirus

Trojan.Win32.Ric.etbkiz

ViRobot

Clean

MicroWorld-eScan

Generic.ServStart.A.A23BB552

Tencent

Malware.Win32.Gencirc.11abff2f

Sophos

Mal/Generic-S

F-Secure

Trojan.TR/Downloader.Gen

DrWeb

Trojan.DownLoader25.10495

VIPRE

Generic.ServStart.A.A23BB552

TrendMicro

DDoS.Win32.NITOL.SMG

McAfeeD

Real Protect-LS!61FE809E805E

Trapmine

malicious.high.ml.score

CTX

exe.trojan.generic

Emsisoft

Generic.ServStart.A.A23BB552 (B)

huorong

HVM:Trojan/MalBehav.gen!C

FireEye

Generic.mg.61fe809e805e74c4

Jiangmin

Trojan.Generic.bjpij

Webroot

W32.Trojan.Gen

Varist

W32/Trojan.CZR.gen!Eldorado

Avira

TR/Downloader.Gen

Fortinet

W32/Agent.RTQ!tr

Antiy-AVL

Trojan/Win32.AGeneric

Kingsoft

malware.kb.b.998

Gridinsoft

Trojan.Win32.Gen.vl!i

Xcitium

Clean

Arcabit

Generic.ServStart.A.A23BB552

SUPERAntiSpyware

Clean

ZoneAlarm

HEUR:Trojan.Win32.Generic

Microsoft

Worm:Win32/AutoRun!pz

Google

Detected

AhnLab-V3

Trojan/Win32.Nitol.R215641

Acronis

Clean

McAfee

GenericRXAA-AA!61FE809E805E

TACHYON

Clean

VBA32

BScope.TrojanDDoS.Macri

Malwarebytes

Malware.AI.1112599291

Panda

Trj/Genetic.gen

Zoner

Clean

TrendMicro-HouseCall

DDoS.Win32.NITOL.SMG

Rising

Trojan.Agent!8.B1E (TFE:5:87fVyGeA1oT)

Yandex

Trojan.GenAsa!dQdgt8kAsB4

Ikarus

Trojan.Win32.Agent

MaxSecure

Trojan.Malware.300983.susgen

GData

Generic.ServStart.A.A23BB552

AVG

Win32:TrojanX-gen [Trj]

DeepInstinct

MALICIOUS

alibabacloud

Clean

Static Analysis

PE Compile Time

PE Imphash

PEiD Signatures

Sections

Resources

Imports