Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0004b4f8	0x0004b600	6.53824504298
.rdata	0x0004d000	0x0024b782	0x0024b800	3.3065868643
.data	0x00299000	0x00003054	0x00001800	3.31496895211
.pdata	0x0029d000	0x00003fa8	0x00004000	5.66585946943
.rsrc	0x002a1000	0x000001e0	0x00000200	4.71767883295
.reloc	0x002a2000	0x00000ad0	0x00000c00	5.20296029833

Name	Offset	Size	Language	Sub-language	File type
RT_MANIFEST	0x002a1060	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document text

!This program cannot be run in DOS mode.

`.rdata

@.data

.pdata

@.rsrc

@.reloc

L$ WATAUAVAWH

A_A^A]A\_

d$ AUAVAWH

0A_A^A]

UWATAUAVH

t%HcW<

A^A]A\_]

@USATAUH

HA]A\[]

@SUVWAVH

`A^_^][

VAVAWH

A_A^^

WAVAWH

A_A^_

@SUVWAWH

A__^][

|$ AVH

WATAUAVAWH

A_A^A]A\_

|$ AVH

WATAUAVAWH

A_A^A]A\_

@SUVAVH

(A^^][

@SVATAUAWH

0A_A]A\^[

t$ UWAVH

UVWATAUAVAWH

A_A^A]A\_^]

SUVWAUAVH

uUHcG<=

8A^A]_^][

UVWATAWH

uHfD9;uBHcC<=

t$HfA;

`A_A\_^]

ubf9;u]HcC<=

uRf9;uMHcC<=

uMf9;uHHcC<=

ucf9;u^HcC<=

uif93udHcC<=

uCHcC<=

@WATAVH

u@fD9/u:HcG<=

uOfD9.uIHcF<=

pA^A\_

t$ WATAUAVAWH

uCHcG<=

D$`fE;_

0A_A^A]A\_

WATAUAVAWH

u>HcF<=

0A_A^A]A\_

D$@H;V

t$ WAVAWH

@A_A^_

t$ WATAUAVAWH

A_A^A]A\_

L$ SWH

l$ VWAVH

UATAUAVAWH

7.exeB

L;d$H

A_A^A]A\]

D$PHcH

8VMwau

VirtualB

@SUVWAVH

L90u"H

0A^_^][

t$ WAVAWH

A_A^_

@SAVAWH

0A_A^[

|$ t}I

0A_A^[

|$ UAVAWH

@SVAVAWH

(A_A^^[

t$ WATAUAVAWH

A_A^A]A\_

@SUVAWH

(A_^][

UATAUAVAWH

A_A^A]A\]

\$ VWAVH

VWATAVAWH

@A_A^A\_^

@SVWATAVH

@A^A\_^[

t$ UWATAVAWH

A_A^A\_]

@USVWATAVAWH

fD9$Au

A_A^A\_^[]

fF94Bu

UATAUAVAWH

L;D$pu

A_A^A]A\]

t$ UWATAVAWH

A_A^A\_]

@VWAVAWH

8A_A^_^

@SVAVAWH

8A_A^^[

SVAUAWH

HA_A]^[

@SVAVH

@WATAVAWH

8A_A^A\_

UATAUAVAWH

7.sysB

L;l$P

A_A^A]A\]

UVWAVAWH

0A_A^_^]

@SVATAVAWH

A_A^A\^[

@SUVWATAUAVAWH

9D$hu$

A_A^A]A\_^][

@SUWAWH

@8<$tFH

8A__][

SUVWATAUAVAWH

8A_A^A]A\_^][

UAVAWH

u@fD93u:HcC<=

u9fD93u3HcC<=

t$ WAVAWH

u?f9u:HcG<=

|$ UAVAWH

D$pexpa

D$tnd 3

D$x2-by

D$|te k

@USVWATAVAWH

A_A^A\_^[]

00000000H

UVWATAUAVAWH

`A_A^A]A\_^]

@SVWAVH

XA^_^[

@VWAWH

WAVAWH

0A_A^_

@VWAWH

WAVAWH

0A_A^_

UVWAVAWH

A_A^_^]

\$ UVWAVAWH

0A_A^_^]

\$ UVWAVAWH

0A_A^_^]

@SUVWATAUAVAWH

;t$XsHI

xA_A^A]A\_^][

@SUVAVAWH

PA_A^^][

@SUVWATAVH

8A^A\_^][

@UVWATAVAWH

8A_A^A\_^]

@WATAWH

0A_A\_

@USVWAVH

A^_^[]

SUVATH

HA\^][

E0xD+

\$ UVWAVAWH

A_A^_^]

< tB<+t!<-uYA

@USVWATAVAWH

t-<st)A

A_A^A\_^[]

t1<ct-A

UVWATAUAVAWH

A_A^A]A\_^]

UVWAVAWH

A_A^_^]

UVWATAUAVAWH

A_A^A]A\_^]

@SVWATAVH

0A^A\_^[

@SUVWAUAVAWH

T$HL;T$Pt

A_A^A]_^][

@USVWATAVAWH

<BtX<XtK<bt><ot

A_A^A\_^[]

UVWAVAWH

pA_A^_^]

@USVWATAVAWH

t0<ct,A

<BtW<XtJ<bt=<ot

A_A^A\_^[]

UVWAVAWH

pA_A^_^]

@USVWATAVAWH

t0<ct,A

<BtX<XtK<bt><ot

A_A^A\_^[]

@USVWATAVAWH

t0<ct,A

<BtW<XtJ<bt=<ot

A_A^A\_^[]

UVWAVAWH

pA_A^_^]

@USVWATAVAWH

t0<ct,A

<BtX<XtK<bt><ot

A_A^A\_^[]

\$ VWATAVAWH

0A_A^A\_^

|$ AVH

\$ UVWATAWH

@A_A\_^]

l$ VWATAVAWH

A_A^A\_^

t$ WATAUAVAWH

0A_A^A]A\_

l$ WATAUAVAWH

@A_A^A]A\_

\$ UVWATAWH

@A_A\_^]

\$ UVWATAWH

@A_A\_^]

\$ UVWATAWH

@A_A\_^]

t$ WATAUAVAWH

D)ctA+

A_A^A]A\_

SUVWATAUAVAWH

T$@A+|$

\$8E+\$

A;U8v#A

tJE;u$tDH

uNE9}4uB

hA_A^A]A\_^][

tWH98uR

@<L9A0

WAVAWH

K49K<u

A_A^_

@SWAVAWH

l$XD+`

(A_A^_[

VWATAUAWH

A_A]A\_^

WATAUAVAWH

A9.u$9iLvE

A9.u E

0A_A^A]A\_

SUVWATAUAVAWH

T$"fA;

T$0fA;

HA_A^A]A\_^][

WATAUAVAWH

A_A^A]A\_

WAVAWH

A_A^_

@UAVAWH

A_A^]

@UATAUAVAWH

A_A^A]A\]

WATAUAVAWH

A_A^A]A\_

@SWATH

|$ ATAVAWH

f90uKH

A_A^A\

WATAUAVAWH

A_A^A]A\_

@USWAUAVAWH

A_A^A]_[]

H3+H3s

H3S I3

SUVWAVH

0A^_^][

SUVWATAUAVAWH

hA_A^A]A\_^][

UVWATAUAVAWH

;D$(s8D

`A_A^A]A\_^]

SUVWATAVAWH

0A_A^A\_^][

)T$ fD

SUVWATAUAVAWH

hA_A^A]A\_^][

)D$ fD

SUVWATAUAVAWH

hA_A^A]A\_^][

SVWATAUAVAWH

A_A^A]A\_^[

SVWATAUAVAWH

\$PfA;

;D$(s:D

pA_A^A]A\_^[

SUVWAVH

A^_^][

USVWATAUAVAWH

A_A^A]A\_^[]

USVWAVAWH

A_A^_^[]

WATAUAVAWH

0A_A^A]A\_

S(HcS0

x UAVAWH

D$@H;F

kL@8o(u

<htl<jt\<lt4<tt$<wt

UWATAVAWH

A_A^A\_]

WAVAWH

A_A^_

UVWATAUAVAWH

rsf;\$d

r_f;\$l

rKf;\$t

r7f;\$|

f;\$4r

f;\$<r

rvf;\$d

rbf;\$l

rNf;\$t

r:f;\$|

A_A^A]A\_^]

D$0@8{

p*W4H

L$ VWAVH

t$ WATAUAVAWH

0A_A^A]A\_

D$(H!L$ E3

;D$hsL

L$ UVWATAUAVAWH

0A_A^A]A\_^]

T$ D){

WAVAWH

fE98t'

0A_A^_

@USVWATAUAVAWH

A_A^A]A\_^[]

9Cu,fD9y

fB9<{u

fD9,pu

t$`fD9+t$I

L$ SUVWH

WATAUAVAWH

0A_A^A]A\_

\$ UVWATAUAVAWH

fD9,Au

A_A^A]A\_^]

\$ UVWATAUAVAWH

f9t$bu

A_A^A]A\_^]

H9L$Ht?H

UVWATAUAVAWH

fE9,Fu

A_A^A]A\_^]

|$ AVH

@UATAUAVAWH

A_A^A]A\]

t$ WATAUAVAWH

gfffffffH

A_A^A]A\_

{ AUAVAWH

0A_A^A]

t$xt*3

WAVAWH

A_A^_

x ATAVAWH

A_A^A\

L$ VWAVH

fD94H}aD

fD9t$b

WATAUAVAWH

A_A^A]A\_

p0R^G'

D$0H9D$8

UVWATAUAVAWH

fB9<I}1L

A_A^A]A\_^]

VWATAVAW

A_A^A\_^

VATAUAVAWH

0A_A^A]A\^

@USVWATAUAVAWH

H!D$ H

xA_A^A]A\_^[]

Hc-Sy&

UVWATAUAVAWH

A_A^A]A\_^]

UVWATAUAVAW

A_A^A]A\_^]

\$ UVWATAUAVAWH

s2fE9)I

fE9)fA

D$pfA;

0fD9l$pu

fD9l$pt

0A_A^A]A\_^]

l$ VWATAVAWH

0A_A^A\_^

AUAVAWH

A_A^A]

UVWATAUAVAWH

D;-fo&

@8t$HtzL

`A_A^A]A\_^]

VATAUAVAWH

0A_A^A]A\^

l$ VWATAVAWH

L$&8\$&t,8Y

A_A^A\_^

s WATAUAVAWH

D$h9t$P

A_A^A]A\_

UATAUAVAWH

A_A^A]A\]

WATAUAVAWH

A_A^A]A\_

UATAUAVAWH

A_A^A]A\]

@UATAUAVAWH

e0A_A^A]A\]

fB9<Hu

fB9<@u

fB9<Bu

fB9,Nu

fA9,Au

fB94Ou

t}f91txH

x ATAVAWH

A_A^A\

x ATAVAWH

fD9 tMH

fG9$Ou

0A_A^A\

fB9<Hu

fB9<@u

fB9<Bu

fD94Au

fD94iu

tSf91tNH

t^;\$0tQ

WAVAWH

A_A^_

@USVWATAVAWH

tyfD9 tsH

tQfD9 tK

fD9$Hu

@A_A^A\_^[]

u3HcH<H

t$ WATAUAVAWH

D!|$xA

A_A^A]A\_

SUVWATAVAWH

A_A^A\_^][

@USVWATAVAWH

A_A^A\_^[]

WATAUAVAWH

0A_A^A]A\_

ATAVAWH

0A_A^A\

WAVAWH

A_A^_

@UAVAWH

e0A_A^]

@SUVWATAVAWH

A_A^A\_^][

WAVAWH

D8|$`t

A_A^_

WAVAWH

@A_A^_

x ATAVAWH

@A_A^A\

p0R^G'

WAVAWH

A_A^_

WAVAWH

A_A^_

ffffff

fffffff

@SUVWATAVAWH

@A_A^A\_^][

T$`fA;

ATAVAWH

A_A^A\

USVWAVH

A^_^[]

WATAVH

0A^A\_

E80t"A

fD94Q}

SVWAVH

8A^_^[

WAVAWH

u/HcH<H

WATAUAVAWH

A_A^A]A\_

D8L$0u`A

VWATAVAWH

A_A^A\_^

WATAUAVAWH

A_A^A]A\_

H;xXu5

AUAVAWH

u4I9}(

;I9}(tiH

0A_A^A]

AUAVAWH

u4I9}(

;I9}(tiH

0A_A^A]

UVWATAUAVAWH

`A_A^A]A\_^]

UVWATAUAVAWH

`A_A^A]A\_^]

@USVWATAUAVAWH

A_A^A]A\_^[]

@USVWATAUAVAWH

d$dD;d$l

A_A^A]A\_^[]

UVWATAUAVAWH

A_A^A]A\_^]

@USVWATAUAVAWH

A_A^A]A\_^[]

WAVAWH

A_A^_

WAVAWH

@SVWATAUAVAWH

L!|$(L!

D$0HcH

pA_A^A]A\_^[

SVWATAUAWH

L!d$(L!d$@D

D$HL9gXt

A_A]A\_^[

B(I9A(u

SVWATAUAVAWH

0A_A^A]A\_^[

SVWATAUAVAWH

A_A^A]A\_^[

t$ WATAUAVAWH

A_A^A]A\_

UVWATAUAVAWH

A_A^A]A\_^]

D$ I;R

D$ I9P

WATAUAVAWH

A_A^A]A\_

l$ VWAVH

WAVAWH

t$ UWAVH

@UAVAWH

WATAUAVAWH

A_A^A]A\_

UVWAVAWH

0A_A^_^]

t$ UWAUAVAWH

A_A^A]_]

u$D8r(t

D81uUL9r

uED8r(t

vAD8s(t

f9)u4H9j

u%@8j(t

u$D8r(t

fD91uTL9r

uED8r(t

v@D8s(t

UVWATAUAVAWH

PA_A^A]A\_^]

WATAUAVAWH

0A_A^A]A\_

H9>u+A

@USVWATAUAVH

D8t$ht

A^A]A\_^[]

WATAVH

0A^A\_

@USVWATAUAVAWH

xA_A^A]A\_^[]

ATAUAVH

L$ fff

L$ |+L;

A^A]A\

UVWATAUAVAWH

@A_A^A]A\_^]

s WAVAWH

0A_A^_

u~9t$Xt

UATAUAVAWH

A_A^A]A\]

x ATAVAWH

@8~8t

@8~0tM

A_A^A\

LcA<E3

fffffff

ffffff

vKfffff

incorrect header check

unknown compression method

invalid window size

unknown header flags set

header crc mismatch

invalid block type

invalid stored block lengths

too many length or distance symbols

invalid code lengths set

invalid bit length repeat

invalid code -- missing end-of-block

invalid literal/lengths set

invalid distances set

invalid literal/length code

invalid distance code

invalid distance too far back

incorrect data check

incorrect length check

Qkkbal

zlib-ng 2.2.2

need dictionary

stream end

file error

stream error

data error

insufficient memory

buffer error

incompatible version

Qkkbal

[1!qv

y>X,7 l

&Dq3hZE

MuH *u

@o=''o

}mM1dS

IEin$s8

!Z%F3lKpb

O$@?k~

gMnxg{?

@?>=<;:9876543210/.-,+*)('&%$#"!

Qkkbal

[1!qv

y>X,7 l

&Dq3hZE

MuH *u

@o=''o

}mM1dS

IEin$s8

!Z%F3lKpb

O$@?k~

gMnxg{?

Qkkbal

[1!qv

y>X,7 l

&Dq3hZE

MuH *u

@o=''o

}mM1dS

IEin$s8

!Z%F3lKpb

O$@?k~

gMnxg{?

(null)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

January

February

August

September

October

November

December

MM/dd/yy

dddd, MMMM dd, yyyy

HH:mm:ss

NAN(SNAN)

NAN(IND)

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

AreFileApisANSI

CompareStringEx

EnumSystemLocalesEx

GetDateFormatEx

GetLocaleInfoEx

GetTimeFormatEx

GetUserDefaultLocaleName

InitializeCriticalSectionEx

IsValidLocaleName

LCMapStringEx

LCIDToLocaleName

LocaleNameToLCID

AppPolicyGetProcessTerminationMethod

CorExitProcess

[aOni*{

~ $s%r

@b;zO]

v2!L.2

;1#INF

1#QNAN

1#SNAN

UUUUUU

=imb;D

/>58d%

VM>cQ6

>jtm}S

)>6{1n

+f)>0'

;H9>&X

*StO9>T

n03>Pu

K~Je#>!

bp(=>?g

BC?>6t9^

K&>.yC

.xJ>Hf

y\PD>!

|b=})>

c [1>H'

uzKs@>

3>N;kU

kE>fvw

V6E>`"(5

?UUUUUU

?7zQ6$

bad allocation

bad exception

__based(

__cdecl

__pascal

__stdcall

__thiscall

__fastcall

__vectorcall

__clrcall

__eabi

__swift_1

__swift_2

__swift_3

__ptr64

__restrict

__unaligned

restrict(

delete

operator

`vftable'

`vbtable'

`vcall'

`typeof'

`local static guard'

`string'

`vbase destructor'

`vector deleting destructor'

`default constructor closure'

`scalar deleting destructor'

`vector constructor iterator'

`vector destructor iterator'

`vector vbase constructor iterator'

`virtual displacement map'

`eh vector constructor iterator'

`eh vector destructor iterator'

`eh vector vbase constructor iterator'

`copy constructor closure'

`udt returning'

`local vftable'

`local vftable constructor closure'

new[]

delete[]

`omni callsig'

`placement delete closure'

`placement delete[] closure'

`managed vector constructor iterator'

`managed vector destructor iterator'

`eh vector copy constructor iterator'

`eh vector vbase copy constructor iterator'

`dynamic initializer for '

`dynamic atexit destructor for '

`vector copy constructor iterator'

`vector vbase copy constructor iterator'

`managed vector copy constructor iterator'

`local static thread guard'

operator ""

operator co_await

operator<=>

Type Descriptor'

Base Class Descriptor at (

Base Class Array'

Class Hierarchy Descriptor'

Complete Object Locator'

`anonymous namespace'

FlsAlloc

FlsFree

FlsGetValue

FlsSetValue

success

address family not supported

address in use

address not available

already connected

argument list too long

argument out of domain

bad address

bad file descriptor

bad message

broken pipe

connection aborted

connection already in progress

connection refused

connection reset

cross device link

destination address required

device or resource busy

directory not empty

executable format error

file exists

file too large

filename too long

function not supported

host unreachable

identifier removed

illegal byte sequence

inappropriate io control operation

interrupted

invalid argument

invalid seek

io error

is a directory

message size

network down

network reset

network unreachable

no buffer space

no child process

no link

no lock available

no message available

no message

no protocol option

no space on device

no stream resources

no such device or address

no such device

no such file or directory

no such process

not a directory

not a socket

not a stream

not connected

not enough memory

not supported

operation canceled

operation in progress

operation not permitted

operation not supported

operation would block

owner dead

permission denied

protocol error

protocol not supported

read only file system

resource deadlock would occur

resource unavailable try again

result out of range

state not recoverable

stream timeout

text file busy

timed out

too many files open in system

too many files open

too many links

too many symbolic link levels

value too large

wrong protocol type

unknown error

433333333333333

Haz[~i

!q^}M)R

=@53-;

l%mDX=XG^

,$,TPu

* Bj*y

}?G4g*

II]':j

31:viN<

e,<O7tC

$19;@)2

H#@Ow&

Z`>X5,

$;6m89

#;6m89

#;6m89P

a9>7QL

qo`Q49

po`Q49

#_.!x

po`Q49

^gmjpP

po`Q49

^gmjpP

po`Q49

^gmjpP

po`Q49

^gmjpP

L&-\jA

^gmjpP

EwZhN"

^gmjp*

DwZhN"

^gm$x,

DwZhN"

V?AgPhU

&+y|O{

/_![GJ

[NVJfx'

R5qhi5

1N6@,

j+"Mw^

v<L/{Q

j+"Mw^r

,c>qI3

j+"Mw^r

{Xb4z:%

j+"Mw^r

~yjS6/

~yjS6/1

BXwxZH+

f>):oB"

dSp^z0hS 6

dSp^z0h

P>GkD

dSp^z0h

\%Fd"U

dSp^z0h

\%Fd"U

dSp^z0h

\%Fd"U

Sp^z0h

\%Fd"U

|1T8xBO`

P?tb(z

4*REmv

(ytR>u

}m9hR'>M.

|1T8xBO

P?tb(z-U

}m9hR'

|1T8xBO

P?tb(z-U

}m9hR'

|1T8xBO

P?tb(z-U

rH6v6u

}m9hR'

|1T8xBO

P?tb(z-U

z3\Gc0

}m9hR'

|1T8xBO

P?tb(z-U

}m9hR'

1T8xBO

?tb(z-U

}m9hR'

b(z-U

3']t2+1

x`.+eh%

'wnGz$

x`.+WV+

x`.+WV

1w-!O?

?ffffff

?fffff

IMbP?i

MbP?}F

9Y>)F$

s\ax}?

tC7Ddw

%k/V(

xg^Jp5|

{zel#|67

~?33A

0123456789abcdefghijklmnopqrstuvwxyz

UTF-16LEUNICODE

.mrdata

Unknown exception

bad array new length

string too long

iostream

bad cast

bad locale name

ios_base::badbit set

ios_base::failbit set

ios_base::eofbit set

invalid string position

iostream stream error

vector too long

map/set too long

|---------ANTI DEBUG---------|

error catch:

Windows error!!!!

NtQueryInformationProcess

x32dbg

x64dbg

wireshark

x86_64-SSE4-AVX2

netstat

processhacker

tcpview

netmon

regmon

filemon

|-----------ANTI VM----------|

/sys/class/dmi/id/product_name

system

generic

directory_entry::status

directory_iterator::operator++

directory_iterator::directory_iterator

SbieDll

cmdvrt32

VBoxGL

VBoxDispD3D

VBoxICD

VBoxHook

VBoxNine

VBoxMRXNP

VBoxTray

VBoxSVGA

C:\Windows\System32\

unknown error

VBoxGuest

VBoxSF

VBoxWddm

VBoxMouse

Unmatched '}' in format string.

Unknown format specifier.

Invalid format string.

Can not switch from manual to automatic indexing

Missing '}' in format string.

Decompression error: {}

EnterCriticalSection

LeaveCriticalSection

LoadAcceleratorsA

LoadAcceleratorsW

Format specifier requires numeric or pointer argument.

1.3.1.zlib-ng

Format specifier requires numeric argument.

nan(ind)

nan(snan)

Invalid presentation type specifier

Invalid type specification.

Invalid presentation type for char

Invalid presentation type for bool

Invalid presentation type for floating-point

Invalid presentation type for integer

Invalid presentation type for pointer

Invalid presentation type for string

Zero modifier requires an arithmetic or pointer presentation type

Hash/sign modifier requires an arithmetic presentation type

Missing precision specifier.

invalid fill character '{'

Precision not allowed for this argument type.

Invalid fill (too long).

Can not switch from automatic to manual indexing

Number is too big

String pointer is null.

Argument not found.

integral cannot be stored in char

Width is not an integer.

Number is too big.

Precision is not an integer.

Negative width.

Negative precision.

d-nG1_

u$PfEr&$

5xkG=q

:\/888'

rAiVT$

h:F{GW

A2%5G]

kow)uq

TU*wkYV"

|B4d)pc

SJG?RgN

C2$;0eYvlb

r8cln:<

Kj],=#%

F'.],

p >fAT

A,5L9#

kF~q4t$

xJI%m+

/0(tu-

D>3>o

Cy*i&%?

*iakPYN=_K

0E+L5r

b|P<Yg

WRw"h$

xIPHG0/

j&heHsubX

*WPP&SnX

*XG=Eq

mDEVUr

#&CFY`

Fg;%~T

\N>MPyf

#-BS][

WQDx9Z

vTJfZW%

&3*/$K

/{<!f!

R[=RR'<

i/U8;H

Hk6.:-m;

QrOUwFOyr

%}E`~Wtx

<3m^g\

d"_~PL

E-/9T%,

-kGsH4+

Csn"z"Kj

4-{<wn

T)k^V)

QJFJYC+]

LgsBLt*

Sa;5X

-)*vND

;+O8^O&

w4owR'

kkGt:k

?)Z~rkN

xp`U_1m

9tzsH-

<qB0L$

pchUz!

bS2h"o

{ORZ5y

\.6JPb;

|QCqB3=

X/J}Ee

|sQBjX

;3XVE4

I?-k9I

/o<oc,9

S5WdbaS

EKR8R%TF

s9v/=:

^N;=!|

S&9XiV

jF-`[.

X3Cl/S

|xGbn-

cgu/Vt

{U7I.

ng)H@T

)Mp=OvX

l%'K4o

WV\Jw

''3Lv"

*\_(^`

h]7::<

-UTOU:

c^:p\Z

42"Cy_

ukI#Lc

SUd"N>

u~TK$>-

E{m<PNm

yu]x+5

phM5))E

^ag2{j.

ndK;~d6

2bqdn^

:^6?fz

[W5c+i"O

0APdS0V

JLzlNz

y"CW^4

}WFD<'

+5RD3NFG

oSX,{C2\

3 Q.

Ar-("xvR

iu.!Q`

ozV"X\

9K+%-n

1]~o#i

&$-L+6s

(ex>zP

4ByWyHR

f1T^q8~

T+S{Kg;

a/ZU8e

ARG0uP

PmS,p8;

85xhBU

ZBwefl

5@gfS}

S}g/o;Z

_{@wBi

Cus?":

hYi[FG

8U5OsB

+;_S+2

ISk{Vk

lr]p|

(I0&xO

R1S,07

[WS`c:

?`t-a6

I_[HQ)

%iqoN4

K'R.8*R

qRs+

EWk8|v>

io3$O|{

^#Q|={[,

IpT3M

@nSv(`

6ihOw1N

|u.V<[

J;AQwK

!zUvzw

qd(g0,

kF^1fXA

=>mas37

,Ih^E>

*>9p0D

<x'!"

;-:BN

2Gi6Iu

T~Q(Nw

"`{N<Hi

e:*s|2

*.+{XA

.{HiP}

hn*C=e

?t@~(B

sD*ZNb

OM>}2

dH`<eVd

WQ@=}h

lAqGoq

Q/Bg~Mm

!=_}SD

P'%]8Fw

a$]:!y/

V3Ktg(

pZ%/\6

02x&cU

mGC6xdDL2

;d@'V`

{REP53mK

I]I0`4

[G!'5"

tbpK'oK

Q^nY+y

"/.Z3)

6Yd9/KSD

W"qZ-H

~$h:[]~

[qS)@a

AU9ui'c

-\>kts)

(cn."E

8?)JDGa~J

AR_tU?

ym^!pl

`&^:x)aK

xY`#:'

&[X@1X5

F=0mPR>B

+I3{lU

,m.Rc#e

l~=wod]

yZ=0/D?

):{\hWkX!

\{|ULTy=.W|

(M6yd\

yP8:*A

8I/c&Ony

IO"[W>

Ps7zH2

Q:k)ne

J$rP\W`

y9 wc@A

qd\bk/

;7BSufRT

ddI&mJ

4rEaU$

q7ldtY

+J4ghu

@Q>nNt

! Q+v:

a4*Q3q

IG}&,b

2&[bh'

IKyQw2

liPt9#2

9z5Z87

fV,h|9

#'@dD"

&_'p3{

\K~|,+

f0s)dCH

J1b|6/

>s{Z yg<'

z.?v0p

b6Wm,/fE

CwJ49!V

m5FW1O

S)m@"+

<3Oeg6A

JD=YfL

zS?%9zyd

xvQ.uD!

?X{bR}5

X+;Xm<M

uYXsN29

\A3fl~

:B5GbtsG

)nL00e@

0[+K9=

STwPkU

@J2@N4

bLkf'To

.GE5Lc1

C@!|@b

_8x]kV

),eD~u

K4y+:^T

x2El1/

;:m5z0

/y,$&I

A~_wHt

g KSMy

P!&}7nT'

&o"Q~0q

IiI#qb

evRrrP

((}~H=

*`J.V{+

ZiYpipy

:xvXm:

3)VZj?

,M[beA

Qe*fu"

2B>@ZEc

MBR3u.\X

F)fNB<

.8W6SD

Um`_Ec

%_`oYw

AkRW,[

:FU.Cg

<^_"u&'9

)\jHS7

lZLe&

}&lV) S

(M&^q@

\5Q H,3~rg

1m-pW$

nx(o'@

ezoa)t(

%n~;]-

z'.Ikd*

Bg/B_,F

bxdD6N

7-]j@b

1KgoC:

((rd=

4'te(C

t#~-.w

CL)Qg4

#R<3Pn

$];"&

j:+-C%xB

&k"UK

68J{iJ

hNC@WF

'"pk>z

FH~gXj9

ye;#YO

4}2-L*

H'F$}5

^*ia{iZ

al.N{(

lZ/<5|*/K

i8bzJF/

:^l=Td

7a42K

}aff1rVfpb

&*~h\O

,=@vV~By%

[@hfmN

VX.gPh

-A"yv

rG+shgP

*~*+gl

k+G:DZ>

<3/&{

tgW:k|1

XnX:sO

Aqn9KTikm'

L2Y+Vq

;+k8j]

499LQr

hbU|b4

I&-4YZ;Ek

DoD1K3

B_clFi

EbV>Og

!6xTss4[

k<!E}A)lF

ut3S_z

b:;5*ran'K

rA$}1H

~1aPTt

"9ie"sw

E/Wzy?

gT$JM6

fle[q`H

LE30?:

LQkbb;

=3=1y_

%\z%p.

mB1#75=.

dPeA X

JWSs`9

OaCUzz

6!ez6vRo

coz |\

=ms:ws

Bc9Sy/

!%*wMPw

Ad3v7h

)lVe'B

d.0z'1

"`&p(V

GpW<F/<~

z(&uk_X-

1}"I+tO

Fx!3(

_Ufv+&

?p`1[U

4e(<[7$

x7HuvV

i-KooZ

ol&46R

!z3asV

7PbIYN

B~!/F%)o]

Z$~cYx

jMQ-)~

qzW%R^n

e_/:3Mu

3OKeB6

0}`k7

Lo%Gvl

2Pcm

5p-a80

Vtxs@q

5Qb=A)

S/[%er

N_\yF%

1f$5HV

;p|,r)

hmB)NE

ZxUF js

Q%J@w{

duE/Z|

)7;S?!0

#G7-eUK

ke2]Tr!

Hq"U]m

ep[l`f^9

G4a:)U(

42"'6Lz

6m]5a)

uZ]y>|

s\LG<!

cw]~xp

fDW0L4

'@:mPiS

2Oal: /

2t<]CSg

w{r9D@"2m

$|`sG{

$LWMhX

+_?p$

&pfJyj

W._a^@

C1TTQz

Pz"_r7

pc`<xj}

HKD(v]c

3PCLF@c

{'\Ul=

g$gw"h

Gqgvj<;

h'Z[FJ

W,^h>9

%.Nf,JM

o"m{K@X

|)g9)kC

Nd;B3

]"@3 "O

K-!vLlBvk

"U.~sQ

C5v<dzP

$to af

Vn}I!xJ

R]*J^O

Po^yEf

1z\qUd

;D$FL

n1L4``

1%drO4j

s+XJSj$

.<CHx=fvg

D8]C}(

NYVg!$p

|V4EEe

^+/FTg/

*>'%YG

3NYe)P7&vB

z){nIKL

W1q2Uf$

<E68@,

E%lvRF#J"

AK5phXv

NL JU&

5((;tH

Z1KJQ0SE

,U2nf\

Uck=M'

J/aY,AN

dVVuG_P

?;_2H|

kM>=6u

Oe-ic\

P2Axn.

ID<4*0.

RM<l2yO

AJgHm'

nK#(y&';

m8tpB)

u7DRVn

Z]j2NV

A6X2\N

D9W]M_)C

}L6]jm

3PaS\6

_-3.eVyA

!f2\i

sj.a?!

g59m2F_

=&1'8j

yF#|In|

Rl}P;f

Pc|rh;q

fM<a,U

`M#S$v

Z9;|t$3

vM"GB(

r,(L3V

nXH|00

tP$d~/>

KVbJn!b

4HWfZ"l\

PL,hQ^

,` o8b

t0l2=6

5j])3#

nA3^h^%

R[G:).

bV0P%If

u3F]J_

MfGJTc

-VQNwlH

,{fjkR

aW]D*%

U.T2wo

yB0G1MC

%<pLiv/)E

@bZaXc;

\ABi/?

F\S2*z$

PYoPNeD

oV|ak3_

Hq@p]4

n/yj'H

K7V P~Wz

@SddtMq

TBJ8&5

ZjPE,x

}5khtX^

x%D"Cn

OZkK'T_

vjJ3da<

){c.bj

Z|.+.FF

TO.w3n"7,

b~}k4?t

s4+LqH'e

W7X/{o:

U)0s2sz

tiJ,V*5To

;e<q=~

:h$99_

m2jOEZ'

Y$lH.

Bwh<pN

fnr.kD^

V(zFHZ

4-/ks'

|4(K5uN

`[,hGR

k'5Xz3

AA7-Be

!qooiVq

mJhR^$

%+g;^<

@lF{vKMU1

YBzVYb

\8WV?}

o~`3oX

=@,"cl

LFVFQ\W

sf<s_L

i]@/zX

;=+XabK

}|"C}J

qG10iq

Xk74-%j

h|8*%:

Qn84;L

*1k/m?

yNMi[z

d!gLuaeG

/WCr:)7

Eo'Dcd

,[++eFk_

Ds]5Bg-

Ab"|['Da

"Y`=HJ

T>mO_{

Srft]4

G>0|M0l5+s_g

@6 Qcbtu

QIQAwv$aq

6)I}tq

tOl:;F&

&*2A_3{

[}TOhy

S?C7+L-

Ic u@K

_L~q//

'r,Im>]+

r*Y5]@

; ;VH3

uui0,Vz

_kL_WV

x4D9{E

Fh+H[!

;|yyf6

zEgptpQ

fG?m*3

$)qWn0!

x5xAZ>;:

Vh?NgRy

xa.RNB

a&Dxum%

6}A8>r

89P')"

F@eo]sb$

94vk"!rh

qTQyl~U

9/#Y_9d

ERj\B-

Wp8rnU

7gAu*g

%g^t/N

l]]Vik>

wip=r.

hK*Qt1

w[LY{f

;=6z.}

"}~j(e

7YaYt[

Z;O=s5

WzL,>>tL

AsQoJ]\

PpN?S

Mm e)M+

ehkrkH*

.T @VV

x2bCj][0

#z]`0RAE\t:cf9d7<]

}afB=<

?RZ-U~

y!X'EA

c =Zk1

EjUu U

0].tO;0%;

+bC# {

%Yh:X%

=6Z6;,k

.tJl5M"

lCJe$

#Q9E;Q

ig'>J_TP2D

@eG0*C

)%$&=$KwO

Ql6m<+

Li`5|l

aIXCsT6

OjN?~m

[i*S{'

Q~x8f/

WY1NX|

.In+7z

v[h]AZ

bM+zEB

?;P&g

kD!?&/

zmKea/

jfs3pL

?;ny]KJ%o

:Ao/nA

Ju<N'+[

-e*7d;

9tM3h7g-n

xugZb^

$IXeh8

9~Zf:v

n>`{kW

7.Z ;F=

Q edb_

BGE$8((

\ae&0g:

~Aw|d\z

M{9rSb

~KBOq

<dsRL;\

.&{l/S

WIm^fcsH

Zn$&URV

QGd_A-

2AZJIa

2zi"4K

%'*V{

?^V~MN!

"*I;{45

|7\`'}l

sfPAH

(RZT, )

4TymxO

'r7<"<M6U

I<@H;&

@`;L|{3;

C8>Waas

yRhG;XK

io9^lku

Nn,b&S

9;TDEolNS

18?_b-

x-l/N\

)hkg9R{

;)kiuJ

@3ppr_

S&a~5S

KB((wq

UtoO_

$\|74X^

+B`Cnub

/1mH[X

j5)zARw

Zcf>5u

\Lyz,

{W$,

~R%sEs

[FFzgO

0oa';!

tNc!8WO

S(RU9B

G,&j\6y|

/}G_Nv

5~)3H[

yx9b#a

&0v@G;

(]W6l`2

@sD4.V@

q7I.jh

}g4:-

k1ZkM=

q@3}^zd=

E0sB(h5

Kz]pz}

&DLv;%

N^sR$gR

t]!i:]

).S=/@

_c(12&

uKlW|h

vNh{f:

1Dj:p!

P`qDrS

)*Ka3$

oa6QmK

N8\$$r

98J=-cl

~ACF>{

eQ9a4U:a

+}& +

N$Qm7!

?=CdKU

7R7oK[

x)*)"U7

`vbN:D

-1!&X9

Ucxk/kw

gMYC[h

g:"7uQ

5[R#pg

P;:N`-

e j1q4

0)nid,

Goqy02

~483.??h'

dP>\\E

KL XEr

NeX(%O

mU%HBB

+(1$$^iA

y |@gi

WH@gbI

39t52C}

/1X0Aq

Dl=(w1

Hv@fbe

/[~hdya(

~S672o

,u|?:4

CU"Ay%ly%

4nqw8x[

{f-_6(o

*58)UDz

Zu%{1%

b)hJh`

S#NU[w

-0dc_<

qLT5sI

1L;,-w

a&]B|!

eV5*ui`g.

+h yN^

k+\nL/R

NJOLcwO

;LtC9XQm

/\BY$ST{v

Q#1|z\}jx

Y/:&@Z

Sm+=<s

&;pkqs

ja)5ll

@Vherj

5eH0\e

}go}G?

V!G\k6"

=w=}7'

$d*C|o8

p6$$qy

fJWi9H

J`oxDx

T(c?fJ

9"MIAvW;

ft7Ae7

M0dG*`(S[V

FmKzKb

Iq'GAI

e_@lys

WdIl!l

c&){47o_C

SK!d9M

8+L?!0

~ZT-8p

#Qm JCS

cWh#D

u cGxg*`

VxQLYJ

'{Y!1g

I.mHAP

{~\UXc

<+(ESw

85xC(0|

QY.k5)NXir

;6a&cZ

7JVEM?

uSItOK;H

kk(@`

J.A.=h!

!ydRF7E

F`-~NJ

,,;O~-

A,4XpwC

PY*uD>

`BVW;Mw

<`Tl8:

>.90&w

ja} !F

k"L2bT

VeH6Z[

x4vAly

(|ir#"

k}/_.7

ex iG*&

lOsE=2(Db

C"![C+

_8|Q@;

crUtT'

@35~?+

J*4g-T

O#S&T2

95!&f]

a+'COz

nYVx=!

^V7%kn

^_JWC>^

e2Ra:A

Z,?tgYU

PW0|@8

'w[Xz6Y

epI~.D

K/$gBf

Q-@tGw#,

5/S#uF{

nnhoT6

PZ,>0}

Y$M9tFq"n

83Xy-xm

IsR]a(

B7EH<`

3=X-"w

NXd@Cd

!1[D .

$@ZZsMMN]

?I9k30

oMei0L

c`*)`WK^

adQQgW7

ffffff

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899

gffffff

0123456789abcdefghijklmnopqrstuvwxyz

.text$di

.text$mn

.text$mn$00

.text$mn$21

.text$x

.text$yd

.idata$5

.00cfg

.CRT$XCA

.CRT$XCAA

.CRT$XCC

.CRT$XCL

.CRT$XCU

.CRT$XCZ

.CRT$XIA

.CRT$XIAA

.CRT$XIAC

.CRT$XIC

.CRT$XIZ

.CRT$XPA

.CRT$XPX

.CRT$XPXA

.CRT$XPZ

.CRT$XTA

Antivirus	Signature
Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	Clean
ALYac	Gen:Variant.Cerbu.227571
Cylance	Unsafe
Zillya	Clean
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Clean
K7GW	Clean
K7AntiVirus	Clean
huorong	Clean
Baidu	Clean
VirIT	Clean
Paloalto	Clean
Symantec	ML.Attribute.HighConfidence
tehtris	Clean
ESET-NOD32	Clean
APEX	Malicious
Avast	Clean
Cynet	Clean
Kaspersky	Clean
BitDefender	Gen:Variant.Cerbu.227571
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Gen:Variant.Cerbu.227571
Tencent	Clean
Sophos	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Gen:Variant.Cerbu.227571
TrendMicro	Clean
McAfeeD	ti!454E73A40C15
Trapmine	Clean
CTX	exe.trojan.cerbu
Emsisoft	Gen:Variant.Cerbu.227571 (B)
Ikarus	Clean
FireEye	Generic.mg.5895f9e89c273cb7
Jiangmin	Clean
Webroot	Clean
Varist	W64/ABTrojan.LVGN-3543
Avira	Clean
Fortinet	W32/PossibleThreat
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Clean
Gridinsoft	Trojan.Win64.Kryptik.sa
Xcitium	Clean
Arcabit	Trojan.Cerbu.D378F3
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Clean
Acronis	Clean
McAfee	Artemis!5895F9E89C27
TACHYON	Clean
VBA32	Clean
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H09KH24
Rising	Trojan.Kryptik@AI.85 (RDML:LrcP90h//c2NEOJmCmgIFw)
Yandex	Clean
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
GData	Gen:Variant.Cerbu.227571
AVG	Clean
DeepInstinct	MALICIOUS
alibabacloud	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports