popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-10-26 20:03:55

PDB Path

C:\Users\LAG\Desktop\SET\sssssssssssssssssssssssss\x64\Release\DLL_Injector.pdb

PE Imphash

50ac11f4bb8caeed3d07b8e2deecab0c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003114 0x00003200 6.07782180714
.rdata 0x00005000 0x000025d6 0x00002600 4.68775508032
.data 0x00008000 0x00000730 0x00000200 2.0665233777
.pdata 0x00009000 0x000003c0 0x00000400 3.95855998142
.rsrc 0x0000a000 0x000001e0 0x00000200 4.70150325825
.reloc 0x0000b000 0x00000058 0x00000200 1.18796918704

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000a060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140005000 GetModuleFileNameA
0x140005008 WriteProcessMemory
0x140005010 TerminateProcess
0x140005018 GetFileAttributesW
0x140005020 UnmapViewOfFile
0x140005028 OpenProcess
0x140005030 CreateToolhelp32Snapshot
0x140005038 Sleep
0x140005040 GetLastError
0x140005048 Process32NextW
0x140005050 LoadLibraryA
0x140005058 DeleteFileW
0x140005060 Process32FirstW
0x140005068 CloseHandle
0x140005070 CreateThread
0x140005078 Beep
0x140005080 VirtualAllocEx
0x140005088 CreateFileMappingA
0x140005090 ExitProcess
0x140005098 GetConsoleWindow
0x1400050a0 CreateRemoteThread
0x1400050a8 MapViewOfFile
0x1400050b0 lstrcmpW
0x1400050b8 RtlLookupFunctionEntry
0x1400050c0 RtlVirtualUnwind
0x1400050c8 UnhandledExceptionFilter
0x1400050d8 GetCurrentProcess
0x1400050e8 QueryPerformanceCounter
0x1400050f0 GetCurrentProcessId
0x1400050f8 GetCurrentThreadId
0x140005100 GetSystemTimeAsFileTime
0x140005108 InitializeSListHead
0x140005110 IsDebuggerPresent
0x140005118 GetModuleHandleW
0x140005120 RtlCaptureContext
Library USER32.dll:
0x1400051e8 ShowWindow
0x1400051f0 GetAsyncKeyState
Library MSVCP140.dll:
Library VCRUNTIME140_1.dll:
0x140005258 __CxxFrameHandler4
Library VCRUNTIME140.dll:
0x140005200 __current_exception
0x140005208 _CxxThrowException
0x140005210 __std_exception_destroy
0x140005218 memcpy
0x140005228 __C_specific_handler
0x140005230 __std_terminate
0x140005238 memset
0x140005240 __std_exception_copy
0x140005248 memmove
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x1400052b8 _crt_atexit
0x1400052c0 __p___argc
0x1400052c8 _initialize_onexit_table
0x1400052d0 __p___argv
0x1400052e0 exit
0x1400052e8 _initterm_e
0x1400052f0 _initterm
0x140005308 _configure_narrow_argv
0x140005318 _set_app_type
0x140005320 _seh_filter_exe
0x140005328 terminate
0x140005330 _c_exit
0x140005338 _cexit
0x140005340 _exit
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140005268 malloc
0x140005270 _callnewh
0x140005278 free
0x140005280 _set_new_mode
Library api-ms-win-crt-math-l1-1-0.dll:
0x1400052a0 __setusermatherr
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140005350 _set_fmode
0x140005358 __p__commode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140005290 _configthreadlocale
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
l$ VWAVH
VWATAVAWH
0A_A^A\_^
WATAUAVAWH
0A_A^A]A\_
@VWAWH
WATAUAVAWH
0A_A^A]A\_
SVWAVH
8A^_^[
WAVAWH
u/HcH<H
bad allocation
Unknown exception
bad array new length
string too long
\ProcessHider.dll
[-] CreateToolhelp32Snapshot Failed
[-] Process32First Failed
[+] Task Manager Detected
[-] Unable to Inject DLL!! Check if you are running as Admin
Global\GetProcessName
CreateFileMapping Failed
MapViewOfFile Failed
WANNACRY.exe
C:\Windows\CbsTemp\WinDivert64.sys
C:\Windows\CbsTemp\iup.dll
C:\Windows\CbsTemp\WinDivert.dll
C:\Windows\CbsTemp\WANNACRY.exe
C:\Windows\CbsTemp\home.exe
C:\Users\LAG\Desktop\SET\sssssssssssssssssssssssss\x64\Release\DLL_Injector.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
GetModuleFileNameA
WriteProcessMemory
TerminateProcess
GetFileAttributesW
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
LoadLibraryA
DeleteFileW
Process32FirstW
CloseHandle
CreateThread
VirtualAllocEx
CreateFileMappingA
ExitProcess
GetConsoleWindow
CreateRemoteThread
MapViewOfFile
lstrcmpW
KERNEL32.dll
GetAsyncKeyState
ShowWindow
USER32.dll
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?good@ios_base@std@@QEBA_NXZ
MSVCP140.dll
__CxxFrameHandler4
__std_exception_destroy
__std_exception_copy
__std_terminate
__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
VCRUNTIME140_1.dll
VCRUNTIME140.dll
_invalid_parameter_noinfo_noreturn
malloc
_callnewh
terminate
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
memcpy
memmove
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Taskmgr.exe
Deleted:
File no longer exists:
Error:
Failed to delete:
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Ghanarava.1738495715e9f106
Skyhigh Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Clean
APEX Malicious
Avast MalwareX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Trojan.GenericKD.75672444
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.75672444
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Trojan.GenericKD.75672444
TrendMicro Clean
McAfeeD ti!65CD1CD38917
Trapmine malicious.moderate.ml.score
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.75672444 (B)
Ikarus Clean
FireEye Trojan.GenericKD.75672444
Jiangmin Clean
Webroot Clean
Varist W64/ABTrojan.ZKBB-9112
Avira Clean
Fortinet Clean
Antiy-AVL Trojan/Win64.Agent
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D482AB7C
SUPERAntiSpyware Clean
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!C3B7240C2743
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.4030299548
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
GData Trojan.GenericKD.75672444
AVG MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.