popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2025-01-19 23:49:58

PDB Path

C:\Users\LItmus\Downloads\GoDhijacking\bin\DLL Maker\x64\Release\DLL Maker.pdb

PE Imphash

3a85a329a225f7caf61c48685ef582a1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002199 0x00002200 6.07792010292
.rdata 0x00004000 0x0000173c 0x00001800 4.11340378981
.data 0x00006000 0x00000720 0x00000200 2.08660682923
.pdata 0x00007000 0x0000033c 0x00000400 3.37561982906
.rsrc 0x00008000 0x000005a0 0x00000600 3.98715808782
.reloc 0x00009000 0x00000050 0x00000200 1.1155477874

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000080a0 0x00000380 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00008420 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x180004000 TerminateProcess
0x180004008 WaitForSingleObject
0x180004010 OpenProcess
0x180004018 CreateToolhelp32Snapshot
0x180004020 Sleep
0x180004028 Process32NextW
0x180004030 Process32FirstW
0x180004038 CloseHandle
0x180004040 MoveFileExW
0x180004048 CreateProcessW
0x180004050 RtlLookupFunctionEntry
0x180004058 RtlVirtualUnwind
0x180004060 UnhandledExceptionFilter
0x180004070 GetCurrentProcess
0x180004080 QueryPerformanceCounter
0x180004088 GetCurrentProcessId
0x180004090 RtlCaptureContext
0x180004098 GetCurrentThreadId
0x1800040a0 GetSystemTimeAsFileTime
0x1800040a8 InitializeSListHead
0x1800040b0 IsDebuggerPresent
Library MSVCP140.dll:
Library VCRUNTIME140_1.dll:
0x180004120 __CxxFrameHandler4
Library VCRUNTIME140.dll:
0x1800040d0 __current_exception
0x1800040e0 __std_exception_copy
0x1800040e8 __std_exception_destroy
0x1800040f8 _CxxThrowException
0x180004100 memcpy
0x180004108 memset
0x180004110 __C_specific_handler
Library api-ms-win-crt-string-l1-1-0.dll:
0x1800041a8 _wcsicmp
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x180004150 _cexit
0x180004160 _configure_narrow_argv
0x180004168 _seh_filter_dll
0x180004170 _initterm_e
0x180004178 terminate
0x180004180 _initialize_onexit_table
0x180004190 _execute_onexit_table
0x180004198 _initterm
Library api-ms-win-crt-heap-l1-1-0.dll:
0x180004130 _callnewh
0x180004138 free
0x180004140 malloc

Exports

Ordinal Address Name
1 0x1800011c0 Handler
2 0x1800011c0 RC
3 0x1800011c0 RCW
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
@SUVAVAWH
fD9<Zu
A_A^^][
@SUATAVAWH
@A_A^A\][
t$ WATAUAVAWH
A_A^A]A\_
SVWAVH
8A^_^[
WAVAWH
|$ AVH
bad allocation
Unknown exception
bad array new length
string too long
C:\Users\LItmus\Downloads\GoDhijacking\bin\DLL Maker\x64\Release\DLL Maker.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
DLL Maker.dll
Handler
TerminateProcess
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
MoveFileExW
CreateProcessW
KERNEL32.dll
?_Xlength_error@std@@YAXPEBD@Z
MSVCP140.dll
__CxxFrameHandler4
__std_exception_destroy
__std_exception_copy
__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list
memset
VCRUNTIME140_1.dll
VCRUNTIME140.dll
_wcsicmp
_invalid_parameter_noinfo_noreturn
_callnewh
malloc
terminate
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
memcpy
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
C:\Windows\
libery.dll
cscapi.dll
explorer.exe
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Windows Resource Compiler DLL
FileVersion
10.0.22621.3233
InternalName
rcdll.dll
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
rcdll.dll
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.22621.3233
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.DLLhijack.4!c
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.DLLhijack
Skyhigh Clean
ALYac Trojan.Generic.37350501
Cylance Unsafe
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_60% (W)
Alibaba Trojan:Win32/DLLhijack.dd53ccad
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 a variant of Generik.REZTPT
APEX Clean
Avast Win64:MalwareX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.DLLhijack.tpb
BitDefender Trojan.Generic.37350501
NANO-Antivirus Trojan.Win64.DLLhijack.kvlkxe
ViRobot Clean
MicroWorld-eScan Trojan.Generic.37350501
Tencent Clean
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Trojan.MulDrop29.1981
VIPRE Trojan.Generic.37350501
TrendMicro Clean
McAfeeD ti!CFE8DE2FC5B2
Trapmine Clean
CTX dll.trojan.dllhijack
Emsisoft Trojan.Generic.37350501 (B)
Ikarus Win32.Outbreak
FireEye Trojan.Generic.37350501
Jiangmin Clean
Webroot Clean
Varist W64/ABTrojan.SUAG-5561
Avira Clean
Fortinet W32/PossibleThreat
Antiy-AVL Trojan/Win32.DLLhijack
Kingsoft Win32.Trojan.DLLhijack.tpb
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D239EC65
SUPERAntiSpyware Clean
Microsoft Clean
Google Detected
AhnLab-V3 Trojan/Win.MalwareX-gen.C5724493
Acronis Clean
McAfee Artemis!924239278B93
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09AU25
Rising Trojan.DLLhijack!8.1B50 (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.318928652.susgen
GData Trojan.Generic.37350501
AVG Win64:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.