popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-04-23 20:52:40

PE Imphash

b2d4b3aee34c51601ed72443f0465642

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x0000e000 0x00000000 0.0
UPX1 0x0000f000 0x0000b000 0x0000a400 7.90700141471
.rsrc 0x0001a000 0x00001000 0x00000c00 4.45268494802

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x000171a8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0001741c 0x00000310 LANG_HEBREW SUBLANG_DEFAULT data
RT_DIALOG 0x0001741c 0x00000310 LANG_HEBREW SUBLANG_DEFAULT data
RT_GROUP_CURSOR 0x0001772c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x0001a1ac 0x000002a8 LANG_HEBREW SUBLANG_DEFAULT data
RT_MANIFEST 0x0001a458 0x00000448 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with very long lines, with CRLF line terminators

Imports

Library ADVAPI32.dll:
0x41a954 RegCloseKey
Library GDI32.dll:
0x41a95c BitBlt
Library KERNEL32.DLL:
0x41a964 LoadLibraryA
0x41a968 ExitProcess
0x41a96c GetProcAddress
0x41a970 VirtualProtect
Library msvcrt.dll:
0x41a978 exit
Library ole32.dll:
0x41a980 CoInitialize
Library SHELL32.dll:
0x41a988 ShellExecuteA
Library USER32.dll:
0x41a990 GetDC
Library WINMM.dll:
0x41a998 mixerOpen
!This program cannot be run in DOS mode.
cG6r@P
uGWh$
[9uR37
Opf(55^_4
/BhPQ6
Ss0t%
QKd]7
IHhL#d
]zk d;
&jo/t`
6SEMRn
Hp[WWT!d
$8s*pV8
d;<f0$$4,~
z{ ~Ct
@m|{[
iFHdL/
tFh<wWr
MxtPVH].V
DHbOq+
p.L@3mg
\S5HaHm]
N"3VPD
HBMB=q
t79M t
h4+1hH+:f
IV&x5=
?>Squ`
uH9;,v@
hB,^!W
eYTL $(eY
e,04hX
E|\M8dX
WY3?Gp
H!L"r2$O$+
Xr$gGj
dk$'Grhmt'Grrl
7C8QK>
hhP3E=
Yr1rXk
84$C
2r!;d~
U$8*U/
ce&wGA~h
n#F;6|
*<;7}m
]!;%l?
P1Pj4s
15-|-d
+FXBv
l^a_#',8t/
x,;sOr &<1h0
x4t;k;
C|$$HVT
~]g`hl
P?KyH|
fmPmkYdI
}$yA/!
-M016D
:\hVI~
Wh1b@r
.X#PY|
f<%l:W
.h,"G:Ujx
P}N09xl
t@Wvo6
Dt@! [
FJ\+0(
x+$0TXL
7m_}G}&ds
H@+E8G/,
h,h(P`
TU<!fo
0{vn3
l@(j.
PWhH?T?KBA
D@\@PS
J-hNAD
[+*K(7d0"
_Z2 z
v<j%5j2
eh(^h`
PhTIhhB5l
(H7*sX
ix-vI7
(V$'@VA?
V~SlFz
K[if4FAW
=>Y"BC;V7
x2222tplh2222d`\X2222TPLH2222D@<,2222($
4Mn\PbPt
^VL>6,s
4Mf\RH@64M
z[E8=-
dvt)cz~
N(8)J
X"s }R
\`+1)4
NirCmd
Sans Serif
v2.87K
c) 2003 -
24 '7of9
mation abou7us
g thif
ility, (ad
ec.chmO
tps://w
C>R7openIf yg
'll be
Di8asK
Errora
5vapi3
CHteP4cessW
SvEx?AsU
WtsgWTSQu
xive%Do
mscHezLoo
adLibraS@m
LGDIPl
pFYmHBITM
g%Unkn
?<>:"/\|W[
2.2<ye*
SSLaF{
*?"<>|
8kHz8JMu
@1132C!
88Trb7h
224444
!uADPCM
h+cPm"QphJW
oo]ouk
CXm.HM
e[j-R{
y'd<subt+ct
k@7eQa
~XPAND_
* H xM
zNl:ff
2enGf*
sQs1"-
A07k!"
Waj%]5
Au}o1
F7: Suc
O.; I" B\
PE'u+r
;AdjtM
TOD#A3B
nOSnVa
!co\7)
HKEY_LO
CAL_MACHINELM#
RRENT_USER
CULASSE
S_ROOTR/S
UGCONFIG+Co
gsS MPS
CKcGl'
ll0giGwW F
m5-7It
M7lCk.
ThodId
)nSlpK
j'a`La(
6P`V+{!
}lDC!0
$_ar_fGk
tp%nbf
/W0emwcs
fXYhrl
7'% f9sg
*??3f.v
s0}s3C
,c6{%F
XPTPSW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true/pm</dpiAware>
</asmv3:windowsSettings>
</asmv3:application><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
</application>
</compatibility></assembly>
ADVAPI32.dll
GDI32.dll
KERNEL32.DLL
msvcrt.dll
ole32.dll
SHELL32.dll
USER32.dll
WINMM.dll
RegCloseKey
BitBlt
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
CoInitialize
ShellExecuteA
mixerOpen
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
NirSoft
FileDescription
NirCmd
FileVersion
InternalName
NirCmd
LegalCopyright
Copyright
2003 - 2024 Nir Sofer
OriginalFilename
NirCmd.exe
ProductName
NirCmd
ProductVersion
VarFileInfo
Translation
No antivirus signatures available.
No IRMA results available.