popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2010-11-19 01:27:32

PE Imphash

12f12d364f5f6a801e52c9dce28d1965

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000143ca 0x00014400 6.53687791917
.rdata 0x00016000 0x00003ca6 0x00003e00 4.04218657415
.data 0x0001a000 0x0000292c 0x00000800 3.4438210745
.sxdata 0x0001d000 0x00000004 0x00000200 0.0203931352361
.rsrc 0x0001e000 0x000044ac 0x00004600 6.00662591634

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001f760 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x0001f760 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x0001f760 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00021d08 0x000000b8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00021e54 0x00000034 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00021e54 0x00000034 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00021e88 0x00000030 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00021eb8 0x000002ec LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000221a4 0x00000306 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library OLEAUT32.dll:
0x416150 VariantClear
0x416154 SysAllocString
Library USER32.dll:
0x416164 SendMessageA
0x416168 SetTimer
0x41616c KillTimer
0x416170 DialogBoxParamA
0x416174 SetWindowLongA
0x416178 GetWindowLongA
0x41617c SetWindowTextW
0x416180 SetWindowTextA
0x416184 LoadIconA
0x416188 LoadStringW
0x41618c LoadStringA
0x416190 CharUpperW
0x416194 CharUpperA
0x416198 DestroyWindow
0x41619c EndDialog
0x4161a0 PostMessageA
0x4161a4 ShowWindow
0x4161a8 MessageBoxW
0x4161ac GetDlgItem
0x4161b0 DialogBoxParamW
Library SHELL32.dll:
0x41615c ShellExecuteExA
Library MSVCRT.dll:
0x4160e8 _controlfp
0x4160ec __set_app_type
0x4160f0 __p__fmode
0x4160f4 __p__commode
0x4160f8 _adjust_fdiv
0x4160fc __setusermatherr
0x416100 _initterm
0x416104 __getmainargs
0x416108 _acmdln
0x41610c exit
0x416110 _XcptFilter
0x416114 _exit
0x416118 _onexit
0x41611c __dllonexit
0x416124 _except_handler3
0x416128 _beginthreadex
0x41612c memcpy
0x416130 free
0x416134 malloc
0x416138 _CxxThrowException
0x41613c _purecall
0x416140 memmove
0x416144 __CxxFrameHandler
0x416148 memcmp
Library KERNEL32.dll:
0x416000 GetCommandLineW
0x416004 GetStartupInfoA
0x416008 GetModuleHandleA
0x416010 ResetEvent
0x416014 SetEvent
0x416018 CreateEventA
0x41601c VirtualFree
0x416020 VirtualAlloc
0x416024 Sleep
0x41602c GetStdHandle
0x416030 SetEndOfFile
0x416034 WriteFile
0x416038 ReadFile
0x41603c SetFilePointer
0x416040 GetFileSize
0x416044 CreateFileA
0x416048 FindNextFileA
0x41604c FindFirstFileW
0x416050 FindFirstFileA
0x416054 FindClose
0x416058 GetTempFileNameA
0x41605c GetTempPathA
0x416064 GetFullPathNameW
0x416068 GetFullPathNameA
0x41606c lstrlenA
0x416070 DeleteFileW
0x416074 DeleteFileA
0x416078 CreateDirectoryW
0x41607c CreateDirectoryA
0x416080 RemoveDirectoryW
0x416084 SetFileAttributesW
0x416088 RemoveDirectoryA
0x41608c SetFileAttributesA
0x416090 SetLastError
0x416094 CreateFileW
0x416098 SetFileTime
0x4160a0 FormatMessageW
0x4160a4 FormatMessageA
0x4160a8 LocalFree
0x4160ac GetModuleFileNameW
0x4160b0 GetModuleFileNameA
0x4160b4 AreFileApisANSI
0x4160b8 GetLastError
0x4160bc WideCharToMultiByte
0x4160c0 MultiByteToWideChar
0x4160c8 WaitForSingleObject
0x4160cc CloseHandle
0x4160d0 CreateProcessA
0x4160d8 GetVersionExA
!This program cannot be run in DOS mode.
`.rdata
@.data
.sxdata
PSSSSSS
^L8^4t
2AABBf;
CCEEf;
t'<\t<nt
PPRPQPh
SPSVSh
B@@f98u
9t6j`
F$;F,r
t\IItEIt2IIt!It
9^pY~0
CY;^p|
w$_^[]
9~|~!;~pt
G490tvB
V4u$9]
tpNtfNt*Nt
tSNNt*
t4Ht"Ht
x0C;^D|
_^][YY
u ;~D|
FD;FHu
t)It"It
t7Ht#Hu
D$ )Ft
D$,_^]
L$,_^]
T$,_^]
|$D;T$
AG;L$$u
;L$ds3
;T$hs)
D$(;D$
D$(;D$
L$(;L$
9F _^]
9NLtp;
T$0_^]
D$0_^]
D$0_^]
L$0_^]
T$0_^]
OLEAUT32.dll
MessageBoxW
ShowWindow
PostMessageA
EndDialog
DestroyWindow
CharUpperA
CharUpperW
LoadStringA
LoadStringW
SetWindowTextA
SetWindowTextW
GetWindowLongA
SetWindowLongA
DialogBoxParamA
DialogBoxParamW
SetTimer
SendMessageA
LoadIconA
GetDlgItem
KillTimer
USER32.dll
ShellExecuteExA
SHELL32.dll
memcmp
__CxxFrameHandler
memmove
_purecall
_CxxThrowException
malloc
memcpy
_beginthreadex
_except_handler3
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
,!@Install@!UTF-8!
,!@InstallEnd@!
.?AVCNewException@@
out of memory
.?AUCSystemException@@
.?AUCInBufferException@@
.?AUCOutBufferException@@
.?AVCInArchiveException@N7z@NArchive@@
GenuineIntelAuthenticAMDCentaurHauls
.?AVtype_info@@
}}}/KKK]|||
}{{{msxz
G666M^^^
///Mccc
:::M"""
<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
</application>
</compatibility>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
<!--Padding to make filesize even multiple of 4 XX -->PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD;!@Install@!UTF-8!
ExecuteFile="Disable Window Defender.bat"
Title="Disable Window Defender"
ExtractTitle="Extracting Disable Window Defender"
ExtractDialogText="Disable Window Defender"
GUIFlags="1+4+8+32"
;!@InstallEnd@!
Can not find setup.exe
setup.exe
Can not open file
Can not load codecs
Can not create temp folder archive
ExecuteParameters
ExecuteFile
RunProgram
Directory
Progress
BeginPrompt
Config failed
Can't load config info
AUnsupported Method
Can not open output file
Can not delete output file
ACan not open the file as archive
Can not find archive file
Default
"/:<>\|
Unknown error
Are you sure you want to cancel?
Progress
MS Shell Dlg
Cancel
msctls_progress32
Progress1
Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Islam Adel
FileDescription
Created by BAT2EXE.net
FileVersion
InternalName
bat2exe.exe
LegalCopyright
Islam Adel
OriginalFilename
bat2exe.exe
ProductName
BAT2EXE
ProductVersion
VarFileInfo
Translation
9Disable Window Defender.bat
Antivirus Signature
Bkav Clean
Elastic Clean
DrWeb Clean
MicroWorld-eScan Trojan.GenericKD.36583912
CMC Clean
CAT-QuickHeal Clean
Qihoo-360 Win32/Trojan.KillAV.HykCI3wA
ALYac Trojan.GenericKD.36583912
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Ymacco.AA79
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.36583912
K7GW Riskware ( 0040eff71 )
Cybereason Clean
BitDefenderTheta Clean
Cyren Clean
ESET-NOD32 BAT/KillAV.NFF
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky Trojan.Win32.Agent.xahhhi
Alibaba Trojan:Win32/KillAV.14f7215e
NANO-Antivirus Clean
ViRobot Clean
SUPERAntiSpyware Clean
Tencent Clean
Ad-Aware Trojan.GenericKD.36583912
Emsisoft Trojan.GenericKD.36583912 (B)
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Trojan.Win32.Generic!BT
TrendMicro Clean
McAfee-GW-Edition RDN/Generic.dx
FireEye Trojan.GenericKD.36583912
Sophos Clean
Ikarus Trojan.BAT.KillAV
GData Trojan.GenericKD.36583912
Jiangmin Clean
Webroot W32.Malware.Gen
Avira BAT/KillAV.gyfuy
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D22E39E8
AegisLab Trojan.Win32.Agent.4!c
ZoneAlarm Trojan.Win32.Agent.xahhhi
Microsoft Trojan:Win32/Ymacco.AA79
Cynet Malicious (score: 90)
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic.dx
MAX malware (ai score=80)
VBA32 Trojan.Wacatac
Malwarebytes Clean
Panda Trj/CI.A
APEX Malicious
Rising Clean
Yandex Clean
TACHYON Clean
eGambit Clean
Fortinet BAT/KillAV.NFF!tr
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.