popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-12-14 17:22:09

PDB Path

d:\实验代码\TestDump\Release\TestDump.pdb

PE Imphash

565a435038abcead7cf0faa0feb0ad0f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000a5a 0x00000c00 5.53639895674
.rdata 0x00002000 0x000007fa 0x00000800 5.04955661271
.data 0x00003000 0x00000390 0x00000200 0.352759488216
.rsrc 0x00004000 0x000002b0 0x00000400 5.19445966972
.reloc 0x00005000 0x000001ea 0x00000200 5.12296802935

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x402010 CloseHandle
0x402014 GetProcAddress
0x402018 GetModuleHandleA
0x40201c OpenProcess
0x402024 Process32First
0x402028 Process32Next
0x40202c CreateFileA
0x402030 DeleteFileA
0x402034 GetNativeSystemInfo
0x402038 CreateDirectoryA
0x40203c GetTickCount
0x402044 IsDebuggerPresent
0x402050 GetCurrentProcess
0x402054 TerminateProcess
0x40205c Sleep
0x402060 InterlockedExchange
0x402064 GetCurrentProcessId
0x40206c GetCurrentThreadId
Library ADVAPI32.dll:
0x402004 OpenProcessToken
Library MSVCR90.dll:
0x402074 __p__commode
0x402078 __p__fmode
0x40207c _encode_pointer
0x402080 __set_app_type
0x402084 _crt_debugger_hook
0x402088 ?terminate@@YAXXZ
0x40208c _unlock
0x402090 __dllonexit
0x402094 _lock
0x402098 _onexit
0x40209c _decode_pointer
0x4020a4 _invoke_watson
0x4020a8 _controlfp_s
0x4020ac __setusermatherr
0x4020b0 _configthreadlocale
0x4020b4 _initterm_e
0x4020b8 _initterm
0x4020bc __initenv
0x4020c0 exit
0x4020c4 _XcptFilter
0x4020c8 _exit
0x4020cc _cexit
0x4020d0 __getmainargs
0x4020d4 _amsg_exit
0x4020d8 sprintf
0x4020dc _adjust_fdiv
0x4020e0 memset
Library dbghelp.dll:
0x4020e8 MiniDumpWriteDump
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
t$@hX!@
c:\Dumps
c:\Dumps\%s_%d.dump
IsWow64Process
kernel32
SeDebugPrivilege
\TestDump\Release\TestDump.pdb
CreateDirectoryA
DeleteFileA
CreateFileA
OpenProcess
CloseHandle
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
KERNEL32.dll
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ADVAPI32.dll
sprintf
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
MiniDumpWriteDump
dbghelp.dll
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
memset
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0!0B0I0S0p0
1-2J2P2V2\2j2t2{2
3"3'3I3N3W3\3i3z3
4 424=4C4
5!5'5-53595?5F5M5T5[5b5i5p5x5
6^6d6n6u6
62777X7]7|7
8/8M8a8g8
: :&:,:2:8:>:D:J:P:V:
1L2P2p2
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Ghanarava.1744547190a76fa0
Skyhigh Clean
ALYac Trojan.GenericKD.75879991
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Agent.Voj3
CrowdStrike win/malicious_confidence_60% (D)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Trojan.Gen.MBT
ESET-NOD32 Clean
APEX Malicious
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Trojan.GenericKD.75879991
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.75879991
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Trojan.GenericKD.75879991
TrendMicro Clean
McAfeeD ti!EEF68514CEF3
Trapmine Clean
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.75879991 (B)
Ikarus Clean
GData Trojan.GenericKD.75879991
Jiangmin Clean
Webroot Clean
Varist W32/ABTrojan.VWYV-4738
Avira Clean
Antiy-AVL Trojan/Win32.Malicious
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D485D637
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.C!ml
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5732194
Acronis Clean
McAfee Artemis!FB7ED42DE60E
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09BO25
Rising Clean
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.335761394.susgen
Fortinet W32/Malicious_Behavior.VEX
AVG Clean
DeepInstinct MALICIOUS
alibabacloud Suspicious
No IRMA results available.