Static Analysis

PE Compile Time

2022-04-28 12:40:06

PE Imphash

aa9af8f0fc3cf718f202742d25f159aa

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x000a5000 0x00000000 0.0
UPX1 0x000a6000 0x0004e000 0x0004d800 7.92570108094
.rsrc 0x000f4000 0x00001000 0x00000400 2.44841789208

Resources

Name Offset Size Language Sub-language File type
RT_MENU 0x000ee130 0x0000004a LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x000ee190 0x0000013c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x000ee2d0 0x00000048 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x000ee180 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ADVAPI32.dll:
0x1400f4194 GetUserNameW
Library KERNEL32.DLL:
0x1400f41a4 LoadLibraryA
0x1400f41ac ExitProcess
0x1400f41b4 GetProcAddress
0x1400f41bc VirtualProtect
Library USER32.dll:
0x1400f41cc GetAsyncKeyState
Library WS2_32.dll:
0x1400f41dc closesocket
!This program cannot be run in DOS mode.
2^j4nX
U`eL$ Hu
D^b^;V
b\//+/
/yD_E
igCZm.d=
>9_E3
hGHkX#>
L[!8(K
u>MS,Z
o8OJ e(WG
)\fh"#
@r&$#2
DAV6bW
3|LmH
ml<O76
vk_H{R9
7pIPh?
!,Z#WZ
iDDDDf
rPibGX
`y`,k)#
}p0pm\2
r Chhh
;@0$$w
'_sLW*h
{parXr
M{LcWL
@J3GW,,
e.QkI+
PPdB.d888
Vr%8_4
aRx=V{
5y4H}Y
*4^ga=
B._A_}7
8L[~ ^
Kla1`.
WA%j:
!%x%p@M*xUR
+Q;&W*
g<AKGo
E#9Zhvcs
BH;+#;;
X!YJ{$
`px#re
(2s+$TNB
y~?P$P4$
sR=(%PI>
pywKj$S
/8#)P5p
S1%%KfD
u~,<xq
XC<pL.
9N0[8!@
@PP``I
#W nQs
Px<@jzC(]
T*X`A]A\E
f|xX$F
:2:121!B^
<(V(!
pH9kbf
qz9\DE
@Z'RF
L,PHX/
3`'CH8v
s {zA
"085G
@$PX@f`
B4l sk
NXV`s%\
<]wyT5
c%kuy:
@NZGh?[?
,@U$<`w;d
!#@D2?
[ZFF3t
(v9[40uH
t;D> A
n&,6}v}
7k8f<#
ZtVRtR
|O~W&&R
Q@??N|
ttlNx+t
Ro\E{I
_Jy_'7
;l&k*y
|rZ!)S#*AI
/<-uI*
[uYMDE
H[nYpp
WB6xG`
KIII[X
sncuqM
9u[I;N
F95 k4)|<6
Ck'Ub/oAJ1
SJ>Y{3=
23t_8h
=W MvCQ
YL9=<4D
6%(2OIp
7iyHhE
6.h.5P
@+ WxIh_
EfU HNE(
M;D|\p
t1_&9v
S +!C|4
@Y5?]MbuF
9GTlD^
584D>
\v1^!M"~
)ZF+%
3tncu.'
=O~N'.
 !"#$%&'()
./0123
.}: l.
@*VGAb
o456789:;<=>?@ABCDEFGHI~
JKLM^NOPQRST
XY^Z[^
@&y00P
"y1iIhw
Xp*EdW
u\BtWb
0pW4<93
C-irQm
{@S((3
+aQ&B^
h=IP`*
NNNF":RjNNNN
5NNNNMe}
%=U''''m
5Me}y^
['%&_K3tj?
`l0:hY?
4'#((89
1"d(?0
Hf*!t
6SDMDE
dcm!"(
seIDiCJ
J>'5\~
08FC &
1R!NF6
@KE]K@K
Lc@kXC
28PI\S
u]#`UhGg
r!p\])
]ZEAwU
?1+4P
D* nt]K
E\t@xD{
uE@vPM%
g\x\|r
z%X/7CD
&z M 0
O!5%SG(
JnG_P\L
eNCRLGw
FN%|%|c<
@^(j8J
HbP5j$
%[$s aA
A u: 7
I(Ts4+_P
LD8HrI
s 9D8w
$08zj
m8PL@(
TH0riN
.:eo%M
Hg2JP"
i+%B+64h
(?8@(7dd
4MWGGOOO6M
4OWWGGXJ
A@K8E+o
?;F@y6
\2.} m
\pT_C_
pO&,*eg
-CAHw6
yGL")(
B?XCrdh
2%7pu9(8
j)NA!:
,&2l44Nt
)yHX`(
X W"$B
C "!?
j<) 4a
_GA[0~
I`ud+t
m2yTx.~TK
78dK4J`
;GP+H'
<(=1BHU8
E83q>j(
LEbcG-
D2P+ X
An(P}A
6cP2$C]
L},mI+
(2u@8sy
PR&M`C
)*ccla@^eW
)fY&L,
~_gY_x
X"KO#i
pA?,wf
vA|Q|1
ZcJH%$h
.J?B2O>
m^ZuxHc
=,7+`.
wlC<yo
>_JPGm
GenuF4B
@ H0@@
X^^HP@`
B^z\fA
B +lu{
_};XXs
Xu5PXCZ
]pNO'h
LD4q
gX0"q6
\:?+^MaGn
Y a0.J@MP`T*
pI@OP`p~P
.pI`1O@
<@0 "0
=d51D{
z5+~03p
]BC>n(&N
&5-1-8
>x4I9}(
t-Lck.Tm
@uD}Lg
bl t]
=D;Kc\O(
rh$ QS
t@X2ri
{{9p@u+
h:CBum
D*KKH3X5
%y.GrK
HH4)oJ$
#mR9d d
u\q:JyX@
c(u!LI
I$0!:>
$= F%D-o
+E2^92
99~C c
V0&<T"+
G+2n"#
h9]xtX
QhE,PPX
tT7]a0
#]"g[
o[{dpI!4`C
A|l\eqHA
71W&'S
59lg:`
O,"08 :
^Jtm\t
L9?tbQ
3E`c/1l
<0t0<2t
H4E:2o
w\A\VV
]]|lt1
:`h.`A]
@+A:P$M
*n'pc"p
/h H;$
`f3+Pc
uSM9&tN
O!uAAG&
ni+}{IRlCK
p?t{Vt
\uP8ru
$h^99
^[#LQ8
-T#dpH5`J
<>u98]
n5thD8&u
B=83.:
\t'TA'
PNLfk"
@ ;)`)
AX7@fH
P3Q+J!
?_85VI?
NsAm!na
*w<+exFt~
:@qC.G
lo?(lN
LcLHFZ^
jIb;8I
t0g5p
`L3<pgj
10F 3@O*'
*0 @0Py
x 4x|n
AmdBr8
M1A(*f+y
Ir<0u1
<lt4<t
<Ct-<D
&StW@:
t<g~{<itd<n
<ot7<pt
86[ZZ!
!,I<%!
f{:^&;k
(\=gTI
n-i.F"7
]_8Ao@Z
uSTDIV>*
2Dn%Cn
Si#LZ'
@^@eu0u4_h/ "
Z&Fg2p
<MD0d___
vC8_O
C)AAI$M&
-?s+(^k
6[rx'u@*
}QAv(E
B8YF~rrO
~)4f9>u
dEHS]05
p%aPwa
st._tn
>@ "00@@R
fB9<{u
J83D*N=
>lAt[E
.?O;S06
7V;(\+
`G'rCVE
lDF=v&u
A5ZZ+x
=vi'q8,|
d.0> J/
Gb3;l`
u`0P0%
u]tRJN
eHf3Z6K
81dHPmlP
Ux[-#5<>h
1JN\7S
usj^D!e
s568k*
HH&gHu7Nj
Id<(6n?o
Y#Ih*EDo
;,DF:\r
=Bh$M:
g9TXD;%
t=A`&<
@B3<:X
/JNS'TL
YjW;Oe
8}m*92
BzuceED
4O+Ttg
,uX9/1p
#GR(i.
.Iqxr4
jGP@R
TBtlEI
{#:&(0
AE5]:,
"3@^DCW
lZ>^kSE
:1ov#U(U*
gC"l.P
vUnB`M
O:hOZ)DI
|F;S}=Aa
SE<~bB{
L8*tHB
yV5.Jw
nI43P8
e7o^2pY
0I`"u
R]Sy*m
IMxLqZ
aEJ6A@
U<WVRCJ
osI?_
Irt)lTX
#(CL5Y
u-l_4O
_Yu4I.
|N7Ue0
$qbgF%
'GtS>tN
x7/TM?
r(U;Ft`
NqxppJy2
wF:y*
kP+dDRP
VH<4-I[
R|4WL
Br|sx=#Zi
G>G*PT
fe z5(
Pl9!}zwj
Jy/KK
s4}%Ldk
T-S/-K
V0% Od
BKI)iA
hU_YlR
3LA*5
ADeQ|;
~T;Qx}
{m9?$OBLI
P@d5`%
qc?p8
#PD )@X
D@xOI;6
"+uF#!(>)9
"0|Bf
GGG5a<=G
}5ZId0
p,!5Qo
rHFf_hd
?k%JO&
&ZReC_
P#Jamh
+d}gMa
w)[ yI
1litL9
Cn~uRI
Q?vk!^
(040E0U
Z^y%tII.i
II$-9iII&$
]uF}XOO6c
RM~w--#
F&wtsC;j
a%MrN{
2I:{Sz
3"u|pDJ
T~cA<*
8?=<%z
`]Q?'8x
*[g(3W
xD[gY
)HhPd
:(w.MSJ
Zklp\^S
ONNFBGL
=ak"fH
2&N2q[v
`-!`!f
QqFA:<
S(GpbAO
"wu ?N
MxrU``
VL>|GpZ
5IcKlI
&`>i|C
4BLe|F
)(Qu"K1x
;Mi;"#
9M`t[~
94uW65
,(5~(w
yI 4X0
/Cf?7r9
Xs9-F=
5ue```mKmM
rm"6Za
b<6(uE?u?
_@Z_ 1
)uGmsF
z&R<vs
wzx$Eo
RdSl?.Oh/*
FJFCpj-
0QA;St
\&tcCdZ
c>"D}2S
,w)VP<
00F`BP
J`+u=~
`LV-%V%L
@v@L+v
Mc[dD/
r>I+S
'2.e%S
L9@(M
.t);tH
JvCt5s5
$0TmL-
l5@l[i
+| )OA
k)MLl,m
Yl)x*Ow
,9v8MM
7&Uo-Cu
&O|7=
NrnB"}\i
VNYq(U
`9R^P7&
QVxlZ|
r&A9u
xL{ZvB
Ce*B0r
0!l]Kw
e!m9!'
[4_Hl#Um
<eD:)"rb
8|xOE+
iT|,m@S
W&~.nMf
s3:HTE|+o
<w.!6'/
[peALN
IwGMCjZ*MT1
BAcel$|^
kC?#"B31
rltsWt
t-NIod
t)BD3GA
Uuai(l
(`t"<t
)e=Ww
ledeek
N<zYu5
*$,uu`B
5*^T5L+1
$+(8E8
0yKc7-7qjiy>}
,IcP&!
M/ |{IZO
P~OssY
q DUG~
334556$
xG9NiE
Yn=<$=
EwEe/D~^n
Eh8<lp
)PtOJ4//_e
]xLw&$\
Z$PM+@
`!\qPe
Rk*PS
McK),Lj
/ tMB_
i?IBCs
<@?yA.
,bAh`w
:qN<_(
L ,?P
kE0q0+
,3ViBo
Z2! _d
0%M3THP@$Vhm
!'t'q'R'!
yp*L*I
***('B
@uP9
CN,)
h9999\J:
2P9999hx
,BVrrrrp
9999(BXn9999
&4NNNNFVbpNNNN
>vvrr
0Nnoa?
(0bad allocation
{_W!w
yBtDuC
rBNPlh
address family not support
?in usef
]QavafableOl,6
connecy/rgumenXl
e@"crip
r/mHagerok
pSbAfB
?0l8vice
hoL62ch
60+xy|
L0:<9{
c,?08^V;o
uhn6^^iU
sbB*M2
cdefghijklm
#/:;+@
&=S<>{}|\"^`
$,[]/URI
hexLgi
s.Zoa?M
qs mus}
ldGssw
uthorby
g>umF"
FEDCBA987654321%l
rBN U Qp
LUR?Zo
e+Asser
l!Null
imple%
Dx(loN
b$\`/n2
8r9y`&
7V;7O}p
,_/!C:
\URs\rf-
\X(vcpkg\bu
B>\49720c5896
-61fa9215f4.c
<<=9of(
i !"#$|Z
:;<=>?y
y@ABCD
JKLMNOy
yPQRST
tuvwxy
_include\P
x/RWL`.h
_SfpedT!)"
US-ASCII
SO-8859-
5@J_06
Y~:Zkt
 !"#$<
<%&'()
/01234<
<56789
?@ABCD<
<EFGHI
O1Bor
11#{(r
Ver/wR
OPTIONS
DEL"Ew
C(NECFK"|
ATCHookie
Proxy-+
{WZi S
lywoSe
YgfSP<
ZPn)0>
o0fO/7 @
Softwa
A_u+9r
kQCRLFO
]/|\',
SUA=.D
Br['av
tb?Qo5
pMask->af() == AF_INET && p
:*?0PF
dPOCOhVALID_S
:`'fjW7
kZrRe&3F
HB.v!LP
.v!l_pdB^
b?Pp9!'
rB@(p*'
caai?
stdlthis!
wift_1
`Xof-.
guard7`
3`M-`CYi
w#Oirtu
udDt"n(
@aMrxB
_awaIk
>Z (?Ar
-p\Hw|!`'
oG#publn=
msKQ>
8fkgnp
hUNKNOWN
`acsu'
.j)[Nf$}
899dPt
A{#c?2
Fls~c!/
[\]^_`?{
v5ACPg
~ $s%r
@b;zO]
;VJo:z
wQ4fY+
v2!L.2
NNNN`@
''''pP0
pNnONP0
p`@nONN0
p9999`P@0
p`rr!'P@0r!'
)|B?d!
qS>^h3
~FA@s}
SwC.Vg
q/E=$n
i{CorEN
{N*TbRB/&U
b&o[tc
ht&dcofb
J?AreF
ApisANSI
_IsV~Qm
?l?LCMap
LyP!=A
:99@Ph
(99998Pdl?999x
SunRj&
ugVe|O*
M/dd/y
05HH:mm:
P"X#\$
abwmodfld
0_c_hy
f@or?y0
_PbnX
~o~?n
A03>A|
^PJ;I:qE>
])6M>&
[cZUg^
[*ncd>0
%f-QY^&
B?(Cic
HIPCS_
vL:Ah
0X&y'
bk-/O([
g saRoo
iO<RAbO
V dzS[Od
J ;S1@f/--
9!'(!0"rb'
#8$@%
H&P'9!'
X)`*h+BN
rB W(Z
0'@)P*\
9!`+>!'
9!'H?X@rBN
rB@RPV'
nv{CeO
ooiO?k'
utecMn
k?ySrH1
Z?dhKe
:LuHX
bO?pl
U_eYZ$
oA/NE/L
[/ZT/HOE
S4OBoW
v1?C_K?n
9!'XKh
&b/@?x
;!l4L
h'8irBN
Zhdb+
bg`oc!
Bjn#{t
.Op*?z
\lstn_>
J7OC?O-
h_pFxggG
=imb;D
~58d%6>
VM>cQ6
>jtm}S
t?M>`~
%Y-%m
dT%H:%MS
%z/sw, %e
0 || !m
BREAK_0!
C[%s]:
+*/](
.2ONNn
y;9/-?
On'#";&
1O1o77
YY?^^^-S
66rr;966o66
/o$O$$
_ n
vZ?Z/ZO
]pr==K_Kv;99KK\\O
<?U/UU
ODDI/I
C?CoCCO
Co[O[[
]p;o**s
Nn'MRROQvr;
Qx_xx/w
Nn']o]]O
+/TOToT_T
n?n_n/c
cocOc?v
_k?k_k
k_l?l/lOll;
zzzqO[
ee?e_e?|!ld*
}GEr;K
2;tl?
??m`)H
PXHW+Q
\q?!2.
SD`\k?+1
S#MA0(;rT
opomofo
j|ugfU
}lxGuj
J8hRg
rfX!3m
WpTzkQ
HwRHW
*wh;|d
elwF'p
UN>$`p
O[ERRFMT]
ACCEPT
\PRUNPTW
\P{Nd}
b(?=\w)
OP1,rrPP
<> {} qua
)Xkkn0=$
t(s) P
R[+-]j
j).S"eS`
\g]gaW
*VERB)q
3,^xd80`@
u[:<:]]
>NO_A.
/START_O
RECURS
UNICOhG
^S::{v
J61/kJ
uMCvc_G
APPDAT
2qS'AR+
9004:80
Mossw=(
@5)61?
4435=?7
[STRG]
LMOUSE
HOME?RnB
'x1>[FM
%ESC+oETURN]
INS-BACKSP
AGE UP?#D
t"<WRR
a]RI
A/]+-[
UKEY \
t&p73d<\
v2ZYOXX@/:r
kWL?P?x
^XF0N_pB0
$/0%H%
/?&7`D
Er*x@0
11?hAu+y^
,.1^6/
#Z'?<N
lsT$fX
Zg`&H}x
:|Nw?x
g@naGWDM`
aOv^(0
MXi.eBv
W<`AO@
$Uv77:
?Zg{J*
gPY__NO
#ot6d$
?pL`uW6/
xQ\?1@2c
`+~!
Hn'@^aG
og: ,S
|rQqo
1s?4@~
LsYsas0
pthA|S
UBrO:C:
Yn`5HN
wGt k;
>z}dv.*'
'U:Mf>
M""~"2
/T4~X
g( Lukn
dsIfYf
q\.'h=
w`O5F
Sr OnUSX
d,`i7"
;7?hdxuA
k!4`
`d$O_2
Vrp/Xg.
/f$Q(4
9P\mJv70
on'v{FP
1?G>e?u
H?T TA
.?09FA
PSTPDS
v.?AVl_
_of_kO
uo-j$X
`hx__n
UO?CS.
@^_JK]
2.:!%I
On}H-
Y_Iosb@HO1
:*V62o
j?N7"t
~S_fSSS
M8.!L0
ROFOO_
<____yN
9aaaa9yN
abbbb{
<'hhhh'
shhhiis
<iiii<'
L/P{O)
9~EEEE
krFdlO
|>R}>9y
^H}-pw
]G ^.K^
;@m9yn
rrg^tk
Pq:*Chp)
RtlUn!
/G;&!AOEMCP
aes]A&
t%\oku
``)Tu5{
HWSAlcv4
cHSX;`
(]_^[H
ADVAPI32.dll
KERNEL32.DLL
USER32.dll
WS2_32.dll
GetUserNameW
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
GetAsyncKeyState
No antivirus signatures available.
IRMA Signature
ESET Security (Windows) a variant of Win64/Spy.KeyLogger.AD trojan
Avast Core Security (Linux) Win64:SpywareX-gen [Trj]
C4S ClamAV (Linux) Win.Keylogger.Tedy-10008061-0
F-Secure Antivirus (Linux) Clean
Windows Defender (Windows) Trojan:Win64/SnakeKeyLogger.DSP!MTB
McAfee CLI scanner (Linux) Clean
Forticlient (Linux) Clean
Bitdefender Antivirus (Linux) Clean
G Data Antivirus (Windows) Virus: Gen:Variant.Tedy.112122 (Engine A)
Sophos Anti-Virus (Linux) Clean
DrWeb Antivirus (Linux) Clean
Trend Micro SProtect (Linux) Clean
ClamAV (Linux) Win.Keylogger.Tedy-10008061-0
eScan Antivirus (Linux) Gen:Variant.Tedy.112122(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows) Gen:Variant.Tedy.112122 (B)
Cuckoo

We're processing your submission... This could take a few seconds.