popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-30 02:31:23

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00002ae4 0x00002c00 5.22635833642
.rsrc 0x00006000 0x00000516 0x00000600 3.88382857591
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000060a0 0x0000028c LANG_NEUTRAL SUBLANG_NEUTRAL PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x0000632c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<RandomString>b__10
<>9__0_0
<Main>b__0_0
<>c__DisplayClass0_0
<>c__DisplayClass0_0__0
<>c__DisplayClass0_1__0
<>c__DisplayClass0_2__0
<Main>b__0
<>c__0
CS$<>9__CachedAnonymousMethodDelegate11
<>c__DisplayClass0_1
<>c__DisplayClass0_0__1
<>c__DisplayClass0_1__1
<>c__DisplayClass0_2__1
<Main>b__1
<>c__1
IEnumerable`1
List`1
CS$<>8__locals1
Microsoft.Win32
Bundle_V2
BundleV2
<>c__DisplayClass0_2
<>c__DisplayClass0_0__2
<>c__DisplayClass0_1__2
<>c__DisplayClass0_2__2
<Main>b__2
<>c__2
Func`2
<>c__DisplayClass0_0__3
<>c__DisplayClass0_1__3
<>c__DisplayClass0_2__3
<Main>b__3
<>c__3
CS$<>9__CachedAnonymousMethodDelegate4
<>c__DisplayClass6
CS$<>8__locals7
<>c__DisplayClass9
<Module>
System.IO
DownloadData
mscorlib
System.Collections.Generic
<>c__DisplayClassc
Thread
Payload
payload
started
System.Collections.Specialized
<fnGetFriendlyName>b__e
IEnumerable
IDisposable
get_MachineName
get_UserName
fnGetFriendlyName
OfType
System.Core
Dispose
CompilerGeneratedAttribute
UnverifiableCodeAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
SetValue
GetPropertyValue
20igE2ZdFyoYwYyRem5HZhRh.exe
CS$<>9__CachedAnonymousMethodDelegatef
System.Threading
DownloadString
RandomString
ToString
20igE2ZdFyoYwYyRem5HZhRh
GetFolderPath
get_Length
length
fileurl
System
Random
random
NameValueCollection
WebHeaderCollection
ManagementObjectCollection
RegisterInStartup
System.Linq
SpecialFolder
ManagementObjectSearcher
CurrentUser
GetEnumerator
.cctor
System.Diagnostics
payloads
System.Runtime.CompilerServices
WriteAllBytes
Contains
System.Collections
get_Chars
get_Headers
Process
Concat
Repeat
ManagementBaseObject
ManagementObject
Select
System.Net
FirstOrDefault
WebClient
System.Management
Environment
get_Current
runcount
ThreadStart
MoveNext
ToArray
OpenSubKey
RegistryKey
Registry
System.Security
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://iplogger.org/1xPHh7
https://iplogger.org/1iPtu7
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://hacking101.net/pastebin/links.txt
Caption
https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe,https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe,https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe
user-agent
referer
http://203.159.80.228/
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
20igE2ZdFyoYwYyRem5HZhRh.exe
LegalCopyright
OriginalFilename
20igE2ZdFyoYwYyRem5HZhRh.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.36625148
CMC Clean
CAT-QuickHeal Clean
Qihoo-360 Win32/Heur.Generic.HwMATkIA
ALYac Trojan.GenericKD.36625148
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Trojan.GenericKD.36625148
K7GW Clean
Cybereason malicious.fe65fd
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.CLN
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Bund.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.IPLogger!1.B69D (CLOUD)
Ad-Aware Trojan.GenericKD.36625148
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.8e9df5d267e02aee
Emsisoft Trojan.GenericKD.36625148 (B)
Ikarus Trojan-Downloader.MSIL.Small
GData Win32.Trojan.Ilgergop.RU396K
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=86)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D22EDAFC
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Backdoor:Win32/Bladabindi!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!8E9DF5D267E0
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Downloader
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Clean
Fortinet MSIL/Small.CLN!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.34670.am0@aKH6mro
AVG Win32:TrojanX-gen [Trj]
Paloalto Clean
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Clean
No IRMA results available.