Static | ZeroBOX

PE Compile Time

2020-08-27 12:34:45

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000054c4 0x00005600 5.58525944407
.rsrc 0x00008000 0x00000240 0x00000400 4.9660813397
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00008058 0x000001e7 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
1  (u
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
System.IO
FileInfo
FileStream
Microsoft.VisualBasic.Devices
Computer
System.Net.Sockets
TcpClient
MemoryStream
Conversions
ToBoolean
System.Reflection
Assembly
GetEntryAssembly
get_Location
Exception
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
String
Concat
OpenSubKey
DeleteValue
ProjectData
SetProjectError
ClearProjectError
RuntimeHelpers
GetObjectValue
GetValue
RegistryValueKind
CreateSubKey
SetValue
DateTime
Operators
ConditionalCompareObjectEqual
ToString
Environment
get_MachineName
get_UserName
FileSystemInfo
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
Microsoft.VisualBasic
Strings
CompareMethod
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
GetValueNames
get_Length
Convert
ToBase64String
FromBase64String
System.Text
Encoding
get_UTF8
GetBytes
GetString
System.IO.Compression
GZipStream
Stream
CompressionMode
set_Position
BitConverter
ToInt32
Dispose
IntPtr
op_Equality
op_Explicit
Interaction
Environ
Conversion
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
DirectoryInfo
get_Name
ToLower
CompareString
get_Directory
get_Parent
get_LocalMachine
AppWinStyle
Delete
DeleteSubKey
EndApp
System.Threading
Thread
Exists
FileMode
ReadAllBytes
System.Diagnostics
Process
EnvironmentVariableTarget
SetEnvironmentVariable
System.Net
WebClient
System.Drawing
Graphics
Bitmap
Rectangle
ConcatenateObject
get_Chars
ToArray
DownloadData
GetTempFileName
WriteAllBytes
get_Message
NewLateBinding
LateSet
LateCall
Boolean
LateGet
CompareObjectEqual
OrObject
System.Windows.Forms
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
Cursors
get_Default
get_Position
ToInteger
DrawImage
ImageFormat
get_Jpeg
WriteByte
RuntimeTypeHandle
GetTypeFromHandle
ChangeType
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
GetCurrentProcess
get_Handle
Monitor
Socket
get_Client
SocketFlags
set_ReceiveBufferSize
set_SendBufferSize
set_SendTimeout
set_ReceiveTimeout
Connect
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
Receive
ParameterizedThreadStart
Command
ThreadStart
SessionEndingEventArgs
SessionEndingEventHandler
SystemEvents
add_SessionEnding
Application
DoEvents
set_MinWorkingSet
ConditionalCompareObjectNotEqual
CompilerGeneratedAttribute
DebuggerStepThroughAttribute
STAThreadAttribute
StringBuilder
GetProcessById
get_MainWindowTitle
DateAndTime
get_Now
get_ProcessName
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
get_CtrlKeyDown
Remove
avicap32.dll
kernel32
user32.dll
user32
mscorlib
lastcap
.cctor
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetForegroundWindow
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
Plugin
CompDir
connect
_Lambda$__1
_Lambda$__2
LastAV
LastAS
lastKey
ToUnicodeEx
GetKeyboardState
MapVirtualKey
GetWindowThreadProcessId
GetKeyboardLayout
GetAsyncKeyState
VKCodeToUnicode
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
xadefg
REEgQ0FJIERBVCBEQU8tIE9LISEh
svchost.exe
AppData
bc9ca6317c2f038823232f8d64f26b64
niogem117.soon.it
Software\Microsoft\Windows\CurrentVersion\Run
Software\
yy-MM-dd
??-??-??
Microsoft
Windows
SystemDrive
netsh firewall delete allowedprogram "
Software
cmd.exe /c ping 0 -n 2 & del "
SEE_MASK_NOZONECHECKS
netsh firewall add allowedprogram "
" ENABLE
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
yy/MM/dd
[ENTER]
Antivirus Signature
Bkav W32.FamVT.binANHb.Worm
Elastic malicious (high confidence)
MicroWorld-eScan Generic.MSIL.Bladabindi.3CAC55E6
FireEye Generic.mg.fb002bdf8ca98dc1
CAT-QuickHeal Backdoor.Bladabindi.AL3
McAfee Trojan-FIGN
Cylance Unsafe
VIPRE Backdoor.MSIL.Bladabindi.a (v)
SUPERAntiSpyware Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
Alibaba Backdoor:MSIL/Bladabindi.7203dee5
K7GW Trojan ( 700000121 )
Cybereason malicious.f8ca98
BitDefenderTheta Gen:NN.ZemsilF.34670.bmW@aK2nMpp
Cyren W32/MSIL_Bladabindi.AU.gen!Eldorado
Symantec Backdoor.Ratenjay
ESET-NOD32 a variant of MSIL/Bladabindi.AS
Baidu MSIL.Backdoor.Bladabindi.a
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.B-468
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.MSIL.Bladabindi.3CAC55E6
NANO-Antivirus Trojan.Win32.Disfa.dtznyx
ViRobot Backdoor.Win32.Bladabindi.Gen.A
Avast MSIL:Agent-DRD [Trj]
Tencent Win32.Trojan.Generic.Ecjo
Ad-Aware Generic.MSIL.Bladabindi.3CAC55E6
TACHYON Clean
Emsisoft Trojan.Bladabindi (A)
Comodo Backdoor.MSIL.Bladabindi.A@566ygc
F-Secure Clean
DrWeb BackDoor.Bladabindi.13678
Zillya Trojan.Disfa.Win32.10621
TrendMicro BKDR_BLADABI.SMC
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
SentinelOne Static AI - Malicious PE
GData MSIL.Backdoor.Bladabindi.AV
Jiangmin TrojanDropper.Autoit.dce
eGambit Unsafe.AI_Score_100%
Avira TR/Dropper.Gen7
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
AegisLab Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Clean
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win32.Bladabindi.R91438
Acronis suspicious
VBA32 Trojan.MSIL.Disfa
ALYac Generic.MSIL.Bladabindi.3CAC55E6
MAX malware (ai score=88)
Malwarebytes Backdoor.NJRat
Zoner Clean
TrendMicro-HouseCall BKDR_BLADABI.SMC
Rising Clean
Yandex Trojan.AvsMofer.dd6520
Ikarus Trojan.MSIL.Bladabindi
MaxSecure Clean
Fortinet MSIL/Agent.LI!tr
Webroot W32.Trojan.Gen
AVG MSIL:Agent-DRD [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.NjRAT.HwMAF8kA
No IRMA results available.