popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2087-06-08 20:26:00

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000029e4 0x00002a00 6.40004191286
.rsrc 0x00006000 0x000005a8 0x00000600 4.05648932077
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000060a0 0x0000031c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000063bc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
System.Runtime.Remoting.Metadata.W3cXsd2001
MultiProducerMultiConsumerQueue`1
List`1
Dictionary`2
get_LIFVOdxtMcADaZWArEkxULrcSYNzmryFbLeVEVetpPWjN
System.IO
get_IDhBoOTHDAqDdQ
set_IDhBoOTHDAqDdQ
APPX_FLAGS
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Thread
Synchronized
Replace
IDisposable
System.Runtime.InteropServices.WindowsRuntime
WriteLine
CompoundAceType
Capture
ApplicationSettingsBase
Dispose
SoapDate
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DefaultSettingValueAttribute
UserScopedSettingAttribute
WriteByte
get_Value
System.Threading
NewLateBinding
DownloadString
ToString
GetFolderPath
get_Length
LateCall
System.Security.AccessControl
MemoryStream
get_Item
System
EventRegistrationToken
AppDomain
System.Configuration
MatchCollection
GroupCollection
WebHeaderCollection
Exception
ToChar
SpecialFolder
System.CodeDom.Compiler
IEnumerator
GetEnumerator
.cctor
System.Diagnostics
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Matches
System.Threading.Tasks
Contains
System.Text.RegularExpressions
System.Collections
get_Groups
get_Chars
get_Headers
Exists
Concat
Object
LateGet
System.Net
WebClient
Environment
get_Current
Convert
MoveNext
ReadAllText
WriteAllText
ToArray
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.6.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0I#0I+
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-DEA727DF665CF7FADF0E3180B7284687.html
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0464A806F73B7C9AABE9A0820C5EC85C.html
agTRmYlksG
<meta name="keywords" content="([\w\d ]*)">
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
Brewster
Skiller
VBisLife
CanBeThat
Dangerous
IDhBoOTHDAqDdQ
DONT_MUTATE
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
badenberg
FileVersion
1.0.0.0
InternalName
badenberg.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
badenberg.exe
ProductName
badenberg
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36690699
FireEye Generic.mg.f00ffaeabd21162b
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.36690699
Cylance Unsafe
Zillya Clean
AegisLab Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Trojan.GenericKD.36690699
K7GW Trojan-Downloader ( 0057aa5e1 )
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.34670.am0@aClD!hg
Cyren W32/MSIL_Troj.AOW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HSJ
Baidu Clean
APEX Malicious
Avast Win32:RATX-gen [Trj]
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:MSIL/Generic.530413f3
NANO-Antivirus Clean
ViRobot Clean
Rising Downloader.Agent!8.B23 (CLOUD)
Ad-Aware Trojan.GenericKD.36690699
TACHYON Clean
Emsisoft Trojan.GenericKD.36690699 (B)
Comodo TrojWare.Win32.Agent.iupqc@0
F-Secure Clean
DrWeb Trojan.DownLoader38.30149
VIPRE Clean
TrendMicro Clean
CMC Clean
Sophos Clean
Ikarus Trojan-Downloader.MSIL.Agent
GData Trojan.GenericKD.36690699
Jiangmin Clean
eGambit Unsafe.AI_Score_97%
Avira TR/Dldr.Agent.lclzg
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Downloader.dd!n
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/AgentTesla!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic Downloader.x
MAX malware (ai score=87)
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Agent.HSA!tr.dldr
Webroot Clean
AVG Win32:RATX-gen [Trj]
Paloalto Clean
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Win32/Backdoor.Rat.HgIASSkA
No IRMA results available.