popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2063-08-21 20:34:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000457c 0x00004800 5.42613188613
.rsrc 0x00008000 0x00000298 0x00000400 2.11653528564
.reloc 0x0000a000 0x0000000c 0x00000400 0.0446870062539

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00008058 0x0000023c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>9__1_0
<SystemNetTransportContextq>b__1_0
<>c__DisplayClass2_0
<SystemNetTransportContextq>b__0
DA778274B6843A26C4B5120BDA6BB28E70F3BE41
<>c__DisplayClass2_1
<SystemNetTransportContextq>b__1
Func`1
kernel32
cbReserved2
lpReserved2
FromBase64
ToInt64
isWow64
__StaticArrayInitTypeSize=226
18CF8F5060B8A70AE9A7923366A78A5C7E8B08F6
__StaticArrayInitTypeSize=308
__StaticArrayInitTypeSize=128
FE11E3722805C72BC0137B3817E9B4977419FA88
<Module>
<PrivateImplementationDetails>
get_SystemNetUnsafeNclNativeMethodsWinHttpAutoDetectTypeA
set_SystemNetUnsafeNclNativeMethodsWinHttpAutoDetectTypeA
SystemNetWriteBufferStateA
SystemNetSocketsMultipleConnectAsyncB
NewtonsoftJsonLinqExtensionscC
SystemSecurityCryptographyXCertificatesXCertificateC
SystemComponentModelPropertyTabScopeF
SystemDataTypeLimiterF
SystemDiagnosticsAssertWrapperG
SystemComponentModelCustomTypeDescriptorG
InflateManagerModeH
NewtonsoftJsonSerializationDefaultContractResolverEnumerableDictionaryWrapperI
SystemSecurityCryptographyXCertificatesXChainElementI
SystemSecurityCryptographySafeCertContextHandleJ
get_PrivateImplementationDetailsStaticArrayInitTypeSizeK
set_PrivateImplementationDetailsStaticArrayInitTypeSizeK
SystemNetKerberosClientK
System.IO
SystemNetNetworkInformationMulticastIPAddressInformationCollectionO
SystemNetWebSocketsWebSocketContextO
SystemDataSqlClientSqlConnectionOpenAsyncRetryO
SystemDataCommonUnsafeNativeMethodsIDBPropertiesP
SystemNetCredentialUseS
get_SystemComponentModelDesignerSerializationVisibilityAttributeT
lpProcesSystemNetSSPISecureChannelTypeU
SystemComponentModelTypeDescriptionProviderAttributeX
SystemDataSqlClientSqlRowUpdatingEventHandlerZ
SystemNetConfigurationSmtpSectionSmtpDeliveryFormatTypeConverterla
SizeOfRawData
PointerToRawData
SystemDataCommonSqlStringStorageb
mscorlib
SystemNetMailMBKeyAccessb
SystemNetHttpListenerDisconnectAsyncResultb
e_magic
dwThreadId
dwProcessId
hThread
SystemDiagnosticsProcessStated
BytesToStringConverted
lpReserved
<PrivateImplementationDetailsStaticArrayInitTypeSizeK>k__BackingField
ReadToEnd
Append
method
SystemIOCompressionZLibNativeFlushCodenasd
SystemNetUnsafeNclNativeMethodsWinHttpErrorCodesd
Replace
exitCode
SystemDataLookupNodee
SizeOfImage
EndInvoke
BeginInvoke
decLookupTable
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
handle
lpTitle
hModule
procName
fileName
lpApplicationName
SystemNetGlobalSSPIptionName
lpCommandLine
Combine
ValueType
SecurityProtocolType
flAllocationType
Signature
ImageBase
Dispose
X509Certificate
MulticastDelegate
CompilerGeneratedAttribute
UnverifiableCodeAttribute
DebuggableAttribute
TargetFrameworkAttribute
dwFillAttribute
SecurityPermissionAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
set_Expect100Continue
Prove.exe
dwXSize
dwYSize
dwSize
SizeOf
SystemDataOleDbStringMemHandleg
System.Threading
System.Runtime.Versioning
FromBase64String
DownloadString
ToString
SystemTextRegularExpressionsRegexMatchTimeoutExceptiong
get_Length
SystemNetUploadProgressChangedEventArgsi
SystemNetSocketsAsyncEventBitsj
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
AllocHGlobal
FreeHGlobal
Marshal
kernel32.dll
set_SecurityProtocol
SystemNetConfigurationSmtpSectionSmtpDeliveryFormatTypeConverterl
MemoryStream
SystemDataCommonSqlBooleanStoragem
System
SystemIOCompressionZLibNativeFlushCoden
hToken
hNewToken
lpNumberOfBytesWritten
X509Chain
SecurityAction
action
DllNotFoundException
AbandonedMutexException
System.Runtime.ConstrainedExecution
lpStartupInfo
NewtonsoftJsonUtilitiesReflectionUtilscDisplayClasso
SystemNetSocketsConnectOverlappedAsyncResulto
lpDesktop
SystemNetTransportContextq
lSystemNetWebSocketsWebSocketBaseCloseOutputAsyncCoredr
FileHeader
OptionalHeader
StreamReader
TextReader
StringBuilder
ServicePointManager
GetDelegateForFunctionPointer
hStdError
.cctor
IntPtr
base64str
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
bInheritHandles
SNIPacketIOTypes
System.Security.Cryptography.X509Certificates
lpThreadAttributes
lpProcessAttributes
dwCreationFlags
ContextFlags
dwFlags
System.Security.Permissions
NumberOfSections
SystemNetHttpListenerAuthenticationSelectorInfos
get_Chars
dwXCountChars
dwYCountChars
SizeOfHeaders
RuntimeHelpers
SslPolicyErrors
hProcess
GetProcAddress
lpBaseAddress
VirtualAddress
lpAddress
SystemDataSqlClientSqlCommandcDisplayClasss
SystemNetICloseExs
Object
object
flProtect
System.Net
op_Explicit
IAsyncResult
result
WebClient
lpEnvironment
AddressOfEntryPoint
Convert
get_Host
set_Host
hStdInput
hStdOutput
System.Text
pContext
SystemComponentModelAttributeCollectionv
e_lfanew
wShowWindow
InitializeArray
FromBase64CharArray
ToCharArray
Consistency
stringKey
LoadLibrary
FreeLibrary
lpCurrentDirectory
op_Equality
op_Inequality
System.Security
System.Net.Security
SystemIOCompressionZLibNativeCompressionStrategyy
SystemNetHttpBehaviourz
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP>PPP?456789:;<=PPP@PPP
PPPPPP
 !"#$%&'()*+,-./0123PPPPPK
SystemDiagnosticsTraceEventTyper
NetNetworkInformationNetworkAvailabilityEventArgsR
HztuopPtcOzTy
KNetNetworkInformationNetworkAvailabilityEventArgsRUgiDA0dBgcuNTMhIw8CBw==
KNetNetworkInformationNetworkAvailabilityEventArgsRhQmHg03JwE5CAIn
GNetNetworkInformationNetworkAvailabilityEventArgsRUk+GTYoAhg2BzAiIHosDhZfHCUQJBkDNhQOCSICUk0=
PROTECT
HNetNetworkInformationNetworkAvailabilityEventArgsRj0iDA0nPAE6Fyg4LAAwAixdJioXFHJH
GNetNetworkInformationNetworkAvailabilityEventArgsRUgMAwxCBj06GE8/Gw8vSQ==
GNetNetworkInformationNetworkAvailabilityEventArgsRyI6LQ1DM0YtCTgtG3o0GBZcPW0=
HNetNetworkInformationNetworkAvailabilityEventArgsRhcYDAs4BhwBCjwnGw9DHic3F20=
HNetNetworkInformationNetworkAvailabilityEventArgsRkk+BQs3BiUAIkM+IxA0DiE4JiQWUAVP
HNetNetworkInformationNetworkAvailabilityEventArgsRkhNRiEaAjw5FygBGAAwGCw4IhQWUXpKDiEgSg==
GNetNetworkInformationNetworkAvailabilityEventArgsRkgiRTk3OA05GDw/KHpDAREoJmQQInJH
HNetNetworkInformationNetworkAvailabilityEventArgsRkhNRiEaAiA5FygBGAAwGCw4IhQWUXpKDiEgSg==
HNetNetworkInformationNetworkAvailabilityEventArgsRUgiRTk3OA05GDw/KHpDAREoJmQQInJH
HNetNetworkInformationNetworkAvailabilityEventArgsRRciDwsnYRg1CBItIx88Hw==
HNetNetworkInformationNetworkAvailabilityEventArgsRBQmIw0dYRwACSAkIxAeJC8DPjwtUB0KNkt8Rw==
KNetNetworkInformationNetworkAvailabilityEventArgsRTImRQw4HUIvNkMgNhtPGhQ3IWARNHZLGBcCSzhEIUUzRzEjGAE3PhgzDQMpYyYTLUhhAxpIIgA1KBoEOn8wJB0NEhgXJzI8Fw4GRw==
C:\WindPROTECTows\MicrPROTECTosoft.NPROTECTET\FramPROTECTework\v4.0.30PROTECT319\AddInPPROTECTrocess32.exePROTECT
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Prove.exe
LegalCopyright
OriginalFilename
Prove.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Spider.1
CMC Clean
CAT-QuickHeal Clean
Qihoo-360 Win32/Trojan.Generic.HgIASSoA
McAfee RDN/Generic Downloader.x
Malwarebytes Trojan.Downloader.MSIL.Generic
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Spider.1
K7GW Trojan ( 0056879b1 )
K7AntiVirus Trojan ( 0056879b1 )
Baidu Clean
Cyren W32/MSIL_Agent.BXA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HSK
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Trojan:MSIL/Redline.49be1014
NANO-Antivirus Clean
ViRobot Clean
SUPERAntiSpyware Clean
Tencent Clean
Ad-Aware Gen:Variant.Spider.1
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.mt
FireEye Generic.mg.89063b006e43a92c
Emsisoft Gen:Variant.Spider.1 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Spider.1
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1134630
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Spider.1
AegisLab Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft Trojan:MSIL/Redline.GE!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.Spider.1
TACHYON Clean
Cylance Unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09DD21
Rising Downloader.Agent!8.B23 (CLOUD)
Yandex Clean
Ikarus Trojan-Downloader.MSIL.Agent
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Small.CKP!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.34670.bm0@amycNxj
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.06e43a
Avast Win32:PWSX-gen [Trj]
MaxSecure Clean
No IRMA results available.