popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-14 11:26:58

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00035d67 0x00035e00 7.92319219689
.rsrc 0x00038000 0x00010ca2 0x00010e00 3.54806077652
.reloc 0x0004a000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0003806c 0x00010618 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000486c0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00048710 0x0000036c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00048ab8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
+.+3+4~
+7+8}I
+7+8}J
+7+8}K
+7+8}L
+1+6+;
-)&&&&
a+$+&~]
+1+2~Z
v4.0.30319
#Strings
Swezuatfz.exe
Swezuatfz
<Module>
mscorlib
Object
System
WindowsFormsApp1
System.Windows.Forms
Settings
WindowsFormsApp1.Properties
ApplicationSettingsBase
System.Configuration
Attribute
PoweredByAttribute
SmartAssembly.Attributes
IContainer
System.ComponentModel
TextBox
Button
System.Core
CallSite`1
System.Runtime.CompilerServices
Func`4
CallSite
<>9__2_0
Func`2
TimeZoneInfo
Action`2
ResourceManager
System.Resources
CultureInfo
System.Globalization
Dictionary`2
System.Collections.Generic
.cctor
EventArgs
IEnumerable`1
Assembly
System.Reflection
AssemblyName
Stream
System.IO
ResolveEventArgs
GetDynamic
Culture
Mbjqhyibhbwb
Rxuucmi
Default
Dispose
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
AttributeUsageAttribute
AttributeTargets
DynamicAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
STAThreadAttribute
EditorBrowsableAttribute
EditorBrowsableState
WindowsFormsApp1.Form1.resources
#Zj.#Yj.resources
costura.classlibrary1.dll.compressed
costura.costura.dll.compressed
{416981b4-85b6-4a98-ab79-731725e4e92c}
String
DateTime
get_Now
Thread
System.Threading
ClassLibrary1
FreeJsn
GetTypeFromHandle
RuntimeTypeHandle
Activator
CreateInstance
op_Equality
get_Date
Format
MessageBox
DialogResult
get_Day
get_Month
get_DayOfYear
get_Year
get_TimeOfDay
TimeSpan
get_Hour
get_Minute
get_Second
get_Millisecond
get_DayOfWeek
DayOfWeek
get_Kind
DateTimeKind
Microsoft.CSharp
CSharpArgumentInfo
Microsoft.CSharp.RuntimeBinder
Create
CSharpArgumentInfoFlags
Binder
SetMember
CallSiteBinder
CSharpBinderFlags
Target
Invoke
GetSystemTimeZones
ReadOnlyCollection`1
System.Collections.ObjectModel
Enumerable
System.Linq
Select
ToList
List`1
GetEnumerator
IEnumerator`1
get_Current
InvokeMember
FindSystemTimeZoneById
get_Local
ConvertTime
ToString
Concat
IEnumerator
System.Collections
MoveNext
IDisposable
Control
SuspendLayout
System.Drawing
set_Location
set_Name
set_Size
set_TabIndex
set_AutoSize
set_Text
ButtonBase
set_UseVisualStyleBackColor
ContainerControl
set_AutoScaleDimensions
set_AutoScaleMode
AutoScaleMode
set_ClientSize
get_Controls
ControlCollection
set_FormBorderStyle
FormBorderStyle
set_StartPosition
FormStartPosition
set_Tag
EventHandler
add_Load
ResumeLayout
PerformLayout
get_Id
Container
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
get_Assembly
GetObject
SettingsBase
Synchronized
get_Name
Equals
StringComparison
get_CultureInfo
AppDomain
get_CurrentDomain
GetAssemblies
GetName
DeflateStream
System.IO.Compression
CompressionMode
MemoryStream
set_Position
GetManifestResourceStream
GetExecutingAssembly
EndsWith
TryGetValue
get_Length
IsNullOrEmpty
ToLowerInvariant
Monitor
ContainsKey
op_Inequality
set_Item
get_Flags
AssemblyNameFlags
ResolveEventHandler
Interlocked
Exchange
add_AssemblyResolve
Encoding
System.Text
get_UTF8
GetString
Convert
FromBase64String
Intern
ToInt32
WrapNonExceptionThrows
AnyDesk
philandro Software GmbH
(C) 2016 philandro Software GmbH
$7000e863-2817-42ad-84a1-834a510feb00
4.3.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4(
#Powered by SmartAssembly 7.5.2.4508
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
&^V[},
6fLcN<p
h2z4YK3
LZ\\]f
h.S{7[
peO1AC
YST83d
!aw{!avvad
J/M-bJ
/p0:Nr
-U2Nwq
p;!=)Y'
|v!_3\
AtA6 :
h:h6h"
&Mt6hS
Dk>K<+
fKBtP*J^
.nRBB~nqNfnG
85tOF
FoKaVh
T'$zt
+5j^zzUS
m;seV^
Whlbv?
FCbBm!
xeOW@/
d>^WCwnX
J6QZT3
y u<,pM
z|Y`k>
<<y>jx
e}@n~?0l
|a?fk?
oMoC|'
Zz|"o{d]
|5W-0
?18f_m
UKdjS0
.a(xXb
locs0Ls+t
54*U5M
/-_|kL`1
R*.%21
#5olf>"
&4lk.4k
+AV[\k#
0( p>
<j`za
`5&8#/x:
"sXM3T
:*Sk;]I
T=x^*Z
z(H&Ce%\
OeL{K+
Z;{4I
.c3Ylf
msM#c^K
]1]i]p
_Pk:g0
.ZWP+"
\sKjm\
G4U;Uv
(9WPu*
$)v/emK
SfoOSd
Uu[*Kj
{q!Qr)|
:=;P-~4=0
;u7S '
Q;|9Q~1Q/~QQ
[L1jT3
.Ol"DP
2VSoNR>VA%D
U Sru9L
`RAx#~
TcUg"cT
V&?Fp4B
4##h>B
\cr*hB
?z390b6
DjQF5T
AL@L@c
Rgq*y=
St,:9'
?J{,_fO3g
r"8,73
wZ2m%'
sNyM}y}~
$$$>=1
LB3k.
w]QF_okqt
rQU]W
lWf67%z
=,~>KK-
!lE]ENXUW
ZzBGlz
=9366?
<ddt.g
M:F{;z
O[n6.1
zZX}=wj
mQ4f#f
55'U_+
l6-&**/.
N&mlc&
eUM]RJZFVN^A_
Gw z<-
uEMerK~.
/%!#//
y)(|W?
eqe!^aauiy^y1E
Uu~~%F
Ql:42!
K{u'F7
i1eq,"j
WVbc*\
Sl?8hl
rwe%51:p
RHHg2IH
2qCQGGg
Wd<Y$=
L;!L[rm
_gU-#&
Z35D'j
u"h]U+g
&'SiTR_(
&Oh?!ajfC]
iuZy[;
H+2K#3
6~`i";K
}$^w!
?AAce
s'O'F<
4%xa<1
>w,9.H
O=Wt_0
lF}$5U
z{{EOc
1Z$kH6
fR )a$
=2s+a
FIs[UE1
Rl7;o^
pDLDWc
hWh&[nE@
cjmM7q'
zJAv77
@R^\w
RZD+Y"
yNv2=Y
;\ )g>
<O,^a{
toJO
syc\_Y
ylXjae
5~db;6
UOoF?J
Zz8/)f
u?`\cgw
+!t{bW;j}
C{~50:
si|W V
{Ns J+'
~,qU8\&
i4sV[}:0(
d_V!u%}
ks{OR*J
6|+#}G
XZ&91\
xY?9"$h
>Z30m
%m\'ON&
oX{8Ik
4JPKho
/H]sJi
\JQrUzM
o8fnMm
3*XbPV
Q +&YR
>T.\Nm
"\V&XS
MP8V\C
,+tr<Eo
lIo=^$4
$|_zawa<A#
{WvH]~
x39ap,
R)8Rlq
!Y0&:`
N^t7f]
LnP>L)
2~t</2
J%W,TO
EnT:po
Dx&D'o*0
2.7[sz
'L1m@
075sz]y
VI%-mK
"%v}:`
{FC 0N
YH(h:
d A9wB
_!S.Oa
GJ$j&"
>~{jl`
x}ZNIB
%qc;Y_
fy[Ou[
cf?RS
jVrtwT;
l"6Gs8
k)nIV=
HfBxYc0|q
@f[NTe
dYQ1!_v7jFl
?DcZt'P
>=-<8
1]k+I
N0y0jErT
[9`59g
pvbgGxM
$NPT /
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
qOta ff
]^9\N_+
5Vbm\7
)72?dE
g`<KcRb
hyxlj
gi3RS;
44vh2#3
(:Fq@M
p%iVLOZ
*[?]z)
+>g%D|L%
cn h#
uFP6ug>p
<rd,?i
sIZQQj#
~-iukxA~1
*AJ{D
No]o?'
[OwkgU
wLqBz14
(Bvx^^F
.Xcqg6
-|\VU'i
4=1t$8B,'
~GuJ;kR
3A{Ri}
2;pTLJ
qYCR{E
*-Dx_
v"F_{\
cg>?kR
d[P/!h1
!(BtVP
:,ho&
n%*hP
K\mP3QB
A?':-h
qbe'Z-
FT"(NtN
@]mJvu
LjN{Wul@2
_j%0Fc}%
A =7As-A
.2J>WP
h9`,WC<J
P,43<;
aPx=EYm]
\{|\8>;RW
lpe"2'
7=yX$43VS
,k|-kb"dK
stMU}4
&=uz8.
UQSjEM
ZQSjEM
UD.$r)
)vthVx
W|^)>'
727VdZ
&PJ.meS)|
l_:&f7
uhM|X4
x {j#@/%
z`W+63,
.6\^xr
7~wX_M
SmFudWFyeQ==
RmVicnVhcnk=
TWFyY2g=
QXByaWw=
SnVuZQ==
SnVseQ==
U2VwdGVtYmVy
T2N0b2Jlcg==
Tm92ZW1iZXI=
RGVjZW1iZXI=
VG9kYXkncyBkYXRlOiB7MH0= VG9kYXkgaXMgezB9IGRheSBvZiB7MX0=
VG9kYXkncyB0aW1lOiB7MH0=
SG91cjogezB9
TWludXRlOiB7MH0=
U2Vjb25kOiB7MH0=
TWlsbGlzZWNvbmQ6IHswfQ==
VGhlIGRheSBvZiB3ZWVrOiB7MH0=
S2luZDogezB9
Q29yZQ==
RXh0ZW5k
VGltZXI=
Wm9uZSA6IA==
IERhdGVUaW1lIDog
dGV4dEJveDE=
bGFiZWwx
YnV0dG9uMQ==
YnV0dG9uMg==
YnV0dG9uMw==
Rm9ybTE=
Rm9ybTI=
Rm9ybTM=
Rm9ybTQ=
Rm9ybTU=
I1pqLiNZag==
TWJqcWh5aWJoYndi
Unh1dWNtaQ==
LmNvbXByZXNzZWQ=
Y2xhc3NsaWJyYXJ5MQ==0Y29zdHVyYS5jbGFzc2xpYnJhcnkxLmRsbC5jb21wcmVzc2Vk
Y29zdHVyYQ==(Y29zdHVyYS5jb3N0dXJhLmRsbC5jb21wcmVzc2Vk?}
_CorExeMain
mscoree.dll
,LZ~*L\
LSy"L\
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
{416981b4-85b6-4a98-ab79-731725e4e92c}
6.0.0.0
4.1.0.0
Rxuucmi
Mbjqhyibhbwb
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
AnyDesk
CompanyName
philandro Software GmbH
FileDescription
AnyDesk
FileVersion
4.3.0.0
InternalName
Swezuatfz.exe
LegalCopyright
(C) 2016 philandro Software GmbH
LegalTrademarks
OriginalFilename
Swezuatfz.exe
ProductName
AnyDesk
ProductVersion
4.3.0.0
Assembly Version
4.3.0.0
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Generic.mg.b2ea5311684f2543
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee Clean
Cylance Clean
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.218a37
Baidu Clean
Cyren W32/MSIL_Injector.MM.gen!Eldorado
Symantec Clean
ESET-NOD32 Clean
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Mal/Generic-S
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1122307
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilCO.34670.rm0@a0KiDPj
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.4113970017
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet Clean
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.