popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2076-02-28 22:17:14

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000974c4 0x00097600 4.3092006421
.rsrc 0x0009a000 0x000006b4 0x00000800 5.03919948606
.reloc 0x0009c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0009a0a0 0x00000428 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x0009a4c8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
IEnumerable`1
List`1
ConvertFromUtf32
UInt32
ToInt32
Dictionary`2
get_AwCvqVXwyZesedzAzidugPtSrWOACxMvIruIzmePkDZVMIaNM
set_AwCvqVXwyZesedzAzidugPtSrWOACxMvIruIzmePkDZVMIaNM
System.IO
get_GZhYEDncUDCkLIOTnbwEMxiDinWBwyT
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Synchronized
Append
get_SRkVCZMGcZaRbfRmTVIe
Replace
Enumerable
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
BitArrayEnumeratorSimple
WriteLine
System.Core
Capture
ApplicationSettingsBase
Dispose
EditorBrowsableState
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
DefaultSettingValueAttribute
UserScopedSettingAttribute
get_Value
System.Diagnostics.Tracing
NewLateBinding
DownloadString
ToString
get_MjIAUmvGZSCSydPJxfZizULiJQDQqHMGvJQbch
set_MjIAUmvGZSCSydPJxfZizULiJQDQqHMGvJQbch
GetFolderPath
get_Length
System.ComponentModel
LateCall
get_Item
System
System.Configuration
System.Globalization
System.Reflection
MatchCollection
GroupCollection
WebHeaderCollection
ReflectionTypeLoadException
CultureInfo
System.Linq
ToChar
StringBuilder
ManifestBuilder
SpecialFolder
ResourceManager
System.CodeDom.Compiler
IEnumerator
GetEnumerator
.cctor
System.Diagnostics
IRegistrationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
.Properties.Resources.resources
Matches
Contains
System.Text.RegularExpressions
System.Collections
get_Groups
get_Chars
get_Headers
Exists
Concat
Object
LateGet
System.Net
WebClient
Environment
get_Current
Convert
ToList
MoveNext
System.Text
ReadAllText
WriteAllText
ToArray
BitArray
get_Assembly
LongPathDirectory
_FkFkFgF1F&F&FYFfFiFeF]FfFiFkF_F`FjF%FdFcF&FcF`FmF\FiFgFfFfFcF$F]FZF$FeF\FnFjF&F]F\FXFkFlFiF\FjF&FjFkF\FmF\FeF$F^F\FiFiFXFiF[F$FcF`FmF\FiFgFfFfFcF$F]FlFkFlFiF\F$F[FXFcF^FcF`FjF_F$F$F^FfFXFcF$F8F)F;F:F-F;F;F;F9F'F,F(F=F)F*F8F<F)F.F,F0F*F<F<F-F(F.F.F;F)F:F<F%F_FkFdFcF
o}ororo
o|ozowoyoxotoyo|o|o
osozoxo
owo{ouozovoqo
J3J&J8J4J5J&J3J
G5l5t5m5i5c5
.C9C8C>CIC7C?C>C+C>C/C
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.6.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
)VeyZIQSeJAlmBbIspwVBPblNeMWnETkIvIDawKnoL1 0
cxYAxmjElNHkrUSKVWTFAQq1!0
CRSxHVFiGQNEnHzNJsfwakrJ1#0!
iMOqvgBGIYGuMWqhEauD1#0!
pExoxgWiKTBGAOzjQRlKmXFpaf1
aMbYSZQOtDpATpjsWOwaT1
YwhrMPJrsZinsfj1503
,gMbBPMuWTpYVATaQSZlcqUGfkgxaDhnAkalkNUlgDznb0
210412124618Z
220412124618Z0
)VeyZIQSeJAlmBbIspwVBPblNeMWnETkIvIDawKnoL1 0
cxYAxmjElNHkrUSKVWTFAQq1!0
CRSxHVFiGQNEnHzNJsfwakrJ1#0!
iMOqvgBGIYGuMWqhEauD1#0!
pExoxgWiKTBGAOzjQRlKmXFpaf1
aMbYSZQOtDpATpjsWOwaT1
YwhrMPJrsZinsfj1503
,gMbBPMuWTpYVATaQSZlcqUGfkgxaDhnAkalkNUlgDznb0
P'DIV$&0Y
)VeyZIQSeJAlmBbIspwVBPblNeMWnETkIvIDawKnoL1 0
cxYAxmjElNHkrUSKVWTFAQq1!0
CRSxHVFiGQNEnHzNJsfwakrJ1#0!
iMOqvgBGIYGuMWqhEauD1#0!
pExoxgWiKTBGAOzjQRlKmXFpaf1
aMbYSZQOtDpATpjsWOwaT1
YwhrMPJrsZinsfj1503
,gMbBPMuWTpYVATaQSZlcqUGfkgxaDhnAkalkNUlgDznb
20210412124619Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210412124619Z0+
r.N|B-t
<meta name="keywords" content="([\w\d ]*)">
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
gonoway.Properties.Resources
AwCvqVXwyZesedzAzidugPtSrWOACxMvIruIzmePkDZVMIaNM
VS_VERSION_INFO
StringFileInfo
040904e4
Comments
CompanyName
FileDescription
FileVersion
2.710.492.795
LegalCopyright
All Rights Reserved
InternalName
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
2.710.492.795
Assembly Version
2.710.492.795
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36691672
FireEye Generic.mg.be64ba16260fa8f1
CAT-QuickHeal Clean
Qihoo-360 Win32/Heur.Generic.HwMAiZsA
ALYac Trojan.GenericKD.36691672
Cylance Clean
VIPRE Win32.Malware!Drop
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 0057a8151 )
BitDefender Trojan.GenericKD.36691672
K7GW Trojan-Downloader ( 0057a8151 )
Cybereason malicious.30209e
Baidu Clean
Cyren W32/Trojan.INWS-0879
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HTM
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Agent.gen
Alibaba Trojan:MSIL/MalwareX.d93a6ade
NANO-Antivirus Clean
ViRobot Clean
AegisLab Trojan.MSIL.Agent.4!c
Rising Downloader.Agent!8.B23 (CLOUD)
Ad-Aware Trojan.GenericKD.36691672
Emsisoft Trojan.GenericKD.36691672 (B)
F-Secure Clean
DrWeb Trojan.DownLoader38.30041
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Clean
Ikarus Trojan.Inject
GData Trojan.GenericKD.36691672
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira TR/Dldr.Agent.leemc
MAX malware (ai score=89)
Kingsoft Win32.Heur.KVM019.a.(kcloud)
Gridinsoft Trojan.Win32.Downloader.oa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/AgentTesla!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Agent.C4413275
Acronis Clean
McAfee Artemis!BE64BA16260F
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.MSIL.AGENTTESLA.USMANDF21
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_96%
Fortinet MSIL/Agent.HSA!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.34678.Mm1@a43yAGji
AVG Win32:MalwareX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Clean
No IRMA results available.