popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2045-06-16 16:14:29

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003dc44 0x0003de00 7.98652163791
.rsrc 0x00040000 0x00004770 0x00004800 2.30409955509
.reloc 0x00046000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00040100 0x00004028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00044138 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0004415c 0x00000412 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00044580 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADPOi
!o++6o
W *_YI
_+={#R
bzGq"x
#%up'46I
:utcb>
@9f9G
4.TF^
]&FxD+
|:)iG$
ItF9#l
%t:eb6
ROHFV"I
Y0vp=\1
#jc{mT
u]KMrY
mrBqgY
kI5D S
qBEo52z
c )]K;C
ys)3>>
Z{qx=k
kWE';u
D(Vae+
2Wpy)RZ
_~@D.`
r,l!{=
{{8Y}{
1g#/^t
#xC0ii
]$tc"+
YA|XyK
=(ZHJH
EI,Cv+
=cjp{M
B]iqg$
q.L>\L
!~Q;UI
*f>L}B
.;-mGr
,kQz{4
Gimro
RBmjZP
BJ8cq5
1TQ"/2
:2q3]M8
Yz>{*Y0
ZN2h!
hM|t.
&tT^jL
Ywek?Z
Ak{*O6
ulo]U`9
DC#k$f
u8#|H%U
qW^n`l6i?~qN
+KY1g4
%v'@O?Z
l>|2`P
t8j60R
Jt:Mf;K
jY]<?_>L
!(e4:$
sfd>7#
6:]K`
qeQRdQ
+G122i
OTfug>s
5?VZdz
x7CV<[
8TiUdq
;4`ZTa
Q[[FMK
H[g)nM
KTIK4_
Ne+y2zpE
vuo%>
xghixN
.dR-}+60
Il0E-zbj
6zw`jH
;i$LHD}
4CwYKR
!rhW):
;w#;0#
3Zch85
U4-@K9]
Dc{Zk_
C@}Qro
2a`_Uc
cl;Xb_\
4^L%y*
yi(X>{
s?i52k
0qy8p5[|
!t9q(':
8=bFb^
.>0Fo,
<SJ3\R
NP6zc2;
uJ0"q/M
0`oScCd
|0q5[p
Dss6wFbJ
)]Z~wR
o$'/'%/N[|
Z|l1:5v
3>92"1
TR]iVK
TIR4ERZ
On:0>99
:b/Wp[
uOIMHM
R?i`\rB\Rj a
:8=='{
cwlk9o
/w&}.n
:Bmj&Fh
C+[ek!Ef
*t[+Va
Q|f^tR
%dUl#H
Q"UfCiDQ
6z}|s)5
 `gM/
;$+mnD
Gb7!DK
No{Vo^
WZ6iv]
dA'dA_
fcs_jR
s!IunL
XaQpiE
yL]SEW
yHw=k@~
qxNv1j
!TujT#
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
E;}|n1
-yD]8:
~gR7M2
dfgQ5H3
N&xK::
?py)6*
5=MW>}
bjPP<-mmB
gC97Wz
tx!jGj
N%%&^%wn
}ILWrc#
LTR$eN
;s_Geh
DSVbW={^
'h5^v
ZYY.Z&G
XI?wj~
Mk$E{U
TxIt@l
T(J\zr!
$}3*cJ$N
psN}.s7
8Nh,5P
H.hv) e@
VeX5`5
a"'FgO
xLV,)A
a2pC_KEj
cmY`1@
fPBpbi
DEX?A`
PL$hzD
dtD'azvD
{D\0=>"^
V**Vli}
)e}Y_m
oHbGxP
%=M9;$=K
I:GiqIhM?
|R23GG
vA~!%I
65.X+6
.rJ* J
0j'(-op<b,
?5NOPrIY?3
gf:`6N
=M9k$=K
W u8+dk
ezXo+|
JYg~i;
MkK.O'
X4U9[e
hovxf4
TS"ai49%
g&rFO<>;
:[YW+K
MneSZY]+
dQYTHy
mI4'VA%d
mln]$
ap$6$L
\Z5q|utl
H,r:,j@
4u%N9f
%WtDo']
mg_[{%
"_#NB>K
DD,U1d
<v<@\'
TCOQ=(
m.AzM]q
&T>P%/
4TE?J^
]Q}A&t
=U}P}X
.}$}"ZG4
/?)? \
$nH~BY
h)h%P:
Y5zxxG
Id0mM[/
X;]=<0z
"* 4"X
rDzQrdvvqR
/\X&K_
qXA~BBYBBA
<BPhbLe
$@^[nPb
bzatBZ
.aPPF|4O
zHFZ{l
AJYz\
}izkq,L
wLk3S_
S.yFTy
]icAk
hto0}UQ%g
oo(a<z
$<wY)s
w1io"3
ym=}C;K
hox_jk
K0>08`
DZ50_j
v[_;+o
|W;?~~
n6$hXh
!N!^!n)|
n`L`T`|@O*`
L=<B}_
T"YcC/
?b2Dwu|>
:H[:HZ
Y%I@Y!
H`fH9(
E=Y'IC$
@/IK%&
?Z!"PT
rA_Y'IMD
d-%;rAS2:
ATdDJ?
d|J:$j
n67pJV$:
%3rA'7
Qw$ip:o
wd^x[!
fr2dk"
Y:UC@]W
B'}!01
*Mn](s
e|v5zI
UJAx4
~4xGL.
}5h<ba
.AMpyQ
NErb@JP
cfzl9
@[]6Kk
:+^d>h
ue v/"
4"Vj"
kW?z=j
VM{V~x
#MjB@P
5r{bSe
vkxZ)h
<@z3^t
Nw\`WI
>a|lBlX
O'@Ze4~$o
v@Z>IM
7IjdyT
xdo-~G
]wfaMj
W$i.RC
}2=6Trc
i-[ZKV
Rt|S%R
#z\]YS
.]Vpub/
{Q^fCF
giQ0"m
wq4cq{
\45>%N
Dj;{>q
!j2/M]A
X%YcS&
LG@1dGt
Y\oY\R
`~<0_:
TYjB'DL
Ar,:|D
hqZ)Rp
xkNiWr
G[k9[Z
@'vLO^{7.
+7E"tb
*q>Fl?
r)59GxLr
f&,6(~
,[m@.:
_>j(ikC
:=xX;6t
0Dq@l`
!vb3!vI
>,/|63
=OM^soE>K
MaV3Gu
y)kN5*}H
Kse(,Z@
]jME0!
t,G*.9
ZlI>E&d
ZM4$cm
L]nmO`
&[*V.q2
v jkZ'`x
])I%<f
}>K8nE_V
KbMOb<
t3\A6Y
d..igHkqx!OQ
06?x,a
TmAba7
L]>O)S|j8sK:2
7t7t12
dC_Tm9
Dd0&yq;'L~
P\0DG9
[c+Ws,
c3Abqc
(,np3m
KW@=hS
,|IrlH
N6#]N]
}<Lvr"
Ft^qy%
s5>X`r
s(|?d'
qxG+]51
&"=iE0
+RsDZJ
_|)T:HhG
Mf,z]i
DZEj@B
dVb^.c
T2vY7,
h/0O@^&
"jgv+N
t.]N,=
z`W+63,
.6\^xr
7~wX_M
v4.0.30319
#Strings
IEnumerable`1
WindowsFormsApp1
set_Bytes1
Dictionary`2
set_Bytes2
<Module>
System.IO
Costura
DownloadData
mscorlib
System.Collections.Generic
Thread
isAttached
Interlocked
get_Elapsed
costura.costura.dll.compressed
costura.classlibrary.dll.compressed
Synchronized
defaultInstance
source
CompressionMode
Exchange
nullCache
Enumerable
IDisposable
Double
RuntimeTypeHandle
GetTypeFromHandle
Console
get_Name
fullName
GetName
requestedAssemblyName
DateTime
ReadLine
WriteLine
System.Core
get_Culture
set_Culture
resourceCulture
culture
ApplicationSettingsBase
Dispose
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
add_AssemblyResolve
Pvcjjru.exe
System.Threading
System.Runtime.Versioning
CultureToString
Attach
Stopwatch
get_Length
EndsWith
nullCacheLock
Serial
System.ComponentModel
ReadStream
LoadStream
GetManifestResourceStream
DeflateStream
MemoryStream
stream
Program
set_Item
System
resourceMan
TimeSpan
AppDomain
get_CurrentDomain
FodyVersion
System.IO.Compression
destination
System.Configuration
System.Globalization
System.Reflection
set_Position
StringComparison
CopyTo
get_CultureInfo
ConsoleKeyInfo
System.Linq
AssemblyLoader
sender
get_ResourceManager
ResolveEventHandler
System.CodeDom.Compiler
.cctor
Monitor
System.Diagnostics
get_TotalSeconds
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
ReadFromEmbeddedResources
WindowsFormsApp1.Properties.Resources.resources
DebuggingModes
GetAssemblies
WindowsFormsApp1.Properties
resourceNames
symbolNames
assemblyNames
get_Flags
AssemblyNameFlags
Settings
ResolveEventArgs
get_Ticks
Equals
get_Hzujjuomjwiys
Concat
GetObject
System.Net
get_Default
ToLowerInvariant
WebClient
get_Fubzxciulhvt
Pvcjjru
get_Now
ProcessedByFody
ReadKey
ContainsKey
get_Assembly
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
ClassLibrary
op_Equality
op_Inequality
IsNullOrEmpty
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
WrapNonExceptionThrows
Discord - https://discord.com/
Discord Inc.
4Copyright (c) 2020 Discord Inc. All rights reserved.
$3d6caf09-3b9f-4a00-ac7c-a2c37e9b4aa4
0.0.52.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Fubzxciulhvt
Hzujjuomjwiys
Downloading file....
http://dl.google.com/googletalk/googletalk-setup.exe?t=
Download duration: {0}
File size: {0}
Speed: {0} bps
Press any key to continue...
https://www.yoursite.com
bytes / S
WindowsFormsApp1.Properties.Resources
Fubzxciulhvt
Hzujjuomjwiys
.compressed
classlibrary
costura.classlibrary.dll.compressed
costura
costura.costura.dll.compressed
6.0.0.0
4.1.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Pvcjjru.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Pvcjjru.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Artemis!6581F25476A8
Cylance Unsafe
VIPRE Clean
AegisLab Trojan.MSIL.Miner.4!c
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.0333c5
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Miner.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Clean
Ikarus Trojan.MSIL.Inject
GData Clean
Jiangmin Clean
eGambit Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.34678.qm0@aifoyal
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.2879811223
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Inject.Auto
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot W32.Trojan.Gen
AVG Win32:MalwareX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Clean
No IRMA results available.