Static | ZeroBOX

PE Compile Time

2100-09-02 03:27:13

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003cd64 0x0003ce00 7.98832067678
.rsrc 0x00040000 0x00004778 0x00004800 2.30624998054
.reloc 0x00046000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00040100 0x00004028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00044138 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0004415c 0x0000041a LANG_NEUTRAL SUBLANG_NEUTRAL ARC archive data, squeezed
RT_MANIFEST 0x00044588 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
x,Fd]O
GQ'&)l
/^ARQ|
ho!o]z?
mQ ^Or_
?hl+3N
={3f{[
mBpmJ,D
,8?&d_
B\h"0{
n?1Y2,
z\uvV559s)
I=!IW#I
GCZS{]X
>XXzM{'
jzr<hb
VG4,rv
2RKki*
_Jt?Ey>
8>jD%}
#)GGFX
,{6F5As
|B\5_9O
=]JZA>c
~6-<<-lS"
Hm+xrL
vPoU*vP
?2$h7SX
I6KQ'@J
ezf+lPG
XZ8x#fxs
2baU`,
BP"FT&
{kW/bGs
PvWp)k
hC34k
FLRw,O
Q)CZ>Y
;u{)he.
>*.&??
G~{.|^
&i^7Kc
P]]U]]!
?jfo-<
+=7\ {
{f7e]|N
Nl-*8
BKmoF7
GN7}hh
SWBrkt
^{*|z[W
u]Cm)G
2E)vZ~T
+4mG^a
9ChlB
#NL(]@
}]:Q'3
B8'kcD`
$W_T)1
$_B?jq
*Zt+}E
^Jm^Je>
%o;|Xd
0dh*tb
iPKUSW
h~]7T6
6RGU0?H
[ACR7%bE
W'6`D'
@#`uVK
w]cX^o+
b}6dM4
f],j(l
`_+Nt
@X^24
U`d8EKY"
831Lbj
6XV,xU
>g%S=adL
n&}C6y
LH0H8D:
[,cA4S
+9Bq.\?
lF<Kxt
Zg'z|d
h165O.
-=;i)$l
Q}h>~7
;&H_J4
P!~1Z"LW4
rf?AyZ
@XEk6g
l#0+Ut
EM%3Hj
Bd_]D2T
41h-$G
|5\P{Q
pxFp;#
3y?gC,
+#U1etL
QLJH}`
. bbSr
3.|v$|
rcq_pL9<
GvJ#54
-bd8`'B
.g0\Tj
oY yJw
[4!X0+
}AuoD]
1^kO5|
[5<{fjw
&.]Oy\,
Yw??if
a6N'Wu
sHlt|LpH,
8..&,(>.$
(:SR$r
jx`D|H
m5%},Q
ap|l\tdS
6(,.VgB;
W@|Pl\X\<
&;[/Rv:0
3K?Rl:
wEc}am
E:FyoI=
eS"V.y>
QZ5_9?
`E.ucH
-Pml_Q<u
F{BGh^
Z],cq6
m_cr7jV{
Q"UfCiDQ
6z}|s)5
 `gM/
;$+mnD
Gb7!DK
No{Vo^
WZ6iv]
dA'dA_
fcs_jR
s!IunL
XaQpiE
yL]SEW
yHw=k@~
qxNv1j
!TujT#
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
:]OnOM'U
IG~"&#O^
Zgr>>>
dzNN.sR
]T(")I
<\0$yb
KV-=u.
YeMJN^kBt
5>q:9;oNpd
UVD?t=P
ks,{b
bKNDN~
}~l6!%A_c
pkkFzC
o6~'/[
jWk].&(f
uVUQIQEIe
4rCn\*h
=6G*LA#
]qrh4b(
RDIeTFdN
)yh)<H
v!Kbr#
_TI,%)H
"gT'XvO
hPRpaO
GhIiN.?
ZD{>%W
/>9Qo|
:y{<~<
W==P[b
%UZC`~
paI;ic;Q
/_I5+i
Vm|E\=
%FIWIOI
JYYAYYYU
>e!H{!
$/MW7&S=iY9
cFGji&
\k2'|ke-
fuaVf
!kO6'/
GzLy/=
}UA;@(B
pV:aB(
mb Q]l
R/0k*u
"RID%!
B/wHS-h
N6U1EG
U/DP(G
HQG9J+
a<74VW1r
*Uvr!F
AO\}5k":
4|>K<6
JL)/R6
{(vRo_
?"?"R4Cl
YzNzY4
'+_+vS>P>R^V)_)4
6?QX(g
iokOi;R
kJU!Z[zH
. \Y|V8
@S@3@s@
n?(n~~
FhxVi|
qjP^\BLa`O
LH-201
;*Xn%Qq
D@d0FBC
rz~F\C
O:}l2`R
JP^BT`
}izkq,L
wLk3S_
S.yFTy
]icAk
hto0}UQ%g
oo(a<z
$<wY)s
w1io"3
ym=}C;K
hox_jk
K0>08`
DZ50_j
v[_;+o
|W;?~~
n6$hXh
!N!^!n)|
n`L`T`|@O*`
L=<B}_
T"YcC/
?b2Dwu|>
:H[:HZ
Y%I@Y!
H`fH9(
E=Y'IC$
@/IK%&
?Z!"PT
rA_Y'IMD
d-%;rAS2:
ATdDJ?
d|J:$j
n67pJV$:
%3rA'7
Qw$ip:o
wd^x[!
fr2dk"
Y:UC@]W
B'}!01
*Mn](s
e|v5zI
UJAx4
~4xGL.
}5h<ba
.AMpyQ
NErb@JP
cfzl9
@[]6Kk
:+^d>h
ue v/"
4"Vj"
kW?z=j
VM{V~x
#MjB@P
5r{bSe
vkxZ)h
<@z3^t
Nw\`WI
>a|lBlX
O'@Ze4~$o
v@Z>IM
7IjdyT
xdo-~G
]wfaMj
W$i.RC
}2=6Trc
i-[ZKV
Rt|S%R
#z\]YS
.]Vpub/
{Q^fCF
giQ0"m
wq4cq{
\45>%N
Dj;{>q
!j2/M]A
X%YcS&
LG@1dGt
Y\oY\R
`~<0_:
TYjB'DL
Ar,:|D
hqZ)Rp
xkNiWr
G[k9[Z
@'vLO^{7.
+7E"tb
*q>Fl?
r)59GxLr
f&,6(~
,[m@.:
_>j(ikC
:=xX;6t
0Dq@l`
!vb3!vI
>,/|63
=OM^soE>K
MaV3Gu
y)kN5*}H
Kse(,Z@
]jME0!
t,G*.9
ZlI>E&d
ZM4$cm
L]nmO`
&[*V.q2
v jkZ'`x
])I%<f
}>K8nE_V
KbMOb<
t3\A6Y
d..igHkqx!OQ
06?x,a
TmAba7
L]>O)S|j8sK:2
7t7t12
dC_Tm9
Dd0&yq;'L~
P\0DG9
[c+Ws,
c3Abqc
(,np3m
KW@=hS
,|IrlH
N6#]N]
}<Lvr"
Ft^qy%
s5>X`r
s(|?d'
qxG+]51
&"=iE0
+RsDZJ
_|)T:HhG
Mf,z]i
DZEj@B
dVb^.c
T2vY7,
h/0O@^&
"jgv+N
t.]N,=
z`W+63,
.6\^xr
7~wX_M
v4.0.30319
#Strings
IEnumerable`1
WindowsFormsApp1
set_Bytes1
Dictionary`2
set_Bytes2
<Module>
System.IO
Costura
DownloadData
mscorlib
System.Collections.Generic
Thread
isAttached
Interlocked
get_Elapsed
costura.costura.dll.compressed
costura.classlibrary.dll.compressed
Synchronized
defaultInstance
source
CompressionMode
Exchange
nullCache
Enumerable
IDisposable
Double
RuntimeTypeHandle
GetTypeFromHandle
Console
get_Name
fullName
GetName
requestedAssemblyName
DateTime
ReadLine
WriteLine
System.Core
get_Culture
set_Culture
resourceCulture
culture
ApplicationSettingsBase
Dispose
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
add_AssemblyResolve
Dmdckvjtg.exe
System.Threading
System.Runtime.Versioning
CultureToString
Dmdckvjtg
Attach
Stopwatch
get_Length
EndsWith
nullCacheLock
Serial
System.ComponentModel
ReadStream
LoadStream
GetManifestResourceStream
DeflateStream
MemoryStream
stream
Program
set_Item
System
resourceMan
TimeSpan
AppDomain
get_CurrentDomain
FodyVersion
System.IO.Compression
destination
System.Configuration
System.Globalization
System.Reflection
set_Position
StringComparison
CopyTo
get_CultureInfo
ConsoleKeyInfo
System.Linq
AssemblyLoader
sender
get_ResourceManager
ResolveEventHandler
System.CodeDom.Compiler
.cctor
Monitor
get_Aukomvzfyr
System.Diagnostics
get_TotalSeconds
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
ReadFromEmbeddedResources
WindowsFormsApp1.Properties.Resources.resources
DebuggingModes
GetAssemblies
WindowsFormsApp1.Properties
resourceNames
symbolNames
assemblyNames
get_Flags
AssemblyNameFlags
Settings
ResolveEventArgs
get_Ticks
Equals
Concat
GetObject
System.Net
get_Mfiigt
get_Default
ToLowerInvariant
WebClient
get_Now
ProcessedByFody
ReadKey
ContainsKey
get_Assembly
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
ClassLibrary
op_Equality
op_Inequality
IsNullOrEmpty
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
WrapNonExceptionThrows
Discord - https://discord.com/
Discord Inc.
4Copyright (c) 2020 Discord Inc. All rights reserved.
$f493eace-bd96-4596-9a4b-f67c786bcb89
0.0.52.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Aukomvzfyr
Mfiigt
Downloading file....
http://dl.google.com/googletalk/googletalk-setup.exe?t=
Download duration: {0}
File size: {0}
Speed: {0} bps
Press any key to continue...
https://www.yoursite.com
bytes / S
WindowsFormsApp1.Properties.Resources
Aukomvzfyr
Mfiigt
.compressed
classlibrary
costura.classlibrary.dll.compressed
costura
costura.costura.dll.compressed
6.0.0.0
4.1.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Dmdckvjtg.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Dmdckvjtg.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Artemis!46DDCD557521
Cylance Unsafe
VIPRE Clean
AegisLab Trojan.MSIL.Agent.i!c
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.c1ee6d
BitDefenderTheta Gen:NN.ZemsilF.34678.qm0@auXEd@f
Cyren Clean
ESET-NOD32 a variant of MSIL/GenKryptik.FDXP
Baidu Clean
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Miner.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Malware.AI.2879811223
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan.MSIL.Inject
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Clean
No IRMA results available.