popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2058-09-22 02:42:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003b034 0x0003b200 7.9857469602
.rsrc 0x0003e000 0x00004770 0x00004800 2.30484570093
.reloc 0x00044000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0003e100 0x00004028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00042138 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0004215c 0x00000412 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00042580 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADPGU
h&#7R-
ZwIz"<W
8r w"nO\
c(2teh
7Lc<a<k
Q|Z|I8
!|"|#<!P
OU_TV-H:
aNMZS\
m0_06a
6Lq2:`
|?$0q^Y
h#h3b_b
]a\?xL5
stNc.m
8!FrTA
Hr5y1r-Xl
:6"hsk
7]?F~}y>/r
dJqtah
LzFrQp
l`w$&5:
MTb/-$
DD@PPH
@QQQQBQ
I=zNp
64oe02y
Wkw:/+
j.WoE6
v2<f>~T
u7-"]:
u6}B6l
O.m}"t
hox_jk
K0>08`
DZ50_j
v[_;+o
|W;?~~
n6$hXh
!N!^!n)|
n`L`T`|@O*`
L=<B}_
T"YcC/
?b2Dwu|>
:H[:HZ
Y%I@Y!
H`fH9(
E=Y'IC$
@/IK%&
?Z!"PT
rA_Y'IMD
d-%;rAS2:
ATdDJ?
d|J:$j
n67pJV$:
%3rA'7
Qw$ip:o
wd^x[!
fr2dk"
Y:UC@]W
B'}!01
*Mn](s
e|v5zI
UJAx4
~4xGL.
}5h<ba
.AMpyQ
NErb@JP
cfzl9
@[]6Kk
:+^d>h
ue v/"
4"Vj"
kW?z=j
VM{V~x
#MjB@P
5r{bSe
vkxZ)h
<@z3^t
Nw\`WI
>a|lBlX
O'@Ze4~$o
v@Z>IM
7IjdyT
xdo-~G
]wfaMj
W$i.RC
}2=6Trc
i-[ZKV
Rt|S%R
#z\]YS
.]Vpub/
{Q^fCF
giQ0"m
wq4cq{
\45>%N
Dj;{>q
!j2/M]A
X%YcS&
LG@1dGt
Y\oY\R
`~<0_:
TYjB'DL
Ar,:|D
hqZ)Rp
xkNiWr
G[k9[Z
@'vLO^{7.
+7E"tb
*q>Fl?
r)59GxLr
f&,6(~
,[m@.:
_>j(ikC
:=xX;6t
0Dq@l`
!vb3!vI
>,/|63
=OM^soE>K
MaV3Gu
y)kN5*}H
Kse(,Z@
]jME0!
t,G*.9
ZlI>E&d
ZM4$cm
L]nmO`
&[*V.q2
v jkZ'`x
])I%<f
}>K8nE_V
KbMOb<
t3\A6Y
d..igHkqx!OQ
06?x,a
TmAba7
L]>O)S|j8sK:2
7t7t12
dC_Tm9
Dd0&yq;'L~
P\0DG9
[c+Ws,
c3Abqc
(,np3m
KW@=hS
,|IrlH
N6#]N]
}<Lvr"
Ft^qy%
s5>X`r
s(|?d'
qxG+]51
&"=iE0
+RsDZJ
_|)T:HhG
Mf,z]i
MfrZDl&
W3gSD"C
ZzYip]
w_TM?q+n
#$%[)M
Phz(hh{=c
|*]MVl[
KC:We$
MbA""^
`U UQ]<
PT7Cw4
2U7&rT!
OP9An>
\g7>*
\NSi95
mN9[W*
q6.tl~
Gmy:-3
<(e|q*
3 M h6
BQa)'{
nf\/SS<
_Ps6*W
#"5@NU1;
>;\V+d9
ON[8gW
wb$I]=
`qodR#
uJ$t;+
ur-3+
:rI)cF
Tc<*7Z
ZJYhM0R
am{Gi+p
<O;sL
oQlp"K
3Yz-h/
YmBg)+
&&pP)i
0Na/${
OVlD,
~[`8s34~Q{c&
*}LcnqZ<D
^+j^>&
w!G)`Yl
apt=V^O
hCf>p1
]b.lT]
|dQ{<,7
23KAEw
MHw|J~
_uuuuuUuu5}
8U7c==
atb*x
OaXX0
6 V:xY'E0
|}\=xL
<thu71
a^Bmr3
'bruiV"S?
,%9}+fU
~Med,J
UWtxEc*
B*#{DK
%SN9pZ
w"GHLPD
QVEuy&
;:T&bG
6[?%$W
=,e{zk
&d~Ap(
'>gO;>
><kH<h
*<bI?mpN
rdDY\_
g$i3%&
v}5l;U
=v][*D
ZEnP;N)Sl
2er J,U
&i80EN
D^39?V
D7>!^~
j@x.Y,'
xE~y^)
e=Eo5I
)_oGR}
'2/}R!m
$8yfui
]|1(oa
*.z@P[[
h:;1d.
(h8Fs4i
xN:E?]
c$%.&%
R61"ZI{[
t^?67Q
MEt dI
|G@++2
,1'~>D
Xo!nh0
(P$])R
L"A98C
h{ BL;
9)$1|~
s}Ep}E
<?+lSfE]
<,S;71
_=@sEd
r7rNZo
p0}WBBR
vWw>4*o
o+w>P<pF
){RHWONo
rfzs*W{.[
q3;ag:
.=9_Y|C_
]s&EZ+
TSY4l=
H?(Vl%
_rlLv4
+Tr%z
(f}sv"7-5l
>r'j#
}QE*x/
y/5R-
[CfWVI)&
SI{vpy
cLgt]|l
WZ6iv]
dA'dA_
fcs_jR
s!IunL
XaQpiE
yL]SEW
yHw=k@~
qxNv1j
!TujT#
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
:]OnOM'U
IG~"&#O^
Zgr>>>
dzNN.sR
KHUkB*}A
ivKDfZ
c3}qzo^
4l[C;s
mbZfHp[Y
:+-"Ge
.ZMh@r
Q(d,2D
/8s0l~
gWOnSL
yxS^Cu
nRi2ym
'N+J?Vw$
XcEI"9pI
7RU%J%X
{|}?I]7
6)Y"mQ
"GE!Gec
QC'~,$
w`^CX:
"*wc#H
p|5{7Ep1
PgL)I4
&)CK1Ed
:Mk153
3Lj/hz
pv,T;/
a#Ha"<>
GmM8sd%
|'[W(r
G!"[2<
T"%{0D
,R$H3`
4#~Wmh
_GE`+4
$|e&V_
yDz&$_
/'^O|+
ARO%S#
4m[Nel
";o{nM
\E:)qa
kmLqKg
SDh|8D
%Qr]cWt
=H{1~/
DZEj@B
dVb^.c
T2vY7,
h/0O@^&
"jgv+N
t.]N,=
z`W+63,
.6\^xr
7~wX_M
v4.0.30319
#Strings
IEnumerable`1
WindowsFormsApp1
set_Bytes1
Dictionary`2
set_Bytes2
<Module>
System.IO
Costura
DownloadData
mscorlib
System.Collections.Generic
Thread
isAttached
Interlocked
get_Elapsed
costura.costura.dll.compressed
costura.classlibrary.dll.compressed
Synchronized
defaultInstance
source
CompressionMode
Exchange
nullCache
Enumerable
IDisposable
Double
RuntimeTypeHandle
GetTypeFromHandle
Console
get_Name
fullName
GetName
requestedAssemblyName
DateTime
ReadLine
WriteLine
System.Core
get_Culture
set_Culture
resourceCulture
culture
ApplicationSettingsBase
Dispose
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
add_AssemblyResolve
Wvlvhrl.exe
System.Threading
System.Runtime.Versioning
CultureToString
Attach
Stopwatch
get_Length
EndsWith
nullCacheLock
get_Qryjmfiljxek
Serial
System.ComponentModel
Wvlvhrl
ReadStream
LoadStream
GetManifestResourceStream
DeflateStream
MemoryStream
stream
Program
set_Item
System
resourceMan
TimeSpan
AppDomain
get_CurrentDomain
FodyVersion
System.IO.Compression
destination
System.Configuration
System.Globalization
System.Reflection
set_Position
StringComparison
CopyTo
get_CultureInfo
ConsoleKeyInfo
System.Linq
AssemblyLoader
sender
get_ResourceManager
ResolveEventHandler
System.CodeDom.Compiler
.cctor
Monitor
System.Diagnostics
get_TotalSeconds
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
ReadFromEmbeddedResources
WindowsFormsApp1.Properties.Resources.resources
DebuggingModes
GetAssemblies
WindowsFormsApp1.Properties
resourceNames
symbolNames
assemblyNames
get_Flags
AssemblyNameFlags
Settings
ResolveEventArgs
get_Ticks
Equals
Concat
GetObject
System.Net
get_Default
ToLowerInvariant
WebClient
get_Now
get_Snxxlgdkady
ProcessedByFody
ReadKey
ContainsKey
get_Assembly
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
ClassLibrary
op_Equality
op_Inequality
IsNullOrEmpty
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
WrapNonExceptionThrows
Discord - https://discord.com/
Discord Inc.
4Copyright (c) 2020 Discord Inc. All rights reserved.
$793fb406-6e36-405e-a126-5a63676e1ece
0.0.52.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Qryjmfiljxek
Snxxlgdkady
Downloading file....
http://dl.google.com/googletalk/googletalk-setup.exe?t=
Download duration: {0}
File size: {0}
Speed: {0} bps
Press any key to continue...
https://www.yoursite.com
bytes / S
WindowsFormsApp1.Properties.Resources
Snxxlgdkady
Qryjmfiljxek
.compressed
classlibrary
costura.classlibrary.dll.compressed
costura
costura.costura.dll.compressed
6.0.0.0
4.1.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Wvlvhrl.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Wvlvhrl.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!149B0568E10B
Cylance Unsafe
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZemsilF.34678.pm0@a4QZ61
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Miner.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
SUPERAntiSpyware Clean
Rising Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.Packed2.43029
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Artemis
FireEye Clean
Sophos Clean
Ikarus Trojan.MSIL.Inject
GData Clean
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
AegisLab Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Malware.AI.2879811223
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet Clean
Webroot Clean
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.0eea71
Avast Win32:MalwareX-gen [Trj]
Qihoo-360 Clean
No IRMA results available.