popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2103-11-08 06:27:28

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00004014 0x00004200 6.38231227477
.rsrc 0x00008000 0x00000724 0x00000800 5.01070290779
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000080a0 0x00000498 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00008538 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>c__DisplayClass0_0
IEnumerable`1
List`1
ConvertFromUtf32
ToInt32
System.IO
get_UODqNepyHcwKglPCDS
set_UODqNepyHcwKglPCDS
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Overlapped
Synchronized
Append
CompareMethod
Record
get_DRGKFOMjYjkHYRBuBZraTMzraiWZiwd
Replace
SizedReference
set_AutoScaleMode
Privilege
PinnableBufferCache
Enumerable
IDisposable
Double
AccessRule
CallByName
CallType
System.Core
Capture
ApplicationSettingsBase
Dispose
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DefaultSettingValueAttribute
UserScopedSettingAttribute
ParamArrayAttribute
WriteByte
ToByte
get_Value
set_ClientSize
System.Threading
DownloadString
ToString
disposing
System.Drawing
GetFolderPath
get_Length
System.ComponentModel
ContainerControl
System.Security.AccessControl
MemoryStream
get_Item
System
Boolean
System.Configuration
System.Globalization
Interaction
MatchCollection
GroupCollection
WebHeaderCollection
IndexOutOfRangeException
System.Linq
ToChar
StringBuilder
SpecialFolder
System.CodeDom.Compiler
IContainer
MdaHelper
StreamWriter
IEnumerator
GetEnumerator
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
Matches
Strings
FormatLiterals
Equals
System.Windows.Forms
System.Text.RegularExpressions
System.Collections
get_Groups
get_Chars
get_Headers
Exists
Concat
TimeSpanFormat
Object
System.Net
Variant
WebClient
Environment
get_Current
Convert
ToList
MoveNext
System.Text
set_Text
ReadAllText
WriteAllText
rBrBr7r@r6r
!"D"6"9"
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.6.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
$oeSiproxjsdRSMrVpnQCcBStSdbAVUOLCpPN1
SeqgpLWqRsLJTrKN1
oeZMmzplqOBoDs1 0
pDXEdkXJnqFBCAsrG1907
0DjbwxpcBsPeQAkHMyciMpoAQFRJhKXPTYhYfBWRnUcKuTMgX1*0(
!OdxkFroJlRGVRuZkRslClClUSmDfXLeDj1301
*VTrJtQJvqekGYlquIbuUvDBmpMeLEogBdMWBHByCBg100.
'UxanTbnKoJKIOrsftGLYRcYJDmpPNgDRsoJdlbS0
210419070652Z
220419070652Z0
$oeSiproxjsdRSMrVpnQCcBStSdbAVUOLCpPN1
SeqgpLWqRsLJTrKN1
oeZMmzplqOBoDs1 0
pDXEdkXJnqFBCAsrG1907
0DjbwxpcBsPeQAkHMyciMpoAQFRJhKXPTYhYfBWRnUcKuTMgX1*0(
!OdxkFroJlRGVRuZkRslClClUSmDfXLeDj1301
*VTrJtQJvqekGYlquIbuUvDBmpMeLEogBdMWBHByCBg100.
'UxanTbnKoJKIOrsftGLYRcYJDmpPNgDRsoJdlbS0
;x=[vP
$oeSiproxjsdRSMrVpnQCcBStSdbAVUOLCpPN1
SeqgpLWqRsLJTrKN1
oeZMmzplqOBoDs1 0
pDXEdkXJnqFBCAsrG1907
0DjbwxpcBsPeQAkHMyciMpoAQFRJhKXPTYhYfBWRnUcKuTMgX1*0(
!OdxkFroJlRGVRuZkRslClClUSmDfXLeDj1301
*VTrJtQJvqekGYlquIbuUvDBmpMeLEogBdMWBHByCBg100.
'UxanTbnKoJKIOrsftGLYRcYJDmpPNgDRsoJdlbS
20210419070653Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210419070653Z0+
I#YI+YI3
<meta name="keywords" content="([\w\d ]*)">
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
UODqNepyHcwKglPCDS
VS_VERSION_INFO
StringFileInfo
040904e4
Comments
CompanyName
FileDescription
FileVersion
7.166.811.807
LegalCopyright
All Rights Reserved
InternalName
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
7.166.811.807
Assembly Version
7.166.811.807
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!8BB6B2CD59A3
Cylance Clean
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren W32/MSIL_Kryptik.DRH.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HTW
APEX Malicious
Avast Win32:RATX-gen [Trj]
ClamAV Clean
Kaspersky UDS:Backdoor.MSIL.Androm.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.Siggen13.9900
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis
FireEye Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
MaxSecure Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34678.bm1@aq!wo5ki
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Clean
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Agent.HTW!tr
Webroot Clean
AVG Win32:RATX-gen [Trj]
Cybereason Clean
Paloalto Clean
Qihoo-360 HEUR/QVM03.0.B19F.Malware.Gen
No IRMA results available.