popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-21 07:31:39

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003afd4 0x0003b000 7.93316205975
.rsrc 0x0003e000 0x0002c838 0x0002ca00 4.66531727371
.reloc 0x0006c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00069d8c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0006a1f4 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0006a278 0x0000040a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0006a684 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Pznhr.exe
<Module>
Settings
WindowsFormsApp1.Properties
ApplicationSettingsBase
System.Configuration
System
TestWatcherComp
WindowsFormsApp1.Composer
Object
mscorlib
Method
WindowsFormsApp1.Records
Configuration
WindowsFormsApp1.Shared
ContainerSetterObject
Pznhr.Objects
TokenizerMethodState
MulticastDelegate
Writer
Pznhr.Consumers
ContextQueueDescriptor
Pznhr.Descriptors
Factory
Pznhr.Roles
ProductAttributeMessage
Pznhr.Messages
Pznhr.Items
PrinterValExporter
WindowsFormsApp1.Exporters
WrapperSetterQueue
Pznhr.Queues
Decorator
WriteDatabase
.cctor
f0659e5905454a5e99b9752afc78b700
SortDatabase
ChangeDatabase
Boolean
EnableDatabase
PatchDatabase
InvokeDatabase
ComputeDatabase
ForgotDatabase
SettingsBase
Synchronized
_Template
Dictionary`2
System.Collections.Generic
String
manager
m_Service
_Watcher
UpdateDatabase
DeleteTemplate
CultureInfo
System.Globalization
get_Name
SortTemplate
Assembly
System.Reflection
AssemblyName
get_CultureInfo
Equals
StringComparison
AppDomain
GetAssemblies
GetName
CancelTemplate
Stream
System.IO
SetTemplate
MemoryStream
DeflateStream
System.IO.Compression
GetManifestResourceStream
EndsWith
CompressionMode
set_Position
IDisposable
Dispose
GetExecutingAssembly
CreateTemplate
config
TryGetValue
AwakeTemplate
get_Length
ConnectTemplate
result
ToLowerInvariant
IsNullOrEmpty
Concat
PopTemplate
ResolveEventArgs
ContainsKey
Monitor
System.Threading
op_Inequality
set_Item
op_Equality
ComputeTemplate
Interlocked
Exchange
get_CurrentDomain
ResolveEventHandler
IntPtr
add_AssemblyResolve
MapDatabase
ResolveDatabase
QueryDatabase
PublishDatabase
CallDatabase
RemoveDatabase
InterruptDatabase
MoveDatabase
GetDatabase
ReadDatabase
AssemblyNameFlags
get_Flags
setter
m_Queue
CancelDatabase
PublishTemplate
ConcatTemplate
PrepareTemplate
DestroyTemplate
next_i
MoveTemplate
ViewTemplate
isinfo
ReflectTemplate
FindTemplate
VisitDatabase
StartDatabase
_Attribute
_Importer
m_Item
container
OrderDatabase
DefineTemplate
VerifyTemplate
ResolveTemplate
CountTemplate
nextinfo
FillTemplate
PrintTemplate
isitem
SelectTemplate
OrderTemplate
ReflectDatabase
DeleteDatabase
value__
RateDatabase
LoginTemplate
ToArray
CopyTo
GetManifestResourceNames
Func`2
Enumerable
System.Linq
System.Core
SingleOrDefault
IEnumerable`1
Double
token2
ClassLibrary
Serial
Convert
ToInt32
PopDatabase
FindDatabase
FillDatabase
CreateDatabase
set_Bytes1
ExcludeDatabase
set_Bytes2
comparator
PrintDatabase
LogoutTemplate
Contains
ConcatDatabase
InitDatabase
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
EndInvoke
exception
singleton
_Proccesor
_Mapping
FlushDatabase
AssetTemplate
InsertTemplate
InvokeTemplate
NewTemplate
SetupTemplate
QueryTemplate
stripreference
ValidateTemplate
VisitTemplate
LoginDatabase
InsertDatabase
DestroyDatabase
CustomizeTemplate
ResetTemplate
Format
Console
WriteLine
ReadKey
ConsoleKeyInfo
Thread
LogoutDatabase
CalcDatabase
prototype
_Serializer
m_Expression
_Instance
SearchDatabase
IncludeTemplate
DisableTemplate
ReadTemplate
CalcTemplate
insert_LASTAt
SearchTemplate
CollectTemplate
TestTemplate
EnableTemplate
ViewDatabase
CompareDatabase
_Dispatcher
m_Utils
RestartDatabase
InstantiateTemplate
ChangeTemplate
CheckTemplate
RegisterTemplate
config_X
PostTemplate
MapTemplate
WriteTemplate
ListTemplate
reference
NewDatabase
RegisterDatabase
m_Object
_Message
_Indexer
_Descriptor
RunDatabase
RestartTemplate
InitTemplate
instance
RunTemplate
InterruptTemplate
itemID
UpdateTemplate
RemoveTemplate
comparev
GetTemplate
CloneTemplate
SelectDatabase
StopDatabase
params
_Issuer
ConnectDatabase
PatchTemplate
CompareTemplate
ExcludeTemplate
PushTemplate
item_Z
CalculateTemplate
CallTemplate
isfirst
StartTemplate
ManageTemplate
CustomizeDatabase
AssetDatabase
customer
composer
ListDatabase
ForgotTemplate
AddTemplate
StopTemplate
RateTemplate
no__instance
FlushTemplate
RevertTemplate
issetup
DeleteTest
SortTest
ManageDatabase
CollectDatabase
_Predicate
_Thread
policy
annotation
CheckDatabase
CancelTest
SetTest
CreateTest
AwakeTest
column_ident
ConnectTest
PopTest
readasset
ComputeTest
PublishTest
DisableDatabase
IncludeDatabase
GuidAttribute
System.Runtime.InteropServices
ComVisibleAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyFileVersionAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
CompilerGeneratedAttribute
DebuggerBrowsableAttribute
System.Diagnostics
DebuggerBrowsableState
STAThreadAttribute
WindowsFormsApp1.Resources.Wakzto.dll
WindowsFormsApp1.Resources.Ozivlmtyou.dll
costura.classlibrary.dll.compressed
costura.costura.dll.compressed
$87eecd89-e399-4240-a354-ed6131ac2c22
4Copyright (c) 2020 Discord Inc. All rights reserved.
Discord - https://discord.com/
Discord Inc.
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
0.0.52.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
uT]py4
C#H{5c
%HF]]P
h.[s7[
"5FP#pp
l[-9*qzky
D%[YSK
f/OngNL>
s]Rjbn2
v2rwTP
6e#.5.
3`Q?5]
QSzeEM
?/0Bp5
'z9,?^
ZY8D49F
+mMsTnZ
)7UNv/
%Vtf)Od
>u%&x
e6/3!28[
}xrxY~
vCcO^K
?$xp{
;2c|:p
{0|8v
8y=EZZm
e}@.~:p
@x]{b7
${'j8`
&[`9?w
|4{=f<${
CGi@~r
@Vz]*-
BW:tI\
eOyX69o!
#4+C5M
_}kLb"
U2G;e/
Gds8vv
Q8y{!*
v[0dv<
fAveW_h7;^
fEU;}c
c<~BS4t
F/oNbO
l,KzdN&@
KP"|U![
vMg095
V_%e&TP
7IrV97ou
!uT]j?d
+QGemK4
G\X@{m
[RcW.E
o*,VXR
xU5m@H
vE[{db2
mbGAtSX
i@ceGo
+9LhmY
GMI&Pd
Ge"QoMoJ
>'@>%O
KO1auv,.
!sA8?V
[SgoOSlY
6<a8wz6
NTiW&^0F8
F[D.SI
?S&(7;&
QG?~#TQ
~(jgnD51
d;12+'
M8J{B%_
"s0{uc
FkBs=\fJ
uSQZ/>
@)zLsv
7bj1v&
`B)7f3
:XnpGS
F0vI>T
shGg?A<
n@*A7
SniQnb20
i"1:.!9/
=In#cs
/WN}c9
a1>$BA
cdj*ghg
mCGPZH
]Ngpk
-/''"-
RPJB1
168gl)
QJW{hu
)/?_?L
N5ifkf
XRxLD
c}S!ih
jwn};>U6
J<""*|
^%c^>o
qqM8%7W
--,*.m
Bfh.X8
eaa.e>y
2iafj`
|My!!()
Y!iyy)Qe%nYy
j:&6."
QBR3-#g
US]]SU[Y
oD/Z"<
I1%Qi[3e=Asa58
X`DDtQb6&
0\`qf.(1":
TtqL^P@PQKCL
g'=+<x
Mevf{iqx
tHdtyh1a
Tm(m"BR!
?(nEQ<tm
&[OS^_
,k'zn}
@r<`!*
P=E5#8:
Q'ek>
?077@
]o?(G+
?+kx^[P
b):7Tz
)m`3Gn!
RGPzUA
]+APgh
-e:6a#
m(y;fD
Ep_#ZN
_&ZGQ=
;klz:~t*
:kcY<ow
Y1B2^_
Kwx\E3
B#8W/_
nZ-}L)
X4kxs<O
|@dtP,
^j/!;G
S2-|pf
+6}q`)C
/[Ug'o
bI{<[-
#{ hzUz9V
^T6aE'
_wuuuuuu
4eNh+U
iZhp0
=#O2^o*
kO>~@8
Hg@%kl
rHi9Cl
}`;Co."
yt]V!q!w
}'a&=
:j&{aP;w
3]8;3`
#s*OdF
RzP$v`
,5zslv!]N
/b_2_0
bb}W"KB
PuX78r
U(;^u_
f]32X"
~@\E)~
j;`4ameku
A^DXP
cu4k.o
fPIkS[
&EUgD
V~"5D,
jAud-G
]@!!W,e
;CFOSc
|y]F]-F
*5Puu`|
ru]\@>`
J,{<8?
]lks$W
XR#}:9"t
_^|L/R
2{.^m$
RYI:a?f
K=&v1l
>cN+n18
vn1>YY'
pvc{B\
9P$lA2
&wo@)=
JuicCKuv;
.4j!/xM
`9X a~_
AIl;z45
a<qt<]
"\B}t0
)8k:<%S
2swoKnK2
hLeI5C
\2t">e
[%u{[Nd
JMC}a#m1i
rKD9Q]
rPoSs~
c-qY4/X
iL~|*6C:
S=*DdZ
Y%$KW(
z6F@(h4D
"5+S[b
5e8ic$4
VYL::kAr~
6RZ8<B
"a}!=9
u>ny^h?
{:RX:\YB
qC"ja0"
.rL&gi
#7/2i{
eD*78t
<]MN=)
cU`"1#
cf\]P'}1d
l37]':
~.EuV/@
O?7O_c
zpJj|b
p.$2C[)
WK/eE-
(WmoHf
WLLfP^u
")%i-I
dmb7r=
Y=[rb,
j%nPGJ
-%!5a`|
7#\487%\
olRJBm
>iy%84I
\#oCMI
k+wj\5{]
;*}rN6
/w&}.n
:Bmj&Fh
C+[ek!Ef
*t[+Va
Q|f^tR
%dUl#H
Q"UfCiDQ
6z}|s)5
 `gM/
;$+mnD
Gb7!DK
No{Vo^
WZ6iv]
dA'dA_
fcs_jR
s!IunL
XaQpiE
yL]SEW
yHw=k@~
qxNv1j
!TujT#
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
dh!sTt
9VvPrg
~0_tR;X
lffS"B
_UXW9r
zml?=Gb
q4E3}SZ*
+j~+.Q
QIzEeK'
fFbnq7
^oS6/6Y}
'>n!r7
eeaf$
PQ*ls_
)J"QBM
,JteBb
]d<_7>
yy%)jA>
S1 ~\.v
A^O'Z
4~_-a{
GqS-cq
C6TE([7D
u0NvA>
Z@%@vc
sbHIAE
0{BD E
H!Z<!2
)ATzBj
v*:DtX
:bl>%g
(@tDQ.
{KR>Q)
^{]8*'
FEhqB
$]J[#6O
Qo6XtSF
Zq:iN_sNg
qN_7>n9
m'Y}Vcf
#7Ben#
@k]9{
gCHO0Z
B9s)$D
Bum!Yy
'uHu<tm
PrqsWbv
:Qt3 s
Cm4(01P
Ma;X5k
`b4w6}H
eS'L8/<qB
Y[#kod
t$,;.AMb
T'2Ymu
)dB[GR
W8<I>F
Lw0Xbz|A
AX(OR
*/Uo]^2
g0A1-S`_b
$)T@[[
6MSeDT
DZEj@B
dVb^.c
T2vY7,
h/0O@^&
"jgv+N
t.]N,=
z`W+63,
.6\^xr
7~wX_M
_CorExeMain
mscoree.dll
'LaYGc
MCVwz{S
&Q(\C*
]<u{[D
gTG"E9
OEOD&
.Z[6RPP
o*O}n!
(pjAJS
hFWl]/
.l{c)
~nyiu[
9Hx"8X
|(%b *
'eG]~B
J-!2IHj
HA0<HD
HA-c.4
pctCG>
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
180314000000Z
210218120000Z0
Delaware1
Private Organization1
51288621
California1
San Francisco1
Discord Inc.1
Discord Inc.0
_v<WBP
US-DELAWARE-51288620
1http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
1http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
https://www.digicert.com/CPS0
http://ocsp.digicert.com0H
<http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
120418120000Z
270418120000Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
+.+1Xf
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
.http://www.digicert.com/ssl-cps-repository.htm0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)
20200910175959Z
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
141022000000Z
241022000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iW!]4/q
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
200910175959Z0#
classlibrary
costura.classlibrary.dll.compressed
costura
costura.costura.dll.compressed
.compressed
Ozivlmtyou
Wakzto
Integral of Sin(x) from 0 to Pi in {0}- accuracy is {1}
Math.Exp(5) + Math.Log10(5) = {0}
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Pznhr.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Pznhr.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Generic.mg.873fc3f0fdfae350
CAT-QuickHeal Clean
McAfee Artemis!873FC3F0FDFA
Cylance Unsafe
Zillya Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.79de5f
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.FEGB
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky UDS:Backdoor.MSIL.Androm.gen
Alibaba Trojan:MSIL/GenKryptik.cc0ecca9
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware Clean
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Artemis
CMC Clean
Emsisoft Clean
Ikarus Trojan.MSIL.Inject
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Tnega!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Malware.AI.2879811223
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Clean
Fortinet Clean
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Clean
No IRMA results available.