popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-22 08:12:52

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00038884 0x00038a00 7.81943192343
.rsrc 0x0003c000 0x00029ec4 0x0002a000 4.29821181887
.reloc 0x00066000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00065410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00065878 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000658fc 0x00000412 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00065d10 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Xffefeeffe
Yffeeffefea
affefefeeffe
affefeeffefe
Xffefeefeffea
Yfefefeffea
Yffefeeffeefhah
Xfefeffefefea
afefefeffeefhah
3cV;X
Yfeffeeffefea
Yfeffefefe_:h
ffeeffeeffe
vZfefefeffe
9feffeefefef
feffeefefef
Tffeeffeeffe
afefefeffe
vZfefefeffefe
feffefefe
fefefeffe
affeeffefe
Tfefefeffe
feffeefefYa8
ffeefeffeefY
feffefeeffeXa8
ffeefeffefeY
ffefeeffeefa
kffeeffefe(
fefeffeefa(
v4.0.30319
#Strings
Vtmxgb
Vtmxgb.exe
<Module>
Settings
WindowsFormsApp1.Properties
ApplicationSettingsBase
System.Configuration
System
Dispatcher
WindowsFormsApp1.Producers
Object
mscorlib
Initializer
GlobalRoleDispatcher
InterceptorComparatorTask
BroadcasterStubDef
WindowsFormsApp1.Definitions
Vtmxgb.Tasks
Mapper
MerchantRoleDispatcher
Vtmxgb.Dispatcher
AlgoComparatorTask
ParameterBroadcasterWrapper
Vtmxgb.Wrappers
WindowsFormsApp1.Exporters
WindowsFormsApp1.Shared
Property
WindowsFormsApp1.Licensing
Predicate
Vtmxgb.Structs
ResolverProperty
SerializerComparatorConnector
DescriptorAttributeStructBuilder
MulticastDelegate
InterpreterComparatorConnector
Vtmxgb.Connections
InvocationErrorPool
WindowsFormsApp1.Pools
ParamMethodObject
WindowsFormsApp1.Objects
AuthenticationComparatorConnector
DataLabelsPosition
MapperComparatorTask
GetterWorkerException
Vtmxgb.Exceptions
InstanceErrorPool
OrderBroadcasterWrapper
ProxyMethodObject
Printer
FieldCreatorModel
Invocation
ListAttributeStructBuilder
RegDicExporter
DefineBridge
.cctor
f0659e5905454a5e99b9752afc78b700
FindBridge
InstantiateBridge
Boolean
NewBridge
GetBridge
SettingsBase
Synchronized
LoginBridge
ComputeBridge
_Reader
request
m_Creator
_Method
m_Service
m_Tokenizer
worker
InitBridge
spec_counter
Thread
System.Threading
get_CurrentThread
get_ManagedThreadId
PushInitializer
ekeW6a
ConnectInitializer
InterruptDispatcher
PostInitializer
NotSupportedException
PostBridge
SetupBridge
ExcludeBridge
_Attribute
m_Comparator
annotation
_Broadcaster
CollectBridge
info_High
TestInitializer
StopBridge
ManageBridge
_Params
proccesor
_Publisher
_Interceptor
ConnectBridge
config_high
EnableInitializer
CompareDispatcher
OrderInitializer
PushBridge
WriteBridge
ReadBridge
InsertInitializer
m_Object
m_Wrapper
Dictionary`2
System.Collections.Generic
String
_Global
merchant
m_Filter
RegisterBridge
DisableDispatcher
CultureInfo
System.Globalization
DestroyDispatcher
Assembly
System.Reflection
AssemblyName
reference
get_CultureInfo
Equals
StringComparison
AppDomain
get_CurrentDomain
GetAssemblies
get_Name
GetName
CollectDispatcher
Stream
System.IO
second
ResetDispatcher
MemoryStream
DeflateStream
System.IO.Compression
GetManifestResourceStream
EndsWith
CompressionMode
set_Position
IDisposable
Dispose
RegisterDispatcher
TryGetValue
GetDispatcher
get_Length
AwakeDispatcher
helper
ToLowerInvariant
IsNullOrEmpty
Concat
PushDispatcher
ResolveEventArgs
get_Flags
AssemblyNameFlags
op_Inequality
op_Equality
ContainsKey
Monitor
set_Item
AddDispatcher
ResolveEventHandler
IntPtr
add_AssemblyResolve
Interlocked
Exchange
MoveBridge
SearchBridge
PrintBridge
TestBridge
AddBridge
GetExecutingAssembly
QueryBridge
ViewBridge
CallBridge
_Schema
m_Server
callback
m_State
SelectBridge
PostDispatcher
TestDispatcher
EnableDispatcher
OrderDispatcher
remove_INFOAt
InsertDispatcher
ConnectDispatcher
isconfig
ConcatDispatcher
ReflectDispatcher
config
InvokeBridge
CalculateBridge
value__
expression
m_Record
customer
RunBridge
InstantiateDispatcher
CountDispatcher
ReadDispatcher
QueryDispatcher
key_Low
WriteDispatcher
MoveDispatcher
writelast
CalcDispatcher
ViewDispatcher
ConcatBridge
OrderBridge
UpdateBridge
LoginDispatcher
CopyTo
ToArray
GetManifestResourceNames
Func`2
Enumerable
System.Linq
System.Core
SingleOrDefault
IEnumerable`1
ComputeDispatcher
Double
visitor
Convert
ToInt32
ClassLibrary
set_Bytes1
set_Bytes2
IncludeBridge
CustomizeBridge
ResetBridge
reference_min
FlushBridge
Serial
VisitBridge
_Candidate
RateBridge
ResolveDispatcher
Contains
CancelBridge
MapBridge
result
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
EndInvoke
RestartBridge
DefineDispatcher
PrepareDispatcher
Format
Console
WriteLine
ReadKey
ConsoleKeyInfo
InsertBridge
ValidateBridge
PublishBridge
account
importer
decorator
SortBridge
CalculateDispatcher
ValidateDispatcher
PatchDispatcher
CallDispatcher
instance_max
StopDispatcher
FindDispatcher
countfirst
CustomizeDispatcher
SearchDispatcher
RevertBridge
DefineField
_Composer
thread
m_Mock
descriptor
InstantiateField
FillDispatcher
RateDispatcher
ManageDispatcher
CloneDispatcher
first_count
LogoutDispatcher
SortDispatcher
identneeded
ListDispatcher
SetupDispatcher
NewField
FindField
m_Connection
repository
m_Exporter
GetField
ChangeDispatcher
CreateDispatcher
NewDispatcher
SelectDispatcher
offsetsetup
RemoveDispatcher
VerifyDispatcher
validatev
PrintDispatcher
RunDispatcher
LoginField
ComputeField
m_Parameter
m_Facade
configuration
strategy
m_Pool
issuer
m_Template
m_Definition
status
CreateField
StackFrame
System.Diagnostics
StackTrace
MethodBase
GetFrame
RuntimeMethodHandle
GetMethod
MemberInfo
get_DeclaringType
UpdateDispatcher
CheckDispatcher
StringBuilder
System.Text
UInt16
UInt32
GetTypeFromHandle
RuntimeTypeHandle
Append
ToString
Intern
Encoding
get_Unicode
GetString
InvokeDispatcher
ExcludeDispatcher
IncludeDispatcher
cont_Position
get_Assembly
SetDispatcher
token_min
InitField
ReflectField
DisableField
PostField
SetupField
ExcludeField
GetCallingAssembly
CollectField
StopField
ManageField
ConnectField
PushField
WriteField
ReadField
lengthinit
DeleteField
CountField
get_Count
ListField
PatchField
CalcField
get_FullName
SetField
GetPublicKeyToken
CheckField
_Proxy
_Policy
LogoutField
MapDispatcher
StartDispatcher
PopDispatcher
FlushDispatcher
EndOfStreamException
PublishDispatcher
next_info
ReadByte
InitDispatcher
VisitDispatcher
ArgumentOutOfRangeException
CloneField
CompareField
EnableField
ResolveField
Buffer
BlockCopy
observer
RegisterField
CancelDispatcher
UInt64
List`1
GetBytes
AddRange
get_Item
AssetDispatcher
RestartDispatcher
ForgotDispatcher
get_MetadataToken
MoveField
SearchField
PrintField
TestField
AddField
_Setter
m_Container
QueryField
DeleteDispatcher
RevertDispatcher
laststart
ViewField
CallField
ChangeField
PopField
AwakeField
InterruptInitializer
reference_offset
bstart
CompareInitializer
indexOf_i
offset_ord
DisableInitializer
itemPosition
pol_max
SelectField
InvokeField
CalculateField
DestroyInitializer
AssetField
VerifyField
StartField
CollectInitializer
RunField
ConcatField
OrderField
UpdateField
IncludeField
CustomizeField
ResetInitializer
ResetField
FlushField
VisitField
RateField
CancelField
MapField
RestartField
RegisterInitializer
ValidateField
PublishField
InsertField
SortField
RevertField
DefineVisitor
InstantiateVisitor
GetInitializer
NewVisitor
FindVisitor
GetVisitor
LoginVisitor
AwakeInitializer
ComputeVisitor
CreateVisitor
ReflectVisitor
DisableVisitor
AssemblyDescriptionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
AssemblyTitleAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyCompanyAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerHiddenAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
STAThreadAttribute
WindowsFormsApp1.Resources.Fmjbsd.dll
WindowsFormsApp1.Resources.Zzomvlzq.dll
costura.classlibrary.dll.compressed
costura.costura.dll.compressed
Discord - https://discord.com/
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
WrapNonExceptionThrows
0.0.52.0
4Copyright (c) 2020 Discord Inc. All rights reserved.
$9144e56c-092a-4b4b-9f61-0077158697a4
Discord Inc.
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
b%,RE/
*^S~[<
fT`FoL
G1va?T
URUG=L
n,~(~'
|Ww%\
V_`Cr{f
UQUeRU}
u9TqR)
N}]T])
*VS^Ut
{s74>3
P7P_PD
99y~B9
@DT@hD
;9%/;(3
",Osvl3
1e:OUy
^uv?)y9
~pt\hl
eDu.On
T\bNIr@iR
:AD"""
wl-2(6
0Md\kY
l"O{Q<J1
![kkQ>
[DHlNcOZtZ
ad^CpX
,dOiBG
Sk[bvY
.S]RMx@
xk,Kvz
K0>0X`
DZ50_j
O&fMT}@
~K\9iS0
I#}'lp]
<|tJ*D
ZRQi4
f`!yE\
L&KXH)2
|<||\/$
'/7
%*=m<O
sJBp0*ea
Ydzx6W
wmSQCqqk
wd2eIy
*zM{^f
43S1{t
ZHk-$5
pJn$03$
JY$D4HY(
SVOY(G
\`w%9d
rSq"NH
zH'%1d
9#pJ.$
)!Oa]_
@^An<0d
V!IqMh
t#Pw9w
wd^x[!
fr2dk"
Y:UC@]W
B'}!01
*Mn](s
e|v5zI
UJAx4
~4xGL.
}5h<ba
.AMpyQ
NErb@JP
cfzl9
@[]6Kk
:+^d>h
ue v/"
4"Vj"
kW?z=j
VM{V~x
#MjB@P
5r{bSe
vkxZ)h
<@z3^t
Nw\`WI
>a|lBlX
O'@Ze4~$o
v@Z>IM
7IjdyT
xdo-~G
]wfaMj
W$i.RC
}2=6Trc
i-[ZKV
Rt|S%R
#z\]YS
.]Vpub/
{Q^fCF
giQ0"m
wq4cq{
\45>%N
Dj;{>q
!j2/M]A
X%YcS&
LG@1dGt
Y\oY\R
`~<0_:
TYjB'DL
Ar,:|D
hqZ)Rp
xkNiWr
G[k9[Z
@'vLO^{7.
+7E"tb
*q>Fl?
r)59GxLr
f&,6(~
,[m@.:
_>j(ikC
:=xX;6t
0Dq@l`
!vb3!vI
>,/|63
=OM^soE>K
MaV3Gu
y)kN5*}H
Kse(,Z@
]jME0!
t,G*.9
ZlI>E&d
ZM4$cm
L]nmO`
&[*V.q2
v jkZ'`x
])I%<f
}>K8nE_V
KbMOb<
t3\A6Y
d..igHkqx!OQ
06?x,a
TmAba7
L]>O)S|j8sK:2
7t7t12
dC_Tm9
Dd0&yq;'L~
P\0DG9
[c+Ws,
c3Abqc
(,np3m
KW@=hS
,|IrlH
N6#]N]
}<Lvr"
Ft^qy%
s5>X`r
s(|?d'
qxG+]51
&"=iE0
+RsDZJ
_|)T:HhG
Mf,z]i
BS@X!X
9/9cfu8
N(%=]J
kIPz!$
RBi"KuV9=
yOUK%D
$Qmg%\
oU#WL$?
{1 5DM1
a/We}M8:
pKMTyS
Q2RAu2
(!"zISB
BsW~Pj/
w1:}'}
:Kvb1m
1?0,5?
KZ- ge
(/5j2P
r\>I7U^
$_Cj1-FE^
t^j9bo
d2PJb
8J2r&#
4}i]Huw1
Kq{mgJ
Z#VowZI
5Xh#.
2QBNcp
q8ywc
utNH'{vF
PVYY\Vn>
r65sU#
Dy.`]]
n=C+[4O
(:s(Z1
Aj!22@
$_vKDnf
ezQa<
s^bk3F
35231u|_`
-'mfii
'oJn^\
$0K8!
%lDiLnSg
Yc!qNu
:SMj|I4;
RDPO+s@ g
f -3UC<
=HiyQi
hyJnY_
7Y1'MD
zUuV3g
4x7?pv
v)P4A"^
uVY_`R
Q\.5'O
|9-9s*
iU{i].
:1PX+M8
Cv=Sg:
D\z{A6]"m
d*\<Y|
xYzy(!
YGUL@+
6ZR|V2E
aUt[Kl
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
:]OnOM'U
IG~"&#O^
Zgr>>>
dzNN.sR
KHUkB*}A
ivKDfZ
c3}qzo^
4l[C;s
mbZfHp[Y
:+-"Ge
.ZMh@r
4|V^PO&/p
)_TIC(
6EW{wld/
6<.^6Xc
[Z58=1u
pCFd$k
CF)440
Pjlfrv:
{0xepE
[_|{^1
@ "((!
}#Bu}?)>
;G kdv3
^mX'd5
5*C+MG
tYj:7A
&`u|5w
#IB@|
:{d/[f3
O|#h7Ju
C29FMN
;wy8d|
(FEp'{[
P=Qn1[
DmC8v0A
DZEj@B
dVb^.c
T2vY7,
h/0O@^&
"jgv+N
t.]N,=
z`W+63,
.6\^xr
7~wX_M
#b2_r%
SFfmB7
_CorExeMain
mscoree.dll
z[]>!^
"^h#O;
Nwo]_:|
Ld`%N2
f{l7;E
n&5z9nv
`fr-.|
zKr]7h=%-!
al_MMP
B`3^Ka+
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Vtmxgb.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Vtmxgb.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.99e0c2ac9236cfed
CAT-QuickHeal Clean
McAfee Artemis!99E0C2AC9236
Cylance Unsafe
VIPRE Clean
AegisLab Trojan.MSIL.Vobfus.4!c
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.af5648
Baidu Clean
Cyren W32/MSIL_Kryptik.DZK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.FEGB
APEX Malicious
Avast Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:MSIL/GenKryptik.365279dc
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.fh
CMC Clean
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4432416
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34678.ym0@aqGXs!e
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.2879811223
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CH0CDM21
Tencent Clean
Yandex Clean
Ikarus Win32.Outbreak
eGambit Unsafe.AI_Score_91%
Fortinet MSIL/GenKryptik.FEGB!tr
Qihoo-360 Clean
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (W)
MaxSecure Clean
No IRMA results available.