Static | ZeroBOX

PE Compile Time

2021-04-28 11:26:49

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00030647 0x00030800 7.944209507
.rsrc 0x00034000 0x00004750 0x00004800 2.2299668731
.reloc 0x0003a000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0003406c 0x00004028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000380d0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00038120 0x0000040a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00038566 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Bnppg.exe
<Module>
Program
WindowsFormsApp1
mscorlib
Object
System
<>c__DisplayClass2_0
<>o__3
Settings
WindowsFormsApp1.Properties
ApplicationSettingsBase
System.Configuration
Bxvroywxzhdgn
WindowsFormsApp1.Symmniy
Rdhjourpu
WindowsFormsApp1.Xzwcousqk
Rphbfid
WindowsFormsApp1.Bhljxytjinjrj
Lgfytwkguybn
WindowsFormsApp1.Pbbpwd
Rfzqxikarp
WindowsFormsApp1.Itscjyamyrmhx
Eorgwkyb
WindowsFormsApp1.Flfmvwqg
Gefbwcqp
WindowsFormsApp1.Heuarn
Qborziah
WindowsFormsApp1.Ezszdgeouwf
Jhbmqfevzxk
WindowsFormsApp1.Fawven
Jignirwgbxqms
WindowsFormsApp1.Kvwnrsftuo
Picimfmippp
WindowsFormsApp1.Vtrzwfrvly
Ckdzdveq
WindowsFormsApp1.Bkmvjj
Mgqewmim
WindowsFormsApp1.Kmvczdzvexr
Rbzrcabrvrdv
WindowsFormsApp1.Bvtdbt
Mdburvu
WindowsFormsApp1.Xmhpmkiuiy
Uufqikvrhf
WindowsFormsApp1.Zsbimhyiuvyrt
Krjmsgwb
WindowsFormsApp1.Sdzizcewqs
PoweredByAttribute
SmartAssembly.Attributes
Attribute
resourceName
<>p__0
System.Core
CallSite`1
System.Runtime.CompilerServices
Action`5
CallSite
defaultInstance
CurrentDomain_AssemblyResolve
Assembly
System.Reflection
ResolveEventArgs
sender
ShowGCStat
GetEmbeddedResourceContent
<GetEmbeddedResourceContent>b__0
ToString
get_Default
.cctor
Default
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
STAThreadAttribute
WindowsFormsApp1.ClassLibrary1.dll
WindowsFormsApp1.Resources.Xqnweuzuwb.dll
WindowsFormsApp1.Resources.Jyhgfo.dll
ResolveEventHandler
AppDomain
get_CurrentDomain
add_AssemblyResolve
System.Windows.Forms
Application
Stream
System.IO
CopyTo
MemoryStream
ToArray
IDisposable
Dispose
GetExecutingAssembly
GetTypeFromHandle
RuntimeTypeHandle
get_Namespace
String
Concat
GetManifestResourceStream
CollectionCount
Console
WriteLine
Thread
System.Threading
Func`2
Enumerable
System.Linq
SingleOrDefault
IEnumerable`1
System.Collections.Generic
GetManifestResourceNames
ClassLibrary1
get_MaxGeneration
GetGeneration
GetTotalMemory
Microsoft.CSharp
CSharpArgumentInfo
Microsoft.CSharp.RuntimeBinder
Create
CSharpArgumentInfoFlags
Binder
InvokeMember
CallSiteBinder
CSharpBinderFlags
Target
Invoke
DateTime
get_Now
Collect
WaitForPendingFinalizers
op_Subtraction
TimeSpan
get_TotalMilliseconds
Double
ReadKey
ConsoleKeyInfo
Activator
CreateInstance
Contains
Format
SettingsBase
Synchronized
WrapNonExceptionThrows
Discord - https://discord.com/
Discord Inc.
4Copyright (c) 2020 Discord Inc. All rights reserved.
$dfb82ea3-4487-482e-9a8f-22c2893a8d9f
0.0.52.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4(
#Powered by SmartAssembly 7.5.2.4508
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
ClassLibrary1
<Module>
System.IO
GetData
inputData
mscorlib
CreateInstance
CompressionMode
IDisposable
get_Name
get_DeclaringType
GetType
Dispose
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
System.Runtime.Versioning
String
get_Length
ClassLibrary1.dll
GZipStream
MemoryStream
System
AppDomain
get_CurrentDomain
System.IO.Compression
System.Reflection
MethodInfo
MemberInfo
InvokeMember
Binder
Transalator
Activator
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetTypes
BindingFlags
GzipDecompress
Object
Environment
ToArray
Assembly
op_Equality
WrapNonExceptionThrows
ClassLibrary
Copyright
2021
$7c158b45-9dc4-4066-8cda-58e028d1a857
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorDllMain
mscoree.dll
b%,RE/
*^S~[<
fT`FoL
G1va?T
URUG=L
n,~(~'
|Ww%\
V_`Cr{f
UQUeRU}
u9TqR)
N}]T])
*VS^Ut
{s74>3
P7P_PD
99y~B9
@DT@hD
;9%/;(3
",Osvl3
1e:OUy
^uv?)y9
~pt\hl
eDu.On
T\bNIr@iR
jBkAu;v
]dXeY
&r&Nw{
4^W>/0Mi
gwbMsy
.(SwNMv
oo(a=z+
t2<f>yX
`:5-"M
"c_qr5
Bga*=\z
xk,Kvz
K0>0X`
DZ50_j
O&fMT}@
~K\9iS0
I#}'lp]
<|tJ*D
ZRQi4
f`!yE\
L&KXH)2
|<||\/$
'/7
%*=m<O
sJBp0*ea
Ydzx6W
wmSQCqqk
wd2eIy
*zM{^f
43S1{t
ZHk-$5
pJn$03$
JY$D4HY(
SVOY(G
\`w%9d
rSq"NH
zH'%1d
9#pJ.$
)!Oa]_
@^An<0d
V!IqMh
t#Pw9w
wd^x[!
fr2dk"
Y:UC@]W
B'}!01
*Mn](s
e|v5zI
UJAx4
~4xGL.
}5h<ba
.AMpyQ
NErb@JP
cfzl9
@[]6Kk
:+^d>h
ue v/"
4"Vj"
kW?z=j
VM{V~x
#MjB@P
5r{bSe
vkxZ)h
<@z3^t
Nw\`WI
>a|lBlX
O'@Ze4~$o
v@Z>IM
7IjdyT
xdo-~G
]wfaMj
W$i.RC
}2=6Trc
i-[ZKV
Rt|S%R
#z\]YS
.]Vpub/
{Q^fCF
giQ0"m
wq4cq{
\45>%N
Dj;{>q
!j2/M]A
X%YcS&
LG@1dGt
Y\oY\R
`~<0_:
TYjB'DL
Ar,:|D
hqZ)Rp
xkNiWr
G[k9[Z
@'vLO^{7.
+7E"tb
*q>Fl?
r)59GxLr
f&,6(~
,[m@.:
_>j(ikC
:=xX;6t
0Dq@l`
!vb3!vI
>,/|63
=OM^soE>K
MaV3Gu
y)kN5*}H
Kse(,Z@
]jME0!
t,G*.9
ZlI>E&d
ZM4$cm
L]nmO`
&[*V.q2
v jkZ'`x
])I%<f
}>K8nE_V
KbMOb<
t3\A6Y
d..igHkqx!OQ
06?x,a
TmAba7
L]>O)S|j8sK:2
7t7t12
dC_Tm9
Dd0&yq;'L~
P\0DG9
[c+Ws,
c3Abqc
(,np3m
KW@=hS
,|IrlH
N6#]N]
}<Lvr"
Ft^qy%
s5>X`r
s(|?d'
qxG+]51
&"=iE0
+RsDZJ
_|)T:HhG
Mf,z]i
tJYx4g
5C!38-7
=%7Ew*?
x3Yr*{>O)M
uMIGQMHZv
`@y7PO
%oS.v\
B)c*x0
I$ {d&{
dWLYh&
#kA9#&O
`_$XIn
L6I<O$
Re1IJ'!
I>>G{f
3@?KLu!
^E)~e9
`o4a?AX
ofxv+&
[y'uCLI
,TVv:r
tF0X}@
f&J"U@
7`)mlJ
Dh|g*7[
9YW0@6
SOcn2.
k<MD.t
,-E09I
^`.h+]
RpZh)K
O55/&7
H"^U N
<YGD40
2<e*Gj
gC+s#i
O=E@Y/
fSaE&u
mAoZ&
]8" *
TP;rcF
Mu(g$1i/
GB_MOR7
9fC2T>
Uf:$FY
n.L"0A22
%TM$T~w
@RJ|cm%
n~^kUp
(O^%:B
77g7QSX
F^G5~@j>1
L)5}$|8q
E;sQHg
>=-<8
|*: M[k+(S
gr|?dWO
G,M9NK+x4
?^e>%s|
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
:]OnOM'U
IG~"&#O^
Zgr>>>
dzNN.sR
KHUkB*}A
ivKDfZ
c3}qzo^
4l[C;s
mbZfHp[Y
:+-"Ge
.ZMh@r
4|V^PO&/p
)_TIC(
6EW{wld/
6<.^6Xc
[Z58=1u
pCFd$k
CF)440
Pjlfrv:
{0xepE
[_|{^1
0)s6m
i?*)l?u
AvAif<
2h0[^$
GYr/[Vf
2\n6Yo
1Hxz[G
Z)o)z[
=;M<PD
K.Y_Dq
D8Yvq2
sYfzF9
F{zdKQ3M
W__ic6
R,(.&Pm
b^oU3O
c>B5>I';
iKC+}|(
%H)ahA
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
180314000000Z
210218120000Z0
Delaware1
Private Organization1
51288621
California1
San Francisco1
Discord Inc.1
Discord Inc.0
_v<WBP
US-DELAWARE-51288620
1http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
1http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
https://www.digicert.com/CPS0
http://ocsp.digicert.com0H
<http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
120418120000Z
270418120000Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
+.+1Xf
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
.http://www.digicert.com/ssl-cps-repository.htm0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)
20200910175959Z
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
141022000000Z
241022000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iW!]4/q
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
200910175959Z0#
.ClassLibrary1.dll
generation 0 checked {0} times
generation 0 checked {0} times
Jyhgfo
memory in heap {0}
heap have {0} generation
RENAULT
Xqnweuzuwb
Object car in {0} generation
Size of memeory in heap {0}
Transalator
DestroyRole
size of heap {0}
start GC
GC worked
size of memeory {0}
Object car in {0} generation.
{0} with speed{1} km/h
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ClassLibrary
FileVersion
1.0.0.0
InternalName
ClassLibrary1.dll
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
ClassLibrary1.dll
ProductName
ClassLibrary
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord - https://discord.com/
CompanyName
Discord Inc.
FileDescription
Discord - https://discord.com/
FileVersion
0.0.52.0
InternalName
Bnppg.exe
LegalCopyright
Copyright (c) 2020 Discord Inc. All rights reserved.
LegalTrademarks
OriginalFilename
Bnppg.exe
ProductName
Discord - https://discord.com/
ProductVersion
0.0.52.0
Assembly Version
0.0.52.0
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
Antivirus Signature
Bkav Clean
Elastic Clean
DrWeb Trojan.PackedNET.691
MicroWorld-eScan Gen:Variant.Bulz.454970
FireEye Generic.mg.fd0e7153869bad65
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee GenericRXOJ-UR!FD0E7153869B
Cylance Unsafe
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Bulz.454970
K7GW Clean
CrowdStrike Clean
BitDefenderTheta Gen:NN.ZemsilF.34686.nm1@a0A!IYi
Cyren W32/MSIL_Kryptik.EBW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.AAQQ
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.Bladabindi.gen
Alibaba Backdoor:MSIL/Kryptik.d3a8083f
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Backdoor.Bladabindi!8.B1F (CLOUD)
Ad-Aware Gen:Variant.Bulz.454970
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
SentinelOne Static AI - Suspicious PE
CMC Clean
Emsisoft Trojan.Crypt (A)
Ikarus Trojan.Inject
GData Gen:Variant.Bulz.454970
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Bulz.D6F13A
ViRobot Clean
ZoneAlarm HEUR:Backdoor.MSIL.Bladabindi.gen
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Kryptik.C4443843
Acronis Clean
ALYac Gen:Variant.Bulz.454970
MAX malware (ai score=88)
VBA32 Clean
Malwarebytes Trojan.MalPack.MSIL
Panda Clean
APEX Malicious
Tencent Clean
Yandex Clean
TACHYON Clean
eGambit PE.Heur.InvalidSig
Fortinet MSIL/Kryptik.AAQQ!tr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.