popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2085-11-17 10:55:49

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x002de844 0x002dea00 2.5606080782
.rsrc 0x002e2000 0x000005e8 0x00000600 4.45047995264
.reloc 0x002e4000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x002e20a0 0x0000035c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x002e23fc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
IEnumerable`1
CallSite`1
SearchResultHandler`1
ToInt32
get_QcbaefNcD19039p42
Func`7
System.IO
get_AbA141l215B112W00Da2V477ak846c12eT
set_AbA141l215B112W00Da2V477ak846c12eT
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Versioned
Synchronized
CompareMethod
Replace
Invoke
RuntimeTypeHandle
GetTypeFromHandle
CallType
System.Core
ApplicationSettingsBase
Create
EditorBrowsableState
CallSite
DynamicAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
ParamArrayAttribute
WriteByte
System.Threading
ToString
get_Length
System.Collections.ObjectModel
System.ComponentModel
MemoryStream
System
Boolean
System.Configuration
System.Globalization
System.Reflection
Exception
CultureInfo
CSharpArgumentInfo
Microsoft.CSharp
ThaiBuddhistCalendar
InvokeMember
Reader
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
ResourceManager
System.CodeDom.Compiler
.cctor
System.Diagnostics
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
.Properties.Resources.resources
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
get_Chars
ReadOnlyDictionaryHelpers
Concat
Object
Target
Convert
ExecutionContext
get_EteoATw
ToArray
get_Assembly
op_Equality
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGX
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
SN20s
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
181113000000Z
211108235959Z0h1
Cambridgeshire1
Cambridge1
Simon Tatham1
Simon Tatham0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
'&"=oaCR=0>
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
190922093006Z0
SSH, Telnet and Rlogin client
3https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Run(+!!c^
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190922093017Z0#
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
SN20s
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
181113000000Z
211108235959Z0h1
Cambridgeshire1
Cambridge1
Simon Tatham1
Simon Tatham0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
'&"=oaCR=0>
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
190922093017Z0
SSH, Telnet and Rlogin client
3https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190922093028Z0#
valueinfiniteVM.Properties.Resources
UU Sn Agg n J n n n g n n n epp epp n n Acg n n n n n n n jg n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n Aec n n n Ag JA Acj Ag n Acn S enp JJ Acg A Uj enp JJ cg Ang Anp AAp Je AAe AAg AAA AnJ AAg SU AnS Je SS SU AAn AAn AAA AAj Je Sc AnA Je AAg AAU AAn Je Anp AAn Je jc US cJ Je AnS AAA Ann AnA gj AJ AJ An Jj n n n n n n n cn jS n n Uj A J n eeg pj SS Aje n n n n n n n n eeg n Jg n AA A cn n n AJc U n n j n n n n n n enj AjS U n n Je n n n ASe U n n n n Aj n Je n n n e n n g n n n n n n n g n n n n n n n n n c n n e n n n n n n e n jg AJJ n n Aj n n Aj n n n n Aj n n Aj n n n n n n Aj n n n n n n n n n n n Aec AjS U n Up n n n n ASe U n AJj J n n n n n n n n n n n n n n n n n n n eeg U n Ae n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n Je n n c n n n n n n n n n n n c Je n n Ue n n n n n n n n n n n gj AAj AnA Aen AAj n n n eAe AJU U n n Je n n n AJc U n n e n n n n n n n n n n n n n n Je n n Sj gj AAg AAp AAg SS n n n AJj J n
nAeJgpjUcS
CallByName
VS_VERSION_INFO
StringFileInfo
040904e4
ProductName
Ad Muncher
FileDescription
Ad Muncher
CompanyName
Murray Hurps Software Pty Ltd
LegalCopyright
Copyright
Murray Hurps Software Pty Ltd
LegalTrademarks
b1cf1d86 e4eb 43ba a045 fb5a97a72dfc
Comments
16edd2dd 00ba 4c89 86f8 5721baf6bb6d
416a05b5-05ad-48e8-9dbb-9383c1d6de14
VarFileInfo
Translation
<<<Obsolete>>
<<<Obsolete>>
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.85725f2ce8ff2e36
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
AegisLab Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.bfa7c2
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34688.4o2@aqG2jzai
Cyren W32/MSIL_Kryptik.ECN.gen!Eldorado
Symantec Clean
ESET-NOD32 a variant of MSIL/Kryptik.AAWD
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Clean
Ikarus Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Fortinet Clean
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_70% (D)
Qihoo-360 Clean
No IRMA results available.