popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-04 19:27:14

PDB Path

D:\RATS\njRAT-0.7d-Stub-CSharp-master\njRAT C# Stub\njRAT C# Stub-backup\obj\x86\Debug\wintask.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00004e84 0x00005000 5.57529035574
.rsrc 0x00008000 0x00000548 0x00000600 3.98148805129
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00008090 0x000002b8 LANG_NEUTRAL SUBLANG_NEUTRAL COM executable for DOS
RT_MANIFEST 0x00008358 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
7  s
v2.0.50727
#Strings
<>9__36_0
<Receive>b__36_0
kernel32
Microsoft.Win32
user32
ToInt32
StringToBase64
get_UTF8
<Module>
GetWindowTextLengthA
GetVolumeInformationA
capGetDriverDescriptionA
GetWindowTextA
GetHWID
System.IO
LastAS
LastAV
Aoraja
DownloadData
HandleData
ProjectData
mscorlib
Microsoft.VisualBasic
GetWindowThreadProcessId
GetProcessById
Thread
isConnected
Command
RegistryValueKind
CompareMethod
Keyboard
keyboard
CreateInstance
CompressionMode
SelectMode
VKCodeToUnicode
DeleteSubKeyTree
lastCapturedImage
FromImage
DrawImage
get_Message
get_Available
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
Rectangle
WinTitle
GetForegroundWindowTitle
get_MainWindowTitle
Module
AppWinStyle
get_Name
cbName
GetTempFileName
get_MachineName
lpRootPathName
get_OSFullName
get_FullName
victimName
get_UserName
get_ProcessName
registryName
lpszName
DateAndTime
DateTime
get_LastWriteTime
ChangeType
Dispose
get_Date
GetKeyboardState
GetAsyncKeyState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
NeutralResourcesLanguageAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyCopyrightAttribute
RuntimeCompatibilityAttribute
ReadByte
WriteByte
DeleteValue
GetObjectValue
GetValue
SetValue
Receive
Remove
wintask.exe
nVolumeNameSize
nFileSystemNameSize
set_SendBufferSize
set_ReceiveBufferSize
get_Jpeg
System.Threading
NewLateBinding
Encoding
System.Drawing.Imaging
FromBase64String
ToBase64String
CompareString
Base64ToString
BytesToString
GetString
System.Drawing
ToLong
CreateHash
ComputeHash
get_ExecutablePath
GetFolderPath
get_Width
get_Length
processInformationLength
lpMaximumComponentLength
GetWindowTextLength
MaxLength
EndsWith
get_ServicePack
RegistryKeyPermissionCheck
get_CapsLock
wintask
ConditionalCompareObjectEqual
LateCall
Uninstall
avicap32.dll
user32.dll
SearchForCam
NetworkStream
GZipStream
GetStream
MemoryStream
memoryStream
Program
OperatingSystem
HashAlgorithm
ToBoolean
CopyFromScreen
get_PrimaryScreen
currentPlugin
get_OSVersion
Conversion
System.IO.Compression
Application
GetVolumeInformation
processInformation
CopyPixelOperation
Interaction
System.Reflection
get_Position
set_Position
Exception
Environ
get_CtrlKeyDown
get_ShiftKeyDown
get_Info
currentAssemblyFileInfo
FileSystemInfo
ComputerInfo
GetInfo
DirectoryInfo
Bitmap
DecompressGzip
lpszVer
lpVolumeSerialNumber
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
lpVolumeNameBuffer
lpFileSystemNameBuffer
ToInteger
ToUpper
CurrentUser
BitConverter
splitter
ServerComputer
wDriver
ToLower
Soccor
soccor
ClearProjectError
SetProjectError
Cursor
.cctor
Monitor
IntPtr
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
DebuggingModes
GetModules
GetValueNames
GetTypes
WriteAllBytes
StringToBytes
GetBytes
lpFileSystemFlags
SocketFlags
Strings
System.Windows.Forms
Contains
Conversions
get_Chars
RuntimeHelpers
Cursors
Operators
processInformationClass
hProcess
NtSetInformationProcess
GetCurrentProcess
System.Net.Sockets
DoEvents
Concat
ImageFormat
PixelFormat
ConcatenateObject
OrObject
Connect
LateGet
System.Net
LateSet
set_MinWorkingSet
tcpSocket
get_Height
op_Explicit
get_Default
get_Client
WebClient
TcpClient
Environment
ParameterizedThreadStart
Convert
set_SendTimeout
set_ReceiveTimeout
GetKeyboardLayout
System.Text
GetWindowText
get_Now
GetForegroundWindow
ToUnicodeEx
stubMutex
ToArray
bytesArray
CreateSubKey
OpenSubKey
MapVirtualKey
lastKey
RegistryKey
System.Security.Cryptography
get_Assembly
get_Directory
DeleteValueFromRegistry
GetValueFromRegistry
SaveValueOnRegistry
op_Equality
WrapNonExceptionThrows
wintask
47.48.41.42
$0aa111a1-1239-929a-3a33-4444444b22cc
RSDS/Ka/
D:\RATS\njRAT-0.7d-Stub-CSharp-master\njRAT C# Stub\njRAT C# Stub-backup\obj\x86\Debug\wintask.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
yy/MM/dd
[ENTER]
Software\
yy-MM-dd
SystemDrive
Software
cmd.exe /C Y /N /D Y /T 1 & Del "
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
149.248.52.61
165d6ed123ac
Q2h1dGk=
VS_VERSION_INFO
0/*)0/*)?
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
FileDescription
wintask
FileVersion
47.48.41.42
InternalName
wintask.exe
LegalCopyright
LegalTrademarks
OriginalFilename
wintask.exe
ProductVersion
47.48.41.42
Assembly Version
49.49.49.49
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.193931
FireEye Generic.mg.3b0c19dc192dec27
CAT-QuickHeal Trojan.MsilFC.S17874654
ALYac Gen:Variant.Bulz.193931
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
BitDefender Gen:Variant.Bulz.193931
K7GW Trojan ( 700000121 )
Cybereason malicious.c192de
Baidu MSIL.Backdoor.Bladabindi.a
Cyren W32/Bladabindi.DN.gen!Eldorado
Symantec Backdoor.Ratenjay!gen3
ESET-NOD32 a variant of MSIL/Bladabindi.AZ
APEX Malicious
Avast Win32:KeyloggerX-gen [Trj]
ClamAV Win.Packed.njRAT-7445143-0
Kaspersky HEUR:Trojan-Spy.MSIL.KeyLogger.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Backdoor.Njrat!1.9E49 (CLASSIC)
Ad-Aware Gen:Variant.Bulz.193931
TACHYON Clean
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
DrWeb BackDoor.BladabindiNET.10
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Trojan-FSHK!3B0C19DC192D
MaxSecure Clean
CMC Clean
Emsisoft Gen:Variant.Bulz.193931 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Bulz.193931
Jiangmin Clean
Webroot Clean
Avira TR/Spy.Gen8
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.KeyLogger.gen
Microsoft Backdoor:MSIL/Bladabindi
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Bladabindi.C4265196
Acronis Clean
McAfee Trojan-FSHK!3B0C19DC192D
MAX malware (ai score=83)
VBA32 Trojan.MSIL.gen.c.1
Malwarebytes Backdoor.Bladabindi.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.MSIL.Bladabindi
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Bladabindi.HT!tr
BitDefenderTheta Gen:NN.ZemsilF.34690.bm0@aO5CAWj
AVG Win32:KeyloggerX-gen [Trj]
Paloalto Clean
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 Clean
No IRMA results available.