popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-26 01:50:30

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000009b4 0x00000a00 5.0411080526
.rsrc 0x00004000 0x000005d0 0x00000600 4.17903451962
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000340 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000043e0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
&*BSJB
v4.0.30319
#Strings
<Module>
ttttt.exe
Program
WindowsMediaPlayer1
mscorlib
System
Object
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyFileVersionAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Net
WebClient
DownloadData
ServicePointManager
set_Expect100Continue
SecurityProtocolType
set_SecurityProtocol
Exception
STAThreadAttribute
String
Boolean
AppDomain
get_CurrentDomain
Assembly
GetType
BindingFlags
Binder
InvokeMember
System.Security
UnverifiableCodeAttribute
SCRABBLE
funkitron, inc.
(Copyright
2003 - 2004 funkitron, inc.
1.0.48.0
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
http://46.101.81.223/origin.exe
https://ieaspk.com/instagram.dll
instagram.whatsapp
studio
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
SCRABBLE
CompanyName
funkitron, inc.
FileDescription
SCRABBLE
FileVersion
1.0.48.0
InternalName
ttttt.exe
LegalCopyright
Copyright
2003 - 2004 funkitron, inc.
OriginalFilename
ttttt.exe
ProductName
SCRABBLE
ProductVersion
1.0.48.0
Assembly Version
0.0.0.0
Antivirus Signature
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.MSIL.Basic.9.Gen
FireEye Generic.mg.ddda0d5616775408
CAT-QuickHeal Clean
ALYac Trojan.MSIL.Basic.9.Gen
Cylance Clean
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Trojan.MSIL.Basic.9.Gen
K7GW Clean
Cybereason malicious.616775
Arcabit Trojan.MSIL.Basic.9.Gen
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
APEX Malicious
Avast Clean
ClamAV Clean
Kaspersky UDS:Trojan-PSW.MSIL.Agensla.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.MSIL.Basic.9.Gen
Emsisoft Trojan.MSIL.Basic.9.Gen (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
SentinelOne Static AI - Suspicious PE
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=81)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.MSIL.Basic.9.Gen
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Unsafe.AI_Score_92%
Fortinet MSIL/Bulz.0420!tr
BitDefenderTheta Gen:NN.ZemsilF.34692.am0@aqzcxin
Qihoo-360 Clean
Paloalto Clean
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.