popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2077-10-19 14:04:38

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00399e54 0x0039a000 2.53997790911
.rsrc 0x0039c000 0x000005e8 0x00000600 4.46002076477
.reloc 0x0039e000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0039c0a0 0x0000035c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x0039c3fc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
&*BSJB
v4.0.30319
#Strings
ToInt32
System.IO
mscorlib
Microsoft.VisualBasic
Replace
STAThreadAttribute
WriteByte
ToByte
NewLateBinding
ToString
get_Length
LateCall
MemoryStream
System
AppDomain
get_CurrentDomain
.cctor
Microsoft.VisualBasic.CompilerServices
get_Chars
Object
LateGet
Convert
ToArray
op_Equality
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGX
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
201215213145Z
211202213145Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
E0C1)0'
Microsoft Operations Puerto Rico1
230012+4630090
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://www.microsoft.com0
20210405203520.291Z0
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:179E-4BB0-82461%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
201015172823Z
220112172823Z0
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:179E-4BB0-82461%0#
Microsoft Time-Stamp Service0
&g<F0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:179E-4BB0-82461%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20210405235859Z
20210406235859Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
W)\\9Ra
PP wf Qrr f u f f f r f f f Fdd Fdd f f Qzr f f f f f f f Cr f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f QFz f f f Qr uQ QzC Qr f Qzf w Ffd uu Qzr Q PC Ffd uu zr Qfr Qfd QQd uF QQF QQr QQQ Qfu QQr wP Qfw uF ww wP QQf QQf QQQ QQC uF wz QfQ uF QQr QQP QQf uF Qfd QQf uF Cz Pw zu uF Qfw QQQ Qff QfQ rC Qu Qu Qf uC f f f f f f f zf Cw f f PC Q u f FFr dC ww QCF f f f f f f f f FFr f ur f QQ Q zf f f df w f f C f f f f f f Fuz zf w f f uF f f f wC w f f f f QC f uF f f f F f f r f f f f f f f r f f f f f f f f QCf w f f F f f f f f f F f Cr Quu f f QC f f QC f f f f QC f f QC f f f f f f QC f f f f f f f f f f f Qrz zf w f zP f f f f wC w f QuC u f f f f f f f f f f f f f f f f f f f QFz w f QF f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f uF f f z f f f f f f f f f f f z uF f f PF f f f f f f f f f f f rC QQC QfQ QFf QQC f f f Frr rz w f f uF f f f df w f f F f f f f f f f f f f f f f f uF f f wC rC QQr QQd QQr ww f f f QuC u f f f
fQFurdCPzw
EntryPoint
Invoke
VS_VERSION_INFO
StringFileInfo
040904e4
ProductName
Ad Muncher
FileDescription
Ad Muncher
CompanyName
Murray Hurps Software Pty Ltd
LegalCopyright
Copyright
Murray Hurps Software Pty Ltd
LegalTrademarks
ccb840d3 7aae 4cda 8337 30e7ec336684
Comments
760f0e9d a07b 4e67 9b45 78df06c85c96
2455a116-3dc5-4385-9a79-656ee860037d
VarFileInfo
Translation
Legal_policy_statement
.Visual Studio Installe
Legal_Policy_Statement
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.36977766
Cylance Clean
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.MSIL.Deyma.a!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 004c77211 )
BitDefender Trojan.GenericKD.36977766
K7GW Trojan ( 004c77211 )
Cybereason malicious.69416f
Baidu Clean
Cyren W32/MSIL_Kryptik.ECN.gen!Eldorado
Symantec Trojan Horse
ESET-NOD32 a variant of MSIL/Kryptik.CQR
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Downloader.MSIL.Deyma.gen
Alibaba TrojanDownloader:MSIL/Kryptik.91664c5d
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKD.36977766
Rising Downloader.Deyma!8.1093B (CLOUD)
Ad-Aware Trojan.GenericKD.36977766
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
BitDefenderTheta Gen:NN.ZemsilF.34692.Np2@aSR7DRmi
Zillya Clean
TrendMicro TROJ_GEN.R023C0WET21
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.b1d319888860b7a6
Emsisoft Trojan.Crypt (A)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
MaxSecure Clean
Avira TR/Kryptik.dfdyr
MAX malware (ai score=99)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Trojan.Generic.D2343C66
ViRobot Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Deyma.gen
GData Trojan.GenericKD.36977766
AhnLab-V3 Trojan/Win.Generic.C4498305
Acronis Clean
McAfee Artemis!B1D319888860
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.MalPack.MSIL
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R023C0WET21
Tencent Clean
Yandex Trojan.Kryptik!7j+BP6dkVV4
Ikarus Trojan.MSIL.Crypt
eGambit Clean
Fortinet MSIL/Agent.AES!tr
Webroot Clean
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Clean
No IRMA results available.