popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2044-12-11 08:45:14

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x005b6b74 0x005b6c00 2.57189736446
.rsrc 0x005ba000 0x0000067c 0x00000800 5.0160808932
.reloc 0x005bc000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x005ba0a0 0x000003f0 LANG_ENGLISH SUBLANG_ENGLISH_US SysEx File - OctavePlateau
RT_MANIFEST 0x005ba490 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
rIC[p
v4.0.30319
#Strings
ahmed0
ToInt32
<Module>
System.IO
astarata
mscorlib
Microsoft.VisualBasic
Replace
instance
RuntimeTypeHandle
GetTypeFromHandle
daName
TryCallName
CallByName
Songofthename
CallType
STAThreadAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
WriteByte
ToByte
GetObjectValue
astarata.exe
System.Runtime.Versioning
ToString
get_Length
MemoryStream
Program
System
Boolean
Interaction
System.Reflection
Intention
InitializePacker
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
packerBytes
get_Chars
RuntimeHelpers
Concat
Object
intent
InitializeRoot
Convert
ToArray
op_Equality
Microsoft.Win32
String
EtwEnableCallback
Stream
TimeZoneInfo
StreamReader
StringSerializer
.cctor
UnsafeNativeMethods
Format
ManifestEtw
WrapNonExceptionThrows
astarata
Copyright
2021
$3d079790-d72d-44b7-bb93-932ef9d8599b
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
FULL_TEXT
totallist
dd Lc fgg c N c c c g c c c uss uss c c fag c c c c c c c Sg c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c fua c c c fg Nf faS fg c fac L ucs NN fag f dS ucs NN ag fcg fcs ffs Nu ffu ffg fff fcN ffg Ld fcL Nu LL Ld ffc ffc fff ffS Nu La fcf Nu ffg ffd ffc Nu fcs ffc Nu Sa dL aN Nu fcL fff fcc fcf gS fN fN fc NS c c c c c c c ac SL c c dS f N c Ld fNa fsa uuS c c c c c c c c uug c Ng c ff f ac c c ugu fN c c S c c c c c c fuS fd fg c c Nu c c c Nu fg c c c c fS c Nu c c c u c c g c c c c c c c S c c c c c c c c LS fg c c u c c c c c c u c LS fNN c c fS c c fS c c c c fS c c fS c c c c c c fS c c c c c c c c c c c gg fd fg c dL c c c c Nu fg c aa N c c c c c c c c c c c c c c c c c c c Sg fg c fu c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c Nu c c a c c c c c c c c c c c a Nu c c du c c c c c c c c c c c gS ffS fcf fuc ffS c c c fNu ugf fN c c Nu c c c ugu fN c c u c c c c c c c c c c c c c c Nu c c LS gS ffg ffs ffg LL c c c aa
{0}{1}{2}{3}{4}{5}{6}{7}{8}{9}
{0}{1}{2}{3}
{0}{1}
{0}{1}{2}{3}{4}
VS_VERSION_INFO
StringFileInfo
040904e4
Comments
CompanyName
FileDescription
FileVersion
3.492.625.291
LegalCopyright
All Rights Reserved
InternalName
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
3.492.625.291
Assembly Version
3.492.625.291
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.MSILHeracles.16500
FireEye Generic.mg.54262706e573614d
CAT-QuickHeal Program.Wacapew
McAfee PWS-FCYX!54262706E573
Cylance Clean
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Heracles.4!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.MSILHeracles.16500
K7GW Trojan ( 0057d2b31 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren W32/MSIL_Kryptik.EKB.gen!Eldorado
Symantec Trojan Horse
ESET-NOD32 a variant of MSIL/Kryptik.ABDX
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.PowerShell.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Gen:Variant.MSILHeracles.16500
Emsisoft Gen:Variant.MSILHeracles.16500 (B)
Comodo Malware@#3ej87bxwbgt8f
F-Secure Clean
DrWeb Trojan.PackedNET.772
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.tz
MaxSecure Clean
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.MSILHeracles.16500
Jiangmin Clean
Webroot Clean
Avira TR/AD.AgentTesla.slanw
MAX malware (ai score=99)
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Arcabit Trojan.MSILHeracles.D4074
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/AgentTesla!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4498596
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.MSILHeracles.16500
TACHYON Clean
Malwarebytes Trojan.MalPack.MSIL
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CET21
Tencent Clean
Yandex Clean
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_100%
Fortinet MSIL/Kryptik.ABDX!tr
BitDefenderTheta Gen:NN.ZemsilF.34692.@p0@a4QZv@ji
AVG FileRepMalware
Cybereason malicious.4dfd60
Paloalto generic.ml
Qihoo-360 Clean
No IRMA results available.