popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-31 20:11:18

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0002d8b4 0x0002da00 7.93628817789
.rsrc 0x00030000 0x0000469c 0x00004800 1.69153197418
.reloc 0x00036000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0003006c 0x00004028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000340d0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00034120 0x00000356 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000344b2 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
,>&+>+?+Dr!
-.&+.+/+0t
-.&+.+/+0t
v4.0.30319
#Strings
d234.exe
<Module>
mscorlib
ValueType
System
Object
MulticastDelegate
Settings
Odyxemhhhqqdr.Properties
ApplicationSettingsBase
System.Configuration
PoweredByAttribute
SmartAssembly.Attributes
Attribute
ResourceManager
System.Resources
CultureInfo
System.Globalization
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
Assembly
System.Reflection
ResolveEventArgs
blogName
articleName
.cctor
BlogSubscribeEvent
BlogName
BlogSubscribtionService
ReaderName
Culture
Ffibrzdgwwfnw
Ehfgxy
Default
UnverifiableCodeAttribute
System.Security
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
STAThreadAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
.resources
Odyxemhhhqqdr.ClassLibrary1.dll
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
MemoryStream
System.IO
ToArray
Stream
CopyTo
IDisposable
Dispose
GetExecutingAssembly
GetManifestResourceStream
Interlocked
System.Threading
CompareExchange
Delegate
Combine
Remove
ClassLibrary1
ClassLibrary
GetValue
Console
WriteLine
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
GetObject
SettingsBase
Synchronized
WrapNonExceptionThrows
FileZilla FTP Client
Tim Kosse
FileZilla
$f72d7f35-9445-4099-97b7-8b1b689a6c9d
3.48.1.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4(
#Powered by SmartAssembly 7.5.2.4508
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.8.1.0
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
,qfSjG
/_Q/+U
m1,80R
QwRUjT
ff{Z|o:
~6]*1YW6h
ux:%)S1
Y+5\Ix
ac ?lX
&8~Fzj
(fG,?V=
MM)G*L
&IF"fK950
r!yLe~rx
v-]m<t
|NSj7B
QkT[U%
WXiwb# v
FRnb\D
a Wi@U
.vifeEiaAE
gT6UCd
Lb' $x
=0*-P*0
pTcgL{D
L'S?!P
YXBX`hx
|jXc8`
)O%F<b
],35r;
r*N\W)Vy
'z?(d5
?Lui+i
0m"m2a
m"]2gw
y3?i/i
$m!u0{
GL)i0h
=py$S6z
,b>!oD
#f$|s=hS
:b\9CH
zRS2a=
NeZc=2
O+-e6}I
mC~\}z
?D<?D<N
H[/>dV
/c E*8)
(OnTtp}{Z
qY^ee~QNvv}H
NYlduI^
BLJbbNx
n~w4vxR
SJVBYJJ
%!&&j9=*qZ
~c!6FZ{
~A*]5J
ddFVAN
2z"z,""!'
nUZDJQF
3W.ik6;
yO]]YZ
VJfBzB
BJJJb\J
mk`h#B
nXUPTMC
c{szVxb
~kWss=eCC
05:5y?7
C^MARNSBNG
M[MB^I
XFtJDx
nbtpru
YuII5Z
;:[XYR
)"6#%q
'cSK;[Q
~Qqq~9
k!q:v
`gY2WP46
)++;6?6
-*{:NO
f|ZF|Exd
Jzcs}X
2~qCJ^
wF:[sS=v
FFzJ7c
mDRSVH
SsSS#j
yY470?
` 4:F[
c^vV:[KG!.6:
zUX\]S
6*55,*y
?7|[9V]
<N<wL~
LFJFYv\
T.6N!R0
ZfN&Q`
2;JV"
u<I%@$
%PDQ8
2+&[b
F|&)`H
xZC8H3
%`HQTu
2+"K`sh
Fa(<$0
#*n#g<
B|n/`H
fSJT'Da\
+m9+eZ
;,q->@
6qQcM0
CD )6r)
16r16Qb
Izwc"&
R=LM\s4
!]7DIPL
mNeyk>
cxCw6%u
C!t'At2(
QC%dVtW
mwAoY
+`Ptc8=
Wh`VOY
]On]uf
_HaGZ<
tvO^T"
\8(Ft8
q'&=y-~
Ci;\>K
~2 ?SFs
BEq\IP9
)60K@h
Hx.S!e
jBU{^9w
zr$-Fb
'40NFZ'76
@3K_+*dh
529~n|2
Y1/F+!
J{`f:+z7Q
D2uk;
*kt}\u
)u~E)~
#G<bh;
YWSyQ
eF>Q[B
KxurTk
% 8, F
SQ7xP
VHS/Y#
R j3R37N
']n7N-
b>p_N}
&];$#x
+'cQ/E
J"ea|D
qRL.Yz+((65
*S*\w 8?rQ3
H&d],$
0iYgBK
hN<$@|
B?/Ky
6VC9iG
S\i)Sc
w'P9lG
)5!2uw
RH [J^G
xBClgb
%pryKpV
O[2f;
.p?<&e
CFYu!a
;y::hm
vIrM_>ao
oiOc{J
w_X-JP!|
Yr'Y_lT>
W<=niK
Z:0R$/
`s~?//
`uE5eTWU
83h?*k
~+(D|6
sz%s<g
0KkcXF
Oy'o_I
\^5>]@
$c8+;z
;TXkX=
#VMi2:
iwH`<9x)
vggwggggfg
SxgnKH:
40aqR&
RB;`mf
^x7NhZ
w*7!Cy
h&:P]6o
)] Q+"
1\M%t#
"LG:`
2t,jbio
\.\S!/
e?.QjA
7)PE4K
k|-R@G
SvPTeAD
TV4fH|
BaF_|
0v&b"Q
i1T9_a9
ZNBTX
J#n~@2
WpuI0g
btB=dX
h]~A<W
70w|$D"DJ1.
<o+|&:&>
i94s`j
IO1qmR
rsZWX|
?z$ 8o
>R;!(eo
Mn66M>un[
w9>%Z]5j
6z}|s)5
 `gM/
;$+mnD
Gb7!DK
No{Vo^
WZ6iv]
dA'dA_
fcs_jR
s!IunL
XaQpiE
yL]SEW
yHw=k@~
qxNv1j
!TujT#
+y,#.=
>-$N>dY
WYv*A^
m;JRmkzkWA
XeSq0A
BXfLXK4
@ELHKH
( ~H$G
SBzG!+%d
Pji $n
v]_t<.J
\O&6UT>gY
H,P;y/q7
U~M##>
6D+Z;K
!wwdxI
r,>gN'
:1B+ss
et%h1z
CcGYZ[
|0>}J8
rkI{L+z
_\b~3!l"
5@+(c'
D1 .ls
yQTnG@
AobeT@[
umIM]Cf
2z O]<pT0
L<m{QZ
s%#?zc
1CeN3d
*a<En"
,|(0c"
AJeA4}
00SMe]"
d<+MvZ
WYI*+9
]Ki;K8*J
W.W'=S
X-Sf)g
:]OnOM'U
IG~"&#O^
Zgr>>>
dzNN.sR
KHUkB*}A
OWROnir
@KyhEM
*k"@r>
KyfM?;
nS}~mPr[R
;78M4~O
jk8X"M
_d?l9:~;
bYMJ[S
VsUB:u@^
C;<m4H
S>3;/D
un67;7
DzHNH)H
*gU9BU
WU3l}M
<GKb,d"d
]feDY4
WU-TO]
j*pE5B5
mmX+4*rmm5
A+WU3h
7r?%QW
wvm|$UH
B8i7Pt
.FI-Jb
Cc1@B
vj1j9j
J>>Dg[_`#O
_M*xo;
u.8124>|
7[s80Y
#^|t^)
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
ClassLibrary1
ClassLibrary1.dll
mscorlib
System
Boolean
Environment
IDisposable
CompressionMode
System.IO.Compression
GZipStream
MemoryStream
System.IO
Stream
Object
Assembly
System.Reflection
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
MethodBase
MethodInfo
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
SuppressIldasmAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
String
Thread
System.Threading
<Module>
ClassLibrary
GetValue
buffer1
buffer2
GetExportedTypes
GetMethod
get_FullName
CreateInstance
Invoke
get_Length
ToArray
Dispose
$7c158b45-9dc4-4066-8cda-58e028d1a857
Copyright
2021
ClassLibrary
1.0.0.0
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorDllMain
mscoree.dll
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Qtra]PI
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
110413100000Z
280128120000Z0R1
GlobalSign nv-sa1(0&
GlobalSign Timestamping CA - G20
&https://www.globalsign.com/repository/03
"http://crl.globalsign.net/root.crl0
GlobalSign nv-sa1(0&
GlobalSign Timestamping CA - G20
160524000000Z
270624000000Z0`1
GMO GlobalSign Pte Ltd100.
'GlobalSign TSA for MS Authenticode - G20
1R(n]@r<
&https://www.globalsign.com/repository/0
1http://crl.globalsign.com/gs/gstimestampingg2.crl0T
8http://secure.globalsign.com/cacert/gstimestampingg2.crt0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
160615000000Z
240615000000Z0n1
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G30
QAY3yd
,X,*o5-
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0b
&https://www.globalsign.com/repository/0
J1 ~O]
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G30
180201225327Z
201013150902Z0
Private Organization1
03-05049501
Florida1
Florida1
Sanford1
1573 Katie Cv1!0
QFX Software Corporation1!0
QFX Software Corporation1&0$
qfxsoft@qfxsoftware.com0
Bhttp://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0>
2http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
&https://www.globalsign.com/repository/0
4http://crl.globalsign.com/gsextendcodesignsha2g3.crl0"
qfxsoft@qfxsoftware.com0
,X,*o5-
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
GlobalSign nv-sa1(0&
GlobalSign Timestamping CA - G2
200805000853Z0#
GlobalSign nv-sa1(0&
GlobalSign Timestamping CA - G2
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
160615000000Z
240615000000Z0n1
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G30
QAY3yd
,X,*o5-
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0b
&https://www.globalsign.com/repository/0
J1 ~O]
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G30
180201225327Z
201013150902Z0
Private Organization1
03-05049501
Florida1
Florida1
Sanford1
1573 Katie Cv1!0
QFX Software Corporation1!0
QFX Software Corporation1&0$
qfxsoft@qfxsoftware.com0
Bhttp://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0>
2http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
&https://www.globalsign.com/repository/0
4http://crl.globalsign.com/gsextendcodesignsha2g3.crl0"
qfxsoft@qfxsoftware.com0
,X,*o5-
GlobalSign nv-sa1D0B
;GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
20200805000859Z
-0+1)0'
GlobalSign TSA for Advanced - G2
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
180219000000Z
290318100000Z0+1)0'
GlobalSign TSA for Advanced - G20
&https://www.globalsign.com/repository/0
5http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
<http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<
0http://ocsp2.globalsign.com/gstimestampingsha2g20
<W"=0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
110802100000Z
290329100000Z0[1
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
x"6kwy
&https://www.globalsign.com/repository/06
%http://crl.globalsign.net/root-r3.crl0
=dj;^NF
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2
200805000859Z0/
ahBPD5?M
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2
Dot Net For All
Reader1
Reader2
Odyxemhhhqqdr.ClassLibrary1.dll
FindWrapper
{0} is read by {1} in the blog {2}
Events in .NET
Ffibrzdgwwfnw
Ehfgxy
Ehfgxy
Ffibrzdgwwfnw
`.#k.+
.3`.;`.C`.K
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ClassLibrary
FileVersion
1.0.0.0
InternalName
ClassLibrary1.dll
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
ClassLibrary1.dll
ProductName
ClassLibrary
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
FileZilla FTP Client
CompanyName
Tim Kosse
FileDescription
FileZilla FTP Client
FileVersion
3.48.1.0
InternalName
d234.exe
LegalCopyright
Tim Kosse
LegalTrademarks
OriginalFilename
d234.exe
ProductName
FileZilla
ProductVersion
3.48.1.0
Assembly Version
3.48.1.0
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.46396387
FireEye Generic.mg.4d502f30155e5f62
CAT-QuickHeal Clean
McAfee RDN/Generic.rp
Cylance Unsafe
VIPRE Clean
Sangfor Riskware.Win32.Agent.ky
K7AntiVirus Clean
BitDefender Clean
K7GW Trojan ( 0057d5821 )
Cybereason malicious.2ea3df
BitDefenderTheta Gen:NN.ZemsilF.34692.nm2@ay7nsgg
Cyren W32/Trojan.NWBQ-0332
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ABEZ
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
SUPERAntiSpyware Clean
Rising Downloader.Seraph!8.111C6 (CLOUD)
Ad-Aware Clean
TACHYON Clean
Sophos Mal/Generic-S
Comodo TrojWare.Win32.UMal.wnscb@0
F-Secure Clean
DrWeb Trojan.PackedNET.783
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Clean
Ikarus Trojan.MSIL.Inject
GData MSIL.Trojan-Stealer.AgentTesla.1Y8JY6
Jiangmin Clean
Webroot Clean
Avira TR/AD.AgentTesla.lpmhm
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Clean
AegisLab Trojan.MSIL.Agensla.i!c
ZoneAlarm Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX malware (ai score=77)
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
eGambit PE.Heur.InvalidSig
Fortinet MSIL/Kryptik.ABEZ!tr
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Clean
No IRMA results available.