popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-17 06:27:40

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00004e94 0x00005000 6.67287745977
.rsrc 0x00008000 0x00005274 0x00005400 7.69063603186
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00008100 0x00004bd4 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x0000cce4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000cd08 0x0000036c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000d084 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
YAsyd)
ZC%3X\
!IJ0IDTs
")T'Wm
bTLA1e
^]"*A=Z
HN KZ.
]u:-b|
XwnKyw
:F{9y'
u:!Js^
/![I+*
9:0]:Y
v2.0.50727
#Strings
<>9__0_0
<>9__1_0
Microsoft.Win32
ReadInt32
ReadInt64
SHA256
<Module>
Downloader__7YnLzX2E7hPwpVGXfqVZCw2PG
get_ASCII
WvzfqNbyyQ3C2mfL
System.IO
get_IV
set_IV
GenerateIV
DownloadData
mscorlib
set_Verb
Windows_Loader__tNjv2Vu3P9KzXWAc
System.Collections.Generic
Thread
RijndaelManaged
Synchronized
ReadToEnd
set_Method
Replace
set_Mode
FileMode
PaddingMode
CryptoStreamMode
CipherMode
get_Unicode
IDisposable
ReadDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
ReadSingle
GetDirectoryName
DateTime
GetCreationTime
get_NewLine
Combine
ValueType
SecurityProtocolType
set_ContentType
System.Core
get_CurrentCulture
ApplicationSettingsBase
HttpWebResponse
GetResponse
Dispose
X509Certificate
Create
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadSByte
GetValue
SetValue
set_KeepAlive
Handlour.exe
set_BlockSize
set_KeySize
System.Threading
set_Padding
ASCIIEncoding
FromBase64String
ToBase64String
ReadString
ToString
GetString
DecryptString
EncryptString
Run__5eL3x7U46zZwPUgQjQYvb725h
ComputeHash
get_Length
set_ContentLength
RemoteCertificateValidationCallback
set_ServerCertificateValidationCallback
FlushFinalBlock
System.ComponentModel
set_SecurityProtocol
GetManifestResourceStream
FileStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
ToBoolean
TimeSpan
X509Chain
get_Location
System.Net.NetworkInformation
System.Configuration
System.Globalization
op_Subtraction
System.Reflection
WebHeaderCollection
get_Position
Win32Exception
KeyNotFoundException
CultureInfo
ProcessStartInfo
HttpRequestHeader
StreamReader
TextReader
BinaryReader
IFormatProvider
ResourceManager
ServicePointManager
System.CodeDom.Compiler
CurrentUser
.cctor
CreateDecryptor
CreateEncryptor
Handlour
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Windows_Loader__tNjv2Vu3P9KzXWAc.Properties.Resources.resources
DebuggingModes
Windows_Loader__tNjv2Vu3P9KzXWAc.Properties
System.Security.Cryptography.X509Certificates
GetBytes
System.Text.RegularExpressions
PingOptions
RegexOptions
get_Headers
RuntimeHelpers
SslPolicyErrors
FileAccess
Process
Exists
IPStatus
get_Status
get_TotalDays
Concat
Object
System.Net
get_Default
WebClient
Environment
decrypt
encrypt
Convert
HttpWebRequest
set_Timeout
System.Text
WriteAllText
get_Now
InitializeArray
ToArray
get_Key
set_Key
CreateSubKey
OpenSubKey
GenerateKey
RegistryKey
System.Security.Cryptography
get_Assembly
GetExecutingAssembly
GetEntryAssembly
PingReply
Registry
System.Net.Security
IsNullOrEmpty
set_Proxy
IWebProxy
3System.Resources.Tools.StronglyTypedResourceBuilder
15.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
15.9.0.0
WrapNonExceptionThrows
Windows Loader
Copyright
$abb41c24-b8bb-4dde-8788-697b1d32f834
1.1.1.1
_CorExeMain
mscoree.dll
e%`*bX@
s!%`Y~9__0t
^MGA@Y
`Y|~N*
xU ]#p
[U~S,s*
,NLbsR&M
?QVpGV
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
>ABCDEF
OPQRSTU
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Windows Loader
CompanyName
Windows Loader
FileDescription
Windows Loader
FileVersion
1.1.1.1
InternalName
Handlour.exe
LegalCopyright
Copyright
LegalTrademarks
OriginalFilename
Handlour.exe
ProductName
Windows Loader
ProductVersion
1.1.1.1
Assembly Version
1.1.1.1
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.46314031
FireEye Generic.mg.f94af1a2500d4284
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee Artemis!F94AF1A2500D
Cylance Unsafe
VIPRE MSIL.Adware.CsdiMonetize
Sangfor Trojan.MSIL.BaseLoader.gen
K7AntiVirus Adware ( 00577a001 )
BitDefender Trojan.GenericKD.46314031
K7GW Adware ( 00577a001 )
Cybereason malicious.45dbd9
BitDefenderTheta Gen:NN.ZemsilF.34690.cm0@aiHdW8p
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Adware.CsdiMonetize.BG
Baidu Clean
APEX Malicious
Avast Win32:MiscX-gen [PUP]
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.BaseLoader.gen
Alibaba AdWare:MSIL/CsdiMonetize.ba374984
NANO-Antivirus Clean
ViRobot Trojan.Win32.Z.Win.43008.A
AegisLab Trojan.MSIL.BaseLoader.a!c
Rising Downloader.BaseLoader!8.123FC (CLOUD)
Ad-Aware Trojan.GenericKD.46314031
Emsisoft Trojan.GenericKD.46314031 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition RDN/Generic Downloader.x
CMC Clean
Sophos Generic PUA HJ (PUA)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.46314031
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1142400
MAX malware (ai score=82)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D2C2B22F
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4454363
Acronis Clean
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKD.46314031
TACHYON Clean
Malwarebytes Adware.Csdimonetize
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H07EH21
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/BaseLoader
AVG Win32:MiscX-gen [PUP]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_80% (W)
MaxSecure Clean
No IRMA results available.