popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-22 16:02:35

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001844 0x00001a00 5.34347050882
.rsrc 0x00004000 0x00000808 0x00000a00 4.87128365576
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004130 0x00000130 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00004260 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00004274 0x000002a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000451c 0x000002e9 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
HAiL.exe
mscorlib
System
Object
System.Windows.Forms
MessageBoxButtons
MessageBoxIcon
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
System.Reflection
AssemblyTitleAttribute
AssemblyProductAttribute
AssemblyVersionAttribute
AssemblyCopyrightAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Assembly
GetExecutingAssembly
get_Location
String
Concat
System.Net
WebClient
DownloadData
MessageBox
DialogResult
System.IO
GetTempPath
Microsoft.Win32
Registry
GetValue
Environment
SpecialFolder
GetFolderPath
AppDomain
get_CurrentDomain
get_BaseDirectory
Combine
Delete
WriteAllBytes
FileInfo
FileSystemInfo
FileAttributes
get_Attributes
set_Attributes
System.Diagnostics
ProcessStartInfo
set_Verb
Process
WaitForExit
<>c__DisplayClass1
get_Chars
Substring
Func`2
System.Core
System.Linq
Enumerable
System.Collections.Generic
IEnumerable`1
Select
ToArray
DllImportAttribute
kernel32.dll
DeleteFile
.cctor
CompilerGeneratedAttribute
Copyright 2021 Essential MFs
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
</dependentAssembly>
</dependency>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
oBCHRO@OCT
,%74"1&
* 1,0,%7
*-',40
611&-7
&10*,-
;3/,1&1
,/'&10
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
6.9.0.0
InternalName
HAiL.exe
LegalCopyright
Copyright 2021 Essential MFs
OriginalFilename
HAiL.exe
ProductName
ProductVersion
6.9.0.0
Assembly Version
6.9.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36955132
CMC Clean
CAT-QuickHeal TrojanSpy.MSIL
McAfee GenericRXFV-IT!90B78DD5DA15
Cylance Clean
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.MSIL.Xegumumune.gen
K7AntiVirus Trojan-Downloader ( 0052587f1 )
BitDefender Trojan.GenericKD.36955132
K7GW Trojan-Downloader ( 0052587f1 )
Cybereason malicious.a68477
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.BLY
APEX Malicious
Avast Win32:RATX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Xegumumune.gen
Alibaba TrojanSpy:MSIL/Xegumumune.7ed0dd3e
NANO-Antivirus Clean
ViRobot Dropper.S.Agent.10240.L
AegisLab Trojan.MSIL.Xegumumune.l!c
Rising Clean
Ad-Aware Trojan.GenericKD.36955132
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.KillProc2.11418
Zillya Downloader.Small.Win32.139083
TrendMicro TROJ_GEN.R002C0PEN21
McAfee-GW-Edition GenericRXFV-IT!90B78DD5DA15
FireEye Generic.mg.90b78dd5da157605
Emsisoft Trojan.GenericKD.36955132 (B)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.36955132
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1121965
eGambit Clean
MAX malware (ai score=83)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D233E3FC
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4481007
Acronis Clean
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKD.36955132
TACHYON Clean
Malwarebytes Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PEN21
Tencent Msil.Trojan-spy.Xegumumune.Hssd
Yandex Clean
Ikarus Trojan-Dropper.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/CoinMiner.DMA!tr
BitDefenderTheta Gen:NN.ZemsilCO.34722.am0@ayufq3h
AVG Win32:RATX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_80% (W)
Qihoo-360 Clean
No IRMA results available.