popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2015-09-13 22:24:18

PDB Path

e:\Documenti\Coding\HTTPBotFe\Miner\Miner\obj\Release\Miner.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000f94 0x00001000 5.07484718191
.rsrc 0x00004000 0x00000520 0x00000600 3.86968787875
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000290 LANG_NEUTRAL SUBLANG_NEUTRAL MS Windows COFF PA-RISC object file
RT_MANIFEST 0x00004330 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
<Module>
Miner.exe
AutoMiner
Program
mscorlib
System
Object
IsWow64Process
Download
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
hProcess
InAttribute
wow64Process
OutAttribute
website
username
password
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DllImportAttribute
kernel32.dll
Process
GetCurrentProcess
get_Handle
System.IO
Directory
Exists
DirectoryInfo
CreateDirectory
String
Concat
System.Net
WebClient
IWebProxy
set_Proxy
DownloadString
DownloadFile
ProcessStartInfo
set_FileName
set_CreateNoWindow
set_UseShellExecute
set_Arguments
.cctor
get_Length
Substring
op_Equality
Copyright
2015
$826946d0-d483-4f82-a93c-3a35982fdb2f
1.0.0.0
WrapNonExceptionThrows
e:\Documenti\Coding\HTTPBotFe\Miner\Miner\obj\Release\Miner.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIindex.phptity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
e*!e )e 1e29e2Ae2Ie2Qe2Ye2ae2ie2qe7ye2
\opencl
/out/miner.php?version=
/out/miner/
/out/miner.php?opencl=1&version=
/opencl/
\opencl\
\WmiPvers.exe
\bfgminer.exe
-S opencl:auto -o
.\mmmx
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
Miner.exe
LegalCopyright
Copyright
2015
OriginalFilename
Miner.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.37031643
FireEye Generic.mg.9559bcadf47a53f8
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.37031643
Cylance Unsafe
Zillya Clean
AegisLab Trojan.Win32.Generic.4!c
Sangfor Clean
K7AntiVirus Clean
BitDefender Trojan.GenericKD.37031643
K7GW Clean
Cybereason malicious.a4df98
Baidu Clean
Cyren W32/Trojan.UPXO-7048
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Trojan.Win32.Z.Agent.6662
Rising Clean
Ad-Aware Trojan.GenericKD.37031643
Emsisoft Trojan.GenericKD.37031643 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition RDN/Generic.RP
MaxSecure Trojan.Malware.300983.susgen
CMC Clean
Sophos Generic ML PUA (PUA)
Ikarus Clean
GData Trojan.GenericKD.37031643
Jiangmin Trojan.MSIL.hcnt
Webroot Clean
Avira Clean
MAX malware (ai score=85)
Antiy-AVL Trojan/Generic.ASMalwS.30F8AC4
Kingsoft Clean
Gridinsoft Malware.Win32.Gen.cc!s1
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Trojan/Win32.BitCoinMiner.C237991
Acronis Clean
McAfee RDN/Generic.RP
TACHYON Clean
VBA32 Trojan.MSIL.gen.m
Malwarebytes Trojan.BitCoinMiner
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H06F621
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet PossibleThreat
BitDefenderTheta Gen:NN.ZemsilF.34738.am1@aScu9pc
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike win/malicious_confidence_80% (W)
Qihoo-360 Clean
No IRMA results available.