popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2077-03-19 05:58:01

PDB Path

C:\Users\VICTOR\source\repos\WindowsApp3\WindowsApp3\obj\Debug\WindowsApp3.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00041ad4 0x00041c00 7.97826221041
.rsrc 0x00044000 0x000005bc 0x00000600 4.13638763432
.reloc 0x00046000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00044090 0x0000032c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000443cc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
ThreadSafeObjectProvider`1
Module1
WindowsApp3
get_Free4
<Module>
FDFDGHJHGFD
JHJfdfddfdfffddfKKLDJKFLJD
CXFFDFDFDDFDFDFDF
DSFGHJGFDFDDFFDFDFDF
Dispose__Instance__
Create__Instance__
ProjectData
mscorlib
Microsoft.VisualBasic
Thread
AesManaged
Versioned
get_IsDisposed
m_FormBeingCreated
Synchronized
Append
CompareMethod
Replace
CreateInstance
get_GetInstance
defaultInstance
instance
GetHashCode
set_Mode
CipherMode
get_BigEndianUnicode
get_Message
Hashtable
ToDouble
RuntimeTypeHandle
GetTypeFromHandle
CallByName
CallType
GetType
System.Core
get_Culture
set_Culture
resourceCulture
ConsoleApplicationBase
ApplicationSettingsBase
Dispose
EditorBrowsableState
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
m_ThreadStaticValue
GetObjectValue
Remove
WindowsApp3.exe
System.Threading
Encoding
System.Runtime.Versioning
GetResourceString
ToString
ComputeHash
get_ExecutablePath
TransformFinalBlock
System.ComponentModel
Control
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
resourceMan
System.ComponentModel.Design
AppDomain
GetDomain
get_Application
MyApplication
System.Configuration
System.Globalization
System.Reflection
TargetInvocationException
InvalidOperationException
get_InnerException
CultureInfo
get_Br
MD5CryptoServiceProvider
m_AppObjectProvider
m_UserObjectProvider
m_ComputerObjectProvider
m_MyWebServicesObjectProvider
m_MyFormsObjectProvider
StringBuilder
get_ResourceManager
System.CodeDom.Compiler
get_User
get_Computer
MyComputer
SetProjectError
Activator
.cctor
CreateDecryptor
System.Diagnostics
Microsoft.VisualBasic.Devices
get_WebServices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
WindowsApp3.My.Resources
WindowsApp3.Resources.resources
DebuggingModes
GetBytes
Strings
get_Settings
MySettings
ReferenceEquals
System.Windows.Forms
get_Forms
MyForms
Conversions
System.Collections
RuntimeHelpers
GetObject
MyProject
get_Default
Component
System.Text
WindowsApp3.My
set_Key
ContainsKey
System.Security.Cryptography
get_Assembly
MySettingsProperty
WrapNonExceptionThrows
WindowsApp3
Copyright
2021
$360b98f0-79d6-46dc-becd-4e8a481f6adb
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
MyTemplate
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.8.1.0
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Computer
My.Application
My.User
My.Forms
My.WebServices
My.Settings
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
#SA?}zn
l|~X c
x+!lK&A
FwsAcK
>(AdWC&
|qRgy@
P^9E/q
aZonP<9
W_:8\_^
23-8af
4UPdN\
\xYq*qZ
gxI{d~
B)#aDs
I;zcL>
R/IGSB
+#8p^i
@mPQ7{
h`dNGeg
/(7NijD
`=;,eC
qghdP7
6bExCs
8Sj|e<
L)>%9}
bTPZ?,L
etlWvj
9gE!IgC
W/V/~L
W^0w7\
;9%=Cc
f*6cZe
$94pY
^;f Bw
XpVJ6S[
QO=$q"Ctd!
5.uY @
ALSUE+
x-Plhz
H(qs'RZ}j
i}V!!Z
N6k$'^
7n%oP#
%#%+Rw
]='xX"
a6dd'DF
Y#KU{w
HUo6tR7N|
f)qo)z
?aHb](5
hl%iM%
@9 (rz
1.Lo6
v==7OQ
y^~wW)ec
3'v+A9
*JkhOX[q+
9m lN!
C/kGubP
Y6/=.]
MDl M-
!JYdG;
XIfsAC
MxeZ"3
O6<]>K
IF:1yp
VDGBH!
A.i>_<
Isg_I{z
TU{3^K:
Z}0~]w
wFi4]YZ
v,,&<4
kL0z-N
o+Bn.G
P1x#;3;
siZ'~7
xSrN~b
I"-r>g
$h*[L>j
R\q_4M
FDK`y
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
EWDh4g
YS+7p
vFWx]
_<:R36
DzPI}U
`VjdY[
_zE.c{
}aoQn<
J@79_2$&
iz6f~}
Bg\A\}
+C[@uN
#.Uf-\q
O=u>OY
](UQT#
Su|H{NZ0+
|P)XBC;
]',^)D
,'fXQ6
RcXNrDL
5ezK~|%
?e:rDL
udo^Rt
%&&Wf?<_
6C2x3
k{|[M%8
S*WGYPi
$3i?jZ
+fK?tlg
+% Z=)
tc>62A"
z3C]te`
"q?v_]
z+?dbUH<
4'0+w}E
{hR0%m
U?[rKTr
!t>bPUS
g eL$e$
'm@\Ws
v"T"D}
m[@ldQ
5$y;&<
.+aP6PLHV
^f>:d.
g2sb3l
oRQa)
h61=7]
d2K\0Z
MO=v.u
l\a~U|
[v?{LM
4t%x*|
Ps,~w|]
gIW*s)U?E U
BW3*qo
oEc1U&X)]
MZ'$hD9
;r*TPL
*xu&QV=
*zLMb6
*%)If2
O2P[oTz
9z<7{E
`A}6oR
\hm@lK
2;dytZz
~h(\~_~G
0 OdRl[#
?ii3D8
}UoEey
p0aMcC{
E:l+@XY
`z{p<|
pnUA3m
V*g/W>^
CHE;}&
Mtr{*h
{e]e ^
PDHj(5
P5#v#'
;q_lpSc^
#jvr~F
Y5i eH
>"Tcy\
wG(E66>
gHu~@#
_']|Os
T|/QU6
ff(4e@
TEU[s1
6tn!Wa<
cs,G:E
|WoDQ7
5d0xr>Xe
(q|H<37
$1{&2M
+e|zNVv
}AnuC)
RS[t4v
X$p\6
^HgU:zv
Run49.
#;SIK*z
mH@uuX
HP"HI@
=Om5=1
eW?kI2j52
~%{XxZ
4py\wf<
SO,VbR{
PuR-YK/_
[}}*|i
L.8&n|
I3v(vt
@`3/N<x
&2?cx/
sY<j[m
'AZLyt
A1CXX
hJVF=S
4FNQn3
`ig%;)U
T~Q,)V
Ff0a^9g
X5=?7 x
M^HHgFa
9gzYJ7
Y$Fm%n-?>
@<Q4_S
D[.2Ga
E-V4^87
W%/,gso
E>Jz"V
!zb[5;Iw
7/s4~Ev
IfIkMb
/3,cY*z
T1com[
UU >+5c
Rh BEZ5
uEl%A^n
EV:u>0
`HzbiYB
)F]-c
lB/njHx
m*zfu4
!hhD-o~
<aMd~@
o>pO9pu
kiMDHA
*Yy};Jl.`
U$&I=N
iTKWd1x
3s8{tl3
c FFEG
B.!|vv
Q>4X{]X
[kFJ\u
BJJ5M
"j#1S9
4!>=?(
Epo(QN
fM]sD#_
pC|vHS
54wUM'
y{~OR!
;;D:@k
wmKVN\
U>2KfM
&}r'G:0
bmg8M6
{(Sb"i
]I81WmK
L(APB
d+`2#b
JL79~|D
766|0ImP
we0e&DV
RVsEa!
egxT-\
h+-ze4
yFEvyD
5K.NmQ{
3ui5Lp
b[U@;9
Q,#d_w
KP6HS,n
:f7@S
Ydl)BWEX
"5zk{[L
[-_-~N
ref4PTQi
5>cuxv
NL{pm9>
sz=?1+Z
C#53g:k
ENZ)1-
QsNmCM
>@/F^
>@/F^
S|X^_1
CFZqWs
wFjr[Vf'.
hyZQAz
,&FF(Y
.lzVT
'~K\;-x
]l"jVA
1j6,8
%B3[i{
e #:(~
L?IKv)kp
<~pXL@
ggP:/#N
NYT8zv0
WUkw1F
|0N[d>F*
i> <H?W
N?pIenv
LO/lRXs
Mam}/j
Y'IbX29[
$a)c@Q
m$"u5D
/z/}5S
e#,<9"
i^J-%R
2'}<K
\Myx$(
)ynR=Y
$.JI'8(
\{]FKGp-gl
@B%-nH
(S*ZT&a6
R%4K{:i^P
H,0i\60L.
-IIQ^[
^+O:uG
]vA}M!
r~mw]4?Li
:Y1`r@
(rvCu6
'Pg&Tj*
??iFj.
,?f0szF
sV'jw
hFo.na
0zyl[W
D7j*enX.
*6AAl9
m}S>i9
3\q?/#
eKn]ON<
]g:R_t
9k9o}7@
#} &#v\
Im{7$2
E<j!D7
=|gJf;3
t:#;3}<h
4sssJ]
/%!pEZ
`$-I"{
OfR!(W
ou.IH}2
E4'Lpc
2e<T'm
6fmxKqZ`
z!n)vU%
0@)fBX
T=q^"5x!T
IT=)nT
mM )N.
d"U{%a
''x^u\
'Vlh~"
m%y[T`
YJ;S7X
!zWbV@
<U"iCPB
>-O0(8
aXBDr+
2#NP3S
@sD48*
1OF@K*
3l 0D5
=:/)kJ
%.2Q0
:K0n~7
Z*&=O}
{NfbV(2
Jt%Y68
tay]ga
@n\ec)|-&
g~Vq5fU
xn]W8wl
`c2RdBB
J<hwx@
C=4(Yl
<q`\ik
Oz$2?^xq
.@lHGv
%Kp<Vd
"oa-^TDxI
+B9RyN
bJ>&>h
D,m{v\
LYK#;Ko
C%+|F"
K+/vtDm
gu>hJ]u
xwc')M
=I@&0K$
gFh.;A
H:bu[+
G8$B1]Hq
D+jgB"s.
XldUS
#z~W9YQ
kQxwDvA
k<ZW{C
= =D#w
d#m>wfJ+
)nawAT
Of3E>iq
TloHT
e1N~(K
'<m>j.
1>y_cE
[kc1$bc
+wW&kf
'Oqw@J
?jWd[B
?iQs))
L_snD=
U^87&yU0\#
V+'{Z2
VSrdU]XF
q?&Y)q
j7pBR6
kF&a'?
\0](+g
|;dwO^
i/4&N$1
^b)m0O
eTu5qd
CY)?h5
:5^H|x
=Nw>jj!
Gnpk*{K
aY=LqL
2>7e9
q:C-R=-
ZDk+S^\
lLA4^LCT
C:\Users\VICTOR\source\repos\WindowsApp3\WindowsApp3\obj\Debug\WindowsApp3.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Q[`ejo
WindowsApp3.Resources
1010101092 1010101127 1010101120 1010101090 1010101079 1010101056 1010101092 1010101127 1010101120 1010101090 1010101079
1010101097 1010101091 1010101076 1010101089 1010101098 1010101076 1010101093 1010101079 1010101089 1010101099 1010101092 1010101086 1010101089 1010101092 1010101090 1010101076 1010101086 1010101076 1010101098 1010101084 1010101082 1010101098 1010101084 1010101090 1010101078 1010101089 1010101081 1010101089 1010101079 1010101093 1010101076 1010101093 1010101081 1010101088 1010101076 1010101097 1010101075 1010101098 1010101097 1010101094
27495284F5CCA05EC1C2EFA534F213115B3B3C1BDDA6955E7A638F41A78A
`&^%$#`&^%$#`L`&^%$#`&^%$#`o`&^%$#`&^%$#`a`&^%$#`&^%$#`d
`&^%$#`&^%$#`
1010101081 1010101111 1010101126 1010101094 1010101131 1010101122 1010101111
*/*G*/*e*/*t*/*M*/*e*/*t*/*h*/*o*/*d
1010101083 1010101120 1010101128 1010101121 1010101117 1010101111
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
WindowsApp3
FileVersion
1.0.0.0
InternalName
WindowsApp3.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
WindowsApp3.exe
ProductName
WindowsApp3
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37074144
FireEye Generic.mg.0b1d339690aa4298
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.37074144
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00536ffd1 )
BitDefender Trojan.GenericKD.37074144
K7GW Trojan ( 00536ffd1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34738.qm0@ayf78fe
Cyren W32/MSIL_Agent.LA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.OUV
Baidu Clean
APEX Malicious
Avast Win32:RATX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.NanoBot.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Trojan.Win32.NanoBot.iwhfjs
ViRobot Clean
AegisLab Clean
Rising Clean
Ad-Aware Trojan.GenericKD.37074144
TACHYON Clean
Sophos Mal/Generic-S
Comodo .UnclassifiedMalware@0
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro TROJ_GEN.R06CC0PFA21
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
CMC Clean
Emsisoft Trojan.GenericKD.37074144 (B)
Ikarus Trojan.MSIL.Crypt
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira HEUR/AGEN.1140653
Antiy-AVL Clean
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.CoinMiner.dd!n
Microsoft Trojan:Win32/Woreflint.A!cl
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.GenericKD.37074144
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.FU.C4524202
Acronis Clean
McAfee GenericRXNK-FU!0B1D339690AA
MAX malware (ai score=100)
VBA32 Clean
Malwarebytes MachineLearning/Anomalous.100%
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CC0PFA21
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_97%
Fortinet MSIL/Kryptik.ZEB!tr
Webroot W32.Trojan.Gen
AVG Win32:RATX-gen [Trj]
Cybereason malicious.e46ffd
Paloalto generic.ml
Qihoo-360 Clean
No IRMA results available.