Static | ZeroBOX

PE Compile Time

2021-06-21 14:32:07

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
`\x7fn`LCP_ 0x00002000 0x00012bb8 0x00012c00 7.9979524363
.text 0x00016000 0x00020990 0x00020a00 4.92677000042
.rsrc 0x00038000 0x00000933 0x00000a00 4.51844034436
0x0003a000 0x00000010 0x00000200 0.142635768149
.reloc 0x0003c000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000380a0 0x00000400 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000384a0 0x00000493 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x43a000 _CorExeMain

!This program cannot be run in DOS mode.
n`LCP_
`.rsrc
`.reloc
o*`9MX
oA}}ojB
R_\YM1
&{yQ5Xru
}6YxWL
SSM]-9
P?[ u`
g7:7IDH+H.
V{{E_$.
VfZ(r`
H:^1fG@W
Y";G&
="!'qI
T2uNe5
:HkD` p
h9Ik)>
`@@p"G
!DrVvn
iiHF'6
e1rhM)
.|^$^&2
zemGSTD
%9M6M*
If"[f
W&*hwd
f@S
18E}JS
|b|EL3
=a}Kci
\`Z=t%C
<wkq9:
1jjTF@
c65GlA
~plR<O{
b;q!gx)
4Q#jb%zV
{\ZFM>
`9!eCg
gV8S<
7n9BHO
dwYJO!
7r JpoC
I_gt{B,~
5(srEOf,
Euh;~9u
/r 5R0
5(;2.OWD
n/xwGW
\(0dvax
?WPDUEa
:3]lUt
B{jPvd
|C,:,z
m|oPc<
TYXDbB
7h9z2C
`byO0"
tPfs2V
Z`/~o
XXLxU2
qC%30r+
?d2](%
hatxsZ
>,\QFj
8h*Pd;
u)qsE&
D@ "S>
[1Qw7+
[[,ZOh
hfF7{B
tD3Ky
{[`KlY
%A=t+k
${"y"+
il6JPJt{g
kX)76T
fl9$W
\&B_-,$
^C|8^:
'`_"W>Wpy
k=GgD8
-SXP`DIe?
Wsjisc
j]"tM P
D|Ld.#
N}=j|A
ux@l))
{{"="@
8Om9SO
c7vd|4$jS.
2,Eb<
(?<4P\p
EluD)CG
n**"hv
:p^C9|
=N6H'>%&-
I+dnlU
1'80FM
XG_9?:NjE
8|B?07j
H`L=y!
(_FWS+
<dKMZ&
l@>a+h
T_.8I$
gL~{`L
.!&1 yM[
I;TTrKV
W&U/rhg
{vx<|F
k'A,&O
,f+Vjx
I+)1P{z
*TeQ85
">l4/*
>qi"<*O
KVu[,F
PETZ@3
_kCUj&
Vo{6VP
Z+Rz3H
3L1W2.O
o9"Dvz
|xalQO
G]mz/\k
NtCoT
5 _Z /|fOa8
X l.dlT
Z "c4Va8
) ,u=/8x
9 _>KZ ]X
mZ iF1na8
)=%&8d
y>%&8I
ntdlT
Z ;xb{a8p
NtCoT
X ntinT
ZZ >1
0/Dq%+
]j%&80
! GR2p8
3Z '5r:a8
oZ 4@<
h)%&8L
ntdlT
FZ 8F>
5RZ w8
'XGR fA
H%Z @Y
X ntinT
Z O}*"a83
\8:%&8
~@ta8D
,AB%&8
X l.dlT
9 V=8LZ
M1!Z
_CorExeMain
mscoree.dll
v4.0.30319
#Strings
#Strings
#Schema
T2P2ipPm$g(*h}C0<C)>Hfq/"
ottwsttuw&&
cbb2d105a303085c3e3a0b8ece08cba00
Action`10
c4cd177be31c6de9abfbf8c6c07914140
c33a0a906cb79a28fb8899bf67e984e40
c2c80534b30470add01680e0338fa7a31
c827581531120a79741e47aa304099d51
IEnumerable`1
CallSite`1
List`1
c5dcbbd18781d39d0e06d65c4b579b7d1
Microsoft.Win32
ToUInt32
ToInt32
cd063fb214f5979cc8630549e8cef0042
c726ee2859572254ea9385cde9fd85472
X509Certificate2
c4b6e474c7c6c484015d6183adb50caa3
c3a20c1d68531ac088dc4e6880b04b754
ToUInt64
ToInt64
cafe2dbe4511ce611718b537d4e668a94
c293a09373904ca4b8c6374687c8aab05
c3801ece0b57a4a69f21e3650ba464135
cba55f49078863e134529c84164d9e335
c4747fcf39fb840166ca91913a85d0ca5
cdff4483e3f016655c2f1f57b98c4e6b5
c88e2430d544933ff5b6ee5506cfb9bb5
c19792ec1f951231d16183308505217d5
c2a89a65e23bc3d70a9c74d70f1c984e5
ToUInt16
ToInt16
HMACSHA256
c387239e915f494b6c0528cb0f280be56
c1096a5c18e24500f703950bfff8e0776
c6c864cf13e9be93f8ea6e449507a62a6
c0d7cebd2a9d9290a2af4974397e83ab6
c27bf5d80c44ec1253701b88fd012d5d6
ccf17c43683b0919ee440094359f18af6
c6a00416670d9dd691a3bd78f6d595a47
c5da1eeb4e2e6e8f9679b6b43b4cada57
c2a6ca0b68dbfa9ba3e8a47125ca43477
c6805bc4be6404455dadf3223fad15a68
c8f4f1aba06c6c8bed5efdd2ac3cc2a88
get_UTF8
c4a17faa9429d594024ccf31524a901f8
c86bd79b855ea2bb87bebd6cd659e4249
ceb6a67dcb1c6d5d698f13f3acd672369
cbb6b4f0c7607a5b9d3ce9db17eed4689
ce13852b5163d4f75974f3664d850eec9
c56e5ebfbc7aeebbf704223aa0ef965f9
<Module>
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
MapNameToOID
get_FormatID
zfKanqbTIriccLsKumhCYedEdHmD
GetHINSTANCE
get_ASCII
System.IO
ES_CONTINUOUS
get_IV
set_IV
GenerateIV
value__
cb99102ea5c3eee52543b34d33734003a
cb383b3691356286cd812b32e31e6e08a
c388f0c10c59109c58f7cc6a35a89a0aa
ce9290d636c2850bde16844c2a141acaa
c05459100da11cd30fa175ac8e12e7bba
ReadServertData
c9d17df2f0005b93fee12477a00663c1b
c8d1a17bbe76ccee48afce8443af30b6b
ca3efe975c562f09fb11b07ed64945c8b
mscorlib
c23a6c659c907b5672cf1e86c3c433bcc
c0ccb2e227bacd5227b19703d9874b7ec
c790e5db2ff6bbf08c583f20b0a9f39ec
c10c9142cfe9d094e087a19ea142176fc
System.Collections.Generic
Microsoft.VisualBasic
get_cc16f5ee4f733ae997cbd8f0cca32b20d
EndRead
BeginRead
get_CurrentThread
SHA256Managed
get_IsAttached
get_Connected
get_Guid
Append
RegistryValueKind
set_IsBackground
GetMethod
cb7af120ba8a24a48817899ed7f6c885e
cc95fab470f82fdcd072b3664fd227e5e
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
get_Unicode
DeleteSubKeyTree
get_Message
Invoke
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
SaveBytesToFile
IsInRole
WindowsBuiltInRole
GetActiveWindowTitle
get_Module
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FullyQualifiedName
get_FileName
set_FileName
GetTempFileName
GetFileName
fileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
ValueType
ProtocolType
GetType
SocketType
GetElementType
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_IsAlive
add_ResourceResolve
add_AssemblyResolve
Remove
ottwsttuw.exe
set_BlockSize
get_InputBlockSize
get_OutputBlockSize
get_TotalSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
cd6a14f782b03446ec534c10144b8e92f
IndexOf
CryptoConfig
System.Threading
set_Padding
add_SessionEnding
SystemEvents_SessionEnding
UTF8Encoding
System.Drawing.Imaging
IsLogging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
BytesAsString
GetAsString
GetString
BytesAsHexString
Substring
System.Drawing
set_ErrorDialog
ComputeHash
strToHash
GetHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
StartsWith
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
TransformFinalBlock
TransformBlock
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
kernel32.dll
user32.dll
ntdll.dll
GetManifestResourceStream
FileStream
DeflateStream
NetworkStream
SslStream
DecodeFromStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
ToBoolean
X509Chain
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Globalization
System.Reflection
X509CertificateCollection
ManagementObjectCollection
get_Position
set_Position
CryptographicException
ArgumentNullException
ArgumentException
Intern
Unknown
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
Microsoft.CSharp
System.Linq
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
DESCryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetEncoder
Buffer
Integer
Debugger
ManagementObjectSearcher
ResolveEventHandler
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
IEnumerator
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
NumberStyles
GetManifestResourceNames
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Encode2Bytes
Rfc2898DeriveBytes
ReadAllBytes
DecodeFromBytes
SwapBytes
LoadFileAsBytes
GetBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
ResolveEventArgs
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
Compress
Decompress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
Antivirus
Concat
ImageFormat
format
FindObject
ManagementBaseObject
ForcePathObject
Collect
Connect
Reconnect
VirtualProtect
System.Net
Target
Client.Handle_Packet
Socket
op_Explicit
ClientOnExit
IAsyncResult
ToUpperInvariant
WebClient
InitializeClient
AuthenticateAsClient
System.Management
Environment
get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
Decrypt
Encrypt
ParameterizedThreadStart
Convert
FailFast
ToList
MoveNext
System.Text
GetWindowText
GetForegroundWindow
set_CreateNoWindow
ottwsttuw
CloseMutex
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
GetCallingAssembly
GetExecutingAssembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
set_Capacity
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
Confuser.Core 1.5.0+b5197549e4
WrapNonExceptionThrows
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName.NET Framework 4 Client Profile
1.0.0.0
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Windows Update
FileVersion
1.0.0.0
InternalName
Windows Update Assistant.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
Windows Update Assistant.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Ransom.Jigsaw.10
FireEye Generic.mg.5be8cfbec412b84c
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
Zillya Clean
AegisLab Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Ransom.Jigsaw.10
K7GW Clean
Cybereason malicious.ec412b
Arcabit Trojan.Ransom.Jigsaw.10
BitDefenderTheta Gen:NN.ZemsilF.34758.nu0@aemAPOg
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.DHI
Baidu Clean
APEX Malicious
Avast Win32:Evo-gen [Susp]
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.Ransom.Jigsaw.10
Emsisoft Gen:Variant.Ransom.Jigsaw.10 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira HEUR/AGEN.1121272
MAX malware (ai score=84)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Heur!.03013281
Microsoft Trojan:MSIL/Ursu.KP
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Gen:Variant.Ransom.Jigsaw.10
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 CIL.HeapOverride.Heur
ALYac Gen:Variant.Ransom.Jigsaw.10
TACHYON Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.MSIL.Agent
eGambit Unsafe.AI_Score_99%
Fortinet Clean
Webroot Clean
AVG Win32:Evo-gen [Susp]
Paloalto Clean
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 Clean
No IRMA results available.