popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-06-17 06:00:23

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000c94 0x00000e00 4.96827133173
.rsrc 0x00004000 0x00000580 0x00000600 3.96287243422
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x000002ec LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004390 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
https://cdn.discordapp.com/attachments/850415075210428439/852185279603146772/sex.dll
sex.kernel32
https://cdn.discordapp.com/attachments/850415075210428439/854827700178518036/AsyncClient.exe
v4.0.30319
#Strings
<Module>
svchost.exe
Program
comeon
Memory
mymemory
mscorlib
System
Object
different
memories
thisisstring
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyFileVersionAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
svchost
STAThreadAttribute
System.Windows.Forms
Application
get_ExecutablePath
Environment
SpecialFolder
GetFolderPath
String
Concat
System.IO
<PrivateImplementationDetails>{696A3C44-1806-4C1A-A661-DE0C2BCBB328}
CompilerGeneratedAttribute
ValueType
__StaticArrayInitTypeSize=84
$$method0x6000002-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
__StaticArrayInitTypeSize=12
$$method0x6000002-2
$$method0x6000002-3
__StaticArrayInitTypeSize=92
$$method0x6000002-4
System.Text
Encoding
get_Default
GetString
Assembly
Boolean
GetType
BindingFlags
Binder
InvokeMember
System.Net
WebClient
DownloadData
System.Threading
Thread
Exception
description
company
product
copyright
0.0.0.0
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
\Google Chrome.exe
\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
description
CompanyName
company
FileDescription
FileVersion
0.0.0.0
InternalName
svchost.exe
LegalCopyright
copyright
OriginalFilename
svchost.exe
ProductName
product
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.46505806
FireEye Generic.mg.f920c7f794702192
CAT-QuickHeal Clean
Qihoo-360 Clean
ALYac Trojan.GenericKD.46505806
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Malicious.4!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.46505806
K7GW Riskware ( 0040eff71 )
Cybereason Clean
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34758.am0@ae5rIHe
Cyren W32/Trojan.DIS.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 MSIL/TrojanDownloader.Agent.ICU
Baidu Clean
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Fareit.gen
Alibaba TrojanPSW:MSIL/Fareit.27df7139
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKD.46505806
TACHYON Clean
Emsisoft Trojan.GenericKD.46505806 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0PFK21
McAfee-GW-Edition RDN/Generic.cf
CMC Clean
Sophos Mal/Generic-R + Mal/Behav-035
Ikarus Trojan-Downloader.MSIL.Agent
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Microsoft Ransom:MSIL/Stupid
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.GenericKD.46505806
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4529875
Acronis Clean
McAfee RDN/Generic.cf
MAX malware (ai score=100)
VBA32 CIL.StupidStealth.Heur
Malwarebytes Spyware.PasswordStealer
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_93%
Fortinet W32/Fareit!tr.pws
AVG Win32:MalwareX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.