popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2057-09-19 15:10:45

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000989c4 0x00098a00 6.1273453955
.rsrc 0x0009c000 0x00003ad0 0x00003c00 6.6326215857
.reloc 0x000a0000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0009e8b8 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0009e8b8 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0009e8b8 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0009e8b8 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0009e8b8 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0009e9e0 0x0000004c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0009ea2c 0x0000035c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0009ed88 0x00000d48 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
eaf 4W*
_.ka (
`_Xf F
`_Xf 
ge vGs
+O)3a Q
+#gV
+#gV
`_Xf 
eaf 4W*
eaf 4W*
f ]Xv5a
c nm#$a
+O)3a
v4.0.30319
#Strings
nputty
nputty.exe
<Module>
Definition
nputty.Definitions
System.Windows.Forms
DicRulePage
nputty.Pages
StructComparatorExpression
Kxpykqawh.Expressions
IdentifierPolicyWrapper
nputty.Wrappers
Object
System
mscorlib
Resources
Kxpykqawh.Properties
Settings
ApplicationSettingsBase
System.Configuration
<Module>{848e9b2f-610c-42bb-8bc1-944de031a78b}
m_Wrapper
IContainer
System.ComponentModel
m_Worker
Button
issuer
TextBox
ForgotComposer
ReflectDefinition
EventArgs
Control
get_Text
String
CalcDefinition
Concat
set_Text
PerformClick
Dispose
Boolean
issetup
UpdateDefinition
ControlCollection
System.Drawing
set_Size
set_Location
EventHandler
IntPtr
add_Load
ResumeLayout
set_Name
Single
ContainerControl
set_AutoScaleDimensions
IncludeComposer
ManageComposer
DestroyComposer
op_Equality
ResetComposer
DialogResult
MessageBox
FlushComposer
ViewComposer
System.IO
GetRandomFileName
ResolveComposer
Thread
System.Threading
StartComposer
IDisposable
InvokeComposer
SuspendLayout
PublishComposer
set_TabIndex
MapComposer
ButtonBase
set_UseVisualStyleBackColor
InsertComposer
add_Click
ReadComposer
LogoutComposer
CompareComposer
CountComposer
AutoScaleMode
set_AutoScaleMode
ConnectComposer
set_ClientSize
ReflectComposer
get_Controls
OrderComposer
DisableComposer
PatchComposer
CalculateComposer
PerformLayout
filter
DeleteComposer
VisitDefinition
isvalue
ConcatDefinition
UpdateComposer
QueryComposer
EnableComposer
SortComposer
CloneComposer
WriteComposer
PostComposer
DefineComposer
FindComposer
SelectComposer
SearchComposer
NewComposer
RemoveComposer
_Exporter
AssetComposer
CloneDefinition
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
StopDefinition
Assembly
System.Reflection
ResolveEventArgs
Stream
GetManifestResourceStream
ForgotDefinition
ClassLibrary
Oorzhginybt
ComputeDefinition
Replace
Convert
FromBase64String
Encoding
System.Text
get_UTF8
GetString
allowtask
CancelDefinition
CallComposer
RunComposer
TestComposer
GetExecutingAssembly
PrepareComposer
get_Length
InstantiateComposer
InterruptComposer
MoveComposer
ChangeComposer
CalcComposer
FillComposer
CreateComposer
PopComposer
SetComposer
ConcatComposer
ValidateComposer
FindDefinition
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
GetComposer
SetupComposer
comparator
ResourceManager
System.Resources
m_Importer
CultureInfo
System.Globalization
AddComposer
get_ResourceManager
get_Assembly
get_Culture
set_Culture
AwakeComposer
RuntimeTypeHandle
GetTypeFromHandle
LoginComposer
ExcludeComposer
Culture
defaultInstance
VerifyComposer
get_Default
.cctor
VisitComposer
SettingsBase
Synchronized
ComputeComposer
RestartComposer
Default
m_8d6889ceaf4b44e390abf35a4886cf1e
m_9ef76f2e49ef436cac6cb333c43e0cb8
m_0871a36949a44823a674ecba86519920
m_6d91fd30791e44a7841872f8e4805492
m_fe5deec9105c43c1a39cd5418a8a003e
m_0de62a67edfb4a3788a3b957ef83e370
m_3072247d06d44429909283d1558ffbce
m_133548fd668c4d12b7a3db570016f403
m_b9d82017656d4384b9ca585a0ee6b1da
m_2fc2fd516b1f4d2abebf9b70bdd10663
m_9e437ae0c3764a39b38c53d0f39679ec
m_8a60d6b1624e4383a511972236b89fee
m_2f80dd5cfaf24dd0bbf0896071a2ad34
m_ee9a52cab731411f81f4cfb85a4c37df
m_dbb3aeed80d04409ad9d98c365623f1e
m_2a3b63a1f64147dc9aacf712c7942fcc
m_b86f7c601dc045a7bf53ba90eaa718f2
m_44b7431188bd443da0b816092dc7073d
m_039446f02b7848ccbb7fbf91898cf1ed
m_2a38f79a00da4099a1a579f68ba483dc
m_8d472c0d705445de96b0d533cde9cb6f
m_1ecdcd3b596944fd944873ec17d6ca1d
m_6302c96d65db4ccf90688dab5e26b22f
m_522a0c3ce91849e48d13e693f915b244
m_050aed281b6047428535ca60b4ba4ece
m_59c32e44d94c420ea8ec3c627096dfc7
m_ff4d52ca78cb418788646e7b0ef7fe54
m_b1b7f78d4a874836878594f8f9c2437e
m_d7fbdcdb736245a1b634543e467eb1ad
m_bb120c5b2f414850a553f90e629b6a49
m_88f7786fcf394779b970b7ee79145aee
m_ba788036b4854cb9aee2183c2defc010
m_620b439af1664cb9b5d8a52a718242a0
m_8de698b045934a27a6e618e515153707
m_ab3dd228dd4843a68d3597076cb90a48
m_d5941c3c84094f91b390a6b433d337bf
m_e339b8125e4e4077bc2ae0f2898e0ad1
m_1cb8778927914341affcf5b1d1ffd8e2
m_99bc1207659a4ca1998b74d934dec55c
m_16e12dfb5a2f430dad8df14c415e0fc5
m_9e2ed91d082a40e48770a81c1b91b1db
m_41b06e9b80e648778d604dd84cec9eae
m_ecd391b83dcb48488c8bb892d21790cd
m_5c2d8bc16622411cbfdd73327231b7b5
m_73b873f0cfe140b48c29b5128bfb7689
m_7340cf516f514121afb30703ae2436ca
m_6467be994d374666917d663a403bd18b
m_928449cc0e4f48c08f38d8b490ea4cf1
m_b256d4e918a0445b80f199358119f82e
m_1af2966583514d05a7dc1fed691a6acc
m_a6c21cdb3a0a4b03892d20205482b777
m_cd3b4fff27844ce4af1d20e3ebb488bd
m_33f26dd1ffd14e5bb484c3507f8d9f77
m_40e17868c8d44a71af333fff473b8d81
m_8545cc61a06f4775a4bab2e3dbcc1670
m_9e0c6dcd1de244329062c63d73faec16
m_fa6211094b3a427cb4948a39857cdfe5
m_6e76adc4d71e43fb826296233bb97490
m_5aaceed3185947219e1b67de5b142320
m_96b5f3bcc6cb48349ba4abaa01e4452e
m_ae2c4c836c154ad087280e519feb08d5
m_04da8bcc647c4831b2d2fc615f079f6b
m_cf4cba82dd324bdbbd480db62dea7976
m_b6963cfd6ad642af886eb5d6f214fcd3
m_2e790b2a1a8a42cdba334b3915a760ba
m_0f9483a6d4e04851995a8b618595a431
m_cdb990644d694685bc34956359321c9c
m_819be4f5f6ff43a6b1eaddd6b898c722
m_dcb8b17060624d0ab496d9c379932cf5
m_1c083cba5c3f4fc1ac5492f34e3dde3d
m_34719291dd884be38c71ab03dbc109ac
m_0e0a5e22cd524f99aae1802b6c97c211
m_470dd941cb7946789037cccd58408a3d
m_b9e99f3eca04439485c6fc71511ea4d0
m_c9f3b21fe59a4ced8120a02be1cc20ba
m_c3b37ef7cd3240168c63070afe64a1a1
m_cbdccd2d096e4f58ac8f5f605bd10c06
m_3fb1afbcbc704d158b2cc59dc36ef5bd
m_d92bb20430034bc4bf684de4d40608a5
m_d54e8c124b204312bf580abc2406a671
m_48015a59883942cc97b3b4297de1ea69
m_3b4d9f9f81d0458f9c90dec22681d60d
m_20bd2a97e49145f0b7252d25f91bd699
m_b5655592d1d84dba9c495c9147b24f1a
m_ba1bcd41b0144e43bb61e03f48ca211c
m_0643abeac87345a8816626cd695538c7
m_ddacaae5023e4c4db47e5ecf67706c16
m_f1384d74dfc0442e878c6910a680337a
m_d58b5ec0b5d9428dbba788aa2c55960d
m_7f905dba7a0d4aa58971b2fcb33d3ba2
m_9d769134b6c4416fa3dcd0b0467f9ece
m_bbdf7ef4657244b5868b2e2726c0a9c8
m_0ac3ce7f38c54eb4a2a2b2913ced76dd
m_00348a722c784f7a89e8eeab33f8d539
m_0561c8d8a6134cc8a3dc5ed03a31b00e
m_8e6ce678569a4094b8c302605a8f8e66
m_9ef7217cbdd44d0c8d4f50d753b0ca14
m_2c2be50d42f941488632dea42d76b3c6
m_44bdb90a5416439c8cb3b8409d76cbe2
m_bde88561a4794426b3b41c23b10527a6
m_f3eb4c53b81647f29d637fbc9f67e855
m_3d956cdc75fb44868254198e16b90bd3
m_0f979c3564094b6699091585a3d2a178
m_e47b1a33132d4c0bad1ef353e271ad43
m_895e8f413b044364b5ee0d30adbdc98a
m_7b1f3adab8474610b03925410b3c3949
m_ea691b39528c4d409f541fbae9599ca7
m_6459ceb4d58c4ec7b51293a4b78fccab
m_775bd753dff3499588eb6d64f8291743
m_a42accb1aecf488fb5bcdb2a779b161b
m_43cddd0db67849a99a7f58623e9644a1
m_10955ab4ef9b47939a54a91e7344d81d
m_bf59aaa33c8247dda639912b3fa21868
m_5ad70116e57748a8aac9f09d3eadc55b
m_075c9227119e4e1aa9197ff3a5b3518c
m_43eca89016934862bbad248cf9819526
m_339a11f06fdc405eb776d3c53a82dfbd
m_ef3efc5c92c74f3eaf97652f4ca6e583
m_c88e36c70cc4470087fcf5cd92efbd27
m_a39f6a3a0a8c4797b5d2fb61d3e4ed9b
m_63868d152bb64d639ad6678d68dfa00f
m_a5aaeae938b6436ba8e668e36b1e1c47
InitComposer
d67f6069594b44a7fb3f9594c000176b9
CheckComposer
PushComposer
RateComposer
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
STAThreadAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
EditorBrowsableAttribute
EditorBrowsableState
nputty.Definitions.Definition.resources
nputty.Pages.DicRulePage.resources
Kxpykqawh.Expressions.StructComparatorExpression.resources
Kxpykqawh.Properties.Resources.resources
Kxpykqawh.Oorzhginybt.dll
WrapNonExceptionThrows
AnyDesk
AnyDesk Software GmbH
(C) 2021 AnyDesk Software GmbH
$32d91ffa-77dd-4547-959b-13234c36ce2d
6.3.2.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
&7TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAA&7AAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm&79ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAB&7QRQAATAEDADrQGqIAAAAAAAAAAOAADiELATAAAKAGAAAGAAAAAAAAPr4G&7AAAgAAAAwAYAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAABwAAA&7gAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAP&7C9BgBLAAAAAMAGAIQDAAAAAAAAAAAAAAAAAAAAAAAAAOAGAAwAAAAAAAA&7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&7AAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAR&7J4GAAAgAAAAoAYAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAIQDAA&7AAwAYAAAQAAACiBgAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAOA&7GAAACAAAApgYAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAg&7vgYAAAAAAEgAAAACAAUADDMAAOgjAAABAAAAAAAAAPRWAAD3ZgYAAAAAA&7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswCgCtAA&7AAAQAAEQByAQAAcCgDAAAGcjcAAHAXjQMAAAElFtABAAAbKAEAAAqibwI&7AAAoUF40BAAABJRYoBAAABqJvAwAACnUIAAABckEAAHBvBAAACiUUIAAC&7AAAUFBRvBQAAChMAcoMAAHAgAAEAABQRABeNAQAAASUWKA8AAAaibwUAA&7Ap0AgAAARMBOAAAAADd
_CorExeMain
mscoree.dll
UIDATx
{!W_{~
S\q5|w
yyZ6<y
1xn )s
NWHm i-
IE iCN
dz5Lsv
];`^xF
10==0[6
lyMC6=3_
CY'0!Lk
oGZe"I
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config.
Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
Error Login
button1
textBox1
Kxpykqawh.Oorzhginybt.dll
Kxpykqawh.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
AnyDesk
CompanyName
AnyDesk Software GmbH
FileDescription
AnyDesk
FileVersion
6.3.2.0
InternalName
nputty.exe
LegalCopyright
(C) 2021 AnyDesk Software GmbH
LegalTrademarks
OriginalFilename
nputty.exe
ProductName
AnyDesk
ProductVersion
6.3.2.0
Assembly Version
6.3.2.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
Cynet Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
Baidu Clean
Cyren Clean
ESET-NOD32 a variant of MSIL/GenKryptik.FHZP
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
FireEye Generic.mg.2d5e1b62b58404ac
Sophos Generic ML PUA (PUA)
Ikarus Trojan-Spy.FormBook
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/AgentTesla!ml
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34050.Nm0@a0nCjIl
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Avast Clean
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 HEUR/QVM03.0.DC56.Malware.Gen
No IRMA results available.