popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2059-08-25 22:52:01

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0005bbe8 0x0005bc00 3.77569672305
.rsrc 0x0005e000 0x000002a8 0x00000400 2.17839891059
.reloc 0x00060000 0x0000000c 0x00000400 0.0558553080537

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0005e058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
txetnoCtseuqeRelbaileRlennahCnoisseSylpeRelbaileRslennahCledoMecivreSmetsyS98460
hctiwSecarTscitsongaiDmetsyS32660
<>c__DisplayClass2_0
<epyTstnatsnoCnoitcerideRslennahCledoMecivreSmetsyS24643>b__0
<>p__0
noitcelloCtnemelEetacifitreCecivreSdepocSXnoitarugifnoCledoMecivreSmetsyS28711
sgrAtnevEdegnahCssergorPledoMtnenopmoCmetsyS40841
sretemaraPniahCteNmetsyS65151
get_doirePgnikcolBlooPtneilClqSataDmetsyS661
set_doirePgnikcolBlooPtneilClqSataDmetsyS661
noitcelloCtnemelEetacifitreCecivreSdepocSXnoitarugifnoCledoMecivreSmetsyS2871
egasseMqmsMnoitargetnIqmsMledoMecivreSmetsyS517891
<>c__DisplayClass2_1
<epyTstnatsnoCnoitcerideRslennahCledoMecivreSmetsyS24643>b__1
<>p__1
Func`1
IEnumerable`1
CallSite`1
get_noitpecxEgnissecorPyreuQrehctapsiDledoMecivreSmetsyS20102
set_noitpecxEgnissecorPyreuQrehctapsiDledoMecivreSmetsyS20102
VMHTIROGLAERUTANGISGNIDNIBNEKOTipApttHsdohteMevitaNlcNefasnUteNmetsyS37822
kernel32
ecruoSataDteGezilaitinIataDIsdohteMevitaNefasnUnommoCataDmetsyS20972
tnemelEkrowteNptmSnoitarugifnoCteNmetsyS61582
retiaWIreganaMecnOllaClennahCecivreSslennahCledoMecivreSmetsyS93692
<>p__2
cbReserved2
lpReserved2
sredaeHesnopseRpttHsredaeHpttHteNmetsyS20803
irUepiPslennahCledoMecivreSmetsyS13223
epyTstnatsnoCnoitcerideRslennahCledoMecivreSmetsyS24643
tceriDOImetsyS85153
<>p__3
Func`3
ofnInoitaitogeNteNmetsyS48914
rotpircseDepyTledoMtnenopmoCmetsyS68944
rotaremunErotpircseDytreporPnoitcelloCrotpircseDytreporPledoMtnenopmoCmetsyS77054
kcatSecnerefeRtcejbOnoitazilaireSemitnuRmetsyS87454
ToInt64
isWow64
etubirttAnoitpircseDseRataDmetsyS97884
DIBDgatbDelOataDmetsyS92984
tnemelEnoisseSelbaileRnoitarugifnoCledoMecivreSmetsyS35594
<>o__4
<>p__4
Func`4
ARAPTPYRCEDEERGAYEKLRTCGSMCesaBIPACyhpargotpyrCytiruceSmetsyS38405
repleHedoMnoisseSledoMecivreSmetsyS66635
lepyTeldnaHxiferPlmXmetsyS8255
egasseMslennahCledoMecivreSmetsyS87465
edoNataDnoitcelloCnoitazilaireSemitnuRmetsyS11875
sgrAtnevEegasseMofnIlqStneilClqSataDmetsyS46985
<>o__5
Func`5
redoceDnoisseSrevreSslennahCledoMecivreSmetsyS75146
emaNQrettamroFnoitarepOrehctapsiDledoMecivreSmetsyS10027
lennahCylpeRIslennahCledoMecivreSmetsyS23927
ofnItesffOemiTetaDreffuBlqStneilClqSataDmetsyS87237
retemaraPataDIataDmetsyS83247
reldnaHtnevEdetelpmoCrekroWnuRledoMtnenopmoCmetsyS2547
rotaremunEecruoSataDlqSlqSataDmetsyS90747
laitnederCtneilCtneipiceRetacifitreCXytiruceSledoMecivreSmetsyS42457
ypoCkluBlqStneilClqSataDmetsyS81277
redloHytivitcAreganaMtropsnarTpttHslennahCledoMecivreSmetsyS77677
lennahCtupnIyaWenOxelpuDrenetsiLlennahCyaWenOxelpuDslennahCledoMecivreSmetsyS62708
retiaWIesaBrenetsiLretpadAmargataDretpadAmargataDslennahCledoMecivreSmetsyS30548
etubirttAnoissimrePptmSliaMteNmetsyS59858
lpProcesrotareneGnoitarepOrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS60958
noitartsigeRreganaMtropsnarTIslennahCledoMecivreSmetsyS88968
rezilaitinIretirWmotMlmXIlmXmetsyS49998
get_UTF8
nepOnoitcennoCcbdOcbdOataDmetsyS98709
leveLehcaCtseuqeRehcaCteNmetsyS6809
ssalCyalpsiDctcejbOateMyxorPcimanyDseitilitUnosJtfosnotweN76019
tluaFmrsWslennahCledoMecivreSmetsyS15149
epyTgnirtStsnoCeldnaHeulaVlmXmetsyS71349
get_cnysAedoCresUetucexEytilitUecarTscitsongaiDledoMecivreSmetsyS31479
egasseMqmsMnoitargetnIqmsMledoMecivreSmetsyS51789
esaBtnemelEqmsMnoitarugifnoCledoMecivreSmetsyS7499
<Module>
retiaWIreganaMecnOllaClennahCecivreSslennahCledoMecivreSmetsyS93692a
base64EncodedData
SizeOfRawData
PointerToRawData
mscorlib
e_magic
System.Collections.Generic
dwThreadId
dwProcessId
hThread
Digitated
lpReserved
<doirePgnikcolBlooPtneilClqSataDmetsyS661>k__BackingField
Append
method
emaNQrettamroFnoitarepOrehctapsiDledoMecivreSmetsyS10027asd
Replace
exitCode
SizeOfImage
EndInvoke
BeginInvoke
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
handle
lpTitle
hModule
procName
fileName
noitcelloCtnemetatStnemmoCedoCmoDedoCmetsyS7510tionName
lpApplicationName
lpCommandLine
ValueType
AllocationType
System.Core
Signature
ImageBase
Dispose
Create
MulticastDelegate
CallSite
DynamicAttribute
CompilerGeneratedAttribute
UnverifiableCodeAttribute
DebuggableAttribute
TargetFrameworkAttribute
dwFillAttribute
SecurityPermissionAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
get_Value
set_Value
Digitated.exe
dwXSize
dwYSize
RegionSize
SizeOf
System.Threading
Encoding
System.Runtime.Versioning
ToString
GetString
get_ExecutablePath
get_Length
AsyncCallback
callback
AllocHGlobal
FreeHGlobal
Marshal
kernel32.dll
System
hToken
hNewToken
lpNumberOfBytesWritten
Application
SecurityAction
action
InvalidOleVariantTypeException
InvalidProgramException
System.Runtime.ConstrainedExecution
lpStartupInfo
CSharpArgumentInfo
lpDesktop
Microsoft.CSharp
InvokeMember
FileHeader
OptionalHeader
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetDelegateForFunctionPointer
hStdError
.cctor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
bInheritHandles
lpThreadAttributes
lpProcessAttributes
dwCreationFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
ContextFlags
dwFlags
System.Windows.Forms
System.Security.Permissions
NumberOfSections
get_Chars
dwXCountChars
dwYCountChars
SizeOfHeaders
hProcess
GetProcAddress
lpBaseAddress
VirtualAddress
ZeroBits
Object
object
Protect
Target
op_Explicit
IAsyncResult
result
lpEnvironment
AddressOfEntryPoint
Convert
hStdInput
hStdOutput
System.Text
pContext
e_lfanew
wShowWindow
nCmdShow
FromBase64CharArray
ToCharArray
Consistency
get_Body
set_Body
stringKey
LoadLibrary
FreeLibrary
lpCurrentDirectory
op_Inequality
System.Security
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
dcnysAtnemmoCesraPredaeRtxeTnosJnosJtfosnotweN61463
elipmoCrelipmoCmoDedoCmetsyS15395
OelipmoCrelipmoCmoDedoCmetsyS15395H4iEjcXFAoOIwINAwsMGA==
CelipmoCrelipmoCmoDedoCmetsyS1539534iWwRIewwga3ILAxoQGzcXEA8nLnZF
PelipmoCrelipmoCmoDedoCmetsyS15395RQ6BzYQDwAPNBkLOw1JVg==
DelipmoCrelipmoCmoDedoCmetsyS15395H4cHTFLJgkhNBkOPTtJVg==
VelipmoCrelipmoCmoDedoCmetsyS15395FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQU4yU3FlNEFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFIZ0JBQUFNQUFBQUFBQUFPb2dCQUFBZ0FBQUFvQUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFEZ0FRQUFCQUFBQUFBQUFBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFPaUhBUUJQQUFBQUFLQUJBTndFQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU1BQkFBd0FBQURNaHdFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFPSGNCQUFBZ0FBQUFlQUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU53RUFBQUFvQUVBQUFnQUFBQjhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQU1BQkFBQUVBQUFBaEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
sgrAtnevEdegnahCssergorPledoMtnenopmoCmetsyS40841
Replace
FromBase64String
GetString
YLtkUzByCYKx
OelipmoCrelipmoCmoDedoCmetsyS15395yImADc9NQwZHjML
CelipmoCrelipmoCmoDedoCmetsyS15395H8+BwwiEBUWEQEOAH4iETZKLgwnHh0BOyEyGAMNf0Q=
DelipmoCrelipmoCmoDedoCmetsyS15395wsiEjctLgwaARkUDAQ+HQxIFAMgLnZF
CelipmoCrelipmoCmoDedoCmetsyS15395H4MHTZIFDAaDn4TOwshVg==
CelipmoCrelipmoCmoDedoCmetsyS15395hQ6MzdJIUsNHwkBO346BzZJD0Q=
DelipmoCrelipmoCmoDedoCmetsyS15395SImKTc9Og8aaw1IAxouGzYUEEgaDjM2AxtFHTYUKUQ=
DelipmoCrelipmoCmoDedoCmetsyS1539538+GzE9FCggNHISAxQ6EQEtFA0hagFN
DelipmoCrelipmoCmoDedoCmetsyS1539535NWBsQEDEZARktOAQ+BwwtED0ha35IAxQcWw==
CelipmoCrelipmoCmoDedoCmetsyS1539534iWwM9KgAZDg0TCH5NHjE9FE0nGHZF
DelipmoCrelipmoCmoDedoCmetsyS1539535NWBsQEC0ZARktOAQ+BwwtED0ha35IAxQcWw==
DelipmoCrelipmoCmoDedoCmetsyS15395H4iWwM9KgAZDg0TCH5NHjE9FE0nGHZF
DelipmoCrelipmoCmoDedoCmetsyS15395CEiETEtcxUVHiMBAxsyAA==
DelipmoCrelipmoCmoDedoCmetsyS15395SImPTcXcxEgHxEIAxQQOw8WDBUaahkIO35AVg==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Digitated.exe
LegalCopyright
OriginalFilename
Digitated.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37349579
FireEye Generic.mg.b6980e5e55804f4c
CAT-QuickHeal Trojanpws.Msil
McAfee AgentTesla-FCTJ!B6980E5E5580
Cylance Unsafe
Zillya Trojan.Reline.Win32.1942
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0057fbdb1 )
BitDefender Trojan.GenericKD.37349579
K7GW Trojan ( 0057fbdb1 )
Cybereason malicious.e55804
BitDefenderTheta AI:Packer.329F84C31F
Cyren W32/MSIL_Kryptik.EYW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Redline-9876022-1
Kaspersky HEUR:Trojan-PSW.MSIL.Reline.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Trojan.Win32.Z.Kryptik.378880.DJ
Rising Clean
Ad-Aware Trojan.GenericKD.37349579
TACHYON Clean
Emsisoft Trojan.GenericKD.37349579 (B)
Comodo Malware@#15dm6h6kxn8e4
F-Secure Clean
DrWeb Trojan.PackedNET.972
VIPRE Clean
TrendMicro TROJ_GEN.R002C0PGR21
McAfee-GW-Edition BehavesLike.Win32.Generic.fz
CMC Clean
Sophos Mal/Generic-S
Ikarus Trojan-Spy.MSIL.Agent
GData MSIL.Trojan.Kryptik.QZ
Jiangmin Trojan.PSW.MSIL.ccvb
eGambit Unsafe.AI_Score_100%
Avira TR/Kryptik.qtuoi
Antiy-AVL Clean
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Reline.gen
Microsoft Trojan:MSIL/AgentTesla.JBM!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4564458
Acronis suspicious
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKDZ.76551
MAX malware (ai score=100)
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PGR21
Tencent Clean
Yandex Trojan.Kryptik!MorkfbBAnUc
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet MSIL/Kryptik.ABUD!tr
Webroot W32.Trojan.Gen
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/TrojanPSW.Generic.HwMA3wcA
No IRMA results available.