popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-04 00:39:09

PDB Path

C:\Users\Administrator\Documents\Visual Studio 2015\Projects\WindowsApplication1\WindowsApplication1\obj\Debug\WindowsApplication1.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00002d90 0x00002e00 5.59025427612
.rsrc 0x00006000 0x000005fc 0x00000600 4.20604196927
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00006090 0x0000036c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000640c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
IEnumerable`1
ThreadSafeObjectProvider`1
Module1
m_Form1
get_Form1
set_Form1
WindowsApplication1
<Module>
System.IO
Microsoft.VisualBasic.FileIO
Dispose__Instance__
Create__Instance__
ProjectData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Thread
Form1_Load
add_Load
get_IsDisposed
m_FormBeingCreated
Synchronized
CreateInstance
get_GetInstance
defaultInstance
instance
GetHashCode
set_AutoScaleMode
get_Message
Enumerable
IDisposable
Hashtable
RuntimeTypeHandle
GetTypeFromHandle
DeleteFile
AppWinStyle
set_Name
GetProcessesByName
GetType
System.Core
get_Culture
set_Culture
resourceCulture
ConsoleApplicationBase
ApplicationSettingsBase
Dispose
EditorBrowsableState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
m_ThreadStaticValue
GetObjectValue
Remove
WindowsApplication1.exe
set_ClientSize
System.Threading
System.Runtime.Versioning
GetResourceString
ToString
disposing
System.Drawing
get_ExecutablePath
get_StartupPath
System.ComponentModel
ContainerControl
get_FileSystem
resourceMan
System.ComponentModel.Design
get_Application
MyApplication
System.Configuration
System.Globalization
Interaction
System.Reflection
UIOption
RecycleOption
UICancelOption
TargetInvocationException
InvalidOperationException
get_InnerException
ArgumentException
CultureInfo
System.Linq
m_AppObjectProvider
m_UserObjectProvider
m_ComputerObjectProvider
m_MyWebServicesObjectProvider
m_MyFormsObjectProvider
sender
get_ResourceManager
EventHandler
System.CodeDom.Compiler
IContainer
get_User
get_Computer
ServerComputer
MyComputer
ClearProjectError
SetProjectError
Activator
.cctor
System.Diagnostics
Microsoft.VisualBasic.Devices
get_WebServices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
System.Resources
WindowsApplication1.My.Resources
WindowsApplication1.Form1.resources
WindowsApplication1.Resources.resources
DebuggingModes
get_Settings
MySettings
EventArgs
ReferenceEquals
System.Windows.Forms
get_Forms
MyForms
set_AutoScaleDimensions
System.Collections
RuntimeHelpers
Process
components
Exists
Concat
Object
MyProject
Collect
get_Default
Environment
InitializeComponent
SuspendLayout
ResumeLayout
set_Text
WindowsApplication1.My
ContainsKey
get_Assembly
MySettingsProperty
FileSystemProxy
WrapNonExceptionThrows
WindowsApplication1
Copyright
2021
$c188b9b6-dbab-4b5c-996b-31fcfc220521
1.0.0.0
.NETFramework,Version=v4.5.2
FrameworkDisplayName
.NET Framework 4.5.2
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
MyTemplate
11.0.0.0
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Settings
My.Computer
My.Application
My.User
My.Forms
My.WebServices
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
C:\Users\Administrator\Documents\Visual Studio 2015\Projects\WindowsApplication1\WindowsApplication1\obj\Debug\WindowsApplication1.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
C:\test.txt
\Hide.vbs.lnk
\IDM.bat
\He.vbs.lnk
C:\Users\Public\Data\He.vbs.lnk
C:\Users\Public\Data\Hide.vbs.lnk
C:\Users\Public\Data\IDM.bat
C:\ProgramData\Microsoft Arts\Start\He.vbs.lnk
C:\ProgramData\START.bat
C:\ProgramData\Microsoft Arts\Start\dll.exe
PhoenixMiner.exe
C:\ProgramData\Microsoft Arts\Start\Hide.vbs.lnk
C:\Users\Public\Data\OneDrive2.lnk
schtasks /create /sc minute /mo 1 /tn SkypeTH /tr "
C:\ProgramData\Microsoft Arts\Start\OneDrive2.lnk
chromxmr
chromxmr.exe
xmrig.exe
chrom.exe
Launcher
WindowsApplication1.Resources
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
Property can only be set to Nothing
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
WindowsApplication1
FileVersion
1.0.0.0
InternalName
WindowsApplication1.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
WindowsApplication1.exe
ProductName
WindowsApplication1
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_70% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
Cynet Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Generic.mg.3e58adab7bb36200
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Risk.CoinMiner.C.sd!yf
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
Webroot Clean
Avast Clean
Qihoo-360 Clean
No IRMA results available.