popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-13 16:50:20

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000e324 0x0000e400 7.46434632438
.rsrc 0x00012000 0x00010e70 0x00011000 4.54146514519
.reloc 0x00024000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00012154 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x0002297c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00022990 0x000002f4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00022c84 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Vbv& do^
oOW.j5
_GF7hh
;+H0q)
g4*HW*B
Dl}lR/G
\w)8>|
lB^4Po
ro'Ac6)OR
;~()ZK
0(N#^=*q
(0{r\R
c$=A9_
a[5J=!
q)SOH=
!5|KTH
EE%I9 r)
W/1w_/Gk
]=Jr
,T\TGL
eRJFVN
(;"-?o
c3PHLN
IaFHCB=
bBgoMP'
&~QE2e:
\WlK .
{yiUbSQ
Cy3oDZ
=\z#xjn
0a?;K2
j?%(c3
* N!+}P
W,dBYH|-H
Pa.%K
>n4s%3A
}&j\rU
ACE@E`
c).OoF
}`y2S<~X
_]5ku
4=7Ryaa
&(D_S)AlU+
H=E;yX^,
,O#*4)
DuMc{)
a~{97F
e<3|{f]
Z =D6_a8n
$oF%&8
VMDj^m
lp9a8I
_x"yZ
Z 8$7^a8d
2FBa8,
Z?_b`
Ha<XZ
WJZa8L
_bj2
_bY*
cv*?
#!K%&+
*Z sIR
_/E\Z
"vZ pg
Z_bX
4s%&8
Z KiF1a+
Y_cX*
pq2sZ
YBUZa+
GMPZ h
kZ fu[
v4.0.30319
#Strings
#Strings
#Schema
asdasda
<Module>
YLFDtjsDlZIIngtmtIXdWdcMykEmAJm8uoQsAfj_5E9K%0c_[@1]f&
QzAvhkOKuMeNIgjzRDUeFSKPRIBx'R+}w@)GDyz7}[!LI_+lL0Hb#
MhqiadtIPZaVFHmZhdMUaxyhAHxeb-S7w3$X-8zXD?:/n#Xwq&# 9%
mscorlib
GCHandle
System.Runtime.InteropServices
vSmOEpjoweTibJrdqBomtTAmKllKQ%[jM_YA;4{lE_('5MK0Y6&a#
KbkHBWuoNswvNIYhwlhZGaBWQZpM<~$H-s:'SkNr^1QK`EL@`DY9#
Assembly
System.Reflection
ResolveEventArgs
System
yGCATdemMyCyNOSWjgjAjkbvMEZi&6!Lo,mXy6f>u2M_')[Q?ntU"
.cctor
GfFzYWybOMQzNoEezsPWAdmfDkKm:u^wvA>gl<~K$ =YXxZ7_%n/!
ValueType
VfvCUOWYGofnQdmwUlwekirbJWwH^+$-<8'f$$xH}74O"~/a5+5?#
uPJaLsnGrlgJCAPNJiafkCfnWgOLs)%m5&'l9uJJ1%T]7*Q9Q`#r$
pTxgHeQImCTNZjCrSfzCFpMleDCTehs$eH{J:>6A';v98T]v(RVE!
dTzGpnBjhzLAsBNKlxTyuvakFmElA9:a/ca{m?6a;d! 'yaOm"oHv"
oLHymvzcFicHLUsMebLAacXEGPMsq_^asMpiC_tN58]_`0;rP-4p#
LItYvbxdHSTgvSueGMZKvcJhBNmT|5/&*M{Fj=g[@o<l&61l?>FO%
tWkFkxVHWexDiGoNuZNTgSVWMKHsOyUcqH=T1v5?H\AN+x,xlx>f#
AgvHacmZZwQESPqoDoXdvYdcwNRwZ$ *9(*zc@:"<?%4EaC]EHA^%
XXlAdvghokAiJXYmNxgdefRqujrbAXcM*1FW],y%`Vq-s>=sr5ka #
Object
dxoeaVbqKZXiYExWCDJdYHmsohdvcy}$rS{+!;rV}Fv#kz;EG/7G!
dpnESrKWDNICgEtzgNSBrLUkCZvsqpQPc-})zZa&xEil:t9bwv-"$
gtUEnwEOJOWBDxtIuaCWDvUhpYWMBi9D5sTfJRRxYUbW+Zb(zQ%)L-
Stream
System.IO
wygRQVWRmhouPduvgPtstsAWWaDE?4(~VhFNE7Ve`y*0]1HevXt?!
DGaAeRruzkHqQkRstkCZmQEZexgerv]h+E{W}4LSH\W;zMW!P,*B!
GMSNnbWialFdtWTxwCyBlPjgXVjc8t:21\K[Sd9|d"ez=uFz*%%J
XApHFHdicIfAXJeAXjXzvKGzQhOdnU-BDa=T@w)%((F_mM~e 'hJ
rNiDIFbJmEqPvCCMBgomxSMEiTTFb/u pNH|"rJmZ#d>7'e)JDDk+$
uvQrmTfKRjCMyFvfCibEIfPSNymrAaK8CL97T96$[bU:;crc't3J9$
ldMygzuXeLbbdIaneCagUPPcBqFG[9nygG)RHmK~AY&J1-(n}r'/!
JNanVtXNRdTgkpgrxSHJjbrhXdHX\g3!W(b@[}_6*Oe>JDs5?I\)'
fsfcsvjKjlernrPjoNJPiJvBQbhPc*] I*WT;?q98#Myts'fs>oK('
GhcIycMAlNTUhpufQMmEvOiBgiqez=yNSHJCBf/;&*)XB,oj+CyO!
gHpEpocGSAMAeJbQfnmffqmidtgVA$,9cyQvZvtk>kVUgeDi/q&$_#
jlHSezTTaIXKekhEwOPNjZRFpAZB(,N Of~/`P0m9%AZN=4_:oZW
huzuVisuhpHoGGbGRtlrptHTUTHT&g"'I=k&5s^=pT~Y4ssp-!JF%
MPlpFkOzfjpNuwBhejLErtekEFip>yQ97x4(=1993&9+;bUa?%JY(
LiUpisGOGdHmyeBqdEMvKVzwcSijL72O]4<v;PeE;?1pe2hGO,O0"
uOhClWPVUKCKgHywESWOgTxWjmqtuSuA:r~l|Jod&cDxJSQ{>_ 9"
RNRBfQkiAeNnzYeOxyIPLItzoXdDbFXdIzO/+yo5_atU-]HjM9NPK,
YBZswJlmJDRUDbzjAcFoUjCyNhnX|Rn"n'O@X\0c71@:D?T8eY~O$
lvAXtrZMWfxGmRfNZjguvlLlEIfGAkC^"{;n2;*OhRhD]k:q-=0`E#
cfgtgvqUiANNqoulfIXbLVjwLDRf*Kp,i/Bt|-iM]c9xu#X5M\-B
PvGnXBnHuJbwvifapWlCGpViAHKb@BQC4g\ |u?Ks_]!ELeB_p\E
bqCoyhRcRBAEYFJADlvhjOpsJLcvA}'BA(2::JDZ"l4l=@M\,{P"g%
NVIxDGbdSUiwUqKVCkzbGZfAsvqX4c\EZwarT"%(yND(W9~kfeeO!
ZHuamYOwSfORRajTOAqAbOEHbSHtP/,3p0>Rad>@qFBS:SQB4#+p$
OdbuWNSvQUBYETgRzjzeeXBJjorSHTQDD5vtrdRCFf?(b&(VjY=5'
QduKdZhTTddBVRTMAJHDKTHCXWTg:sQXf7(fYE@@$>n6hO:^:xxE"
yLjVblkuaQvDRFuFvlEylFfginU9\RKi ;Wm4B>u>0 NwPGqY&,
cmuhKgIPHpXnkAPJntrRaQbAlGuLa;eCEB=#[)iL\lW$POKu'376"
MrOSSkJpkNrzLKmCCdHfuriZRHIcpBC@'!Ul3=E8}SR[o7?SRD4I
oqTaazeratdFEOrvFEscBgYJMjGeA_8+;yI1(sFXPLu6U$/[vts*D#
kXWKgHoJxEuFzXCwvCluIKeRzAzr;P#D>U9wT/W(Z;S=1,#?'6W #
MMvmeAsrTxcBgSnOqkzZmbtDMbTTXfSm#qWPqD1A6PKu'\GORiH^%
oiMQpgcChNfsCuOjMaWOsaEIAvZl$qhBs5Y&l*8=]er38-KBF%`m!
ingCMLFEEMJlskmpJzYFQlgFiPFpAGtq#|?rhpyq(a*2'#V *4~4B'
LeExmWYufYDVWwXuPiaCAgTcNXPG#3FC<<PIF4xwt8zMP%GL]b\?!
mFOFIJkpKSXfyQJSGODfRHvDcBFTA{)BzH]g!d5&^l-fNL_^ir>Nt&
IURCbVJKJeHIKkTylRbrwSBwvEdKL'2DjBP';PdWHUyxIBGLS3?/"
afnbSEvYnOrFFkyLaHjdFxMGrzXN{HCt\ip7NF8c\JeCM\xzhs)B!
IVDEcYapiCMTcANxGnYcJQAhGDnyBn}!szO=;ll3_4;Wd4Kd|P4b])
mkHbYCBIUmVVPiuLJnkokSFXePBRAGTzLRCP>EV!|32nY]$JDDfLX$
fzkwCJPHNjEphsjWRLwqobvuhRWgoQ5gvHTO{#gcFll4u[f5M"xn
lqyLcFTXShhbjOkiNHkOqIRTcKAg HQ|JnF-?ykfGyz<f?0-lu+^
zYtSiBDposaeHtAPktqoFAOqykei1]N%'N[yEyx]hW}KG^J2SQwx
cARxbjvLvDZnbkKrrdrNfYyLQRbPAw+Lq7?{&xUqNAS}If^+SP!b(%
OTSgRgzAzTyINbzxMIzpyWVYBaZedh~_1?AJRc6_3s@)&IUT6bL/!
bTuCTdKMunFjLbDDADHFmnOqDJTMe`_@$\4G;dL17Z^BnRmpYR@B#
QbzpPaUoBAImfYGLzjMpBgIuwJLon/yAIfQ!+DY4@0c8<kn-Cl=p$
YskbsYhCblybgowVrHwZJjRWZQGg:gm*pYK]$o5eWtYnTVJr|x:1!
bhSASMcxyCYRWtPwAkjuxvGjcEeKqP\jRAEWHpVK &-=Si3f$cHS#
uFOClahKXzKVfLNILqOAAScZaNkPyI%[*e6'G2&?JXxdvuN"##aU"
ixwBVFXOcBcsycYMTBDErGFAWKlnA$]*6b-25x$cLplfF<!<R!HV9%
UluZVPUlUfBQNdOLHrRJsJZeruFFfW5#N|H>{jpG[f^q059NM3HU"
JUZIvOVdgeghiHihySLtRHMmoeNRAZRN*L+YGaCA]$UMR%{4BsYcV'
vFlsKqWMmmjnQAqhuymaYULJHRBNU:7p59he(kn;PE"]S/Dp87-R)
xTwNfzIWChOekeMmHINqeGYAoWkk{}g`;X+D7FYm5{d^a]uPz&IG"
batjmlDUGHvoxihhljryVOsOJweBAGAY]/a4f2"=DgkgS=$8U|cB &
IXbBaTeVZxpgEOtzYmJjjFgIEmbrB:cC5)L@p=,"%UI\'>y:;8|Es=
snCzeEqPdBPNiVgCThvKaOPBkxjFC~b;LU__8@y\KN^cZUED\&E>!
zIGtItaYppQiSfujJwceVdpfbGofAeZR!71MKeg!]iYhcbm\eI0^C'
nxUqHpAoeaeJtnVQeCWxBUOlYgitgM6Tg1<}160*,Xu@JCzjwA "-
FwqPNEbKUvgDroCxwuOnLlCXiBgj<ko0H}Z,1aM_ZCia Zb)4 (M!
zRfDpXkNIAQMIZrOomlQuUJNpXct(t79T}q-\DVDQt*k'63%XL(*"
jbMTknpUyGnDQcQmOdLfGASVgJes_/!l]wMo6m+"2{>$&_h>btM/"
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyFileVersionAttribute
ComVisibleAttribute
AssemblyCompanyAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
STAThreadAttribute
UInt32
GCHandleType
Module
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
GetExecutingAssembly
get_ManifestModule
get_Target
LoadModule
ResolveSignature
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
GetTypes
ResolveMethod
MethodBase
GetParameters
ParameterInfo
Invoke
Encoding
System.Text
get_UTF8
get_Name
AssemblyName
get_FullName
String
ToUpperInvariant
GetBytes
Convert
ToBase64String
GetEntryAssembly
GetManifestResourceStream
get_Length
Buffer
BlockCopy
MemoryStream
ReadByte
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
1.0.1.1
ddddddas
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PEST_ICON_191467
VS_VERSION_INFO
StringFileInfo
000004B0
Comments
dfghdfggdfgdf
CompanyName
dfghdfggdfgdf
FileDescription
dfghdfggdfgdf
FileVersion
1.0.1.1
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
1.0.1.1
Assembly Version
1.0.1.1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Crypt.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.4b1cfa1207d89791
CAT-QuickHeal Clean
McAfee RDN/Generic.rp
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren W32/MSIL_Kryptik.DVF.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.FIXU
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Crypt.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Msil.Trojan.Crypt.Pcjc
Ad-Aware Clean
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
GData Win32.Trojan.Ilgergop.21JO25
Jiangmin Clean
eGambit Unsafe.AI_Score_98%
Avira HEUR/AGEN.1143266
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34058.hm0@aaCjQlo
ALYac Clean
TACHYON Clean
VBA32 CIL.HeapOverride.Heur
Malwarebytes Trojan.Dropper
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan.MSIL.Confuser
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
Qihoo-360 HEUR/QVM03.0.3F5B.Malware.Gen
No IRMA results available.