popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-20 09:42:34

PDB Path

C:\Users\Administrator\AppData\Roaming\AEX6YE0WTh\obj\Debug\tonight.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000c60 0x00000e00 5.06839420657
.rsrc 0x00004000 0x0000059c 0x00000600 4.03193422885
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004090 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000043ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
__StaticArrayInitTypeSize=87
456E5F3BEB90C43E20B568F188BDB11BFE8A7568
<Module>
<PrivateImplementationDetails>
SW_HIDE
get_ASCII
SW_SHOW
DownloadData
mscorlib
RuntimeFieldHandle
ValueType
SecurityProtocolType
GetType
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
tonight.exe
Encoding
System.Runtime.Versioning
GetString
get_ExecutablePath
kernel32.dll
user32.dll
get_SecurityProtocol
set_SecurityProtocol
Program
System
Boolean
Application
System.Reflection
InvokeMember
Binder
ServicePointManager
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
BindingFlags
System.Windows.Forms
RuntimeHelpers
Object
System.Net
tonight
WebClient
System.Text
GetConsoleWindow
ShowWindow
nCmdShow
InitializeArray
Assembly
WrapNonExceptionThrows
tonight
Copyright
2021
$b7e6bd68-c26b-4dd1-8060-f5f116ac9c23
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
C:\Users\Administrator\AppData\Roaming\AEX6YE0WTh\obj\Debug\tonight.pdb
_CorExeMain
mscoree.dll
https://cdn.discordapp.com/attachments/877973640937897984/878021367742734376/wdqdwq.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
http://37.0.10.83/os/moses.exe
wdqdwq.sakat
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
tonight
FileVersion
1.0.0.0
InternalName
tonight.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
tonight.exe
ProductName
tonight
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agensla.i!c
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Clean
FireEye Generic.mg.c19e67355e7333e2
CAT-QuickHeal Clean
McAfee Artemis!C19E67355E73
Cylance Clean
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.34088.am0@aOg7jSn
Cyren W32/MSIL_Kryptik.FGY.gen!Eldorado
Symantec MSIL.Downloader!gen7
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
eGambit Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Program:Win32/Wacapew.C!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Clean
Panda Clean
APEX Malicious
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.