popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-23 07:06:18

PDB Path

c:\Users\Test\Desktop\work\123\ksbgixgq.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000c24 0x00000e00 4.5287565013
.rsrc 0x00004000 0x000054ec 0x00005600 7.8066491113
.reloc 0x0000a000 0x0000000c 0x00000200 0.0776331623432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004130 0x00004e8a LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x00008fbc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00008fd0 0x00000330 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00009300 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
http://u1452023.cp.regruhosting.ru/PE/steammaa.dll
v4.0.30319
#Strings
<Module>
ksbgixgq.exe
Program
VQxAuEExgy
mscorlib
System
Object
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
ksbgixgq
STAThreadAttribute
System.Windows.Forms
Application
EnableVisualStyles
System.Net
ServicePointManager
SecurityProtocolType
set_SecurityProtocol
WebClient
DownloadData
String
Boolean
<PrivateImplementationDetails>{9214D123-6351-413E-B047-3ACFC6284226}
CompilerGeneratedAttribute
ValueType
__StaticArrayInitTypeSize=50
$$method0x6000001-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
System.Text
Encoding
get_ASCII
GetString
AppDomain
get_CurrentDomain
Assembly
GetType
BindingFlags
Binder
InvokeMember
7z.sfx
7z SFX
Igor Pavlov
#Copyright (c) 1999-2010 Igor Pavlov
9.1.55.0
WrapNonExceptionThrows
c:\Users\Test\Desktop\work\123\ksbgixgq.pdb
_CorExeMain
mscoree.dll
NDIDATx
JMXsGx@5'
_okQglRLX
h?3lsg
(5.eD$
r`y?rhU2
T/)fTI
{Mk2_2
^},:K^p
B222HVV
v;PY@t
9rG\|
.^\P(G
>Nu~'?
44U{7-
=0p$E(k
8n|/|w
SZ (NTPR|
P\tj P
q<8V|'
G,3VO6
-I0p$E
W= (-0(NI
ZV``-*P
"}|\RF
J2Epd~Ai
J`P^|Ai
7*p`|V
[0Kg<Ex/DH
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
210305000000Z
240313235959Z0g1
California1
Menlo Park1
WhatsApp, Inc1
WhatsApp, Inc0
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://www.digicert.com/CPS0
http://ocsp.digicert.com0N
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
311110000000Z0e1
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA
210517170230Z0
WhatsApp0/
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210517170230Z0/
wS`wL+>
Yt at i
i S$.#
http://81.16.141.221:8888/amogus/GodK6jam0J2bDZkC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
SteamCloudFileManagerLite.upload
starter
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
7z SFX
CompanyName
Igor Pavlov
FileDescription
7z.sfx
FileVersion
9.1.55.0
InternalName
ksbgixgq.exe
LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename
ksbgixgq.exe
ProductName
ProductVersion
9.1.55.0
Assembly Version
0.0.0.0
<<<Obsolete>>
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!5BE9BFAD00F2
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren Clean
ESET-NOD32 Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.5be9bfad00f219b0
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.TE.B!ml
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34088.cm2@aGhtFKc
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes MachineLearning/Anomalous.100%
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Avast Clean
No IRMA results available.