Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x0000a200	0x0000a200	7.89559562887
.rsrc	0x0000e000	0x0005abd8	0x0005ac00	2.05500306339

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x00064760	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON	0x00068988	0x0000005a	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0000e220	0x00000234	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000689e8	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADPe

d|}IZ@

on9=$^

*TbAVE

`r]yv'

wagrw%B

i!^+KY

!PwwVA8^/

ODSP>Ca

U`Hxu?

s|y|><<

0GQS}N4

HoV1@

F44WdKa

%_X.T5

t%N 9I

OjF10{

^=%I}&

(\4ekZ)m>xpk

FS5 7(B

B1Vnw)

9?,zHc0

&=q}N@

64[\@X

(\P6Z5

tzpAKH

2#ni>/

^g[Yoe

K79x9?M

=NGJ7N&

:]an?_i&

!1'*(!

A^"OK;

ZJjMy[

SElV?M

y;hmK|l

}UD[[)

$`80!(s

f0acG0

mq|5D~

HLTm]i

RMor7{

A}3.N)?

3"(:IN{

f"~#qL^

-0~Yu4&

DgmT b

fuEz/+

WF&:Ie

tnouV:

L8[@ZUm

l=&z"$q

0iCp:j(E

xK'YPW

''>2V9

,5.MJ}

~|x.g<D

/AZhh#

[}:=9x

Ez4D|O

KK'^5l

XLIBlko%

'5*1U3

0FG"_a

aqqvzD

>K<X-pt

x /I_7

aPr!m."

T;EFJ6

v4.0.30319

#Strings

ilk.exe

vlekiviozamrgixtri

mscorlib

System

Object

eiwwets

ckxyurgqs

System.Runtime.InteropServices

GuidAttribute

System.Runtime.CompilerServices

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

System.Diagnostics

ProcessStartInfo

set_FileName

System.Text

Encoding

get_ASCII

Convert

FromBase64String

GetString

set_Arguments

ProcessWindowStyle

set_WindowStyle

set_CreateNoWindow

set_UseShellExecute

set_RedirectStandardOutput

Process

System.Threading

Thread

System.IO

GetTempPath

Combine

System.Reflection

Assembly

GetExecutingAssembly

System.Resources

ResourceManager

GetObject

WriteAllBytes

String

GetEntryAssembly

get_Location

Concat

set_WorkingDirectory

Exception

MemoryStream

System.Security.Cryptography

RijndaelManaged

SymmetricAlgorithm

set_KeySize

CipherMode

set_Mode

GetBytes

Rfc2898DeriveBytes

DeriveBytes

ICryptoTransform

CreateDecryptor

CryptoStream

Stream

CryptoStreamMode

IDisposable

Dispose

ToArray

lnzbssxwtyvvezfxjuqbfaeijnothfcmrwosw.Resources

$e7e42955-6dc4-474b-9793-d9b256d14a5e

WrapNonExceptionThrows

$T %>

"J#s

%|%R%)333

#2 %g$

$q $?$$$

$b###

$1#{ $

$?$

#P$$$

#H#

%`$

#r "

$b $

#W $

$v "_

$*$1#9#@#H #O$Z$q

#f#@

!!%6#{

"I $

"%#z

$h $

$i $

$j $

$F $

$a $

%7 "

"J "

#G $

%"!!%6

"I "

#W#

"_ $

$M #W%R $?!!!

#3$i$

#@"

' $

"J"

%/"

$h $

%g $

!!!&"

!!!&#y

$~ "_"J!!%6 '''

"J $

$q $

' $

$? $

"Q #W $

#{ $

%)$

$8 $

$b $

#+%`

%/ $

%R $

$j $

!!!. $

' $

"X $

' $

%` $

$q $

!!!.$

"Q $

$p"J

#3%)"

"<%Y#

%0 $

&!#z

!!%6 $

!!!.#

#z "

' "

"X$$$

$T$x

$v"Q"

%Y$

' $F$h

$i"J!!!&

$p###

!!%6 $

$Z $

#G $

$x $

$1 "

"I $

%) "

%/ $

$x $

#s $

' $

%7$

#$$a$

%g"""

"J$j

$F $

$x$Z$Z$x

$U #W

#W$

#P $

&( $

$E#{ %7

#A#

$p #G"""

#r333

$8$

#{"

%`$8

#A $

$h $

&!$x "

%)"

''$

%/ $

!!!.%R#@

%7$j

$b $

$Z$

$b $

$?$$$

"_333

#G $

%)"

%>"

#@ $

!!!& "

$q $

"4"I

"J#

%R #

#f$p#z#{#r$h "_

"C&('''

$T!!!&

#y#9?

#P$

#H $

$?"

''$

$U'

$Z"

%Y$

$p $

$j $

%)&

$x $

$8 "

"J"

#P $

#s $

$i $

%0$

%` $

'' $

#O $

#r $

%` $

#s"

$j $

%) $

#s $

%/ $

"X $

$a $

#r #

$p "

$o %/

$# "_#

$q"I

"<$q$

#t#A

#P$

%> $

$8 $

$b $

"I $

!!!& $

!!!.$

#t#z

$~$p

$[#A

"%%0

";$1!!!&'''

&($h$

$T$a$x

$Z $

''#

' $

%R$

%7$

"I $

!!%6 $

#{ $

#H $

"_ $

"I $

%/ $

"X $

!!!."X

$o#r!

#r $

$h $

$1#

' %7 $?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

jtabwpvriwcivxmvgypycmf

PCfLLGWl/EQc6nD449Oh9OUyxdmkyclJdZne6QtcUkdGA1NebwsxvLemkNXBqz5XDNjEruNN7wjc/2OQIpluOT9B0saWgtJYM1+6xHn9PgLUO722JaDvOf8alnfSYlv7TsCVCrl6Vedu5W7VCWQjTne0sP70bG02xq2wZ9SJdIfByitbfLQqn9Fqq3fpZOacmILJvdokRuI3zhEFIvKfOw/r+6CauGRhsMls2hGEQ56RX4Dd57DDqx4EWKJOlV69PLMhxe/FRkEVBMm7B98TmPdAWXn/vCJJBAjs7ALlBHNKpiwbh/evXfSQBjtE19diGDDj1UcrakIsyGhHwqErdKGjz/KhWcg1UKC34Wl8fIwwBVEr82fLGQFJQod/u2eB

NQR5pOqDp9fmja2UmqY5cg==

lnzbssxwtyvvezfxjuqbfaeijnothfcmrwosw

jtabwpvriwcivxmvgypycmf

pjwaowbvrgbcgqttgtydgtkwgzeacliahwzvtlzlbpkcxvaerpmvqbkhxabozbxftnonqozbyjjrhwelzaygynowdnctrkqamfqfhjsnpxkfynzyytpxknupfjounrlkvjpsakfpxmeitybkblxzywmxyiaxurajizjlsctkwzztlxhueqneyqprrntwkgfrmhatkrhcbiyywhiuwwthoyojknbkwfzhvtnfxplxfvicnfskgczvocngymjtoxto

ilpceropdudbxmrfpyfrgfyxpiuhenjh

qxjeefvojjmdnzhn

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

FileDescription

FileVersion

0.0.0.0

InternalName

ilk.exe

LegalCopyright

OriginalFilename

ilk.exe

ProductVersion

0.0.0.0

Assembly Version

0.0.0.0

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.MSIL.Tasker.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37497747
FireEye	Generic.mg.551034ce6f4665ce
CAT-QuickHeal	Clean
ALYac	Trojan.GenericKD.37497747
Cylance	Unsafe
Zillya	Clean
Sangfor	Clean
K7AntiVirus	Trojan ( 0057fa0a1 )
BitDefender	Trojan.GenericKD.37497747
K7GW	Trojan ( 0057fa0a1 )
CrowdStrike	win/malicious_confidence_90% (W)
Baidu	Clean
Cyren	W64/MSIL_Troj.BCG.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.FGN
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	HEUR:Trojan.MSIL.Tasker.gen
Alibaba	Trojan:MSIL/AgentTesla.47e43064
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Clean
Ad-Aware	Trojan.GenericKD.37497747
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Clean
TrendMicro	Clean
McAfee-GW-Edition	Artemis!Trojan
CMC	Clean
Emsisoft	Trojan.GenericKD.37497747 (B)
Ikarus	Trojan-Dropper.MSIL.Agent
GData	Trojan.GenericKD.37497747
Jiangmin	Clean
Webroot	Clean
Avira	HEUR/AGEN.1143065
MAX	malware (ai score=99)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:MSIL/AgentTesla.CHH!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.AgentTesla.C4588583
Acronis	Clean
McAfee	Artemis!551034CE6F46
TACHYON	Clean
VBA32	Clean
Malwarebytes	Malware.AI.3428444764
Panda	Trj/CI.A
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Msil.Trojan.Tasker.Stae
Yandex	Clean
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_96%
Fortinet	MSIL/Agent.FGN!tr
BitDefenderTheta	Clean
AVG	Win64:Trojan-gen
Cybereason	malicious.4a8396
Avast	Win64:Trojan-gen
MaxSecure	Trojan.Malware.300983.susgen

Static Analysis

PE Compile Time

Sections

Resources