popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-25 06:23:28

PDB Path

c:\Users\Administrator\Desktop\clipper.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000cf4 0x00000e00 4.75463581607
.rsrc 0x00004000 0x000004d8 0x00000600 3.70327278492
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042e8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
https://download.virka.tech/
aserkolys.dll
v4.0.30319
#Strings
<Module>
clipper.exe
SptMWOVyUu
AXHJmQTHKo
OkYyWhPoEv
mscorlib
System
Object
MulticastDelegate
EHJflBhXRi
RbODvcnqhR
lCfsIhteNo
mFVSuJjQCp
LotSwSxNoa
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
object
method
callback
result
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
clipper
STAThreadAttribute
System.Net
ServicePointManager
SecurityProtocolType
set_SecurityProtocol
WebClient
DownloadData
System.Reflection
Assembly
GetType
MethodInfo
GetMethod
RuntimeTypeHandle
GetTypeFromHandle
Delegate
CreateDelegate
DynamicInvoke
.cctor
<PrivateImplementationDetails>{C46F8780-528B-4057-98F0-DEAB621594AF}
CompilerGeneratedAttribute
$$method0x6000006-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
ValueType
__StaticArrayInitTypeSize=20
$$method0x6000006-2
__StaticArrayInitTypeSize=13
$$method0x6000006-3
System.Text
Encoding
get_ASCII
GetString
String
Concat
WrapNonExceptionThrows
c:\Users\Administrator\Desktop\clipper.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
210305000000Z
240313235959Z0g1
California1
Menlo Park1
WhatsApp, Inc1
WhatsApp, Inc0
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://www.digicert.com/CPS0
http://ocsp.digicert.com0N
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
311110000000Z0e1
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA
210517170230Z0
WhatsApp0/
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210517170230Z0/
wS`wL+>
IOQiwbeqibwqwexqwev.qbIUWJEBuqwhunqhuwuq
ziqwieqbiwjibiejqijwb
Invoke
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
https://9qn7.dimluui.ru/1035405053.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
clipper.exe
LegalCopyright
OriginalFilename
clipper.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
<<<Obsolete>>
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.79647
FireEye Generic.mg.eceafb76182d6e9f
CAT-QuickHeal Clean
McAfee Artemis!ECEAFB76182D
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.MSIL.Chapak.gen
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Bulz.79647
K7GW Trojan-Downloader ( 005816d61 )
K7AntiVirus Trojan-Downloader ( 005816d61 )
BitDefenderTheta Gen:NN.ZemsilF.34110.am2@aaz4Zyg
Cyren Clean
Symantec Trojan.Gen.2
ESET-NOD32 a variant of MSIL/TrojanDownloader.Tiny.BFB
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Chapak.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Msil.Trojan.Chapak.Apda
Ad-Aware Gen:Variant.Bulz.79647
Emsisoft Gen:Variant.Bulz.79647 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PWS.Siggen3.2449
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Bulz.79647
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira TR/Dldr.Tiny.klmzq
MAX malware (ai score=84)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Bulz.D1371F
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4609709
Acronis Clean
VBA32 TScope.Trojan.MSIL
ALYac Gen:Variant.Bulz.79647
TACHYON Clean
Malwarebytes Spyware.PasswordStealer
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H07HP21
Rising Clean
Yandex Trojan.Chapak!1xrBpHeq8ic
Ikarus Trojan-Downloader.MSIL.Tiny
eGambit PE.Heur.InvalidSig
Fortinet PossibleThreat
Webroot W32.Trojan.Gen
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.6182d6
Avast Win32:PWSX-gen [Trj]
No IRMA results available.