popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-07 21:11:43

PDB Path

c:\inetpub\wwwroot\CRYPT_INSTALLS.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001104 0x00001200 4.5251909376
.rsrc 0x00004000 0x000005d8 0x00000600 4.19869408399
.reloc 0x00006000 0x0000000c 0x00000200 0.0611628522412

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000348 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000043e8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
CRYPT_INSTALLS.exe
OKAJIS
JUqhGC
SLTOKT
mscorlib
System
Object
MulticastDelegate
mbeUkh
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
uAEKoW
object
method
callback
result
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
CRYPT_INSTALLS
System.Threading
Thread
System.Net
ServicePointManager
SecurityProtocolType
set_SecurityProtocol
WebClient
String
Concat
DownloadData
Assembly
GetType
MethodInfo
GetMethod
RuntimeTypeHandle
GetTypeFromHandle
Delegate
CreateDelegate
System.Windows.Forms
Application
get_ExecutablePath
DynamicInvoke
get_Length
Substring
Convert
ToByte
System.Text
Encoding
get_Unicode
GetString
Valve Corporation
$Copyright (C) 2021 Valve Corporation
1.0.0.2
WrapNonExceptionThrows
c:\inetpub\wwwroot\CRYPT_INSTALLS.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
210305000000Z
240313235959Z0g1
California1
Menlo Park1
WhatsApp, Inc1
WhatsApp, Inc0
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://www.digicert.com/CPS0
http://ocsp.digicert.com0N
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
311110000000Z0e1
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA
210517170230Z0
WhatsApp0/
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210517170230Z0/
wS`wL+>
)g51g59g5Ag5Ig5Qg5Yg:ig@qg
http://95.215.205.85/INSTALLS.exe
680074007400
700073003A002F002F006200750069006C006400650072002E00700070002E00720075002F00
74006500730074007100630077007100650062007100770065007100770065002E0064006C006C00
6A006500620071007700690075006500680069007500710077006700650069007500710067007800690075006700650069007500710067007700650076007500690071007700
2E007100780065006A00770069006F006200680065006F00690071007700680065006F0069007100680078006F006900650068006F0071006900770067007A006F0069006700710077006F00690065007600770065007600
620071007700650069006300680071006F0069007700750068006500760069007500710077006800690065007500780067007100770069007500670065007500690076007100770065006200
Invoke
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Valve Corporation
FileDescription
FileVersion
1.0.0.2
InternalName
CRYPT_INSTALLS.exe
LegalCopyright
Copyright (C) 2021 Valve Corporation
OriginalFilename
CRYPT_INSTALLS.exe
ProductName
ProductVersion
1.0.0.2
Assembly Version
0.0.0.0
<<<Obsolete>>
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Miner.a!c
Elastic Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Trojan-Downloader ( 0058192b1 )
Cybereason malicious.053aba
Baidu Clean
Cyren Clean
Symantec Trojan.Gen.2
ESET-NOD32 a variant of MSIL/TrojanDownloader.Tiny.BFJ
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Miner.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.56c100bab6222d31
Sophos Mal/Generic-S
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Miner.gen
Microsoft Trojan:Script/Phonzy.C!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic Downloader.x
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Fortinet MSIL/Tiny.BFL!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.34126.am2@a4tB9ki
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_80% (W)
MaxSecure Clean
No IRMA results available.