popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2073-01-06 21:31:24

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006be04 0x0006c000 3.73414282822
.rsrc 0x0006e000 0x00000294 0x00000400 2.13307256639
.reloc 0x00070000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x0000023c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Revue.exe
<Module>
Tokenizer
Revue.Listeners
Object
System
mscorlib
Account
Revue.Messages
<>c__DisplayClass2_0
Revue.Dispatcher
TemplateGetterComp
Revue.Composer
<>o__4
Definition
Revue.Instances
FieldDefinitionWriter
Revue.Writers
<>o__5
AttributeAuth
Revue.Authentication
ParamListStatus
Revue.States
ComparatorRoleList
MulticastDelegate
ListDispatcherInstance
Container
Exporter
BridgeRoleMessage
AdapterAuthenticationClass
AccountDispatcherInstance
ErrorStubMapper
Callback
MessageSetterMapping
CreatorDispatcherConnector
Revue.Connections
ValueType
RepositoryRoleList
Revue.Lists
Request
Revue.Shared
AlgoRoleMessage
ValAccountListener
ProductDefinitionQueue
Revue.Queues
RuleAuth
ObjectStubMapper
Revue.Mappers
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423436
AddTokenizer
String
EntryPointNotFoundException
MapTokenizer
CalculateTokenizer
RemoveTokenizer
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
SetupTokenizer
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
m_Dispatcher
_Setter
.cctor
DestroyTokenizer
counterHigh
m_Getter
instance
Replace
OrderTokenizer
IncludeTokenizer
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
PushTokenizer
FromBase64String
Encoding
System.Text
get_UTF8
GetString
ForgotTokenizer
_Product
CallTokenizer
StringBuilder
ToChar
Append
ToString
SearchTokenizer
SelectTokenizer
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
ListTokenizer
Action
PrintTokenizer
ChangeTokenizer
m_Authentication
CollectTokenizer
PrepareTokenizer
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
tluseRcnysAedargpUtpeccArotpeccAedargpUytiruceSmaertSswodniWredivorPedargpUytiruceSmaertSswodniWslennahCledoMecivreSmetsyS88755
Func`5
worker
_Schema
importer
message
interceptor
m_Identifier
_Status
RateTokenizer
LoadLibrary
kernel32.dll
EnableTokenizer
FreeLibrary
ResetTokenizer
GetProcAddress
kernel32
m_Proccesor
ComputeTokenizer
CalcTokenizer
GetDelegateForFunctionPointer
Delegate
ReflectTokenizer
_Iterator
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
ltluseRcnysAdeppalrevOegasseMevieceRstekcoSteNmetsyS62290
lpNumberOfBytesWritten
exitCode
reference
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesnoitcAwolfrevOscitsongaiDmetsyS25313
hNewToken
hThread
pContext
counter
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
selection
nCmdShow
_Parameter
repository
comparator
_Order
m_Database
reponse
m_Factory
watcher
_Strategy
m_Listener
consumer
_Issuer
_Configuration
_Property
_Method
_Object
m_Error
system
observer
m_Test
customer
m_Template
serializer
m_Adapter
m_Predicate
_Registry
_Composer
m_Interpreter
_Descriptor
visitor
_Candidate
_Advisor
m_Broadcaster
specification
_Connection
_Singleton
CreateTokenizer
PublishTokenizer
19F086F1CF4F4F6133212BCCF34F9E93A0A6405D
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
MnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FMCDyQBGgYBPiotLhYZJw==
MnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575w8GHSQrOwAWAxsr
AnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FIeGh80HhkZDCkuLWM3LhV2ADkRCxIaOhkXEgIBe1E=
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575yYCDyQ7IAAVHDE0IRkrIi90OjYWO3le
AnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FMsACVeGjwVE1YzFhY0aQ==
AnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575jkaLiRfL0cCAiEhFmMvOBV1IXE=
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575Q8GICQBfR0vAjkoLgkFBCwqIiAsfxYTOkZlXA==
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575Q8GNCQrNAMVdiVoLgc7JBUoPn0sGzwtAiNgFzcYLVE=
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS225751IeBiIrGiQvKVoyLgkvLiIROjgXfw5W
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS225751NtRQgGHj0WHDENFRkrOC8RPggXfnFTAiw5UQ==
AnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS225751MCRhArJAwWEyUzJWNYIRIBOngRDXle
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS225751NtRQgGHiEWHDENFRkrOC8RPggXfnFTAiw5UQ==
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FMCRhArJAwWEyUzJWNYIRIBOngRDXle
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575AwCDCI7fRkaAwshLgYnPw==
nysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575
AnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS225751MCRhdedQAvdlorLgcFJBQrPjoRO3le
NnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575TkaGiUGAQwAKTErFhBcaQ==
BnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FM8ACJdKAUuKTEuECZcaQ==
tluseRcnysAedargpUtpeccArotpeccAedargpUytiruceSmaertSswodniWredivorPedargpUytiruceSmaertSswodniWslennahCledoMecivreSmetsyS88755
Replace
FromBase64String
GetString
QaTvFlLuLDcXt
VnysAegasseMdnAlennahCrexumeDlennahCnoisseSxelpuDslennahCledoMecivreSmetsyS22575FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUpDVGlhTUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUEyc1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBaXdVQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFJakZBUUJQQUFBQUFPQUJBTndFQUFBQUFBQUFBQUFBQUFESUFRRFlDQUFBQUFBQ0FBd0FBQUJzeFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE2TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU53RUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Revue.exe
LegalCopyright
OriginalFilename
Revue.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.699108
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!13306437E753
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Bulz.699108
K7GW Clean
Cybereason malicious.054fb5
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@aO!er5c
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Gen:Variant.Bulz.699108
TACHYON Clean
Emsisoft Gen:Variant.Bulz.699108 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
FireEye Generic.mg.13306437e7533e06
Sophos Mal/Generic-S
Ikarus Trojan-Spy.MSIL.Agent
GData Gen:Variant.Bulz.699108
Jiangmin Clean
MaxSecure Clean
Avira HEUR/AGEN.1144480
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Bulz.DAAAE4
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis suspicious
VBA32 Clean
ALYac Gen:Variant.Bulz.699108
MAX malware (ai score=83)
Malwarebytes Malware.AI.7742968
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet MSIL/Kryptik.ACCF!tr
Webroot Clean
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_80% (D)
No IRMA results available.