popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2061-01-09 11:41:36

PDB Path

C:\Users\Admin\Desktop\проекты\work project\pastebinload2\obj\Debug\pastebinload.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000848 0x00000a00 4.39291114539
.rsrc 0x00004000 0x000004ec 0x00000600 3.74770952859
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004090 0x0000025c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042fc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
mscorlib
pastebinload
CredentialCache
IDisposable
DownloadFile
WebResponse
GetResponse
Dispose
Create
DebuggableAttribute
TargetFrameworkAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
pastebinload.exe
System.Runtime.Versioning
DownloadString
GetFolderPath
Program
System
SpecialFolder
urlLogger
.cctor
System.Diagnostics
System.Runtime.CompilerServices
DebuggingModes
ICredentials
set_Credentials
get_DefaultCredentials
Process
Concat
Object
System.Net
WebClient
Environment
WebRequest
weroiugderotiu
WrapNonExceptionThrows
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
C:\Users\Admin\Desktop\
\work project\pastebinload2\obj\Debug\pastebinload.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://iplogger.org/1Wa9p7
\237843444.exe
http://pastebin.com/raw/VJWK0vZ5
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
pastebinload.exe
LegalCopyright
OriginalFilename
pastebinload.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37561425
FireEye Generic.mg.6a55f0aa7770e3a0
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.37561425
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Trojan-Downloader ( 00581f171 )
BitDefender Trojan.GenericKD.37561425
K7GW Trojan-Downloader ( 00581f171 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.34142.am0@ayyZojh
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HMS
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanSpy:MSIL/Stealer.b5f8dfbc
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.IPLogger!1.B69D (CLASSIC)
Ad-Aware Trojan.GenericKD.37561425
TACHYON Clean
Emsisoft Trojan.GenericKD.37561425 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.MSIL.Agent
GData Trojan.GenericKD.37561425
Jiangmin TrojanSpy.MSIL.bswo
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1141408
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4629777
Acronis Clean
McAfee Artemis!6A55F0AA7770
MAX malware (ai score=87)
VBA32 Clean
Malwarebytes Trojan.Downloader
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Msil.Trojan-spy.Stealer.Wpjp
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_96%
Fortinet W32/Stealer.HMS!tr
AVG Win32:CrypterX-gen [Trj]
Cybereason malicious.a7770e
Avast Win32:CrypterX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.