popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2102-11-07 10:32:15

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b944 0x0006ba00 3.73231492065
.rsrc 0x0006e000 0x000002a4 0x00000400 2.16788495789
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Sponsing
Sponsing.exe
<Module>
Configuration
Sponsing.Visitors
Object
System
mscorlib
ErrorContextFilter
Sponsing.Filters
<>c__DisplayClass2_0
StubDescriptor
Sponsing.Descriptors
ValContextFilter
<>o__4
ValuePageStatus
Sponsing.States
HelperEventWrapper
Sponsing.Wrappers
<>o__5
Request
DispatcherIteratorWatcher
Sponsing.Watchers
Callback
IteratorSingletonImporter
MulticastDelegate
ContextSingletonImporter
IssuerContextFilter
BasePageStatus
SchemaDescriptor
Tokenizer
PageSingletonImporter
ConfigDescriptor
AlgoDescriptor
GetterContextFilter
SingletonSingletonImporter
Identifier
ValueType
Printer
Parameter
Sponsing.Importers
StrategyDescriptor
Reponse
ProccesorPageStatus
ParamsContextFilter
Sponsing.Common
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423380
ForgotConfiguration
String
EntryPointNotFoundException
CallConfiguration
StopConfiguration
RegisterConfiguration
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
CheckConfiguration
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
iterator
context
.cctor
PatchConfiguration
config
tokenmax
Replace
DestroyConfiguration
LoginConfiguration
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
LogoutConfiguration
FromBase64String
Encoding
System.Text
get_UTF8
GetString
ConnectConfiguration
_Error
_Singleton
CustomizeConfiguration
StringBuilder
ToChar
Append
ToString
AddConfiguration
SetupConfiguration
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
TestConfiguration
Action
InsertConfiguration
FillConfiguration
instance
InvokeConfiguration
ManageConfiguration
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
semaNepyTaideMemiMteNmetsyS18090
Func`5
m_Params
_Issuer
_Getter
m_Merchant
helper
NewConfiguration
LoadLibrary
kernel32.dll
CollectConfiguration
FreeLibrary
AwakeConfiguration
GetProcAddress
kernel32
_Exception
DeleteConfiguration
SelectConfiguration
GetDelegateForFunctionPointer
Delegate
CreateConfiguration
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
lnoitceSnoitarugifnoCBDlacoLataDmetsyS38096
lpNumberOfBytesWritten
selection
exitCode
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcessretemaraPnekoTytiruceSipsSsnekoTytiruceSledoMecivreSmetsyS63137
hNewToken
hThread
pContext
caller
connection
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
reference
nCmdShow
m_Attribute
_Instance
_Watcher
m_Test
m_Filter
_Connection
_Record
facade
_Container
_Producer
listener
interpreter
indexer
proccesor
m_Base
m_Global
advisor
m_State
m_Worker
m_Customer
_Database
predicate
m_Factory
_Parser
m_Interceptor
m_Service
_Specification
_Composer
m_Candidate
_Resolver
_Broadcaster
m_Setter
collection
StartConfiguration
PublishConfiguration
33ACA449E6E60C2FF0C422E0E666756A698E8365
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
KlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360EMuKyAeIjg6GDA8Mx8xAg==
KlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360x8qOSA0Az4tJQE6
GlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360EIyPhsrJiciKjM/MGofCxtiLgYQDCEbGyQvKx8GRW8=
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360zYuKyAkGD4uOislPBADByFgFAkXPEpf
GlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360EMAJCFBIgIuNUwiCx8cTA==
GlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360ik2CiBAF3k5JDswC2oHHRthD04=
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360R8qBCAeRSMUJCM5MwAtISI+DB8teCUSG3tdZQ==
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360R8qECA0DD0uUD95Mw4TARs8EEItHA8sIx5YLiofE28=
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS933600IyIiY0IhoUD0AjMwAHCywFFAcWeD1X
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS933600NBYQwZJgMtOiscCBADHSEFEDcWeUJSIxEBaA==
GlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS933600MuYhQ0HDItNT8iOGpwBBwVFEcQCkpf
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS933600NBYQwZJh8tOiscCBADHSEFEDcWeUJSIxEBaA==
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360EMuYhQ0HDItNT8iOGpwBBwVFEcQCkpf
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360BwuKCYkRSchJREwMw8PGg==
lloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360
GlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS933600MuYhNBTT4UUEA6Mw4tARo/EAUQPEpf
LlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360Sk2PiEZOTI7Dys6Cxl0TA==
HlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360EMQJCZCEDsVDys/DS90TA==
semaNepyTaideMemiMteNmetsyS18090
Replace
FromBase64String
GetString
IqxRBstKwbyIiX
VlloCnoitressAyciloPnoitpircseDledoMecivreSmetsyS93360FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUM4MWRvOEFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUE3c1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBVXNjQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFKekZBUUJQQUFBQUFPQUJBTlFFQUFBQUFBQUFBQUFBQUFESUFRRG9DQUFBQUFBQ0FBd0FBQUNBeFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUEvTGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Sponsing.exe
LegalCopyright
OriginalFilename
Sponsing.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Bulz.699108
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Gen:Variant.Bulz.699108
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agent.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Variant.Bulz.699108
Rising Clean
Ad-Aware Gen:Variant.Bulz.699108
Emsisoft Gen:Variant.Bulz.699108 (B)
Comodo Clean
F-Secure Heuristic.HEUR/AGEN.1144480
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
FireEye Generic.mg.26ec741820379576
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Bulz.699108
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=82)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Bulz.DAAAE4
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee GenericRXPZ-KW!26EC74182037
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.4000054032
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
eGambit Unsafe.AI_Score_100%
Fortinet MSIL/Kryptik.ACCF!tr
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@aqHuVAn
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
MaxSecure Clean
No IRMA results available.