popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2051-03-16 08:55:37

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001034 0x00001200 4.90254309096
.rsrc 0x00004000 0x000426e2 0x00042800 5.98587821633
.reloc 0x00048000 0x0000000c 0x00000200 0.0722525226906

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004140 0x00042028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00046168 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0004617c 0x0000037c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000464f8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
List`1
<Module>
System.IO
mscorlib
System.Collections.Generic
Replace
GetEnvironmentVariable
IDisposable
get_ProcessName
Dispose
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
PirateMonsterInjector.exe
System.Runtime.Versioning
DownloadString
GetFolderPath
Webhook
Program
System
System.Reflection
Exception
DirectoryInfo
SpecialFolder
GetEnumerator
.cctor
PirateMonsterInjector
Bonjour
System.Diagnostics
GetDiscords
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
GetFiles
DiscordProcesses
GetProcesses
Settings
Contains
Process
Concat
Object
direct
System.Net
WebClient
Environment
get_Current
MoveNext
WriteAllText
GetIndex
CreateDirectory
WrapNonExceptionThrows
PirateMonsterInjector
Copyright
2021
$8c8325fc-90f7-47e9-b524-374dd6570aed
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
LocalAppData
modules
discord_desktop_core
\discord_desktop_core\PirateStealerBTW
\discord_desktop_core\index.js
Discord Not Found
iscord
https://raw.githubusercontent.com/Stanley-GF/PirateStealer/main/src/Injection/injection
%WEBHOOK_LINK%
\Microsoft\Windows\Start Menu\Programs\Discord Inc
https://discord.com/api/webhooks/882538043721003028/3XC6kZiPhtlj7jYewEGXkrk-SMrPPYq3w5pmEuOVBh2oSI_JatBQZHShkDKrWXHFXOKo
320X320(
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
PirateMonsterInjector
FileVersion
1.0.0.0
InternalName
PirateMonsterInjector.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
PirateMonsterInjector.exe
ProductName
PirateMonsterInjector
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic Clean
MicroWorld-eScan Gen:Variant.MSILHeracles.18828
FireEye Generic.mg.f8fdcd124427dfb1
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
ALYac Gen:Variant.MSILHeracles.18828
Malwarebytes Spyware.Discord
VIPRE Clean
Sangfor Clean
K7AntiVirus Trojan-Downloader ( 0057dcc31 )
BitDefender Gen:Variant.MSILHeracles.18828
K7GW Trojan-Downloader ( 0057dcc31 )
Cybereason malicious.541973
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34142.qm0@aatWxyb
Cyren W32/MSIL_Troj.AZH.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Tiny.NST
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Bulz-9872378-0
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanDownloader:MSIL/Disstl.7d32f42c
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Tencent Msil.Trojan-spy.Stealer.Egyf
Ad-Aware Gen:Variant.MSILHeracles.18828
TACHYON Clean
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownloaderNET.175
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Downloader-FCFN!F8FDCD124427
CMC Clean
Emsisoft Gen:Variant.MSILHeracles.18828 (B)
Ikarus Trojan-Downloader.MSIL.Tiny
Jiangmin TrojanSpy.MSIL.blef
MaxSecure Trojan.Malware.300983.susgen
Avira HEUR/AGEN.1144825
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:MSIL/Disstl.AWQ!MTB
ViRobot Clean
ZoneAlarm Clean
GData Gen:Variant.MSILHeracles.18828
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.C4500247
Acronis Clean
McAfee Downloader-FCFN!F8FDCD124427
MAX malware (ai score=87)
VBA32 Clean
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Clean
Fortinet MSIL/Tiny.NST!tr
Webroot Clean
AVG Win32:DropperX-gen [Drp]
Avast Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.