popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2100-10-21 15:54:39

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000032f4 0x00003400 6.0505023174
.rsrc 0x00006000 0x0002adec 0x0002ae00 3.69138184258
.reloc 0x00032000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f888 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002fcf0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002fd74 0x0000041e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00030194 0x00000c55 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
IYf 9s
RO\sf
L CU[ka
' "e^3Y
$nrX i
|X 6k3Ua
L CU[ka
RO\sf
fB}c [T9
L CU[ka
YO`a 2
4!ff j
!Pef lx
fB}c [T9
Ye '&'Fa
v4.0.30319
#Strings
SJFIIEESD-6
SJFIIEESD-6.exe
<Module>
PrototypeListItem
Wfrytycqyzlzt.Items
Object
System
mscorlib
Exporter
Wfrytycqyzlzt.Schemes
WebClient
System.Net
Settings
Wfrytycqyzlzt.Properties
ApplicationSettingsBase
System.Configuration
<Module>{d2c3cbc6-74d5-4190-a262-17f744d994ed}
VisitBridge
InsertTest
String
DownloadDataAsync
DownloadDataCompletedEventHandler
IntPtr
add_DownloadDataCompleted
Application
System.Windows.Forms
Thread
System.Threading
SetupTest
DownloadDataCompletedEventArgs
counter
get_Result
InsertBridge
Boolean
WriteBridge
EnableBridge
CustomizeTest
System.IO
WriteAllBytes
ProcessStartInfo
System.Diagnostics
set_FileName
set_UseShellExecute
Process
PostTest
GetTempFileName
Replace
Concat
MoveBridge
InstantiateBridge
defaultInstance
VerifyBridge
get_Default
.cctor
SettingsBase
Synchronized
IncludeBridge
QueryBridge
Default
m_7c254aa5eae64a94b08acc616fa63140
m_90a2e614051048298c7a792e0a2ebf49
m_75e2ae29cb7546b493bb2067760c3bc5
m_be53648e15024593b638e6fca256a1a9
m_c507725105764f6296c4fc9ade8f5dde
m_2a1b1c5dc2a84900a3bb3e7aa4746186
m_7f74b1a6f9c54bdf86b3b726d6eaa4f8
m_7d35b30286d54423b0eafc9561c24e80
m_e0f395f3e5a54198917db97eceb2d9d9
m_4d14ea87b9984cf18ea360421d2a6f1f
m_dbf802c707164983bf3f16d99bbd5fad
m_bf5bb07017474972b7e368057bdf137a
m_3b0d40e0a46d44488a4b40d9b95e2405
m_a9d7158a21664193a7cd18c18aa0bb25
m_e5aa64861a604a91814fb0d84b098a03
m_573d75dd34044c25b327c51900d917ae
m_f89977fd8107490f8d143b02e5053b0e
m_eb9970879ead419e8068d9ff66333aea
m_fffcf6e759304920a8bf71f75bac700e
m_d4ec314005e94d30b4343f699aafcb0d
m_0f3ca20a1c7e4b21b1633ac8aa3b8bdf
m_32fddfa6883a45c3895242ee05dd6b75
m_5c4d342088d4406cbd51ec94bb1e3772
m_9071db7a958d47eb893c2ba1bc522b3f
m_021a0062893844c7b19a7602536bcee9
m_4090ee7ccb0640309d7d417ea6a92501
m_eabd9439279c43148168e687bc519ef5
m_e57602908be94e0b8b60bace61f95a94
m_34df8c47449a43e4bad3a5b6bb7f2ab6
m_f18374f817844e4da8413581e8eb03f1
m_83c6bc624be24015a6c2dcbbebfbb7fa
m_c0ebe799581d4f4b99768368beaddd60
m_b6b5c37b206d496e8cdedfc1aa0230ce
m_07a3c16e01b5497b9302f430a510e643
m_23b0936e94a440a6a2e0db5905191611
m_eeb1ff45c46640b1afb20c895839ce6d
m_9f62883596da44af955b5c2469bc2e76
m_465dd5076fe2416192a5f5255e959969
m_fadd30230b4e42c09079a5ca2e9377f8
m_cb6d0441011f4d82baff019e9d1ac897
m_40f51153f9be4f638944a03b38a2bcac
m_25e2f993399b4d3aa47df60e98ebb208
m_2b94f724dfcd47c2bb70a3ebdfcfd8b9
m_33a6b33e34e74d9d819b0cb5556d154e
m_a2c5c3a5730c448bbffb44e250a0b989
m_a65b059812614950b57d6ce01f50730e
m_52a764f5c585446386bded79f5750f52
m_7049bd40b7f8434baefbc3533de7ae07
m_3ef75bb306404804a174c77af922ac1c
m_788087bd74a049b7b39e4e6fc7a37a28
m_a08d8b6e39524d01996a7ee2b32f71e2
m_4fdb1a7b41664ef7aff20a47169d6934
m_257deb457709454783a281099d66fa9b
m_359a271cdb4c4e66b6de9403f11b8355
m_f6fbaee6d9244c7ca3d2ede6289174d5
m_22929537b50041feaa7e74ee3d4c3024
m_ce1caee7312f4b8b9df5dbe0d9ebb6da
m_b16f966c0b7849abaee65604114c1e05
m_fc48301b7e7c4e72927da2d47ee52663
m_8e994028ae034c779c8e3ea9317e6fd4
m_05a73ac8059b4f55acac84227d2a510c
m_cb188190c0c944cd93018bd4a4ae0639
m_ec9c41caa72c4925ab9cd228f4fb60ea
m_2e5d170a0ee54772babde16d2b023389
m_c678f18d21f4469bbd3576a20c1cf90a
m_03585e8b293f4219873a21b80b16ecdb
m_219c515ed0084028a79119c2f119a828
m_1fd3c174216149599c4a7711b00552d2
m_edec20b6faee458087fe7a6fd594c7dd
m_431f435928bd4265ba70d2a5fe5e78bb
m_556096ec279744adb5e9164f35c42162
m_ed656d14ea1c460a9fe5ffbee6de1580
m_1bca65c54c79457ca8ba1b2c4daaddf5
m_1e76d604eeeb400584bbd7a4266b1a2f
m_bcb870a3f84d4b818f03586a7084c0ff
m_fdad0736ecaf484f97762f2b0eec133a
m_227a8924e3074e4aa8183019f86b4b5a
m_da0e19dd134f4d2bb4c376be1976baac
m_4a53cc4285b140bb9c01f2320119d9e0
m_ad49b3cb65cb40539f265f5585fa3fac
m_9da31bae8d5943d4922aa62407e5da11
m_1d2dd09bf7384ee7ac33ee777840b572
m_cc2880a43f7244e5a7699cffd9e5a25b
m_9444a9901fd04f7491e6639929d77543
m_da4b6c18e01946cc963e5fc356a9391c
m_2f15d3ca993a48f79cf9996427739c49
m_7a94c9700e6c47caa1cd6ac4a83312b5
m_e3ed64617a08477490c282046144ec17
m_6044f567384a4ae6bb6f193c006c99a8
m_b859c219e23b4444b8d9e7a74c987771
m_2864f61800404445ae3617a8e3e3f61a
m_130d54bd7e4a4f34a7c48b62d160701f
m_7f7d510b7e5643eca79f636263dbb4ec
m_fa9a454cfff647039942dc52f236cd2f
m_e32784fd568b4e41ad8a419183a590ca
m_7b0ac50e0ce444238ff90a7c0d8eded7
m_b8d96ced25854271b11064ef97abfeb9
m_afd2897c5ff340e885945541a9fc6bf5
m_5006952348d845ea848253b412a74288
m_67795257b54d43279b3f2fefc0e078f7
m_99cd0e5071ab48ec8a01d853f24a5fc6
m_ebfd7a42f6f34cb1aa3fe537dec26ee0
m_185da85933964bd6ba4134847a643875
m_146799cf488d4705a54803cf1e60e728
m_e659e4ed33da492493621b634b1bdeef
m_6bae668c516140b58a1a70a2ddd1bf46
m_15f3d62978a247d791ccafe4aab649a0
m_71004f365f2e4dbca9954cfbada7d766
m_e420a30189844a29992adba838aaf27e
m_183aa9e5a74b4374b548b580fea79190
m_2b459a197114487ab7118e2c20eebd63
m_b533d7af2137466ca1dabcbe01f4d14a
m_79d04e9f6e7e449cbf4d2e0e971c6050
m_05141bf3dae54698a8b0e79631be1744
m_a0092cfb21d44412abd4018ef6e6bc31
m_3b7f715602bd46ec86c2112f09c785c2
m_4fc7b10313294e97a77fe84cbb257bcc
m_2aece8527cb64124832cca9d0f6a1a34
m_fb77fcceaa6f4039923942fc133d1e17
m_212f37a10d784dfcbb14cadcde33b82f
m_b0061486de8341e98ecb4daad97d587a
m_2b2c8efb677245fea5bd1c52dd8aa55f
ForgotBridge
s3a56f3ac98404d88bd3ee50c786810ac
ReadBridge
PushBridge
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
TCPIP Finger Command
Microsoft Corporation
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
$77ede7ca-0108-4702-a63e-a7a39b137e49
10.0.17763.1
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.8.1.0
_CorExeMain
mscoree.dll
~hVefQ
eYY?g__
###Yg5EQp~~
d@f`TUU
4M477ctt
EQpvvf
hmmEooo
0>>n; 4M
\R577W
jkk155U
KKK%u3RU
899q<
eYhhhp
!077g+~
*273::Z
Ng0&''
4,//;6
?W&\UU
9NNN`YVh
1455EF
EcccTD
s\\\`qq1g
9ZZZ055
k,//CU+
+#xW=}
4466RY
XXXeYYY
XXXKYYY
XXX/YYY
YYY}YYY
XXX^YYY
XXXDYYY
VVV(YYY
XXXuYYY
XXXXYYY
XXX=YYY
XXX!YYY
YYYmYYY
XXXQYYY
XXX5YYY
XXXeYYY
XXXJYYY
XXX.YYY
YYY}YYY
XXX^YYY
XXXCYYY
XXX(YYY
XXXtYYY
XXXWYYY
XXX<YYY
XXX!YYY
XXXkYYY
XXXQYYY
XXX5YYY
XXXdYYY
XXXJYYY
XXX-YYY
YYY|YYY
XXX_YYY
XXX"XXXvXXXuXXXuXXXuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuYYYuXXXuXXXuXXXvXXX"
lllm^^^
cccTXXX
]]]8XXX
XXX XXX
YYYjYYY
XXXKYYY
XXX/XXX
XXX~XXX
XXXbYYY
XXXGYYY
XXX.XXX
XXXvXXX
XXXZXXX
XXX?XXX
XXX%XXX
XXXqYYY
XXXQYYY
WWW6XXX
XXXhYYY
XXXNYYY
XXX3XXX
XXX YYY
XXX~XXX
XXX`YYY
XXXDYYY
WWW+XXX
XXXxXXX
XXXYXXX
XXX5XXX
]]]mXXX
XXXNYYY
XXX2XXX
XXXdYYY
XXXHYYY
XXX-YYY
XXX{YYY
XXX]XXX
XXX@YYY
XXX%XXX
XXXrYYY
XXXVYYY
XXX9YYY
XXXYYY
XXXlYYY
XXXMYYY
XXX2YYY
XXXdYYY
XXXGXXX
XXXqYYY
YYYUYYY
XXX7YYY
XXXjYYY
XXXNYYY
XXX/YYY
XXXcYYY
XXXFYYY
XXX(YYY
XXXxYYY
XXX\YYY
XXX>YYY
XXX!YYY
XXXpYYY
XXXTYYY
XXX6YYY
XXX:XXX:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:YYY:XXX:XXX:XXX
XXXhYYY
XXXJYYY
XXX-YYY
XXX~XXX
XXX_YYY
XXXCXXX
XXX&XXX
XXXuYYY
XXXYXXX
XXX;XXX
XXX XXX
XXXoYYY
XXXQYYY
XXX4YYY
XXXkXXXkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkYYYkXXXkXXXkXXX
wwwwrrr
ZZZ]YYY
XXX@YYY
XXX#YYY
XXXsYYY
XXXVYYY
XXX8YYY
XXXkYYY
XXXNYYY
XXX1YYY
XXXcXXX
XXXFXXX
TTT(XXX
XXXxYYY
XXX[YYY
XXX>XXX
QQQ!YYY
UUU5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5VVV5MMM
|||2rrr>
|||>ppp>
zzz>HHH5eee
OOO5777
SSShYYY
IIIKYYY
???.YYY
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
https://greencodeteam.top/System64.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
TCPIP Finger Command
CompanyName
Microsoft Corporation
FileDescription
TCPIP Finger Command
FileVersion
10.0.17763.1
InternalName
SJFIIEESD-6.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
SJFIIEESD-6.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.17763.1
Assembly Version
10.0.17763.1
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Trojan.GenericKD.37328434
FireEye Generic.mg.efa7b4d2183d6e52
CAT-QuickHeal Trojan.Multi
ALYac Trojan.GenericKD.37328434
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Clean
K7AntiVirus Trojan-Downloader ( 0057f57d1 )
BitDefender Trojan.GenericKD.37328434
K7GW Trojan-Downloader ( 0057f57d1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.34142.lm0@a0fEkTo
Cyren W32/Trojan.KWET-1681
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.IGT
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PGV21
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan.Multi.GenericML.xnet
Alibaba Trojan:MSIL/MalwareX.d934b47c
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKD.37328434
Sophos Mal/Generic-S
Comodo Clean
F-Secure Trojan.TR/Dldr.Agent.pdjys
Baidu Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0PGV21
McAfee-GW-Edition GenericRXPE-KT!EFA7B4D2183D
CMC Clean
Emsisoft Trojan.GenericKD.37328434 (B)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.37328434
Jiangmin Trojan.Multi.clg
Webroot W32.Malware.Gen
Avira TR/Dldr.Agent.pdjys
MAX malware (ai score=83)
Antiy-AVL Trojan[Downloader]/MSIL.Agent
Kingsoft Clean
Gridinsoft Malware.Win32.GenericMC.cc
Arcabit Trojan.Generic.D2399632
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:MSIL/Wirzemro!mclg
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee GenericRXPE-KT!EFA7B4D2183D
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Malware.AI.4233833734
Panda Trj/GdSda.A
APEX Malicious
Tencent Clean
Yandex Trojan.DL.Agent!R6Jsaj0qJ7w
Ikarus Trojan-Downloader.Win32.Generic
eGambit Unsafe.AI_Score_71%
Fortinet MSIL/Agent.IGT!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason Clean
Avast Win32:MalwareX-gen [Trj]
MaxSecure Trojan.Malware.82199810.susgen
No IRMA results available.