popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2099-01-08 19:43:05

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b6b4 0x0006b800 3.72789579708
.rsrc 0x0006e000 0x000002ac 0x00000400 2.19832791954
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x00000254 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Nummulitic
Nummulitic.exe
<Module>
Nummulitic.Writers
Object
System
mscorlib
ErrorMapWriter
<>c__DisplayClass2_0
Nummulitic.Consumers
Struct
<>o__4
ObjectInterceptorConsumer
Nummulitic.Mappers
<>o__5
Property
Nummulitic.Resolver
ParserCallbackResolver
AttrCandidateProducer
Nummulitic.Producers
ModelCandidateProducer
MulticastDelegate
PropertyTagClass
PredicateCallbackResolver
Interpreter
UtilsTagClass
Record
StateStructStructBuilder
ValWriterMapper
Nummulitic.Shared
ValueType
RulesUtilsVisitor
Nummulitic.Visitors
CallbackTagClass
Nummulitic.Classes
Nummulitic.Structs
ReponseTagMock
Nummulitic.Mocks
TestsCandidateProducer
PrinterQueueContainer
Nummulitic.Containers
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423312
DestroyProxy
String
EntryPointNotFoundException
ChangeProxy
SetProxy
CloneProxy
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
SetupProxy
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
_Writer
interceptor
.cctor
ResolveProxy
reference
no__ivk
_Candidate
Replace
RunProxy
InterruptProxy
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
VisitProxy
FromBase64String
Encoding
System.Text
get_UTF8
GetString
EnableProxy
m_Facade
AwakeProxy
second
StringBuilder
ToChar
Append
ToString
FlushProxy
PrepareProxy
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
MapProxy
Action
PushProxy
ConnectProxy
m_Callback
ManageProxy
UpdateProxy
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
ecivreSnoituloseRepyTIngiseDledoMtnenopmoCmetsyS88197
Func`5
mapping
resolver
service
m_Connection
_Container
StartProxy
LoadLibrary
kernel32.dll
OrderProxy
FreeLibrary
DefineProxy
GetProcAddress
kernel32
_Utils
ListProxy
IncludeProxy
GetDelegateForFunctionPointer
Delegate
InsertProxy
_Instance
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
ltnemelEgnidniBspttHcisaBnoitarugifnoCledoMecivreSmetsyS58113
lpNumberOfBytesWritten
visitor
exitCode
instance
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesrekovnInoitcAdeldnahnUemitnuRhctapsiDrehctapsiDledoMecivreSmetsyS72203
hNewToken
hThread
pContext
selection
config
caller
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
m_Singleton
_Policy
m_Rules
_Publisher
m_Algo
factory
m_Global
m_Expression
_Serializer
observer
specification
m_Reader
m_Message
_Decorator
customer
m_Stub
m_Identifier
m_Error
comparator
proccesor
_Tokenizer
database
listener
m_Attribute
m_Registry
m_Prototype
m_Rule
_Context
m_Exception
thread
_Visitor
m_Template
m_List
_Initializer
CompareProxy
RemoveProxy
899836A3658FFC650A6D6DD5B95E8AF9334E46F0
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
BnoCssRnoitacidnySledoMecivreSmetsyS45925GoAEBsFODc5PTwWHyIgJQ==
BnoCssRnoitacidnySledoMecivreSmetsyS45925zYEAhsvGTEuAA0Q
NnoCssRnoitacidnySledoMecivreSmetsyS45925GscBSAwPCghDz8VHFcOLApJBBsgMxEMASgjKwAeRFU=
MnoCssRnoitacidnySledoMecivreSmetsyS45925x8AEBs/AjEtHycPEC0SIDBLPhQnA3pI
NnoCssRnoitacidnySledoMecivreSmetsyS45925GouHxpaOA0tEEAIJyINaw==
NnoCssRnoitacidnySledoMecivreSmetsyS45925gAYMRtbDXY6ATcaJ1cWOgpKJVM=
MnoCssRnoitacidnySledoMecivreSmetsyS45925TYEPxsFXywXAS8THz08BjMVJgIdRxUFAXdRZQ==
MnoCssRnoitacidnySledoMecivreSmetsyS45925TYEKxsvFjItdTNTHzMCJgoXOl8dIz87ORJULjUHElU=
MnoCssRnoitacidnySledoMecivreSmetsyS459252scGR0vOBUXKkwJHz0WLD0uPhomRw1A
MnoCssRnoitacidnySledoMecivreSmetsyS459252pvWjcCPAwuHyc2JC0SOjAuOiomRnJFOR0NaA==
NnoCssRnoitacidnySledoMecivreSmetsyS459252oAWS8vBj0uEDMIFFdhIw0+PlogNXpI
MnoCssRnoitacidnySledoMecivreSmetsyS459252pvWjcCPBAuHyc2JC0SOjAuOiomRnJFOR0NaA==
MnoCssRnoitacidnySledoMecivreSmetsyS45925GoAWS8vBj0uEDMIFFdhIw0+PlogNXpI
MnoCssRnoitacidnySledoMecivreSmetsyS45925DUAEx0/XygiAB0aHzIePQ==
noCssRnoitacidnySledoMecivreSmetsyS45925
NnoCssRnoitacidnySledoMecivreSmetsyS459252oAWShaVzEXdUwQHzM8JgsUOhggA3pI
AnoCssRnoitacidnySledoMecivreSmetsyS45925QAYBRoCIz04KicQJyRlaw==
MnoCssRnoitacidnySledoMecivreSmetsyS45925Go+Hx1ZCjQWKicVIRJlaw==
ecivreSnoituloseRepyTIngiseDledoMtnenopmoCmetsyS88197
Replace
FromBase64String
GetString
eXViyhnDtGucE
VnoCssRnoitacidnySledoMecivreSmetsyS45925FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQU9qbXdhQUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUE0c1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBK1FZQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFKREZBUUJQQUFBQUFPQUJBTndFQUFBQUFBQUFBQUFBQUFESUFRRGdDQUFBQUFBQ0FBd0FBQUIweFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE4TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU53RUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Nummulitic.exe
LegalCopyright
OriginalFilename
Nummulitic.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agent.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37594927
FireEye Generic.mg.5d270754f01dc386
CAT-QuickHeal Clean
McAfee GenericRXPZ-YL!5D270754F01D
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0057fbdb1 )
BitDefender Trojan.GenericKD.37594927
K7GW Trojan ( 0057fbdb1 )
Cybereason malicious.d240c1
Baidu Clean
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKD.37594927
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
CMC Clean
Emsisoft Trojan.GenericKD.37594927 (B)
Ikarus Trojan-Spy.MSIL.Agent
GData Trojan.GenericKD.37594927
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=100)
Antiy-AVL Trojan/Generic.ASMalwS.349D245
Kingsoft Clean
Gridinsoft Trojan.Win32.Agent.vb
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@aixSt6p
ALYac Trojan.GenericKD.37594927
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIG21
Tencent Win32.Trojan.Bulz.Swlb
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.