popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2075-05-05 19:11:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b7e4 0x0006b800 3.72710224138
.rsrc 0x0006e000 0x000002a4 0x00000400 2.18000494025
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Mortician
Mortician.exe
<Module>
ExporterProcessConsumer
Mortician.Consumers
Object
System
mscorlib
Merchant
<>c__DisplayClass2_0
ListInvocationWriter
Mortician.Writers
Invocation
Mortician.Common
<>o__4
Method
ProcessClassSpec
Mortician.Specifications
<>o__5
ValInitializerCandidate
Mortician.Candidates
Filter
Worker
MulticastDelegate
WatcherProcessConsumer
Service
AccountProcessConsumer
Resolver
ClassClassSpec
ExceptionService
Record
IteratorProcessConsumer
Producer
FactoryService
Authentication
ValueType
StatusProcessConsumer
ServerInitializerCandidate
InitializerClassSpec
Serializer
Mortician.Services
InvocationClassSpec
ReaderProcessConsumer
ClientService
RepositoryProcessConsumer
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423360
CountMerchant
String
EntryPointNotFoundException
SetMerchant
ReadMerchant
CalcMerchant
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
_Listener
DisableMerchant
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
process
m_Initializer
.cctor
ComputeMerchant
ivk_start
m_Class
instance
Replace
ForgotMerchant
RunMerchant
config
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
PostMerchant
FromBase64String
Encoding
System.Text
get_UTF8
GetString
ListMerchant
_Callback
SelectMerchant
StringBuilder
ToChar
Append
ToString
PrintMerchant
ManageMerchant
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
PublishMerchant
Action
TestMerchant
QueryMerchant
InsertMerchant
CancelMerchant
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
noitcelloCepyTyBdeyeKcireneGsnoitcelloCmetsyS53214
Func`5
indexer
_Server
_Request
_Adapter
m_Specification
WriteMerchant
LoadLibrary
kernel32.dll
ConcatMerchant
FreeLibrary
ConnectMerchant
GetProcAddress
kernel32
m_Descriptor
CompareMerchant
MapMerchant
GetDelegateForFunctionPointer
Delegate
ReflectMerchant
_State
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
lredaeRmotMlmXlmXmetsyS54758
lpNumberOfBytesWritten
exitCode
handle
second
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesrotareneGtcartnoCecivreSnoitpircseDledoMecivreSmetsyS36901
hNewToken
hThread
pContext
visitor
caller
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
_Policy
_Container
m_Helper
proccesor
_Parser
m_Stub
_Registry
_Param
_Parameter
decorator
m_Thread
_Composer
comparator
_Strategy
_Broadcaster
_Printer
_Interceptor
_Order
m_Writer
m_Params
identifier
m_Connection
m_Info
candidate
m_Base
_Database
definition
_Reponse
_Annotation
_Customer
_Product
m_Consumer
m_Getter
tokenizer
FindMerchant
ExcludeMerchant
C976CBBDDCEB61ED8C9BCA24C307E67F45758EA5
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
JneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865kgjHSwhITsDMz8tHT0NFw==
JneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865RQnDywLAD0UDg4r
FneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865kk/CBcUJSQbATwuHkgjHi18Gz0qDiAhJRczFxg7SnU=
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865T0jHSwbGz0XESQ0EjI/Ehd+ITItPktl
FneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865kgNEi1+IQEXHkMzJT0gWQ==
FneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865CI7PCx/FHoADzQhJUg7CC1/OnU=
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865xQnMiwhRiAtDywoHSIRNBQgOSQXeiQoJUhBWQ==
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865xQnJiwLDz4XezBoHSwvFC0iJXkXHg4WHS1EEi0iHHU=
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865Uk/FCoLIRktJE8yHSI7HhobITwsejxt
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865UhMVwAmJQAUESQNJjI/CBcbJQwse0NoHSIdVA==
FneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865UgjVBgLHzEUHjAzFkhMESoLIXwqCEtl
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865UhMVwAmJRwUESQNJjI/CBcbJQwse0NoHSIdVA==
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865kgjVBgLHzEUHjAzFkhMESoLIXwqCEtl
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865hcjHiobRiQYDh4hHS0zDw==
neGssalCtneilCnoitpircseDledoMecivreSmetsyS32865
FneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865UgjVB9+Tj0te08rHSwRFCwhJT4qPktl
IneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865yI7CC0mOjECJCQrJTtIWQ==
EneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865kgdEip9EzgsJCQuIw1IWQ==
noitcelloCepyTyBdeyeKcireneGsnoitcelloCmetsyS53214
Replace
FromBase64String
GetString
GzudNLwHNIvX
VneGssalCtneilCnoitpircseDledoMecivreSmetsyS32865FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUJmVWV0d0FBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUEzc1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBME40QkFBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFJekZBUUJQQUFBQUFPQUJBT1FFQUFBQUFBQUFBQUFBQUFESUFRRG9DQUFBQUFBQ0FBd0FBQUJ3eFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE3TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU9RRUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Mortician.exe
LegalCopyright
OriginalFilename
Mortician.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic malicious (high confidence)
DrWeb Trojan.PackedNET.972
MicroWorld-eScan Gen:Variant.Bulz.699108
FireEye Generic.mg.2744d06ccec54b48
CAT-QuickHeal Clean
ALYac Gen:Variant.Bulz.699108
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Bulz.699108
K7GW Trojan ( 0057fbdb1 )
K7AntiVirus Trojan ( 0057fbdb1 )
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@aia0tWo
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.Bulz.699108
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
CMC Clean
Emsisoft Gen:Variant.Bulz.699108 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Bulz.699108
Jiangmin TrojanSpy.MSIL.bswn
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=100)
Antiy-AVL Trojan/MSIL.Kryptik
Kingsoft Clean
Gridinsoft Malware.Win32.GenericMC.cc
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee RDN/Generic PWS.y
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Spyware.RedLineStealer
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Msil.Trojan-spy.Stealer.Hqbs
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
eGambit Unsafe.AI_Score_100%
Fortinet PossibleThreat
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
MaxSecure Trojan.Malware.73709669.susgen
No IRMA results available.