popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2069-03-31 03:20:54

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b954 0x0006ba00 3.73056371982
.rsrc 0x0006e000 0x000002ac 0x00000400 2.18578146723
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x00000254 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Galleasses
Galleasses.exe
<Module>
ProductItemRecord
Galleasses.Records
Object
System
mscorlib
AccountSingletonDic
Galleasses.Dictionaries
<>c__DisplayClass2_0
Galleasses.Stubs
ClassModelWorker
Galleasses.Workers
<>o__4
ExporterDecoratorContainer
Galleasses.Containers
<>o__5
Attribute
Galleasses.Shared
Strategy
DecoratorSingletonDic
TaskPolicy
MulticastDelegate
Schema
CodeAccountQueue
ServiceAccountQueue
ParameterItemRecord
Exception
InitializerSingletonStub
Invocation
PrototypeSingletonStub
Repository
RecordFieldBridge
Annotation
Galleasses.Queues
ValueType
Wrapper
ModelSingletonDic
InfoModelWorker
BridgeAccountQueue
RequestSingletonStub
VisitorTestsConfig
Galleasses.Configurations
PageSingletonStub
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423468
ValidateMock
String
EntryPointNotFoundException
SelectMock
NewMock
SortMock
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
callback
AddMock
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
m_Account
decorator
.cctor
CollectMock
min_ord
_Model
Replace
CancelMock
PopMock
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
CountMock
FromBase64String
Encoding
System.Text
get_UTF8
GetString
VerifyMock
m_Exporter
_Tests
CallMock
StringBuilder
ToChar
Append
ToString
WriteMock
DestroyMock
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
ForgotMock
Action
SetMock
InstantiateMock
_Field
StopMock
SetupMock
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
noitpecxEemaNetacilpuDataDmetsyS48175
Func`5
setter
m_Specification
m_Observer
_Worker
m_Attr
m_Visitor
InvokeMock
LoadLibrary
kernel32.dll
RegisterMock
FreeLibrary
VisitMock
GetProcAddress
kernel32
_Struct
LoginMock
ChangeMock
GetDelegateForFunctionPointer
Delegate
FindMock
interpreter
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
object
EndInvoke
result
lpBaseAddress
lelbaremunEJIqniLnosJtfosnotweN6873
lpNumberOfBytesWritten
instance
exitCode
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesredaeRlaretiLniamoDliaMteNmetsyS34373
hNewToken
hThread
pContext
visitor
connection
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
_Merchant
_Event
predicate
_Token
m_Connection
definition
serializer
m_Process
_Facade
m_Expression
_Object
m_Dispatcher
m_Publisher
m_State
m_Parameter
client
reponse
_Registry
_Resolver
m_Rule
m_System
m_Broadcaster
m_Consumer
m_Writer
parser
m_Adapter
identifier
m_Algo
getter
_Container
m_Property
proccesor
CalculateMock
ReadMock
18FB35F4C52B45F04586625CA172F8CCB752557B
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
BxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236Xo8ICsPET0IIwEXPg8SKg==
BxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236iY4MislMDsfHjAR
NxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236XsgNRA6FSIQEQIUPXo8IypSKzshHh4bBiUsKh8VenM=
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236g88ICs1KzscARoOMQAgLxBQETQmLnVf
NxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236XoSLypQEQccDn0JBg8/ZA==
NxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236xAkAStRJHwLHwobBnokNSpRCnM=
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236CY4DysPdiYmHxISPhAOCRMOCSIcahoSBnpeZA==
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236CY4GyslPzgcaw5SPh4wKSoMFX8cDjAsPh9bLyoMLHM=
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236nsgKS0lER8mNHEIPhAkIx01ETonagJX
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236npTagcIFQYfARo3BQAgNRA1FQona31SPhACaQ==
NxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236no8aR8lLzcfDg4JNXpTLC0lEXohGHVf
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236npTagcIFRofARo3BQAgNRA1FQona31SPhACaQ==
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236Xo8aR8lLzcfDg4JNXpTLC0lEXohGHVf
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236SU8Iy01diITHiAbPh8sMg==
xTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236
NxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236no8aRhQfjsma3ERPh4OKSsPFTghLnVf
AxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236BAkNSoICjcJNBoRBglXZA==
MxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236XoCLy1TIz4nNBoUAD9XZA==
noitpecxEemaNetacilpuDataDmetsyS48175
Replace
FromBase64String
GetString
dHjYIbGNEYHb
VxTweNllaCdohteMsulPmoCnoitargetnImoCledoMecivreSmetsyS49236FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQU9sbUVNWUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUEyc1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBVTlBQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFJakZBUUJQQUFBQUFPQUJBTlFFQUFBQUFBQUFBQUFBQUFESUFRRDRDQUFBQUFBQ0FBd0FBQUJzeFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE2TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Galleasses.exe
LegalCopyright
OriginalFilename
Galleasses.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.699108
FireEye Generic.mg.549e51ddb6b22c9e
CAT-QuickHeal Clean
ALYac Gen:Variant.Bulz.699108
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0057fc101 )
BitDefender Gen:Variant.Bulz.699108
K7GW Trojan ( 0057fc101 )
Cybereason malicious.ab65b3
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@aS4v3o
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Clean
Tencent Win32.Trojan.Bulz.Svrq
Ad-Aware Gen:Variant.Bulz.699108
Emsisoft Gen:Variant.Bulz.699108 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=84)
Antiy-AVL Trojan/Generic.ASMalwS.349C0CE
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Gridinsoft Trojan.Win32.Packed.ns
Arcabit Trojan.Bulz.DAAAE4
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Gen:Variant.Bulz.699108
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee GenericRXPZ-YL!549E51DDB6B2
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIG21
Rising Clean
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
MaxSecure Trojan.Malware.73709669.susgen
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.