popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2088-05-02 03:10:22

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b8f4 0x0006ba00 3.73146530507
.rsrc 0x0006e000 0x0000029c 0x00000400 2.15416706722
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Unblest
Unblest.exe
<Module>
GetterSystemLicense
Unblest.Licensing
Object
System
mscorlib
WrapperMapperWatcher
Unblest.Watchers
<>c__DisplayClass2_0
WorkerMapperStructBuilder
Unblest.Structs
Configuration
<>o__4
Mapper
Unblest.Roles
Unblest.Database
<>o__5
FilterVisitor
Unblest.Visitors
ModelItemMessage
Unblest.Messages
RefDispatcherPage
Unblest.Pages
Getter
MulticastDelegate
CreatorMapperStructBuilder
CandidateStateConsumer
ExceptionItemMessage
ThreadMapperStructBuilder
Parser
MerchantStateConsumer
CustomerStateConsumer
BridgeItemMessage
Factory
ProducerWrapperDic
Visitor
PrototypeStateConsumer
Unblest.Consumers
ValueType
ProcessObserverAttribute
Unblest.Attributes
PrinterStateConsumer
ConfigurationMapperWatcher
RequestItemMessage
StatusVisitor
ItemMapperWatcher
Exception
ObserverDefinitionRole
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423336
StopAttr
String
EntryPointNotFoundException
NewAttr
ResolveAttr
PatchAttr
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
m_Decorator
DestroyAttr
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
m_Attr
m_Wrapper
.cctor
CollectAttr
vis_ID
Replace
SelectAttr
PopAttr
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
QueryAttr
FromBase64String
Encoding
System.Text
get_UTF8
GetString
CountAttr
_System
InsertAttr
visitor
StringBuilder
ToChar
Append
ToString
RateAttr
GetAttr
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
RestartAttr
Action
CheckAttr
SortAttr
definition
LoginAttr
ReadAttr
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
droceRecarTlennahCelbaileRscitsongaiDledoMecivreSmetsyS1641
Func`5
_Iterator
_Record
_Authentication
m_Field
m_Tests
_Publisher
AwakeAttr
LoadLibrary
kernel32.dll
CloneAttr
FreeLibrary
AddAttr
selection
GetProcAddress
kernel32
_Observer
SetupAttr
CalcAttr
reference
GetDelegateForFunctionPointer
Delegate
MapAttr
m_Dispatcher
second
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
lreganaMtropsnarTpcTevisulcxEslennahCledoMecivreSmetsyS72517
lpNumberOfBytesWritten
exitCode
handle
config
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesrezilaireStxetnoCesneciLemitngiseDngiseDledoMtnenopmoCmetsyS86043
hNewToken
hThread
pContext
counter
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
connection
nCmdShow
m_Rule
_Predicate
annotation
m_Setter
m_Container
client
_Database
m_Exporter
_Config
_Struct
m_Template
_Issuer
_Property
m_Collection
m_Message
m_Bridge
indexer
schema
prototype
m_Candidate
_Merchant
_Customer
_Broadcaster
_Object
_Initializer
_Class
manager
_Attribute
m_Writer
m_Helper
m_Utils
SetAttr
UpdateAttr
instance
B250F102EC583D90ABEC2A667B166D62BE496A0E
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
DMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316F4QNzMIAhsMFyQZHAkpFg==
DMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316wIUJTMiIx0bKhUf
PMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316F8MIgg9BgQUJScaH3wHHzdYLRgJKxA3MwgSGxcaUFE=
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316ysQNzMyOB0YNT8AEwYbEw1aFxcOG3tz
PMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316F4+ODJXAiEYOlgHJAkEWA==
PMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316jQIFjNWN1oPKy8VJHwfCTdbDFA=
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316QIUGDMIZQAiKzccHBY1NQ4EDwE0XxQ+M1dgVQ==
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316QIUDDMiLB4YXytcHBgLFTcGE1w0Oz4ACzJlHiIDBlE=
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS3731618MPjUiAjkiAFQGHBYfHwA/FxkPXwx7
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS3731615/fR8PBiAbNT85JwYbCQ0/EykPXnN+Cz08WA==
PMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS3731614QfgciPBEbOisHF3xoEDAvF1kJLXtz
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS3731615/fR8PBjwbNT85JwYbCQ0/EykPXnN+Cz08WA==
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316F4QfgciPBEbOisHF3xoEDAvF1kJLXtz
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316AEQNDUyZQQXKgUVHBkXDg==
MevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316
PMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS3731614QfgBXbR0iX1QfHBg1FTYFExsJG3tz
CMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316TQIIjIPGRENAD8fJA9sWA==
OMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316F4uODVUMBgjAD8aIjlsWA==
droceRecarTlennahCelbaileRscitsongaiDledoMecivreSmetsyS1641
Replace
FromBase64String
GetString
mlFNQeThAm
VMevitaNefasnUrenetsiLnoitavitcAledoMecivreSmetsyS37316FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUFKTmI1b0FBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUE0c1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBdnlRQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFKREZBUUJQQUFBQUFPQUJBTlFFQUFBQUFBQUFBQUFBQUFESUFRRFlDQUFBQUFBQ0FBd0FBQUIweFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE4TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Unblest.exe
LegalCopyright
OriginalFilename
Unblest.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agent.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.699108
FireEye Generic.mg.96ff8ba929c9de23
CAT-QuickHeal Clean
McAfee GenericRXPZ-YL!96FF8BA929C9
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0057fbdb1 )
Alibaba Trojan:Win32/Kryptik.ali2000016
K7GW Trojan ( 0057fbdb1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34142.Bm0@auvdMV
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIG21
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agent.gen
BitDefender Gen:Variant.Bulz.699108
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Avast Win32:MalwareX-gen [Trj]
Tencent Msil.Trojan-qqpass.Qqrob.Hwmx
Ad-Aware Gen:Variant.Bulz.699108
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
CMC Clean
Emsisoft Gen:Variant.Bulz.699108 (B)
APEX Malicious
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
ViRobot Clean
ZoneAlarm Clean
GData Gen:Variant.Bulz.699108
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
ALYac Gen:Variant.Bulz.699108
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Ikarus Trojan-Spy.MSIL.Agent
Zoner Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.63435a
Panda Trj/GdSda.A
No IRMA results available.