popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2074-10-02 19:43:33

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0005dcfc 0x0005de00 7.99011814929
.rsrc 0x00060000 0x0000c4cc 0x0000c600 4.09823113732

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0006ae4c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0006b2c4 0x00000076 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0006b34c 0x00000422 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0006b780 0x00000d48 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.
`.rsrc
v4.0.30319
#Strings
get_antigua_16x16_32910
ConsoleApp11
get_antarctica_16x16_33151
button1
get_austallia_16x16_32912
66840DDA154E8A113C31DD0AD32F7F3A366A80E8136979D8F5A101D3D29D6F72
button2
get_aruba_16x16_32923
get_armenia_16x16_32925
get_UTF8
get_argentina_16x16_32919
<Module>
<PrivateImplementationDetails>
System.IO
set_IV
Qjrjhsoa
mscorlib
Form1_Load
Form2_Load
add_Load
RijndaelManaged
Synchronized
<Integer>k__BackingField
<Bools>k__BackingField
<GetClass>k__BackingField
<Text>k__BackingField
defaultInstance
set_Mode
set_AutoScaleMode
CryptoStreamMode
CipherMode
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Console
DockStyle
set_FormBorderStyle
set_WindowStyle
ProcessWindowStyle
set_Name
set_FileName
WriteLine
GetType
get_Culture
set_Culture
resourceCulture
ButtonBase
ApplicationSettingsBase
Dispose
TryParse
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ConsoleApp11.exe
set_Size
get_BlockSize
set_BlockSize
set_ClientSize
get_KeySize
set_KeySize
Padding
Decoding
Encoding
System.Runtime.Versioning
disposing
System.Drawing
Ajmqbfdsmskvjgqug
button2_Click
add_Click
PerformClick
set_Dock
Zfiolirccuk
get_Qluudvkacomkcslcl
System.ComponentModel
ContainerControl
CryptoStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
resourceMan
set_TextAlign
set_Margin
Application
set_Location
set_TextImageRelation
System.Configuration
System.Globalization
System.Reflection
ControlCollection
set_HelpButton
CultureInfo
ProcessStartInfo
Bitmap
InvokeMember
sender
Binder
get_ResourceManager
get_Integer
set_Integer
EventHandler
System.CodeDom.Compiler
IContainer
set_UseVisualStyleBackColor
.cctor
CreateDecryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Ajmqbfdsmskvjgqug.Form1.resources
Ajmqbfdsmskvjgqug.Form2.resources
Ajmqbfdsmskvjgqug.Properties.Resources.resources
DebuggingModes
Ajmqbfdsmskvjgqug.Properties
EnableVisualStyles
Rfc2898DeriveBytes
GetBytes
BindingFlags
Settings
EventArgs
get_Bools
set_Bools
get_Controls
System.Windows.Forms
set_AutoScaleDimensions
System.Text.RegularExpressions
RuntimeHelpers
get_GetClass
set_GetClass
Process
set_Arguments
components
Oslrcoklszlqputvqfys
GetObject
WaitForExit
get_Default
SetCompatibleTextRenderingDefault
ContentAlignment
InitializeComponent
SuspendLayout
ResumeLayout
System.Text
get_Text
set_Text
IWin32Window
set_CreateNoWindow
set_TabIndex
Decodersx
InitializeArray
ToArray
set_Key
System.Security.Cryptography
get_Assembly
GetAssembly
Uawuxmainlokz
Kxsawjcpqcvmbjivalz
WrapNonExceptionThrows
Windows Setup API
Microsoft Corporation
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
$c915a13a-4926-4830-ae3c-55752e992d10
6.1.7600.16385
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD9
ViDv9&
+`!"d;
W}x)"OB
,\3kGx\&
x3WvKa
8cvPaP0:
,:o3Y.
brApdL-
5.9o4[
Z-yi?)&O>
VUS.[BB
JZZo"
{PnxY
h%[39Ep
+Bx)Cz/
GgY9v3
37^#6i&
C0414?
?7?oP3
c>>p.M
OsCu_&
~=M(9%
LEoLi4
Nv0bfU
XNG=pp
)xE+Q}
{GiRYCut
>(L=vk
TbE7^#?
Kx]Au7
c> |~GQ0|!
1!y7MS
Nu>9j-
8Qt"rL
.[DAhRt
JP7K*N
o?YrYw=
"}IHnTA
,@)i3
h^6p$4
0t&}ft
pvLo()
]fe\~ s
&.'fXE
0OZoI,
zC)G%A2!f<%-
55L.@2
m@S9r9
ND(xRl?
`ONCYA
9Jp/<b
~Avv<@
"fnZRr
r,I}P
9`}y"d
C!1\~_
0B952#
Q+GFB4
$f!,:R
k!! M[!
SZLlsKc
]j<k6J
@7SQ+P
rM*)gQ
,sr>?\
_7IZP1[
CnyOmWqA
eb[ BQC
Fk}EO.
bguq&n
n"^mna
cl:7DM
;NO6PE`?3M^5
'U#4[};
>_[50P
)c6ozI
XI`Eu4
jMGG"WS
><mC3=
=.IU"P
9=`a7)
<X?=]Cl
EFN#>
Z~iDh4
}muBNA
QFY`!K
[yAKn!qy.
JolM&15;u
^Mwkx*
&>"kTQ
1Q{m|dH
4Hfk=$
r3+R/J
dG"QMig
CBI}$(&9
'Y),#G
=?|Mz
^E<tjSYQ
eMmy,r
K'9g!Z
up^"j$i
l')Ybq
}L0PRQo
#{}ihd
!W<5OScs
ET;9`
q/T.Ce
Gm7Y+7
pp_Uwh
D\y*,2p
v/|=x@
do&b={:
M$;*G
Qc<s@jy
am0Sshr~
uX<:Ug-#.6
eNG`kc
E*N82De6
@Y*|VN0#
cCDMU1
%V9SmI
7#HDn&
fx[oJhs
J;+o)a:
UO{C
18uHI):
;t]M\p"
UUBG3X#Y
8~r)u
h~Jxg9
k:<)we
!FCs_]
/N|I`4$![{]
q{z`xp
F._B^V
awAhX
SLl5Dm
<*vlMb)
tS86c;
S=B{mp
Li^j7V
-h!$<c
8,XgJ7
Y|Em|z
l3ZIEnv
mx{7xe6
!0=%l/
b:ZwhZ
=wCRH';p
VlZXl@
_>=_6
*FNXrFQ
EA4r9TF7X%
!7aYv4|Dm
T88b-f[
*%%aLx
00rT4g
bla`!7
mzOg6Z
k;{22N
5GUNJ.@
3eYME4
EeY$(^
!B(.4&Z
3AQjsU
pE9E2f
K-&Fq
rIg&K.
<$@w>=
9Vrr(z0>x
}(Z_0yL
0),(fu
-\<@g=
@(wL]2
WV+S:F;
{b?BYB
&cCUUy
Q% tn[>
"vaI:Q
&4(z%v%
R*=+-_
-HQUR[
3}|}.)g
wcJo/
Y=WPp/
3pcS;eP
X@TX)|H2T4;
-{]^'\
TiE#5~
y3RInQ
H6tKsB
^4D'"F
!,@|YY(
V"&-*o
x-\61F
j}F"py
4'n{I}
zdo|7z+#J
2b&!fz
:dB;!A
CsU_bRH
,I~W]~
Bkj(!f
jOd),!v
>#uDp9
[USbO
*J%_vh
r`M:7c0
%D$.7q
K5vD5P
E?uin+|
EWqnXN
%s1#MP.5
4"//>,
5|'4iaH]
64a3qy
%IK*o
P!='=h
YkpZtL:
Xq}dKm
*g#=\
|)>t6l
#9IM0Ks
\2_%<Tq
n#ePO[P
(!O-2s
jq]^Za
Ry#4tU~
jj57D>Kb
W9FYazn
EV(`dy77}:
Lrx{3
ZEd?(Z-K
9;DX vi
C'6"i.bAb
bV^aB
$rE]+tJ
hAla/[
a8}p@(
<8\F|VTu
e7q+P{
S[gPb,
Z_z2j*$jOH1
_!WmS/'
)W{HJ#
TM%8g$
muk</W
(>V E\nUo1
oT`$|b
GTsE3S
u@\JV*
"<Q1p~Um%I
Y2wzMC
KObR@w
JdsV>.+
=zyP&Kj
.([;xM#
u9~CHC
vjf7{]
4(K\}<
kQz*Oa
\wn9j1
Aec-mMN
gOTrfz
#dg!]G
Q*sN?)
@yKLN'X
g6;.|a%
^nBzQH
3Rn5Rj
zT?i_,
sGam.1
5yK v<
!2,W_J
uhc2^B
kJ8<q+
w-1?V}^
R.=07v)
8de;Z~
vt}fKv
(Dln"`G
2Ga\&$
) ubJb
yD%U6W7B
j|c`JDV
7L/=1Cl
kD 9z;
DWGjk}
'RGh~"
45Jr]3
]F&OCQ
#nv8/O
w|y{~L^
Su79%c
#Pl,+"
-ZstUT4
3I'i^a
&Qf-uW8x
=Z[Db#ao
<N3hzL^
>Hsz>-
w~`68AjC
P}DI,ri
8W>)Wf
,[a.=n5a
f+Hq1@
@y8L!];Z+q
c<YID
F"{B3D@<v
QE``T
L[SKr`=4
MB{q|u
=XT 'ud
'ZA{;7
pkA/``E
D!@29)w
rM+}t|
VOd/<14
B*@x\I
fMU<rlEL
.Vy^oOf
7<:!::3
tg!4"ZM_]
4!"R'I
M7w?]]
(dSc#m
KhELr,
,5u_(5D
.6Zu t
vW?:,@59Z
t0YD;#*
MU;MXU}
]=~#W@
~ `Y^(
jBZRT(
G9mRZ~o
zF<l/:
}A1>3[pg-
Nuq`Zn
N&H8n&%
(l8o|\
?Q^Q|W
Q) M"u
B5f{_$Bu
M:B5Po
%B?g(1
==mfxX
awMa\d5
w&h?{:C
S]M3s2
zrg"1@
&!s0"1C
DM%l]s
KcIKi-e
,8qe@"
su.2Y&-
2JF5YO
L[$zZk
R*97c\5
Lj3>G6j
I0uMhE]
/);u(k
!yppb(
:9rT:F
oO?"E!]
:<W9X<
:*&'(!
jMd!fFTF%r
81^^nH^
6}(&?E
:8pBFJ
_Zla'lSF
@%:;v(
k~rUIp
N35-ox
gN#jv'+
Bz_. @\w
LWVSN(Q
(5#6N;
*O\dE
'&HXa[=R
,Ak<Ux=%
= 'udYEs
b)t,S7
X:ZnC^;
)9[cda
Qa7clF
s%T=3PS
z[HWS#
x0Z7|B
{BflI#
k,~Z~'
26p".K
2cTI5R
sgP^@z.
^HGz+n
ROTwd4
Gj:pQ+.
o%\Bn;H
2B,Mmg
~z.ob]q
G#t9hQl
)8%lWE
Gk /1#
nBQ||4
-\lgB?
x?o_XU
&n\)v_
HG)&dipT
Z`^g:y
^8TQm
D2w(`a
D@qP&n'
jJ=1Dh
]W;dJR
4qGEfI
.Tl&u~
+IxEQ$
YvZS*n
-=\7B rB-
Kz_[r)
M~(k!&6Mf
+bn8ZJ
!g3<''
k&l9^tI
du%!GI
4lSB>&N
My<?xd
)?e%
+[RiBq
M]7":z
+S`zxfW
Fx"8]F
_$:P&_4
9Dv=G9w
VIE(hA
U {R#}+
u~se#$a
j=xI~4
]jq]]z
EtH4$C
XLA`6O
Ao09A8aH
>~&wHi
^<<Cgm
88{}2n
&\K^(e
=P)uGD<`
?\/QlU
:{%-X^
H6N@Ca
n9\:]f
mFuRF4}X
pML86
) "n%)_
~43SM=
>-d*F+
mkAn"G
m]QCW0
u94Bm.^
(u>L1e
sC.EE_)
n/Y"(t?(QaT
X.*a[I!
mBoA.P
r+Hm*vp
?v71.7
Ed,..(z
@t;:(G
@V=-GN
<$"ib=
]~Lvi?S2B6
^d}|;i
}JZsz[
8VJf']KMl
4gATq~=
,QANns
Jy=G{t
T?vVG*
`Wmqmu
{D;;2S`
6O8pA'U%l
H,o=pma
xO5J^X
yH9M(r
p!?^f2]
mFEbc u
A)/xh2,
wlDwC|
D<5f|3
Bot%}y
.qKPk
faJ4-S
GG.7k)
Y1q.D/b
t-9/zB)^d
9l8=uj
$hoGu'
*fE``|
qeQ~wh
"GB/F.
!q;V k
[,-;O8
ju!oNpj
+1\',n
~1;%pdh
$e6D9
q^`z^
Z.`aI
]YmS-j
_~zz:9p
M 3)f*
w+}hDt
V*F0(Mb
m$DyHq
G"gdiKG
4`bNk?
}1m|0a
BVsDuS
XGR37y
LN8{H%
@B<FdF
XVnZ6
GOd{00V`,
<Ler81
tk\^k.E=FB6n
(-?Ex(oD
4fDCY
J{,Jp0{$r
qZf]_
N=C3NC
Q{pNsg
O'vGR<
d}!"/l
mnz=K?
)Cag~
q,H}8
g]&*&s
M"QK'Z
nA,[bX
tgz6`lc
w8E ,.x=
>#Hh&)
!xM_OVw
,4ss&&
m[(<F(
8un}[T'
}S&L`~
9R}4*h
A7]&H0PBF
Z5)H/J
2j3K[5
dt*YDM#;M
8 !dHK
s=7+J>
z8i[H.
{,|Fzx
tOe+G2
R}83.r
A+x'yW
ut'+N^
DqP$e]S
f]pxr(H
t_$ 7+,
KLAoA+C
vV!uq;3JI
g+7{4Ka
1ShSXP#o
byi=H*
MkW@|M
{=F$|g
m.YQ$!&Ld
<f%+N^
kS+HF$
EjZ<LT
/hgDRW,F
`;hOYY+b
7?IfQE
c}4.%jw
`M`P02
6.`(hn
xb=c:&
:<0#AG
[kY=(u+
ka}81[L
zyEeQb
6g0{6K
L[#_W4
W(P%Oa
.&KtUj
C\aBiE,
mWbV'}
]$$]Uy]
*,yv&e
AcGx .
-A|,v<m
$3iKloH1
eAp`&F
+JMMrH
7#R((-y
)]%7 X
x\3&<9c
+PN&^;
XF$J5`!
sI[L=b
6w72S;
ESpZyfl3
wT B(d
z{h][(0
w5p1V2
|^_g[h.J
A{gK9q
Y#2@]F
%v3^bf
W)"Catg
&gfhhkA
. l}>L
%v@EO
^#as[_
3~q2;
:xX5A8
RynW2]\
>{l*YT
+]Yve"
Sgs6jaX
A"RHYB
1DdSYL
k[?Nff/:
/]BKlZ
|KZiLx
^ec/D1
K,}+x8
V(`U=3I
'xd#>3
f&?#fz}M
m\{lo2
66 50Q
2tiK=V
9!2Yt[
FWk*q$h
+'u+Z>'w
k%\$'ix
)v!'{|1&
+NMV.^
O"voC"
K2J*k
u'Qqzt
T&|U[i\
sYvS xr
5+!F1S
WX(lFG
OJ+1E<
x3DKe#
6h9-Cf
jl6C.LI
X:wuEbyeCz"2
o1*VQ
fp9lHk3@4
OH$qy:
<F@1m4
_EpRoW
1}}l%pPFZ
D;K/?!^Wz
q)S[:'
T!s^!{
',:'*~
A5hcesYFQ
{E"zyL
,b;[v>u
RIa#^"
Rc^"|5=x
iF|mv\H
!_3x!
w&P*[v
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAT8Oc
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
FIDAT8O
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAT8O
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
/IDAT8Oc
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAT8Oc
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAT8Oc
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config.
Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415194533Z
210415195533Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
201105000000Z
240102235959Z0
Private Organization1
077516491
London1
FACE IT LIMITED1
FACE IT LIMITED0
taSl(mz
1H/v[P
GB-077516490
1http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
1http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
https://www.digicert.com/CPS0
http://ocsp.digicert.com0H
<http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
120418120000Z
270418120000Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)0
+.+1Xf
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
.http://www.digicert.com/ssl-cps-repository.htm0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert EV Code Signing CA (SHA2)
?qkK9f$
20210618121718Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210618121718Z0+
/1(0&0$0"
powershell
-enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMgAwAA==
Qluudvkacomkcslcl.Configurations.Registry
VisitHelper
button1
button2
Ajmqbfdsmskvjgqug.Properties.Resources
antarctica_16x16_33151
antigua_16x16_32910
argentina_16x16_32919
armenia_16x16_32925
aruba_16x16_32923
austallia_16x16_32912
Qluudvkacomkcslcl
Uaqlsyhsrgbmwiqw
1 One, 2 Two, 3 Three is good.
Qluudvkacomkcslcl
antarctica_16x16_33151
antigua_16x16_32910
argentina_16x16_32919
armenia_16x16_32925
aruba_16x16_32923
austallia_16x16_32912
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Windows Setup API
CompanyName
Microsoft Corporation
FileDescription
Windows Setup API
FileVersion
6.1.7600.16385
InternalName
ConsoleApp11.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
ConsoleApp11.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
Assembly Version
6.1.7600.16385
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Seraph.a!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37591896
FireEye Generic.mg.7b4cdcad8ab6a420
CAT-QuickHeal Clean
McAfee Artemis!7B4CDCAD8AB6
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Trojan ( 0058266d1 )
Alibaba TrojanDownloader:MSIL/Seraph.63db5286
K7GW Trojan ( 0058266d1 )
Cybereason malicious.11b88c
Baidu Clean
Cyren W64/Trojan.GCBJ-8594
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of MSIL/Kryptik.ACUE
APEX Clean
Paloalto generic.ml
ClamAV Clean
BitDefender Trojan.GenericKD.37591896
NANO-Antivirus Clean
ViRobot Clean
Tencent Msil.Trojan-downloader.Seraph.Aiim
Ad-Aware Trojan.GenericKD.37591896
TACHYON Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
CMC Clean
Emsisoft Trojan.GenericKD.37591896 (B)
Ikarus Malware.Win32.Injector
Jiangmin Clean
eGambit PE.Heur.InvalidSig
Avira TR/Kryptik.bccdf
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win64.Downloader.sa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Seraph.gen
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
MAX malware (ai score=100)
Malwarebytes Malware.AI.4235038353
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CIG21
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Seraph.ACUE!tr.dldr
BitDefenderTheta Clean
AVG Win64:RATX-gen [Trj]
Avast Win64:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (D)
No IRMA results available.