popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2088-06-04 09:30:08

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
>5o\x07/3}F 0x00002000 0x000056e4 0x00005800 7.99168839279
.text 0x00008000 0x00005c00 0x00005c00 5.44023067356
.rsrc 0x0000e000 0x00010e48 0x00011000 3.93656255513
.reloc 0x00020000 0x0000000c 0x00000200 0.0980041756627
0x00022000 0x00000010 0x00000200 0.122275881259

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000e164 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x0001e98c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001e9a0 0x000002bc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0001ec5c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x422000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
ljn ([
iVNbNb'
|B?2sM{
N]rUf,
}BD#b>
,5XD/=2
7=5@;u
TYt^D^B
DWiGnW
@Cu*u5
_[|S,P
g1%#+.s
o[7\N3G/O
3%o0HLI
gbnv\a
2B Ny^E)T
L:;p@H
4<mK`#6
N!L:2g
WoC+%d
PaylsqzE
Pg.y d
n99"g
3A:W,c
5 ]BuFW1
f$F<d^\M
+)u>sb
&]VR0?Y
Q~)22sO
?u0w=/
zM.-4y
Oj:BuJ
Ux&D1J
K0Z$cg
;Pq++H
vdzzdZ&))
Fh_/8I
*iKlu
iC/Pwn
')7kE`
wzY O?
,LzxN]1-e
N{3lfWc
QMXAiC
xL#i0`;p(
})KI!3
KC5iXV
q[T#KD
NFKR<K25
Z >Fcia8
#zna80
lp5AZ
C^{4Z n
vZ lD"
b Lx.
_CorExeMain
mscoree.dll
v4.0.30319
#Strings
#Strings
#Schema
x{ sa>
jqs1pv3x
mscorlib
SuppressIldasmAttribute
System.Runtime.CompilerServices
<Module>
TaskSchedulerException
vlk05n2k
Assembly
System.Reflection
lvv302i0
.cctor
_methodBase
IsDebuggerPresent
kernel32.dll
UnterminatedBracket
CheckRemoteDebuggerPresent
OutputDebugString
FormatSignature
NtQueryInformationProcess
ntdll.dll
ICustomAttributeProvider
CSIDL_COMMON_OEM_LINKS
System
Process
System.Diagnostics
IsProcessorArchitectureARM
l8s0jsts
VirtualProtect
sd1n4fbh
9f5qv5s0
oodk9771
zjjgej2c
n61411iu
0fa9cy8z
ResolveEventArgs
ep0gdboa
qsxgm12u
Get_ClockDateTime
ValueType
<value>5__3
ReadParamPtrRow
Get_Items
IPermission
IArraySortHelper`2
UnsafeValueTypeAttribute
AssemblyCompanyAttribute
GetMonthName
b2296c69
odvmoctu
h4qf4mz3
wzmzyw1y
8dynhsh6
qsp3m0kd
8sydoja1
j6j2nlfc
zkyjtgbp
bct2ssue
k8i1zlue
bhmf0pn3
Object
dyqht4as
ejl6s004
dkmuwo87
Stream
System.IO
lepqcpnn
2u3b2idb
3p505p1a
7syq0oeb
opvu27om
0zot16m3
nnh4m5f9
bw80p5bq
vlo0yoqq
qv487mwx
u2h3v8qk
h8yo3fuf
x89nqme0
82m3bhby
0jozxi7x
6d221byl
ayk0nhfh
xi64vyja
60ot26so
bltnvni6
da3m8bk3
ehbonccg
5262wfve
ap7y67p1
ls5op9x3
j88p7aph
jlfunteq
gwv4xl7l
t8uwf424
fn6za1ea
o18d37t9
60p2b7ah
3oeium3u
7yb6t1k4
kimhcoz9
wxzeo25x
5g7wpgem
om5ue6t7
t6nybvpz
1u4dip2h
3jguo6zf
iss8mvx2
pmywit02
i9y6dahg
34gex9fb
ec105nk0
jmztnkeu
w70efm53
l0jj2dv7
ljyfnv6u
yxq4t4em
cu8jthyf
zgx8yxee
5oal5zmd
dao4ieu1
8uq3kbdb
f68cy3wi
23ejzazq
sc9azyw2
bweqoigo
lfgfo3c4
c7wunahy
0a1u77c4
zwnt4da0
ilt5tqi9
pxhbehel
v3ommsj8
zbca2bkb
694li31t
lvsycjlg
t2y8ktfj
lckxxjdt
vz8u4uc1
0f94bcmb
npe42slb
404lqof4
3d0ydy63
l7kh9bc4
GetPointerType
PeImage
Get_Bindable
UnicodeCategory
Get_GetMethods
ShellExecute
shell32.dll
ToGenericVar
Mmap64
Localhost
reserved1
FalseLiteral
DisplayMember
Dispatch
Critical
UnsafeReadAllBytes
<Types>d__0
Get_IsLocalSig
GetRVA_NoLock
Hash_counter
OnlyOnFaulted
M_format
GetCustomAttributeRidList
RuntimeModule
M_nSizeOfArgStack
ToSystemString
StringParser
WaGrouping
_offendingNumber
IsAbstract
Attribute
FilterAttribute
LastSubNodeType
EventResetMode
RegOpenKeyEx
Get_Cancelled
Get_Build
OnModuleResolveEvent
RetType
M_RootDirectory
GenerateKey
LastGregorianTableYear
CustomNotification
SFDSDFSD!!!
djm74v5y
2ban0n2c
8sxhdf5p
266eiqu1
k74accvx
s5gy0co6
f5tyku7m
u0m2k2c1
1nz7kiq5
bbelpys2
v4eeqv8o
6e9c79dm
zl6z0ytu
fk5hdx3v
kahsq0ht
sfopsoes
iky54eq5
6fge7uf9
66dfaecs
ikoylph0
1u7jtxl4
3cutnnkq
wnymfdnk
ne77pevk
2y9i1ss9
36q5do58
5ll2u2mb
geb562u0
cdzjlgb2
7nc6lqox
18w430fv
vl2u00j6
6kitgow6
d7kg4okg
821gpqyf
6eh12f93
szac1pkx
10um1s89
2gxddkuy
tzhhzos1
ozv9v16m
e5eb56k0
1ae79k26
lmcvxb9j
3ta05iwe
04sj8ffq
i72zjqih
0a12nn6v
d44nlhdj
kpbc0jcm
s55e0zsu
71noqlss
itjc9uj3
jqhp04bf
ijqk5b7y
91kgkfq3
a6fviv9f
w752ll37
0enud3ju
dx23imdy
w1ajis3g
f2gjsxso
qsgbby7q
wgwyialp
cmyhf3wj
3lxmiufk
noc7c4jd
oeuvwt2u
ibb4e06f
2g6n8u1x
p70fl8aw
whghl2sw
c2zq8asd
aj9mu2lg
utz0hglm
kgbagjpy
ed1xmd12
d30co3o2
pqca3hz3
czc4dbgh
23es28q7
tx0bncp8
g5l84c0z
nptd12d1
j50chmtj
99fl4ugg
a933a11e
vlksdtsx
2mb5bles
as7qq395
ci46cd7c
jj7bp1b8
p6ue1zg6
dgnal4gh
8kcoq3qv
hhvk9yin
hz0b0i82
wumdls4w
igycixdl
0usai3oh
ns5klzis
hvnk94fl
j2uaud0f
a4kk295j
tzw2bvo2
j5gfyq7x
50mq4w5u
2en7gi63
m57yc34t
ddys1cgm
hpdo1ncn
gbyxpz04
40g6as9u
wtvws0hv
22h8sl27
ngo3sjij
dfqnt1d2
w56pjjop
8n4oa2ep
aw3vd2uz
wjmek1m5
m2fbv9zg
hewxgza6
x7kbunah
uiaf07d9
owi70jvm
cp60bm0h
uu5j9ktl
j8njb0pu
mfplbff4
4zcyygy2
5875hlu9
vzqyixl4
hbqeui75
6pmwiiwm
a1sxasdg
n7sxpwze
dpc9jdgv
junyyonv
npl5o3tv
kvbh8ekm
6x1g1y9e
v2q3v674
fp2js7jy
asj4zf1y
6zda0cui
cxcp32xb
tw665ex1
t1vscook
blnk72tv
hxvb5hjk
bb4jc61q
t7da3sns
p44ze0pc
mv7vn7tu
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMM555555555555555555555555555
555555555555555555555555555555
CompilerGeneratedAttribute
55555555555555555555555!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!*****************
******************************
MethodInfo
Environment
FailFast
get_ProcessName
String
ToLower
Contains
Concat
MethodBase
Invoke
Equals
ParameterizedThreadStart
System.Threading
Thread
set_IsBackground
GetCurrentProcess
GetEnvironmentVariable
op_Inequality
GetTypeFromHandle
RuntimeTypeHandle
GetMethod
get_IsAlive
Debugger
IsLogging
IntPtr
get_Size
get_Handle
op_Equality
get_CurrentThread
get_IsAttached
ProcessStartInfo
set_CreateNoWindow
set_UseShellExecute
Module
get_Module
get_FullyQualifiedName
get_Chars
op_Explicit
Marshal
System.Runtime.InteropServices
UInt32
GetHINSTANCE
MemoryStream
ReadByte
get_Length
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
get_FullName
get_Name
SizeOf
Win32Exception
System.ComponentModel
ToInt32
GetProcessById
ArgumentException
Buffer
BlockCopy
HttpWebResponse
System.Net
StreamReader
WebExceptionStatus
Replace
WebRequest
Create
HttpWebRequest
GetResponse
WebResponse
get_CharacterSet
Encoding
System.Text
GetEncoding
TextReader
ReadToEnd
IsNullOrWhiteSpace
get_StatusCode
HttpStatusCode
GetResponseStream
WebException
get_Status
ToString
Exception
GetFolderPath
SpecialFolder
Random
Combine
Convert
FromBase64String
IDisposable
Dispose
Registry
Microsoft.Win32
GetValue
set_UserAgent
SetValue
InsufficientExecutionStackException
FileStream
FileMode
FileAccess
ArithmeticException
PROTT
?HU,?HU
@IVE?HU
@IVT?HU!?HU
@IVa?HU,?HU
@JWn?IV6?HU
@JWy?IV@?HU
AJXt<CP
@IVH?HU
@JWp=DQ
@IVP?HU
@JWe=EQ
@IVU?HU?HU
?HU+?HU5?HU
@JW`=FS
@IVY?HU!?HU
?HU"?HU
@IV`?HU$?HU
@JWW>FS
@IVY?HU!?HU
?HU3?HU
@IVP?HU
@JWL>FS
@IVU?HU
?HU#?HU
@IVN?HU
?IVA?HU
@JW{@IVA?HU
@IVV?HU'?HU
@JWX@IV0?HU
AKWv?HU_?HUF?HU
?HUp?HU
AKXs?HU
AJWd?HU
AJWU?HU
AJWu<DQ
AJWF?HU
@JWe=ER
@JW9?HU
@JWV>FS
@IV-?HU
@JWG>GT
?IU!?HU
@IV;?HU
@IV/?IV
?HU$@IV
AKXt?HU
AJWc?HU
AJWT?HU
AJWC?HU
AJWs<DQ
@IV7?HU
@JWd=ER
@IV*?HU
@JWU>FS
@JWF>GT
@IV:?HU
@IV.?IV
?HU#@IW
AKXv?HU
AJWd?HU
AJWR?HU
@JWB?HU
@IV4?HU
@IV'?HU
AJWq<DQ
@JWc=ER
@JWT>FS
@JWE>GT
@IV:?HU
@IV.?IV
?HU"@IW
AKXw?HU
AJWd?HU
AJWP?HU
@JW??HU
@IV0?HU
?HU!?HU
@JWp<DQ
@JWb=ER
@JWS>FS
@JWD>GT
@IV9?HU
AKXq?HU
@IV,@IV
AJWZ?HU
?HU!@JW
AJWE?HU
@IV3?HU
?IV!?HU
AJWe?HU
AJWI?HU
?HUi?HU
@IV0?HU
?HUM?HU
?HUB@IV{AKX
?IV7@JWoAJX
?HU}?HU
?HU,@IVbAJW
?HU#@IVO@JW
?HUC?HU
AJW^?HU
AKXc?HU
AKXa?HU
@IVO@JW
AKXa?HU
?IVP?GS
AKXa?HU
?IWS?GS
AKXa?HU
?IWQ?GS
?IVg?IV
?HUa?HU
?IWQ?GS
?IVr?IV
@IWH@JW
?HU`?HU
?HU`?HU
?IWQ?GS
AKX{?HU
@IVJ@JW
?HUb?HU
?GT(?HU
?IWS?GS
AJWa?HU
?IV;@JWs@IV
?HUX?HU
>JXp@JW
?HU@?IWQ?GS
?IV6?HU
?HU,?HUh?HUr?HU
>JXt?HU)@JW
?HUx?HU
>GT/@JV
>GT0?HU
>GT#@IV
>GT3>GT
?IWw@FQ
?HUsAKX
?IVS?HT
?HUD?HU
@IVdAKX
?HU#?IW
?GT ?HT
?HUe?JX
?HU&?HU
?HUc?HU
?HUR?IW
?HU+?HU
?HU|?HU
>GT.@IV
?HUUAJW
?GT;>GT
?HU;AJW
?HU0<ER
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
fiddler
START CMD /C "ECHO Debugger Detected! && PAUSE"
_ENABLE_PROFILING
windbg
_PROFILER
GetEnvironmentVariable
cmd.exe
?usDFSDAser_DFSDAsauthDFSDAs=
DFSDAs
NameResolutionFailure
Err211
ENCRYPT.ENCRYPTeENCRYPTxENCRYPTe
ENCRYPT
oencpeencn
SystemInitHKSystemInitEY_CURSystemInitRENT_SystemInitUSER\SofSystemInittware\BSystemInitrowserSystemInitDeat\BrowsSystemIniterOfSystemInitDea
SystemInit
Except
CSystemInit:\ProSystemInitgram FilSystemInites (x8SystemInit6)\BrSystemInitowseSystemInitrDeat\BrSystemInitowserOSystemInitfDea\chrSystemInitom.eSystemInitxe
p1_JGHFHS1
JGHFHS
p1_JGHFHS2
p1_JGHFHS3
p1_JGHFHS6
p1_JGHFHS4
p1_JGHFHS5
p1_JGHFHS7
RiNSfsFSsfasSA22WP2M+Zz4tVW1jc0RSOj04QyfsFSsfasSA22Wh1ZyM6ejU/UlldPUQfsFSsfasSA22W=
fsFSsfasSA22W
acdsSDADsaw2HR0cHM6Ly9pcGxvZ2cdsSDADsaw2dlci5jb20vMVdtQcdsSDADsaw2nk3
cdsSDADsaw2
aHRMmvdaskk3df320cHM6Ly9zdGFydHMmvdaskk3df32VwbWFydC5iYXMmvdaskk3df32Iv
Mmvdaskk3df32
asdgafadgg4tgSHR0cHM6Ly9iZXsdgafadgg4tgSN0LXN1cHBseS1saW5rLnhsdgafadgg4tgS5ei8=
sdgafadgg4tgS
ajJASHJ24HR0cHM6Ly9ob3JvcjJASHJ242NvcGUtb25saW5lLmJhcjJASHJ24i8=
jJASHJ24
afcSDwdsad21HR0cHM6Ly9pcfcSDwdsad21GxvZ2dlci5jb20vMVdufcSDwdsad21Qnk3
fcSDwdsad21
Execute app again.
SHOPPING_BAG_ICON_192682
VS_VERSION_INFO
StringFileInfo
000004B0
Comments
CompanyName
FileDescription
FileVersion
1.0.1.1
InternalName
LegalCopyright
jfgjfhfg
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
1.0.1.1
Assembly Version
1.0.1.1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.4a0f9d7e858b278e
CAT-QuickHeal Clean
McAfee Artemis!4A0F9D7E858B
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (D)
Arcabit Clean
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.IFK
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Trojan-Downloader.Agent (A)
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.cm
CMC Clean
Sophos Generic ML PUA (PUA)
Ikarus Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Heur!.03011281
Microsoft Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34170.hu0@a8atUHn
ALYac Clean
TACHYON Clean
VBA32 CIL.HeapOverride.Heur
Malwarebytes Trojan.MalPack.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_66%
Fortinet Clean
Avast Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.