popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2038-08-25 00:11:28

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006ea74 0x0006ec00 3.73591152421
.rsrc 0x00072000 0x0000029c 0x00000400 2.14208416645
.reloc 0x00074000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00072058 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Sundra
Sundra.exe
<Module>
VisitorManagerID
Sundra.Identifiers
Object
System
mscorlib
Expression
Sundra.Annotations
<>c__DisplayClass2_0
ServiceStateListener
Sundra.Listeners
UtilsExpressionMapper
Sundra.Mappers
<>o__4
Producer
Sundra.Lists
ProccesorConfigurationFilter
Sundra.Filter
<>o__5
IndexerStateListener
SchemaImporter
Sundra.Importers
MappingProducerAnnotation
Filter
MulticastDelegate
Mapping
ObjectRepositoryContainer
Connection
CandidateExceptionInstance
Listener
Bridge
RuleRepositoryContainer
Singleton
Definition
ValueType
PageStateListener
ParamManagerID
ExpressionRepositoryDescriptor
Sundra.Descriptors
Sundra.Containers
MockManagerID
ManagerRepositoryDescriptor
Wrapper
Sundra.Shared
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=434980
GetValue
String
EntryPointNotFoundException
StartValue
CompareValue
ListValue
reference
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
request
MapValue
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
m_Manager
.cctor
CollectValue
vis_count
_Repository
instance
Replace
FindValue
FillValue
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
CustomizeValue
FromBase64String
Encoding
System.Text
get_UTF8
GetString
UpdateValue
m_Account
_Configuration
PopValue
StringBuilder
ToChar
Append
ToString
RegisterValue
PublishValue
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
PostValue
Action
config
InsertValue
InitValue
_Exception
DefineValue
StopValue
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
yrotcaFlennahCpcTslennahCledoMecivreSmetsyS91356
Func`5
_Policy
_Tests
_Param
m_Writer
iterator
InstantiateValue
LoadLibrary
kernel32.dll
CountValue
FreeLibrary
CloneValue
GetProcAddress
kernel32
CallValue
LogoutValue
GetDelegateForFunctionPointer
Delegate
ReflectValue
_Helper
caller
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
lpBaseAddress
lnoitcelloCtnemelEtnemeganaMnoitcennoCnoitarugifnoCteNmetsyS96
lpNumberOfBytesWritten
visitor
exitCode
second
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesnoitcelloCdeyeKemehcSirUledoMecivreSmetsyS1324
hNewToken
hThread
pContext
counter
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
property
_Interceptor
_Event
m_Container
registry
prototype
m_Parameter
m_Product
m_Getter
_Strategy
_Facade
_Attribute
m_Resolver
m_Collection
_Authentication
m_Observer
service
_Config
_Queue
_Class
proccesor
_Composer
m_Instance
_Customer
m_Global
_Model
_Issuer
creator
setter
thread
m_Params
m_Order
_Status
RemoveValue
IncludeValue
27E18CF7A7209D358AF2750E83297DCD86615058
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
BisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637XMEAS0/LiUhCAcRGxUAPA==
BisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637i8AEy0VDyM2NTYX
NisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637XIYFBYKKjo5OgQSGGAuNTFIOhkWCTI4MBUJIS4hUU8=
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637gYEAS0FFCM1KhwIFBoyOQtKABYROVl8
NisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637XMqDixgLh81JXsPIxUtcg==
NisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637xkcIC1hG2QiNAwdI2A2IzFLG1E=
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637C8ALi0/ST4PNBQUGwocHwgUGAArfTYxMEp7bw==
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637C8AOi0VACA1QAhUGwQiPzEWBF0rGRwPCC9+JBs4B08=
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637nIYCCsVLgcPH3cOGwo2NQYvABgQfS50
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637nNrSwE4Kh42KhwxIBoyIwsvBCgQfFFxCCAnYg==
NisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637nMESBkVEC82JQgPEGBBOjY/AFgWD1l8
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637nNrSwE4KgI2KhwxIBoyIwsvBCgQfFFxCCAnYg==
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637XMESBkVEC82JQgPEGBBOjY/AFgWD1l8
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637SwEAisFSTo6NSYdGwU+JA==
isnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637
NisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637nMESB5gQSMPQHcXGwQcPzAVBBoWOVl8
AisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637BkcFCw4NS8gHxwXIxNFcg==
MisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637XM6DitjHCYOHxwSJSVFcg==
yrotcaFlennahCpcTslennahCledoMecivreSmetsyS91356
Replace
FromBase64String
GetString
dARxORxVlrN
VisnetxEretropxEtcartnoCegasseMrezilaireStcartnoCataDnoitpircseDledoMecivreSmetsyS1637FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUVHa2VaTUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUExc1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBeEFnQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFJVEZBUUJQQUFBQUFPQUJBTlFFQUFBQUFBQUFBQUFBQUFESUFRQ0FGUUFBQUFBQ0FBd0FBQUJveFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE1TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Sundra.exe
LegalCopyright
OriginalFilename
Sundra.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agent.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.699108
FireEye Generic.mg.f4882ccc9606ea12
CAT-QuickHeal Clean
ALYac Gen:Variant.Bulz.699108
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Bulz.699108
K7GW Clean
CrowdStrike win/malicious_confidence_90% (W)
BitDefenderTheta Gen:NN.ZemsilF.34170.Bm0@aanls1n
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.Bulz.699108
TACHYON Clean
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
CMC Clean
Emsisoft Gen:Variant.Bulz.699108 (B)
Ikarus Trojan-Spy.MSIL.Agent
GData MSIL.Trojan-Stealer.Redline.3I5YYE
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1144480
Antiy-AVL Clean
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Bulz.DAAAE4
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee GenericRXPZ-YL!F4882CCC9606
MAX malware (ai score=80)
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.f8c1c7
Avast Win32:MalwareX-gen [Trj]
No IRMA results available.