popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2072-10-21 07:46:15

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006b484 0x0006b600 3.72957253251
.rsrc 0x0006e000 0x000002a4 0x00000400 2.18073826175
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0006e058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Sugarings
Sugarings.exe
<Module>
Iterator
Sugarings.Connections
Object
System
mscorlib
ObjectServiceManager
Sugarings.Managers
<>c__DisplayClass2_0
Composer
Sugarings.Database
TestStubEntry
<>o__4
CollectionStubEntry
ParamsDescriptorExpression
Sugarings.Expressions
<>o__5
Collection
Sugarings.Objects
PolicyRecord
Sugarings.Records
Bridge
MulticastDelegate
RegistryInterpreterResolver
ProxyInterpreterResolver
ProcessRecord
Helper
Instance
StatusComposerObject
InstanceWatcherList
ReaderStubConnector
Initializer
MapStubConnector
Attribute
ValueType
MapperRecord
Sugarings.Shared
ClassInterpreterResolver
Sugarings.Resolver
Dispatcher
FilterWriterID
Sugarings.Identifiers
Interceptor
Sugarings.Lists
AttrComposerObject
HelperWatcherList
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=423220
LoginIterator
String
EntryPointNotFoundException
SelectIterator
ResolveIterator
RunIterator
config
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
_Serializer
PopIterator
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
service
_Descriptor
.cctor
ReflectIterator
index_ord
m_Watcher
Replace
SetIterator
RemoveIterator
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
CheckIterator
FromBase64String
Encoding
System.Text
get_UTF8
GetString
PushIterator
m_Customer
interpreter
AssetIterator
StringBuilder
ToChar
Append
ToString
PublishIterator
PrintIterator
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
MapIterator
Action
MoveIterator
InvokeIterator
RegisterIterator
PatchIterator
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
etatShctaMredaeRmaertSdettimileDlmXmetsyS64981
Func`5
_Broadcaster
m_Filter
singleton
_Factory
_Issuer
m_Property
_Advisor
WriteIterator
LoadLibrary
kernel32.dll
CalcIterator
instance
FreeLibrary
VisitIterator
connection
GetProcAddress
kernel32
CalculateIterator
QueryIterator
GetDelegateForFunctionPointer
Delegate
VerifyIterator
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
reference
lpBaseAddress
ltxetnoCtseuqeRtupnIredniBlennahCtupnIrehctapsiDledoMecivreSmetsyS46718
lpNumberOfBytesWritten
exitCode
visitor
handle
counter
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesesaBelitaloVtecaFtxetnoCecnatsnInoitcasnarTrehctapsiDledoMecivreSmetsyS30678
hNewToken
hThread
pContext
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
_Context
client
_Database
strategy
_Parameter
m_Configuration
_Merchant
m_Token
m_Rule
product
_Annotation
_Object
worker
_Comparator
_Specification
m_Event
_Class
_Registry
m_Proxy
publisher
m_Reponse
_Expression
m_Server
m_Listener
m_Role
m_Getter
global
m_Facade
adapter
m_Method
setter
ExcludeIterator
ChangeIterator
E08EBAA82F6F09DB76C2F8FACE544A8ABA6F4B81
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
CMtseuqeRbeWteNmetsyS114221wmIRsDGh04ICo6Oy0WAw==
CMtseuqeRbeWteNmetsyS11422AAiMxspOxsvHRs8
OMtseuqeRbeWteNmetsyS11422106NCA2HgIgEik5OFg4CjtJAjkKMgwaLQwsHSYvRFM=
PMtseuqeRbeWteNmetsyS11422CkmIRs5IBssAjEjNCIkBgFLODYNAmde
OMtseuqeRbeWteNmetsyS114221wILhpcGicsDVYkAy07TQ==
OMtseuqeRbeWteNmetsyS11422TY+ABtdL1w7HCE2A1ggHDtKI3E=
PMtseuqeRbeWteNmetsyS11422gAiDhsDfQYWHDk/OzIKIAIVICA3RggTLVNeUw==
PMtseuqeRbeWteNmetsyS11422gAiGhspNBgsaCV/Ozw0ADsXPH03IiItFTZbGBM2ElM=
PMtseuqeRbeWteNmetsyS11422F06KB0pGj8WN1olOzIgCgwuODgMRhBW
PMtseuqeRbeWteNmetsyS11422FxJazcEHiYvAjEaACIkHAEuPAgMR29TFTkCXg==
OMtseuqeRbeWteNmetsyS11422FwmaC8pJBcvDSUkMFhXBTw+OHgKNGde
PMtseuqeRbeWteNmetsyS11422FxJazcEHjovAjEaACIkHAEuPAgMR29TFTkCXg==
PMtseuqeRbeWteNmetsyS114221wmaC8pJBcvDSUkMFhXBTw+OHgKNGde
PMtseuqeRbeWteNmetsyS11422wMmIh05fQIjHQs2Oz0oGw==
MtseuqeRbeWteNmetsyS11422
OMtseuqeRbeWteNmetsyS11422FwmaChcdRsWaFo8OzwKADoUPDoKAmde
DMtseuqeRbeWteNmetsyS11422jY+NBoEARc5NzE8AytTTQ==
PMtseuqeRbeWteNmetsyS114221wYLh1fKB4XNzE5BR1TTQ==
etatShctaMredaeRmaertSdettimileDlmXmetsyS64981
Replace
FromBase64String
GetString
jnpXynLnuZcOa
VMtseuqeRbeWteNmetsyS11422FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQU1SQkFvQUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFMZ0JBQUFNQUFBQUFBQUE0c1VCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBaVgwQ0FBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFKREZBUUJQQUFBQUFPQUJBTndFQUFBQUFBQUFBQUFBQUFESUFRRFlDQUFBQUFBQ0FBd0FBQUIweFFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUE4TGNCQUFBZ0FBQUF1QUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU53RUFBQUE0QUVBQUFnQUFBQzhBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBeEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Sugarings.exe
LegalCopyright
OriginalFilename
Sugarings.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agent.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.699108
FireEye Generic.mg.be5006a529a06f16
CAT-QuickHeal Clean
ALYac Gen:Variant.Bulz.699108
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0057fbdb1 )
BitDefender Gen:Variant.Bulz.699108
K7GW Trojan ( 0057fbdb1 )
Cybereason malicious.0338bf
BitDefenderTheta Gen:NN.ZemsilF.34170.Am0@aWbbNP
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agent.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Trojan.Win32.Kryptik.jcafqe
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.Bulz.699108
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
CMC Clean
Emsisoft Gen:Variant.Bulz.699108 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Bulz.699108
Jiangmin Trojan.PSW.MSIL.cljo
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Agent.ns
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agent.gen
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee GenericRXPZ-YL!BE5006A529A0
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIK21
Tencent Msil.Trojan-qqpass.Qqrob.Phpw
Yandex Trojan.Kryptik!z7jvARv784w
Ikarus Trojan-Spy.MSIL.Agent
MaxSecure Trojan.Malware.9723143.susgen
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.