Static | ZeroBOX

PE Compile Time

2021-10-13 20:47:34

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00008558 0x00008600 5.96308087077
.rsrc 0x0000c000 0x0000058e 0x00000600 4.05813974253
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000c05c 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000c3a4 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
+_+`+e
+5+:+?+D+I
+6+;+@
+=+B+G(3
a+$+&~
%-)+d8e
.++]{'
+\+]+^+_+g8h
_b`}.
+*++{.
+'_d}.
+++,{.
__d}.
_b`}.
+R+S{1
,Z+Y{0
+U+V{1
+M+N{0
Y_bX
Y_cX
Y_bY
Y_bX
+"+#{9
v4.0.30319
#Strings
VanGoth.exe
VanGoth
<Module>
System.Windows.Forms
mscorlib
Object
System
Settings
VanGoth.Properties
ApplicationSettingsBase
System.Configuration
Attribute
ValueType
MemberRefsProxy
SmartAssembly.HouseOfCards
Strings
GetString
SmartAssembly.Delegates
MulticastDelegate
MemoryStream
System.IO
PoweredByAttribute
SmartAssembly.Attributes
IContainer
System.ComponentModel
Dictionary`2
System.Collections.Generic
Assembly
System.Reflection
Version
ModuleHandle
set_Opacity
set_ShowInTaskbar
Dispose
Control
ResumeLayout
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
SymmetricAlgorithm
System.Security.Cryptography
set_KeySize
set_BlockSize
get_KeySize
get_BlockSize
DeriveBytes
GetBytes
set_Key
set_IV
set_Mode
CipherMode
CreateEncryptor
ICryptoTransform
Stream
IDisposable
SuspendLayout
ToArray
ReadAllBytes
Convert
FromBase64String
Encoding
System.Text
get_UTF8
SHA256
Create
HashAlgorithm
ComputeHash
WriteAllBytes
String
Concat
Directory
GetFiles
GetDirectories
GetExtension
Intern
Application
EnableVisualStyles
WriteAllLines
ContainerControl
set_AutoScaleDimensions
System.Drawing
set_AutoScaleMode
AutoScaleMode
set_ClientSize
set_Name
set_Text
add_Load
EventHandler
SetCompatibleTextRenderingDefault
SettingsBase
Synchronized
Monitor
System.Threading
op_Equality
ToInt32
GetExecutingAssembly
GetManifestResourceStream
get_Length
.cctor
EventArgs
MoveFileEx
kernel32
ResolveEventArgs
AppDomain
CreateMemberRefsDelegates
typeID
CreateGetStringDelegate
ownerType
object
method
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
Default
IsWebApplication
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
SuppressIldasmAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
AttributeUsageAttribute
AttributeTargets
STAThreadAttribute
{6769e250-3fc0-4cc5-9cc8-c2b30026da76}
{d5300bf2-8ee3-451e-808f-c4c9652a385d}
Environment
get_UserName
get_MachineName
ToString
Rfc2898DeriveBytes
CryptoStream
CryptoStreamMode
RijndaelManaged
System.Core
Enumerable
System.Linq
Contains
IEnumerable`1
SystemException
GetTypeFromHandle
RuntimeTypeHandle
Exception
Process
GetCurrentProcess
get_MainModule
ProcessModule
get_ModuleName
ToLower
ResolveEventHandler
get_CurrentDomain
add_AssemblyResolve
ToBase64String
get_Chars
IndexOf
Substring
ContainsKey
get_Item
GetTempPath
Format
CreateDirectory
DirectoryInfo
Exists
OpenWrite
FileStream
LoadFile
set_Item
get_Name
FileLoadException
BadImageFormatException
StringBuilder
Append
op_Inequality
StartsWith
ResolveTypeHandle
MemberInfo
ResolveMethodHandle
RuntimeMethodHandle
MethodBase
GetMethodFromHandle
MethodInfo
get_IsStatic
FieldInfo
get_FieldType
Delegate
CreateDelegate
GetParameters
ParameterInfo
get_ParameterType
get_ReturnType
DynamicMethod
System.Reflection.Emit
GetILGenerator
ILGenerator
OpCodes
Ldarg_0
OpCode
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
SetValue
GetFields
BindingFlags
GetModules
Module
get_ModuleHandle
get_Module
GetMethods
Ldc_I4
get_MetadataToken
add_ResourceResolve
GetManifestResourceNames
StackTrace
GetFrames
StackFrame
GetMethod
get_Assembly
TryGetValue
CreateDecryptor
DESCryptoServiceProvider
FormatException
get_Position
TransformFinalBlock
GetCallingAssembly
ArgumentOutOfRangeException
InvalidOperationException
ReadByte
WrapNonExceptionThrows
VanGoth
Copyright
2021
$d7d56781-f9bd-4b08-b97d-ca74a11ecbbc
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2(
#Powered by SmartAssembly 7.4.2.3588
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
9WyzqcX*
yi}i{S
[95FdB
Wakt0l
^skmM8bb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
$#%#&#'#(#
w3wp.exe
aspnet_wp.exe
e2JkZTIwYjM4LTQ1YTQtNGQ1Zi05NDUzLTc5MDk5MzU1NDI2M30sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{6769e250-3fc0-4cc5-9cc8-c2b30026da76},e2JkZTIwYjM4LTQ1YTQtNGQ1Zi05NDUzLTc5MDk5MzU1NDI2M30=,[z]{6769e250-3fc0-4cc5-9cc8-c2b30026da76}
{0}{1}\
, Version=
, Culture=
neutral
, PublicKeyToken=
Version=
Culture=
PublicKeyToken=
{bde20b38-45a4-4d5f-9453-790993554263}, PublicKeyToken=3e56350693f7355e
{d5300bf2-8ee3-451e-808f-c4c9652a385d}
Wrong Header Signature
Unknown Header
{71461f04-2faa-4bb9-a0dd-28a79101b599}
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
VanGoth
FileVersion
1.0.0.0
InternalName
VanGoth.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
VanGoth.exe
ProductName
VanGoth
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Riskware.Win32.Generic.1!c
Elastic malicious (high confidence)
DrWeb Trojan.Encoder.34421
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Trojan ( 005116131 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34214.cm0@amj2Bbj
Cyren Clean
Symantec Clean
ESET-NOD32 a variant of MSIL/Filecoder.GZ
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan-Ransom.MSIL.Encoder.gen
Alibaba Trojan:MSIL/Filecoder.bdc92315
NANO-Antivirus Clean
ViRobot Clean
Ad-Aware Clean
TACHYON Clean
Sophos Generic ML PUA (PUA)
Comodo Clean
F-Secure Heuristic.HEUR/AGEN.1127606
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.nm
FireEye Generic.mg.afff555062c4e6fb
Emsisoft Clean
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1127606
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Ransom.MSIL.Encoder.gen
GData Win32.Trojan.Agent.XNND49
Cynet Malicious (score: 99)
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic.dx
MAX Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0AJD21
Rising Clean
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet MSIL/Filecoder.GZ!tr
Avast Clean
Qihoo-360 HEUR/QVM03.0.992C.Malware.Gen
No IRMA results available.