popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2104-05-24 19:48:12

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005154 0x00005200 5.8191517887
.rsrc 0x00008000 0x00002fbc 0x00003000 4.97056314164
.reloc 0x0000c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00009aa8 0x00000ea8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0000a950 0x0000005a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000a9ac 0x00000422 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000add0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
D9+f W
}a YTc
#5Te 
vi]a Y
:M9v
:M9v
v4.0.30319
#Strings
hhhkkkk
hhhkkkk.exe
<Module>
ConsumerInterpreterResolver
Mrxukmtkeph.Resolver
Object
System
mscorlib
OrderModelSpec
hhhkkkk.Specifications
AttributeProxyFilter
hhhkkkk.Filter
AdapterProxyFilter
Resources
Mrxukmtkeph.Properties
Settings
ApplicationSettingsBase
System.Configuration
<Module>{319dac0c-2cf9-4e52-9bcc-6f635c1f4b82}
String
PrepareRule
InsertBase
MemberInfo
System.Reflection
get_Name
op_Equality
Boolean
InvokeMember
BindingFlags
Binder
Assembly
GetType
GetMembers
ManageBase
AppDomain
GetTypeFromHandle
RuntimeTypeHandle
GetProperty
PropertyInfo
GetValue
QueryBase
WebClient
System.Net
ChangeBase
IEnumerator`1
System.Collections.Generic
JToken
Newtonsoft.Json.Linq
Newtonsoft.Json
IList`1
ICollection`1
get_Current
ToObject
IEnumerator
System.Collections
MoveNext
IDisposable
Dispose
JObject
get_Item
Children
JEnumerable`1
Enumerable
System.Linq
System.Core
ToList
List`1
IEnumerable`1
GetEnumerator
FlushRule
Thread
System.Threading
ViewRule
SecurityProtocolType
ServicePointManager
set_SecurityProtocol
SortRule
PopRule
InterruptRule
InsertRule
ChangeRule
DownloadData
FindRule
DisableRule
interpreter
_Bridge
_Message
SetRule
VerifyBase
RegisterBase
FindBase
SelectBase
MapBase
SearchBase
config
ConnectRule
DefineRule
ResetRule
CloneBase
Encoding
System.Text
get_UTF8
GetBytes
ReadRule
QueryRule
ResourceManager
System.Resources
m_Configuration
CultureInfo
System.Globalization
ExcludeRule
get_ResourceManager
get_Assembly
get_Culture
set_Culture
UpdateRule
PublishRule
Culture
defaultInstance
CheckRule
get_Default
.cctor
SettingsBase
Synchronized
SearchRule
OrderRule
Default
m_ba0fb49d83f847f8bfd4d9203c93c80e
m_faec28d011234c3e80038395c3e34f49
m_9c17b24658304daaa5737ba73c6ed16e
m_2d1859f65ed14c0d9ee074c4d302ab99
m_24f7115e89b6412fbbaf91de63d05559
m_8764a326e9034ab692751ac4ecbfe0a6
m_20437e58fe4c40c99ec86d23edfda02f
m_b69287439f244fcf83cfe2a9f488e205
m_4ab738d236864f68812c86d93784eed0
m_b57bafcb9af441059b10368102a7a2c5
m_03efa3d6776340f78349236dea944530
m_1467d0a34cd64eaca2fcd6855c237765
m_52a05cbc4c4e402a894a9d623d28e42a
m_e5bfc23e1180417e9aa74b168b2b56fe
m_4da208b9fd74423f8bd286ce6c976d18
m_05db09c75afb428bb1776066df0ef1c0
m_28c1c80eae664382a2f4fd29377fb74e
m_a72f88de34004930ba07b9ec9252192d
m_836dd204fb2f42e1813abc514a881107
m_0da197dbb9c54849b139a95073cd0ca2
m_5219ee390fc942e88e62adfc18049315
m_6513b98d15e247e5a72150a0ab70a7a9
m_9fa9a62f107c41c58edfbe8b574ef21f
m_f0633e8bb5f94571a5d5a3a36dd38832
m_db72fbb01c2849e4aee0df4b3c822ffc
m_19c9eda83e37454fab0a4fe15737db74
m_e88f338c523d44c8bb0d20b0302a817d
m_9607c89dfb104e63ba4535d2aab12749
m_57a8bf1882f047308c6162416c824cc8
m_059d975d39f549f8aa22acb5b5007961
m_a86932129b134528ad42e5fc9c4032d3
m_e368000698f64d7099519da9a718b4a4
m_7115a21020034b18bad6a066aa6482e6
m_a87f62952dd747edb516c6edb1aee945
m_6edbcd19c1bb4aed919729d76b853ba6
m_2bc9c7f9881d4590b6b3991b02d70bf5
m_c1738701c4d341b78e50f61575f8c3dc
m_6ae7550c2dc640ff89c675aab5474b6a
m_dfb64e3bc6d24416b9f11eb95c749b87
m_504f9368caef45079e797b642d3d1ff8
m_648d14097b7d4283ad6d22bd9ca1dddb
m_7d2878651be54b6f8d806c7d7edfe837
m_e757462763244717b1766fd7e4a3615c
m_72d612d8e5e843d1b6dece4e2675b796
m_2e7300dd1f494ea5b5a4f116fbf45c66
m_eba1ae7cbe9849e98a8bbeebb61f7282
m_55213b615fb64422a4441979d5298bf3
m_2f2a37e413544e6ca44c8b91f6898346
m_23b6953e4965496299e4b4edbd9b87da
m_71b6ad9196be476b9e14ed935a7f69de
m_d2b6f93e07c942ccbd65fe5920d4fae2
m_609b629190e646359528428d3e39e9fa
m_d407d89523b64c8798fca6eac062f1c6
m_f017404c22a34c658df0fbc1e8b54cb1
m_03a74b1d056440ea8677b4966c5d3aa4
m_b98cd95c94884c2384eddb38b5ab0a9c
m_6185c399cfff4022a20813a5b9ce1b1a
m_125b6925c7cd4aac9b1d003600bf3989
m_5e57a3f8d5414dd1bf3156bb752f8edf
m_12fdf65cf4544ccaaa35821b58bda578
m_0bf6a2f128a947e8a382e9fc32984091
m_33987a897f164193bed2f762049efc78
m_a523909a8fa34822874ea1104cf62222
m_1239690771df446b974a88e4d1076f30
m_c96b6cff928d43f0b68f65e4fa794638
m_f49062304adf4643a0c214c315fb6686
m_57f169ce88dc4f179d14b7d2cfbf4a6a
m_fb220f4aae12437fb675112054aeb092
m_1390f279f21c4390897d454efdc9be64
m_97dc979b6683492b88b380b42b23fdaf
m_e01ff1f71638429ebb0d3ef4b7b85a85
m_271af260c5444382a9421c3b7072d90a
m_547888186b2e418184e31c1ccb77c941
m_f2b67bad639c4896808bb05e014dd0c6
m_d5b287cc062944e1bd52dc2aedfec90f
m_1e6b5e4b45b840e1b269b004717f0ef4
m_4f8b6315c3224872a10d06f31585c6c9
m_a26b90abaea643e5b9e65926eef79918
m_5a8e6ae28ccd4edbbb75dc5ca277d8d6
m_9eb3aa311ff840e694d79f46416f4ff5
m_c9a6420299c04dfdb50c01c732d23310
m_b234200e5f1a410a958d54ddb2f83046
m_287ee3e134fd4b3faea731690dad7859
m_994da11897264ef3a1a108e486d07fd1
m_21a6ab0ab2e0426a886e513616aa2f9a
m_7674f34194404a77ac333933f48b1f6b
m_529c5443c9714059b136691046323a5b
m_f5cc0f05726d49fbae52a958c3ebbf4d
m_0a4884ca7b47412e8e32445c8d3e0c85
m_b068c930c04c4f3282a4563e67d7acd3
m_3383f88c0aa341feaf6f7314e84940c1
m_3f57fe0462fa465cadd8edf24f30b217
m_3794b6f31d4640f8b0fc321bb743bcd6
m_294853938f704ee48cf8a9681001aa6f
m_ce96b06d28ef4c958ededdb3f71c253a
m_6b901b57e6024cae985df4b1a113e46f
m_cbc31aa627724e288af21c59367effb0
m_023328468fa844f2897f1206cc2bdd4f
m_11408605516e4d9a9a68d8a16557055e
m_4973be1133154a948da8286ad6eee734
m_76463780b8fb4d86a20b7a09708a7841
m_c23d64bc89dd4a90a23ce0b26e0bdea0
m_6379221f475b40e4acc371c17c2760e7
m_c57c2cd619b44871a1549dcd5e5b43b0
m_906eb9a5eb0947c88392575a06f7f00f
m_cbb185af424649c193f0f7c32d734e5e
m_aed3adba397046d19ba4ca3a9ddb3268
m_2c6f1160e0004d3f8e36ac7aa8f8abe5
m_6e09b02ad32e4e31b296f0132d3177b4
m_02b62c0c9131482692253a1900c7ba89
m_dcaed8bbc83e483cb60d55fe99003acd
m_e411d8d197b9429daad91f4396de70a5
m_fb7f5d04f3474d61967a27fbc31e0fb7
m_7df27c06a92846619aa6a4bcb2e0e70f
m_c1606393010c480e9afc8c07bce79403
m_4de05672b1a446499ec56f0f3b0da930
m_f48e573cf9ff4e8893974ffbeb388343
m_71ad0f52f8eb4b6a871abb79b8db7769
m_cf48a9090cf3454dab79965fa6c4d52f
m_9d101a0cd28f4166ae06e4d6fc06a093
m_20a10783acf14b00ac1e26436d6ba518
m_e8fc4aa1ff644e87aa81edea237bb55f
m_14b5250b2f9c4373beac9492e2ef176b
m_92fc9467879e4e33a36deb16977931f9
ForgotRule
q187699a39ded45898e33c1e423f9f8b6
PushRule
DestroyRule
ExtensionAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
Mrxukmtkeph.Properties.Resources.resources
WrapNonExceptionThrows
Desktop Window Manager
Microsoft Corporation
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
$d626c996-3395-433b-bda8-719b88787bda
6.3.9600.17415
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4A
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
wwwwww
wwwwwx
**"(wz
nnnnnnnh
www
###7777_{
###77777777
###8888777v
###____777
###____87Y
###````87{
###````_7v
###````_7v
###````_7v
]]]]]]V
]]]]]]V
]]]]]]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
NkiIL3KdLP
p9M61vIl7EptsiTOJJR.DkrFQkIoGVNRYpbqykh
CurrentDomain
https://store2.gofile.io/download/da073e0c-8b32-4d12-bcfc-81e60e87a2d8/Tfbnmlqjliznhi.dll
'responseData': {
'results': [
{
'GsearchResultClass': 'GwebSearch',
'unescapedUrl': 'http://en.wikipedia.org/wiki/Paris_Hilton',
'url': 'http://en.wikipedia.org/wiki/Paris_Hilton',
'visibleUrl': 'en.wikipedia.org',
'cacheUrl': 'http://www.google.com/search?q=cache:TwrPfhd22hYJ:en.wikipedia.org',
'title': '<b>Paris Hilton</b> - Wikipedia, the free encyclopedia',
'titleNoFormatting': 'Paris Hilton - Wikipedia, the free encyclopedia',
'content': '[1] In 2006, she released her debut album...'
},
{
'GsearchResultClass': 'GwebSearch',
'unescapedUrl': 'http://www.imdb.com/name/nm0385296/',
'url': 'http://www.imdb.com/name/nm0385296/',
'visibleUrl': 'www.imdb.com',
'cacheUrl': 'http://www.google.com/search?q=cache:1i34KkqnsooJ:www.imdb.com',
'title': '<b>Paris Hilton</b>',
'titleNoFormatting': 'Paris Hilton',
'content': 'Self: Zoolander. Socialite <b>Paris Hilton</b>...'
}
],
'cursor': {
'pages': [
{
'start': '0',
'label': 1
},
{
'start': '4',
'label': 2
},
{
'start': '8',
'label': 3
},
{
'start': '12',
'label': 4
}
],
'estimatedResultCount': '59600000',
'currentPageIndex': 0,
'moreResultsUrl': 'http://www.google.com/search?oe=utf8&ie=utf8...'
'responseDetails': null,
'responseStatus': 200
responseData
results
Guvtxvadraqimtzxndkdaadq
Mrxukmtkeph.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Desktop Window Manager
CompanyName
Microsoft Corporation
FileDescription
Desktop Window Manager
FileVersion
6.3.9600.17415
InternalName
hhhkkkk.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
hhhkkkk.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.3.9600.17415
Assembly Version
6.3.9600.17415
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader43.44651
MicroWorld-eScan Clean
FireEye Generic.mg.a6654b9757e5cecb
CAT-QuickHeal Clean
McAfee RDN/Generic.grp
Cylance Clean
Zillya Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZemsilF.34218.cm0@aaJg5yc
Cyren W32/MSIL_Kryptik.FVA.gen!Eldorado
ESET-NOD32 a variant of MSIL/GenKryptik.FMBX
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CJF21
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Trojan-Downloader.MSIL.gen
ALYac Clean
MAX Clean
Malwarebytes Trojan.MCrypt.MSIL.Generic
Panda Clean
APEX Malicious
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.ADEK!tr
AVG FileRepMalware
Avast FileRepMalware
No IRMA results available.