popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2079-05-21 17:09:25

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0001eb74 0x0001ec00 4.04001870669
.rsrc 0x00022000 0x000002a4 0x00000400 2.16125850146
.reloc 0x00024000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00022058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Tollgate
Tollgate.exe
<Module>
ErrorServerCollection
Tollgate.Collections
Object
System
mscorlib
DefinitionErrorWorker
Tollgate.Workers
<>c__DisplayClass2_0
Global
StatusServerDef
Tollgate.Definitions
<>o__4
SchemaLicense
Tollgate.Licensing
Watcher
Tollgate.Specifications
<>o__5
RegistryLicense
CollectionWatcherListener
Tollgate.Listeners
PropertyFacadeImporter
Tollgate.Importers
PoolExpressionTask
MulticastDelegate
RulesWatcherListener
Visitor
SpecificationServerDef
PrinterExpressionTask
PrototypePolicyInstance
ItemRegSpec
SingletonPolicyInstance
Decorator
Method
Facade
Tollgate.Watchers
ValueType
ParamsRegSpec
TokenizerSingletonWatcher
Writer
ConnectionPrototypeManager
Tollgate.Managers
ConfigPrototypeManager
Message
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=109372
PublishGlobal
String
EntryPointNotFoundException
RestartGlobal
ReflectGlobal
AddGlobal
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
_Merchant
FlushGlobal
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
m_Prototype
_Singleton
.cctor
LoginGlobal
instance
pol_Low
_Policy
Replace
StopGlobal
RegisterGlobal
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
PushGlobal
FromBase64String
Encoding
System.Text
get_UTF8
GetString
ExcludeGlobal
PostGlobal
selection
StringBuilder
ToChar
Append
ToString
ResolveGlobal
CallGlobal
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
UpdateGlobal
Action
config
InsertGlobal
ConnectGlobal
server
RunGlobal
ConcatGlobal
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
ofnIemiTetaDreffuBlqStneilClqSataDmetsyS20662
Func`5
_Tokenizer
m_Container
m_Getter
_Reader
_Composer
SetGlobal
LoadLibrary
kernel32.dll
EnableGlobal
FreeLibrary
CalcGlobal
GetProcAddress
kernel32
m_Error
MoveGlobal
CompareGlobal
GetDelegateForFunctionPointer
Delegate
CollectGlobal
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
reference
lpBaseAddress
lsgalFsserddAretpadAnoitamrofnIkrowteNteNmetsyS90279
lpNumberOfBytesWritten
exitCode
second
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesredaeHnoitcAyranoitciDredaeHnoitcAslennahCledoMecivreSmetsyS44083
hNewToken
hThread
pContext
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
caller
nCmdShow
m_Service
comparator
issuer
customer
_Property
m_Setter
worker
attribute
system
_Repository
_Token
_Manager
printer
_Instance
m_Utils
m_Process
m_Field
_Collection
_Rules
publisher
_Observer
record
m_Params
m_Item
_Interceptor
m_Creator
m_Bridge
m_Exception
factory
m_State
m_Algo
authentication
CountGlobal
TestGlobal
12CA19C5A087B6E2EACBC59BD273F582C5AAEBBA
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
AqmsMslennahCledoMecivreSmetsyS9056934/HwYnBDYfFwAGCSU0Gg==
AqmsMslennahCledoMecivreSmetsyS90569CI7DQYNJTAIKjEA
MqmsMslennahCledoMecivreSmetsyS9056938jCj0SACkHJQMFClAaEwVUJichFTswET4kPz8RWXc=
NqmsMslennahCledoMecivreSmetsyS90569As/HwYdPjALNRsfBioGHz9WHCgmJVB0
MqmsMslennahCledoMecivreSmetsyS9056934REAd4BAwLOnwYMSUZVA==
MqmsMslennahCledoMecivreSmetsyS90569RQnPgZ5MXccKwsKMVACBQVXB28=
NqmsMslennahCledoMecivreSmetsyS90569iI7MAYnYy0xKxMDCTooOTwIBD4cYT85EWFWcQ==
NqmsMslennahCledoMecivreSmetsyS90569iI7JAYNKjMLXw9DCTQWGQUKGGMcBRUHKQRTOgoID3c=
NqmsMslennahCledoMecivreSmetsyS90569H8jFgANBBQxAHAZCToCEzIzHCYnYSd8
NqmsMslennahCledoMecivreSmetsyS90569H5QVSogAA0INRsmMioGBT8zGBYnYFh5KQsKfA==
MqmsMslennahCledoMecivreSmetsyS90569H4/VjINOjwIOg8YAlB1HAIjHGYhE1B0
NqmsMslennahCledoMecivreSmetsyS90569H5QVSogABEINRsmMioGBT8zGBYnYFh5KQsKfA==
NqmsMslennahCledoMecivreSmetsyS9056934/VjINOjwIOg8YAlB1HAIjHGYhE1B0
NqmsMslennahCledoMecivreSmetsyS90569yE/HAAdYykEKiEKCTUKAg==
qmsMslennahCledoMecivreSmetsyS90569
MqmsMslennahCledoMecivreSmetsyS90569H4/VjV4azAxX3AACTQoGQQJGCQhJVB0
BqmsMslennahCledoMecivreSmetsyS90569hQnCgcgHzweABsAMSNxVA==
NqmsMslennahCledoMecivreSmetsyS9056934BEAB7NjUwABsFNxVxVA==
ofnIemiTetaDreffuBlqStneilClqSataDmetsyS20662
Replace
FromBase64String
GetString
bLifdJRERmIsS
VqmsMslennahCledoMecivreSmetsyS90569FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVJQUd5eDNXQUFBQUFBQUFBQUFPQUFEd01MQVFJY0FFd0FBQUIwQUFBQUFnQUFBQk1BQUFBUUFBQUFZQUFBQUFCQUFBQVFBQUFBQWdBQUJBQUFBQUVBQUFBRUFBQUFBQUFBQUFEZ0FBQUFCQUFBVWxFQkFBSUFBQUFBQUNBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFBQ3dBQUNjQndBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUUwQUFBR0FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFDUXNRQUFHQUVBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFKRW9BQUFBUUFBQUFUQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBR0FBVUdBdVpHRjBZUUFBQUNnQUFBQUFZQUFBQUFJQUFBQlFBQUFBQUFBQUFBQUFBQUFBQUFCQUFEREFMbkprWVhSaEFBQXdCQUFBQUhBQUFBQUdBQUFBVWdBQUFBQUFBQUFBQUFBQUFBQUFRQUF3UUM1bGFGOW1jbUZ0WkJNQUFBQ0FBQUFBRkFBQUFGZ0FBQUFBQUFBQUFBQUFBQUFBQUVBQU1FQXVZbk56QUFBQUFIQUFBQUFBb0FBQUFBQUFBQ
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Tollgate.exe
LegalCopyright
OriginalFilename
Tollgate.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Agent.i!c
Elastic malicious (high confidence)
MicroWorld-eScan IL:Trojan.MSILZilla.2637
FireEye Generic.mg.e7d3f7d73daf1510
CAT-QuickHeal Clean
McAfee GenericRXQE-ZH!E7D3F7D73DAF
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender IL:Trojan.MSILZilla.2637
K7GW Trojan ( 0057fbdb1 )
K7AntiVirus Trojan ( 0057fbdb1 )
BitDefenderTheta Gen:NN.ZemsilF.34218.hm0@aK6eZBj
Cyren W32/MSIL_Kryptik.FNI.gen!Eldorado
ESET-NOD32 a variant of MSIL/Kryptik.ACCF
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Agent.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Trojan.Win32.Z.Agent.128000.ZV
Rising Clean
Ad-Aware IL:Trojan.MSILZilla.2637
Emsisoft IL:Trojan.MSILZilla.2637 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.ct
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData IL:Trojan.MSILZilla.2637
Jiangmin Trojan.PSW.MSIL.cqcl
Webroot W32.Trojan.Agent.Gen
Avira HEUR/AGEN.1144480
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.vb
Arcabit IL:Trojan.MSILZilla.DA4D
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.JPX!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis suspicious
VBA32 TScope.Trojan.MSIL
ALYac IL:Trojan.MSILZilla.2637
TACHYON Clean
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJD21
Tencent Msil.Trojan-qqpass.Qqrob.Amvr
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
eGambit Clean
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.