popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2042-04-18 15:43:26

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00068d94 0x00068e00 3.74078812237
.rsrc 0x0006c000 0x00010ba0 0x00010c00 4.57978188446
.reloc 0x0007e000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0006c120 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x0007c948 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0007c95c 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Adhibit
Adhibit.exe
<Module>
Adhibit.Descriptors
Object
System
mscorlib
SchemaState
Adhibit.States
<>c__DisplayClass2_0
IndexerObjectLicense
Adhibit.Licensing
Observer
Adhibit.Common
<>o__4
FilterInitializerExpression
Adhibit.Expressions
<>o__5
ObjectInitializerResolver
Adhibit.Resolver
Property
AccountMappingDescriptor
GlobalObjectLicense
MulticastDelegate
ServiceObjectLicense
RepositoryObjectLicense
UtilsMethodTemplate
ManagerObjectLicense
RoleState
Struct
Tokenizer
MessageVisitorListener
ClientVisitorListener
FacadeInitializerExpression
PublisherState
ValueType
Product
Producer
MockInitializerExpression
BaseInitializerExpression
Account
Consumer
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=412364
RemoveAlgo
String
EntryPointNotFoundException
SetupAlgo
SetAlgo
SortAlgo
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
m_Client
LogoutAlgo
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
object
_Mapping
.cctor
CloneAlgo
pol_ID
_Method
Replace
MapAlgo
StartAlgo
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
WriteAlgo
get_Length
FromBase64CharArray
Encoding
System.Text
get_UTF8
GetString
GetAlgo
prototype
m_Param
DisableAlgo
StringBuilder
get_Chars
Append
ToString
ConnectAlgo
PublishAlgo
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
VisitAlgo
Action
reference
CountAlgo
OrderAlgo
_Candidate
RestartAlgo
ReadAlgo
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
rotpeccAretpadAmargataDtupnIretpadAmargataDslennahCledoMecivreSmetsyS23696
Func`5
Func`6
GetMember
m_Rules
_Mapper
worker
_Iterator
dispatcher
m_Request
identifier
m_Class
m_Stub
TestAlgo
LoadLibrary
kernel32.dll
ReflectAlgo
FreeLibrary
SearchAlgo
caller
GetProcAddress
kernel32
m_Importer
CalculateAlgo
ResolveAlgo
config
GetDelegateForFunctionPointer
Delegate
CheckAlgo
writer
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
visitor
lpBaseAddress
llennahCnoisseSxelpuDtropsnarTtekcoSbeWslennahCledoMecivreSmetsyS98818
lpNumberOfBytesWritten
exitCode
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcessgalFsserddAretpadAnoitamrofnIkrowteNteNmetsyS25676
hNewToken
second
hThread
pContext
counter
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
instance
nCmdShow
m_Factory
m_Descriptor
m_Parameter
m_Definition
m_Server
m_Resolver
bridge
interceptor
_Decorator
m_Adapter
m_Interpreter
specification
_Proccesor
_Instance
m_Tests
m_Record
m_Reponse
_Comparator
process
_Order
registry
m_Exporter
m_Info
_Issuer
_Helper
template
creator
m_Singleton
configuration
m_Attr
m_Strategy
m_Status
m_Message
ForgotAlgo
IncludeAlgo
45D7910B8990DB48A544E91BF4765FBFC8F21163
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
MredaeHetaDsredaeHpttHteNmetsyS48020EohDDY+DB8FCRoEMBYABA==
MredaeHetaDsredaeHpttHteNmetsyS48020xYlHjYULRkSNCsC
AredaeHetaDsredaeHpttHteNmetsyS48020Es9GQ0LCAAdOxkHM2MuDRZkPy8IDyUqEwcXCyECaW4=
BredaeHetaDsredaeHpttHteNmetsyS48020z8hDDYENhkRKwEdPxkyASxmBSAPP05u
AredaeHetaDsredaeHpttHteNmetsyS48020EoPAzdhDCURJGYaCBYtSg==
AredaeHetaDsredaeHpttHteNmetsyS48020iA5LTZgOV4GNREICGM2GxZnHmc=
BredaeHetaDsredaeHpttHteNmetsyS48020RYlIzY+awQrNQkBMAkcJy84HTY1eyEjE1hlRQ==
BredaeHetaDsredaeHpttHteNmetsyS48020RYlNzYUIhoRQRVBMAciBxY6AWs1HwsdKz1gDhQbP24=
BredaeHetaDsredaeHpttHteNmetsyS480200s9BTAUDD0rHmobMAk2DSEDBS4Oezlm
BredaeHetaDsredaeHpttHteNmetsyS480200pORho5CCQSKwEkCxkyGywDAR4OekZjKzI5SA==
AredaeHetaDsredaeHpttHteNmetsyS480200ohRQIUMhUSJBUaO2NBAhETBW4ICU5u
BredaeHetaDsredaeHpttHteNmetsyS480200pORho5CDgSKwEkCxkyGywDAR4OekZjKzI5SA==
BredaeHetaDsredaeHpttHteNmetsyS48020EohRQIUMhUSJBUaO2NBAhETBW4ICU5u
BredaeHetaDsredaeHpttHteNmetsyS48020BUhDzAEawAeNDsIMAY+HA==
redaeHetaDsredaeHpttHteNmetsyS48020
AredaeHetaDsredaeHpttHteNmetsyS480200ohRQVhYxkrQWoCMAccBxc5ASwIP05u
NredaeHetaDsredaeHpttHteNmetsyS48020SA5GTc5FxUEHgECCBBFSg==
BredaeHetaDsredaeHpttHteNmetsyS48020EofAzBiPhwqHgEHDiZFSg==
rotpeccAretpadAmargataDtupnIretpadAmargataDslennahCledoMecivreSmetsyS23696
Replace
FromBase64CharArray
ToCharArray
Length
GetString
QxwuTSZlHsSqj
VredaeHetaDsredaeHpttHteNmetsyS48020FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQU04NjBab0FBQUFBQUFBQUFPQUFBZ0VMQVRBQUFLd0JBQUFNQUFBQUFBQUFKcklCQUFBZ0FBQUE0QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBZ0FnQUFCQUFBY3NnQkFBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFOU3hBUUJQQUFBQUFPQUJBTndFQUFBQUFBQUFBQUFBQUFDOEFRRGdDQUFBQUFBQ0FBd0FBQUM0c1FFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFyS29CQUFBZ0FBQUFyQUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU53RUFBQUE0QUVBQUFnQUFBQ3dBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUFBQ0FBQUVBQUFBdUFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
FILE_TYPE_EXCEL_ICON_130611(
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Adhibit.exe
LegalCopyright
OriginalFilename
Adhibit.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Stealer.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.78553
FireEye Generic.mg.fd7d8966e180f510
CAT-QuickHeal Trojan.Agenttesla
McAfee GenericRXQI-MY!FD7D8966E180
Malwarebytes Malware.AI.4228839334
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005888331 )
BitDefender Trojan.GenericKDZ.78553
K7GW Trojan ( 005888331 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.34218.Em0@aG5BqAh
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ADAC
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKDZ.78553
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition GenericRXQI-MY!FD7D8966E180
CMC Clean
Emsisoft Trojan.GenericKDZ.78553 (B)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKDZ.78553
Jiangmin Clean
MaxSecure Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=89)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Generic.D132D9
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.DAC!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4631810
Acronis Clean
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKDZ.78553
TACHYON Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJB21
Tencent Msil.Trojan-spy.Stealer.Efur
Yandex Trojan.Kryptik!G2xM7BlqE5g
Ikarus Trojan-Spy.MSIL.Agent
eGambit Unsafe.AI_Score_100%
Fortinet MSIL/Kryptik.ACCF!tr
Webroot Clean
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
No IRMA results available.