Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00003964	0x00003a00	6.02327748179
.rsrc	0x00006000	0x000110ec	0x00011200	4.47460853668
.reloc	0x00018000	0x0000000c	0x00000200	0.0815394123432

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00006130	0x00010828	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON	0x00016958	0x00000014	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0001696c	0x00000594	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x00016f00	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

G9]BX

dF:X v

e N3v|a

UYf d0

Ma el|

G9]BX

v4.0.30319

#Strings

ConsoleApp11

ConsoleApp11.exe

QueueMethodWriter

ConsoleApp11.Writers

Object

System

mscorlib

TestSystemInstance

ConsoleApp11.Instances

Visitor

ConsoleApp11.Factories

Rojwowlnakudgrsexk.Resolver

AttributeSystemInstance

Resources

Rojwowlnakudgrsexk.Properties

Settings

ApplicationSettingsBase

System.Configuration

<Module>{0b954346-7ec5-4452-adbb-aff53bfb7d90}

String

CallProxy

JsonConvert

Newtonsoft.Json

DeserializeObject

get_Length

SetupProxy

DateTime

SerializeObject

Formatting

_Proxy

m_Resolver

Boolean

SetProxy

LogoutProxy

config

PushProxy

FindProxy

isitem

updatecaller

_Customer

m_Thread

method

m_Error

strategy

mapper

VerifyProxy

InstantiateProxy

CollectProxy

InvokeProxy

iclose

RemoveProxy

DisableProxy

PatchProxy

QueryProxy

FillProxy

OrderProxy

ReadProxy

ConnectProxy

MoveProxy

CustomizeProxy

CalcProxy

RunProxy

Assembly

System.Reflection

AppDomain

get_CurrentDomain

WebClient

System.Net

DownloadData

TestProxy

Thread

System.Threading

op_Equality

Exception

GetType

ListProxy

MethodInfo

ServicePointManager

set_SecurityProtocol

SecurityProtocolType

GetMethods

MemberInfo

get_Name

MethodBase

Invoke

CountProxy

Encoding

System.Text

get_UTF8

GetBytes

_System

ResourceManager

System.Resources

configuration

CultureInfo

System.Globalization

get_ResourceManager

GetTypeFromHandle

RuntimeTypeHandle

get_Assembly

get_Culture

set_Culture

Culture

defaultInstance

get_Default

.cctor

SettingsBase

Synchronized

Default

m_1f4164c01fab4fc2a46dab864dc5d843

m_1341d7a998134726825ce8ffd183de3b

m_3e67adc82b4d4b68a7dd063a22122e5a

m_4b57832637f54c518c8baac5a41b78bd

m_e2049e14f3e84242be2d21d6e3c93f19

m_e8e81e808ae54d08b9bbeaeb7d9b32c3

m_2560f8964efa470fb4a26b3c666ea8c4

m_0cafd9ad02b745c8971e56a4d476343a

m_7b9a6318a7274def8684cac4005161ef

m_15170a724c7d49798b1e0c69495d5952

m_73377486ad59461e9b7beb0edc01e69a

m_80f7cdf547e748978ef73cedca274567

m_b58a8b1925fb47a9b1589ee91d1260b2

m_e70319079ef642ab932f5e6d79c2368e

m_1cf1d37ecce7491bad68885d8e6bfd51

m_31ce67247d5a4c00876b801a3ffd66a5

m_333378d6c0764af088875e61fb25df8b

m_e669d63ee79d4ddd825a51f5e0413b5e

m_42c886eab12d4d198e88e7202fb24f63

m_8123f3be71be468aae1969cdd5693f55

m_620297b07da34da284a9ce8f20c561d1

m_bba4d2c40f7b4a00962e75d7f4188ccd

m_6b6d743296184f4d95e78c4d1024b17b

m_fededa11f7944705a844aeda87bc0393

m_b8a29fa278eb4809a293d3ec4d3ee53d

m_e63e573d6a2d4352ab435a58fb96cf32

m_be57299dfc3340098f0a9198d551e65d

m_585afc0de12349dd930a7981f580698c

m_16fa0de9c715418498811bc24483f39d

m_9e530b2681bb47e791e7d16e3c917f15

m_f951132f1f624c1fbc256e3815b3d4f6

m_8f678045990b4d3b8ca1fb76e8f01da8

m_cea6c9364052451f99608fcfd2614fe0

m_1d357cbda0e24851bfd22ef7e0b757cc

m_21403c4ea24148fda2d34aaace463628

m_038e19f0cbf3491f85c6014be5fcba6c

m_dfbc7973a73146cebd7f4962e0b1e6c4

m_5f8345a3e394400a81a42168318953f2

m_3688f32f1ac641b3af95803ba66fab1a

m_63f8ae8c26d34937adb9c8f03f5f64e9

m_45f6b46a80274ef0bd40279f32f7cd6a

m_80c60b950aa340d3bd5546abc54146ea

m_89a60375203d4d768581a07c1cedd256

m_364ec97b1e4948de96bf849ddeecfcc1

m_7236cb693f86439e9d8575a7a1e225b7

m_54e8e8642cf14cc0b1ef19e11734ebad

m_77f32fe8498e46198fa4569d359f4df3

m_7659c5ee321248e3957a36f83e622ca5

m_dcdf85f24bbf4679a8107fce39291912

m_6f6aa9ad47be441d8811db19c6bdcf11

m_ee0f0e651a634b638c15eeff6fca5d82

m_6a2bef2d684f41b68aaa5ed88b55a8ab

m_2669c041d81747f9a957919e8545591b

m_d7a7b7ec0c6b47a2977006ff9576c2b5

m_2d1d2aecf070466b8af58978cbbf238c

m_ea79e5d15b7f43ca947a3bbd6cbcc567

m_07d8683390ae41b886b82f30320d7a88

m_ef4dcde76801457a8f68af73022e24cb

m_c3992ad9a46d4f028d368d685278ab0d

m_64d8ba1c9e6a498094cfdeb32b0382b2

m_06f142e7fdee4f79ba7e4fa7e283901f

m_40a3da92cc114e1298e16ad7f2ea3eba

m_af5c95d7908746f5bd0c73ba7aa283f8

m_c528940c724342399d3bcc40c6ef0eae

m_be5e6a1537b6400d9c38032dd3588551

m_65b082d015ce4dafa4cb93edb5170319

m_59748138d0184a018f4b8baad47f94c9

m_3ad10ae0ca3847b0aa110eb7ecf466fd

m_b6b500c9eddb4ec199b84e06bc077668

m_aabd5007b698492392f2afafd0acb725

m_0d3fdebd412e4601a53ee5f5af7bed53

m_ed11c6ff83f54398bd6c49121e013e3e

m_4501134424754f3f874b66c1c307be8f

m_d1c1a6c22cb6434fbea67850f24ffb0b

m_b8f2517de31b46f3ae67d739d4a9b08c

m_3b376441f981483a8eaf4b29443317d7

m_92b626c7dba24e37a9fade483a530abf

m_27046aa69ccf472789d50743bbc2ce09

m_f098aba2565e415bba0b888a1542c604

m_03f72fb11c6743c1b3f0254209c70524

m_069d6d491b7a4e338341b3e645643270

m_a90ad488a1ef42759f2a0b186a6e6024

m_c052d554b2db41bdb57dd4935b7e63d5

m_27578d9d5fdd4f76b3e34bbd218252bf

m_d444762971a94d98ac20247b173edf15

m_72892aa0561b48d8aa207484f0fd5559

m_b2e8d819e1b446e09d1b8b33eed67113

m_be6cb643f5f04f2db68f6a37ee639c0c

m_6e7d01ab622044e09b435437db6cf0ae

m_4f0bbb113e5e46e7b99f7b7afb47d316

m_392d04e8979344b38bdfea60628cf043

m_021ab48b48e3440f96daa1ea1070c181

m_2583915f263949008fe7deacd907abaf

m_a842f6895c354b86bf409d82ba85e4d9

m_c8f52c8d3eca4320b21dc1c66668cef1

m_36668b7694cf4f62be797b9913688ae6

m_47838b09fd7f4749a1709458fe98acb4

m_17477b860e9548f88e4d6e705c507a7d

m_5c6dc6c16b8e41e18b7f00ffb7df9280

m_cfb114755af8457782163aa1d31e69d6

m_de1a16c462d94215b10e7983398e213f

m_cdbdb52d342b415ab4fed1102a20b9b1

m_eeb0e6f355c64328b3fe4a337fe73585

m_ec9c301f96e34dda8532319263524572

m_8cded3c672ee49008633117e5ef57e4c

m_296260093053401fac51fab3c4760f89

m_0a184bd29f8e4d37aab2d2744e4cda20

m_bab35848fff74acab5f98bdabe2a4773

m_5411c98080804281995fc451df125399

m_26998154e7b74f3790d2b89d2710b064

m_b22cb77032c74401b4282e03865d1072

m_f719fb883b2f4120988011c22bb12e8e

m_45d9c630ed5345edba2b383e86228445

m_445d8342e62f4eb0929fc43b23e4fa1d

qbcac2c67f911493db63a4fed54742aad

ExtensionAttribute

System.Runtime.CompilerServices

System.Core

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

DebuggableAttribute

System.Diagnostics

DebuggingModes

AssemblyTitleAttribute

AssemblyDescriptionAttribute

AssemblyConfigurationAttribute

AssemblyCompanyAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyTrademarkAttribute

ComVisibleAttribute

System.Runtime.InteropServices

GuidAttribute

AssemblyFileVersionAttribute

TargetFrameworkAttribute

System.Runtime.Versioning

STAThreadAttribute

CompilerGeneratedAttribute

JsonConstructorAttribute

JsonPropertyAttribute

GeneratedCodeAttribute

System.CodeDom.Compiler

DebuggerNonUserCodeAttribute

EditorBrowsableAttribute

System.ComponentModel

EditorBrowsableState

Rojwowlnakudgrsexk.Properties.Resources.resources

WrapNonExceptionThrows

<hide.me VPN Setup

<eVenture Limited

<hide.me VPN

$eda22b6c-0406-4a30-80ad-3b3878de0004

3.9.1.0

.NETFramework,Version=v4.0

FrameworkDisplayName

.NET Framework 4

3System.Resources.Tools.StronglyTypedResourceBuilder

16.0.0.0

KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator

11.0.0.0

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

_CorExeMain

mscoree.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

"UserName": "domain\\username",

"Enabled": true

Aaron Account

DateTime@example.com

https://store2.gofile.io/download/8807a0b1-f9b5-48ac-87e5-cf486c3e85ef/Fslgxxtdiisbahtrjbhik.dll

StkTdBu1e8hXk2LqwMP.F9Id7fu2wD2rB7PepQH

aj2uxwbCOr

Qphcjrkzqp

Rojwowlnakudgrsexk.Properties.Resources

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

hide.me VPN Setup

CompanyName

eVenture Limited

FileDescription

hide.me VPN Setup

FileVersion

3.9.1.0

InternalName

ConsoleApp11.exe

LegalCopyright

LegalTrademarks

OriginalFilename

ConsoleApp11.exe

ProductName

hide.me VPN

ProductVersion

3.9.1.0

Assembly Version

3.9.1.0

Antivirus	Signature
Bkav	Clean
Lionic	Clean
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CMC	Clean
CAT-QuickHeal	Clean
McAfee	Artemis!BE89EEF16C6B
Malwarebytes	Clean
VIPRE	Clean
Sangfor	Clean
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Clean
K7GW	Clean
K7AntiVirus	Clean
Baidu	Clean
Cyren	W32/MSIL_Kryptik.FVA.gen!Eldorado
Symantec	MSIL.Downloader!gen8
ESET-NOD32	Clean
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Clean
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
MicroWorld-eScan	Clean
Rising	Clean
Ad-Aware	Clean
Sophos	Clean
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.be89eef16c6bff3a
Emsisoft	Clean
SentinelOne	Static AI - Malicious PE
Jiangmin	Clean
Webroot	Clean
Avira	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft	Clean
Arcabit	Clean
ViRobot	Clean
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Clean
TACHYON	Clean
AhnLab-V3	Clean
Acronis	Clean
VBA32	Trojan-Downloader.MSIL.gen
ALYac	Clean
MAX	Clean
Cylance	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
Yandex	Clean
Ikarus	Clean
eGambit	Clean
Fortinet	Clean
BitDefenderTheta	Gen:NN.ZemsilF.34218.fm0@a82EK!n
AVG	Win32:DropperX-gen [Drp]
Avast	Win32:DropperX-gen [Drp]
MaxSecure	Trojan.Malware.300983.susgen

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports