popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2104-02-23 12:47:42

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003c94 0x00003e00 6.0165861124
.rsrc 0x00006000 0x00010f10 0x00011000 5.16159217381
.reloc 0x00018000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00006130 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00016958 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001696c 0x000003b6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00016d24 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
e _xy a
G9Wa T{
Ma WBb
Y $V4/a
b Mp^ja
Ha M&l<a
Zj_= vL
f SFT.a
f SFT.a
v4.0.30319
#Strings
BLL_3605800091212
BLL_3605800091212.exe
<Module>
Manager
BLL_3605800091212.Wrappers
Object
System
mscorlib
FilterSpec
Wxlzgb.Specifications
Identifier
BLL_3605800091212.Resolver
DecoratorAdvisorFactory
BLL_3605800091212.Factories
Resources
Wxlzgb.Properties
Settings
ApplicationSettingsBase
System.Configuration
<Module>{740658e4-4981-4e7c-88a3-1964ebdfe607}
String
ParameterizedThreadStart
System.Threading
IntPtr
Thread
Console
WriteLine
CloneManager
JsonConvert
Newtonsoft.Json
DeserializeObject
Exception
get_Message
JsonSerializerSettings
set_ConstructorHandling
ConstructorHandling
PostManager
SetManager
List`1
System.Collections.Generic
ServicePointManager
System.Net
set_SecurityProtocol
SecurityProtocolType
GetDomain
AppDomain
WebClient
DownloadData
Assembly
System.Reflection
GetExportedTypes
AddRange
IEnumerable`1
SearchManager
Enumerator
GetEnumerator
get_Current
InvokeMember
BindingFlags
Binder
MoveNext
Boolean
IDisposable
Dispose
StopManager
IEnumerator`1
IEnumerator
System.Collections
set_ObjectCreationHandling
ObjectCreationHandling
Auckland
m_Exception
m_Proccesor
IList`1
AddManager
AwakeManager
IncludeManager
InitManager
GetManager
Encoding
System.Text
get_UTF8
GetBytes
UpdateManager
DisableManager
ArgumentNullException
_Interpreter
ResourceManager
System.Resources
CultureInfo
System.Globalization
get_ResourceManager
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
get_Culture
set_Culture
Culture
defaultInstance
get_Default
.cctor
SettingsBase
Synchronized
Default
m_ca900b0afd744d45a5b66fd21f9682d5
m_2683fd1569684d72996b6c62288c7457
m_dfda6c088cfe40a68daa13c91f0f8216
m_7c49d473737d43d6a9b5ec56a8e25a89
m_9847836fad7f47419f543e0b93f9cfab
m_384a06cb9ffd4dc2bad210898ffeb156
m_573be724a71e4c45bc1cae1707a183a0
m_d3cfb35fcc0e438a9720d40f9436e22a
m_c7214cade2a24367ba56f376bb171420
m_1a4a550c54264e0ab6c3027191c1f174
m_beacaf1e3f03437db069bc085526c961
m_a1dc2d7842114e35a889449ca9712fd3
m_0dca973cc0da4109a3eeebd26426c45f
m_8fcb58ca0a95408b87074c7cf7303951
m_d66c255a48e44df28c9e50c48e47d227
m_c88f9934c4c5434ea470d7b241846315
m_faf90401e81c419f84103c7f0e5ed026
m_9876725cc7e3465ba3e8308c75d0be70
m_ddf069d3ac0a4a2a9aa63e2f7dbba597
m_74b1caceba3a476c9ef6b43d863e205a
m_23669a782857428fb1c5e7b2956297f1
m_5ed981d1873f47e780da7e2a38d70203
m_7973a44c0e7948ebaa7b7cba065877cb
m_28471c99b1454d1b959188d95ea4deb3
m_3051cf37753d4ec4a3223f7db11953a9
m_221d6388b9894902907cc638181caf0e
m_6f1c35dc12604242ba85ee5fb9060a66
m_3f0c40b548194c038264a6f2f666ced1
m_d166efd9510f431d88a0de44703c88d3
m_3d611120c0014416b4fff758624293f6
m_5a953cfdf95f423ab1183779abc3d4ba
m_ee4a33924e7a40998f202a86eee7333e
m_ac659e2c45e64b6eb2192ebe6ef73fc8
m_7d526cb4b5924ee8a9ba37443eb7a398
m_4aaa9cad14bc4af9a4c9edb695410388
m_b00f01a54faa4ca48ea3d3057d5ea55e
m_11cb93b8ff734873b56216d46a6828f9
m_aa8cd43237fb4262996ff0bc8549afec
m_b125518cfb8d4486a25dca9be969e75f
m_f88cecd2d3c0417f827296e90878e4e2
m_f3db839ebafb4aa3816a1674bf46d3e2
m_abca31b947274ddc8a82ca25ab8e81df
m_1eae1816851c40679766c7e7ce46a129
m_d44c9028ec4543b485e8b92c6e452132
m_69998e87ccc8476d9545be134e6a0fb8
m_e41396747a8e4cfea76b5232aab8f2ca
m_dce6bcd739514652ae58e160f52ec638
m_1547a82de5d848268b8167923292bf0f
m_a1af838c728b45e39be7712b53cb1bd9
m_d7031ff03b35477492761b950277f6f3
m_267a913cd7444bdf9499079b3d2a2273
m_30685574bb7543e584ecb21dd59cd55d
m_72282365525042f19d95828d079c14b4
m_e837b3d9e49a438ebf9a32ff3624fea2
m_87f5581647784b5faae7ff4db30018de
m_66e19b424304483693b61ec28a0176de
m_1904e7e19dbb4562aff1befffa9e1188
m_05933768b590451fb948bd8b8a76c10f
m_d14ef7264a8f42968a0e7e942c410d4a
m_68ad4a72cfaf4b428eaf7ab91d153386
m_9d3239c3400d430e94630b12d5c7c419
m_19275649ad9d4a9c8cee07d78bff83ce
m_aeeecc9c1b5e454181bfb4521d8bd1a9
m_2d47865dd6cb4cb98a7773c2d8eddd3d
m_da0b0c27e8da47df81dc4e54ec31e541
m_0e81931ab31c4c8c8f99a5cc4c2d1404
m_6fd070543bbd4f3982eac3e86ec1e5a3
m_3b4b55f250e1413fbfe9fe2a0027290b
m_ad55f9713c3d4cdd9820211c40fe9b46
m_4d8d2c7a2b194a6182d37a9c778dc9ea
m_1093fb802eba43b09ed331e6e08b3a50
m_1ddf5f64e4474261b8bbe0e77aa6a5ff
m_f943c78d1aa041bbb23e90ccade1263c
m_93d1ecdcf5b845d9afd4b631db6aedbb
m_2d9340b9c06845b19a1cf7984810a4e8
m_165bf3a94fcb41a4b1773e1777198c42
m_0e2e72faffd24caf92dc7fdeeb556520
m_d9f5b009892049b5a7c6be0b4aed3b6a
m_f3a9c30cca7f412394c16b3e08d96797
m_2d055098958b4cb6939ff485ea27ccc9
m_c5f382233772430cac2229f189d858f4
m_81da3bd1ccc746caa7901bbedafc7dd3
m_314c4c403bb247a88b877f2d790af44e
m_c3ad9f6b4fb946499035001a58a69a81
m_f4ab545c104f4803bd5b3b81f85e19f9
m_9d488132fc8642fe91b8a06bd8faa8c7
m_f7a6ce3c1178441e876dc0821530de5f
m_a270204d521c44fcbddc5fbbbc2bcaf4
m_8592d1230e1149f482b2e9d9792cbe2e
m_dd5671de8b62496db15cd978cdda5ca6
m_e9387bda01a44f288c12a2084436279b
m_01fcf4d43b7f48f688f0e13784f6bd9b
m_6125f7af09f94af19c497b650cc702bf
m_238f0b3630644a9ea11bcb6358be2d49
m_05d7fa3a463544a89a1277872e4cdba8
m_26306a9a98db44f1914268bb0a79364e
m_88d9d96a91394d8983b5578f9dfeb5fc
m_4f3397f74fb2456998ac9b37af3cdf9d
m_c5b7944e55fe4fb4b3da843bfb95db5b
m_02d32f0392374645bd5abc72076f15e5
m_eb1c7d5178164da78960513a2e55192e
m_16e682f81e8a41edaa66b3b22874c654
m_dc4ecfcd39cb419692cc57dc65019b54
m_a0183819e61d436eaace4c4df443acbc
m_6ce56d42ebaa480e845fdd2f8f9f0311
m_6ed66c1145804035abc339b8fdabab45
m_972590f4ec434d1295e005bc0ae31637
m_4e9386ac73e044639675cc0bc1c734c5
m_902781cc2c9b4c5fbebdd2749f8215df
m_3904831db47c412ea20326f5f73f7a8e
m_fa78f542610c45af953d183831f660c9
m_573d828fb0384555b38e9fe97fbd1b9e
m_246198746c2e4dc3ad098f7d37dd0191
m_c3e183a5a0fe46c585966f5dc5629932
m_2a07d45d9431499686dfb495c518f6b3
m_4dca75a2c93c4ccbb2ebb21a2f32642c
m_3959d9c13e2e4173bda9f160b46ef6f1
m_2531b1902f534dd59a24edf2595c64d2
m_6a511d8c0b34466d8bafbe1f75aba54a
m_b44908f8761d4a9091bb63f5a1bf65d7
m_7953d9e9249f4f058eb37b8c27d96a58
m_c8f1541a619446fba8d92fe6aebdf735
m_6f8d5dcec4474e82869a66bcae6ed0f9
m_db307601532b4a249c12806f93341267
m_14df5785e7f84cc88c436b755f042cf6
m_88650997c4e943beb94aaec2590ebd85
m_199963289f474ccead84b8f10d51969b
m_c3d2e982292344e1bf35ab7741fc7cd6
xdf463d5eaeb542689cbab3b13512838b
ExtensionAttribute
System.Runtime.CompilerServices
System.Core
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
Wxlzgb.Properties.Resources.resources
WrapNonExceptionThrows
WinRAR archiver
Alexander Roshal
WinRAR
'Copyright
Alexander Roshal 1993-2019
$2d9436c1-3e83-4dbc-a70e-13f59235757d
5.71.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4A
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
90!U?4#
NA+|PD.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
{'Url':'http://www.google.com'}
https://store2.gofile.io/download/f9bf4a66-3371-4133-8e18-24107236761e/Ruqkwagyqbeobzsmhd.dll
d1RqLQpY6E
'Name': 'James',
'Offices': [
'Auckland',
'Wellington',
'Christchurch'
Auckland
Wellington
Christchurch
Fvriyqbzhjmq
website
Wxlzgb.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
WinRAR archiver
CompanyName
Alexander Roshal
FileDescription
WinRAR archiver
FileVersion
5.71.0.0
InternalName
BLL_3605800091212.exe
LegalCopyright
Copyright
Alexander Roshal 1993-2019
LegalTrademarks
OriginalFilename
BLL_3605800091212.exe
ProductName
WinRAR
ProductVersion
5.71.0.0
Assembly Version
5.71.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.8a5336e1f45a85b0
CAT-QuickHeal Clean
ALYac Clean
Cylance Clean
VIPRE Clean
Sangfor Clean
CrowdStrike Clean
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren W32/MSIL_Kryptik.FVA.gen!Eldorado
ESET-NOD32 a variant of MSIL/Kryptik.ADFA
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Trojan-Downloader.MSIL.gen
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet MSIL/Kryptik.ADFA!tr
BitDefenderTheta Gen:NN.ZemsilF.34218.fm0@aSSW!dp
AVG Win32:CrypterX-gen [Trj]
Avast Win32:CrypterX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.