popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2086-12-12 22:11:14

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00002370 0x00002400 5.60601250599
.rsrc 0x00006000 0x000110d8 0x00011200 4.4739229907
.reloc 0x00018000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00006100 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00016938 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001695c 0x0000057c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00016ee8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>9__0_0
<Main>b__0_0
<>f__AnonymousType0`1
EqualityComparer`1
CustomCreationConverter`1
leApp14
get_UTF8
<Module>
DownloadData
ObjData
mscorlib
Qxybyfpwmqpynnghwb
System.Collections.Generic
Thread
Synchronized
<Name>i__Field
<JobTitle>k__BackingField
<LastName>k__BackingField
<FirstName>k__BackingField
<BirthDate>k__BackingField
<OnLoadFunction>k__BackingField
<OnUnloadFunction>k__BackingField
<Department>k__BackingField
defaultInstance
GetHashCode
set_Mode
CipherMode
Employee
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
Console
get_JobTitle
set_JobTitle
get_Name
get_LastName
set_LastName
get_FirstName
set_FirstName
DateTime
WriteLine
SecurityProtocolType
DeserializeAnonymousType
objectType
GetType
System.Core
get_Culture
set_Culture
resourceCulture
ApplicationSettingsBase
Dispose
get_BirthDate
set_BirthDate
Create
DebuggerBrowsableState
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
leApp14.exe
System.Threading
Encoding
System.Runtime.Versioning
ToString
Formatting
ComputeHash
TransformFinalBlock
ObjOek
System.ComponentModel
set_SecurityProtocol
Program
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
resourceMan
System.Configuration
System.Globalization
System.Reflection
get_OnLoadFunction
set_OnLoadFunction
get_OnUnloadFunction
set_OnUnloadFunction
Exception
Newtonsoft.Json
ToPerson
CultureInfo
MemberInfo
Newtonsoft.Json.Linq
<Name>j__TPar
InvokeMember
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
IFormatProvider
Binder
GetBuffer
buffer
get_ResourceManager
ServicePointManager
System.CodeDom.Compiler
JsonConverter
PersonConverter
.cctor
CreateDecryptor
System.Diagnostics
ExtensionMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Qxybyfpwmqpynnghwb.Properties.Resources.resources
DebuggingModes
Qxybyfpwmqpynnghwb.Properties
GetExportedTypes
GetBytes
BindingFlags
JavaScriptSettings
Equals
Newtonsoft.Json.Converters
Format
SerializeObject
DeserializeObject
System.Net
get_Default
WebClient
get_Department
set_Department
ThreadStart
JsonConvert
get_Butt
System.Text
set_Key
System.Security.Cryptography
get_Assembly
WrapNonExceptionThrows
Feature
code control flow obfuscationT
Exclude
Feature-rename symbol names with printable charactersT
Exclude
Feature
string encryptionT
Exclude
Feature,type renaming pattern 'Qxybyfpwmqpynnghwb'.*T
Exclude
<hide.me VPN Setup
<eVenture Limited
<hide.me VPN
d
$0fb0ddf1-2fc5-4912-a910-ab54b9c0841d
3.9.1.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
{{ Name = {0} }}
https://store2.gofile.io/download/08eba3f1-0989-4fd5-8cd1-222f528e1c52/Ltcpudmxyyu.dll
SjKcxTLLW9
'Department': 'Furniture',
'JobTitle': 'Carpenter',
'FirstName': 'John',
'LastName': 'Joinery',
'BirthDate': '1983-02-02T00:00:00'
{'Name':'James'}
{'Name':'Mike'}
OnLoad
function(e) { alert(e); }
Dqcihratfrkjsnvvv
Qxybyfpwmqpynnghwb.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
hide.me VPN Setup
CompanyName
eVenture Limited
FileDescription
hide.me VPN Setup
FileVersion
3.9.1.0
InternalName
leApp14.exe
LegalCopyright
LegalTrademarks
OriginalFilename
leApp14.exe
ProductName
hide.me VPN
ProductVersion
3.9.1.0
Assembly Version
3.9.1.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.9debb9
Baidu Clean
Cyren W32/MSIL_Kryptik.FVA.gen!Eldorado
Symantec Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.JDX
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownLoader43.47658
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Trojan-Downloader.MSIL.gen
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.34218.em0@aKl9KDo
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (W)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.