popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2042-02-15 09:28:24

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000047b4 0x00004800 6.10328045759
.rsrc 0x00008000 0x00010f20 0x00011000 5.1619751916
.reloc 0x0001a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00008130 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00018958 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001896c 0x000003c6 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00018d34 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
]-/O
j"e ^/
D 9_Z|X
D 9_Z|X
PUX GU
j"e ^/
Y 9osNa
\X uQ@Wa
j"e ^/
XX _x#Pa
v4.0.30319
#Strings
IMG_7845120000130853
IMG_7845120000130853.exe
<Module>
<>f__AnonymousType0`1
Object
System
mscorlib
Listener
IMG_7845120000130853.Authentication
Specification
Jvnxmqygl.Composer
DispatcherHelperState
Jvnxmqygl.States
ExceptionCollectionConfig
IMG_7845120000130853.Configurations
Property
Jvnxmqygl.Dispatcher
Reponse
IMG_7845120000130853.Resolver
CustomCreationConverter`1
Newtonsoft.Json.Converters
Newtonsoft.Json
Resources
Jvnxmqygl.Properties
Settings
ApplicationSettingsBase
System.Configuration
<Module>{ae119341-decf-4e49-9704-8b48db0aa53f}
<Name>i__Field
CalculateMap
get_Name
Equals
Boolean
EqualityComparer`1
System.Collections.Generic
get_Default
GetHashCode
ToString
String
Format
IFormatProvider
CollectMap
PopMap
<Name>j__TPar
StopMap
ThreadStart
System.Threading
IntPtr
Thread
RunListener
Exception
ReadListener
WebClient
System.Net
DownloadData
TestListener
Assembly
System.Reflection
ServicePointManager
set_SecurityProtocol
SecurityProtocolType
SetupListener
InvokeMember
BindingFlags
Binder
PopListener
JsonConverter
JsonConvert
DeserializeObject
GetType
MemberInfo
Console
WriteLine
InstantiateListener
DeserializeAnonymousType
CompareListener
Newtonsoft.Json.Linq
SerializeObject
Formatting
ConnectMap
DestroyMap
GetExportedTypes
MoveMap
ExcludeMap
CallMap
m_Class
m_Task
.cctor
DestroyListener
_Facade
_Reader
ResolveMap
ResetListener
CalculateListener
InvokeListener
CollectListener
InvokeMap
CustomizeMap
InsertMap
CancelListener
RegisterListener
TripleDESCryptoServiceProvider
System.Security.Cryptography
MD5CryptoServiceProvider
Encoding
System.Text
get_UTF8
HashAlgorithm
ComputeHash
ICryptoTransform
TransformFinalBlock
SymmetricAlgorithm
set_Mode
CipherMode
IDisposable
Dispose
VerifyMap
GetBytes
CloneMap
set_Key
InterruptMap
CreateDecryptor
FillMap
GetMap
RestartMap
m_Callback
DateTime
CancelMap
CustomizeListener
ExcludeListener
InitListener
WriteListener
VisitListener
SortListener
MapMap
FlushMap
m_Policy
_Worker
OrderMap
VerifyListener
ComputeListener
RateListener
LoginListener
ReflectMap
LogoutMap
Create
container
ResourceManager
System.Resources
collection
CultureInfo
System.Globalization
AwakeMap
get_ResourceManager
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
get_Culture
set_Culture
RunMap
ValidateMap
Culture
defaultInstance
CreateMap
SettingsBase
Synchronized
DisableMap
ForgotMap
Default
m_971a647f48dd44e089e7a9a4c2b1ae87
m_0851f599f8744642b606b1c225d23d77
m_f85b57a83fef4cfeaf77c2a4e2492219
m_d215d14b1721485bb463e31deff43e75
m_4cbaedb8944a4ea7acca01024d6b265c
m_449968d1f2534675a67ee414a805a18e
m_839ef2abfb4640dea3880997bd2575d6
m_ae994dc560aa4b6ab777dbf96793244f
m_7f6e21e2d6a743d49b622492c3e0a615
m_f8e406ef8690412ab936837c152b52a0
m_bfb6f93a1d5e4768a2cb490d363fe54b
m_94524f1ede7a4b5d97d51af8bc94c08e
m_6823f71f83ee423980d6d6821935f790
m_cbe1e982eecb431da0dfedce3b340c0f
m_4c4b760072ff47aaaf33574acd94afa6
m_e5ccb6e648bb4edfa2f801516cec2d13
m_88c539ad5acc4c92b5dfa6efef4dabeb
m_d06998f9950744228c5c42e028f1ac5c
m_70d7bb84e3a04a3685d3d22c1cd2f9b5
m_928d5195cafd4a17bda67b6c8d77ff15
m_213fb0d7ed0c467bbafc4d001a0dc11d
m_dfc66b3aa827487bba342366bd2f83f0
m_40bc56bdc08e4a4c82e917d6b43866d6
m_6f12d7ce942843a3996d79db88b92e60
m_07f12b555b394a12b50bb42a85f00bd9
m_2e9e1b75fa4c4cc09d221c655ee32f2a
m_9deafe9095d248979bf23625d7054f81
m_34dac8bddd5d4f89a9377f49196f1471
m_ad07f6b284a743c9b51f01894004d0bd
m_bb8ec6113eae4dab90384316b32ce07c
m_028de4a91a244c97a35a06d6c5ea224e
m_1c9d3d05d9ac428da38006823c918d31
m_bdef231c1ee243459af6f29ddf2980f4
m_5e03b91926c744a485294a2b7f40cfae
m_bfc4ed3cd9a14d61861ff5006157b04d
m_275126e439f0405ca27c36530da40180
m_8ac0801bb6e44b8b9a7be8ff301252a6
m_b04adfe0964045f08eb49f628af06029
m_ace2d209a7de4b198539706c237589f3
m_dc1920dc91b74c9b88854e40f485fb3e
m_97d9c4836f6a4ea0a015d815504b0230
m_1878152eb3d4440fb8471225f9c23471
m_8b74efc5a8a74b6e8d6aaa556c428acf
m_ebfc5a51b1144f6c9d0dfb631d41da95
m_b1b6526b87ea4ab9bf56909356182af5
m_5b8aaabf4c09430792fa8c9b3405f039
m_1d10737e87134c81b36b28f588706bdb
m_9d190b8b6664420089f6a9e77fd34a8b
m_f4f28dae468f4687baf233c964ff11ad
m_35d1959056c7405aa316461077daf091
m_90127986570a458fb112ce1026eedfc5
m_40feff37d29f4ff888777e8a333394d4
m_8c4b2194b1564dbd8715d7b4be67ba8b
m_d26498b20bea47bc81601287f9b2a855
m_628fd98bac13447989c3783a32d82170
m_fc1748724a014499845c5158fc05ba71
m_255c7017d6354d4480a5f9f8f8594ee9
m_e7cc1b8cce274ef8a1ca279b1c36e292
m_73a29220ace840608358d762edd5a151
m_23e661c88c4c4861ab1269df858c48e3
m_19d323270cef444a85cd11d223a37d1d
m_1f4aba29e48e46d6b3c381c791a1c901
m_5864136b68304fada77b49e9263484b5
m_e05f95b9efb44b1989daa25a1c573131
m_b479c23466a44bbcb9e3a5b544378ffe
m_3194de8b57924a51b866419eae55f854
m_1de78e24b8e841069b5fe7e3252eaf3e
m_3f8652f930c44a9b829267a42ce2a1d2
m_4ad2d998323a4bbb885fad770f7dbfd5
m_1f7d3fa60be04be191c96cb310d136e6
m_d926799696364ee5802dec06ef344a1e
m_d1c3e90179fa4ef0981de3e3b72ca926
m_43af95f7c40b4a8cbdda474b8eae68ff
m_688d6940a7e2433389087422f8bf584c
m_d79e47ae534e4931915c4b02e4dda607
m_b5cf84249f204e3684c1645a3be9657b
m_13e1d9b114204af3b6b1b27935574a3b
m_f2e1cd21e1d14b908826b01083105972
m_4d5093df34e2410ca29c2c9a6e4543a2
m_91e4dfcfc0744de5895b989e47d62205
m_4daefe79bb4f43f6a390ff46aff00321
m_82ec039adae840ef8214588098507741
m_3768cccd37504e918de1761a86deca6e
m_eb63e058904647a2a6a7197d9216cf7b
m_b800045ea4bd4576abd74e1dc1421316
m_dfd09823215a4a3ea7276a7bb62a0dd3
m_0c0afbd5f2fd45f59268b7f62593d9f8
m_065ebca3fd814fae95ac8095a33570a5
m_eb2b3b29f64743708cbb37d3be73ea98
m_4709cfb470ef45d8905bcefc9bde1a05
m_1a949e0264e7451a9c03c0575778f60e
m_33935ad5584e4c4ea2c7207e03fff920
m_f52cba08fce14d2595a65ef3588c1419
m_df080cee9169454f92e72b1e9a57f8b4
m_0c9eeffc635f4e7ca8dfd5639ba660a3
m_ca301e78603140a1879f3683a073e0b0
m_d76ae9bb009244019d90e84df7a3390f
m_0f8c4067ed524b80b0e18224fbe6418f
m_d034cdc73bd84fd6bd33b239e3b0a15f
m_f4c0ab8852c64a47be385314e26a2ecd
m_e6f862c1422f455797f1f50f679ae02e
m_2b615804cf724df689edb2816a678318
m_c630241209a44a44ae40dabca0fa1a86
m_d89bb7a6352246ba9f10768ec0e8a4cf
m_66a9fe1ace9141d2b481627b90e79382
m_00db2559077f4747ae3f735ebd2c95f8
WriteMap
vbab07cd9e9814778a47fd2ee1db6d794
ResetMap
CompareMap
ExtensionAttribute
System.Runtime.CompilerServices
System.Core
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
ObfuscationAttribute
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
DebuggerHiddenAttribute
STAThreadAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
Jvnxmqygl.Properties.Resources.resources
WrapNonExceptionThrows
Feature
code control flow obfuscationT
Exclude
Feature-rename symbol names with printable charactersT
Exclude
Feature
string encryptionT
Exclude
Feature#type renaming pattern 'Jvnxmqygl'.*T
Exclude
WinRAR archiver
Alexander Roshal
WinRAR
'Copyright
Alexander Roshal 1993-2019
$2c18a4c0-8ab1-4bfc-8e49-e3eba6e91fce
5.71.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
90!U?4#
NA+|PD.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
{{ Name = {0} }}
https://store2.gofile.io/download/94d19b18-cea2-4279-aede-14447204e11a/Cgchdlngmmrovwuqzozws.dll
rZ3lwFhWdQ
'Department': 'Furniture',
'JobTitle': 'Carpenter',
'FirstName': 'John',
'LastName': 'Joinery',
'BirthDate': '1983-02-02T00:00:00'
{'Name':'James'}
{'Name':'Mike'}
OnLoad
function(e) { alert(e); }
Gffisnbrprxznvnsivjmdyqh
Jvnxmqygl.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
WinRAR archiver
CompanyName
Alexander Roshal
FileDescription
WinRAR archiver
FileVersion
5.71.0.0
InternalName
IMG_7845120000130853.exe
LegalCopyright
Copyright
Alexander Roshal 1993-2019
LegalTrademarks
OriginalFilename
IMG_7845120000130853.exe
ProductName
WinRAR
ProductVersion
5.71.0.0
Assembly Version
5.71.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.MSIL.Seraph.a!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.47219715
FireEye Generic.mg.104bfff4e7a7f04e
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.MSIL.Seraph.gen
K7AntiVirus Clean
BitDefender Trojan.GenericKD.47219715
K7GW Clean
Cybereason Clean
Baidu Clean
Cyren W32/MSIL_Kryptik.FVA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.JDX
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Msil.Trojan-downloader.Agent.Duml
Ad-Aware Trojan.GenericKD.47219715
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.47219715
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic Downloader.x
TACHYON Clean
VBA32 Trojan-Downloader.MSIL.gen
Malwarebytes Trojan.MCrypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_FRS.VSNTJK21
Rising Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet MSIL/Agent.JDX!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.34218.fm0@augcuWd
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.