Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00035da4	0x00035e00	7.98838245333
.rsrc	0x00038000	0x00006cf8	0x00006e00	4.77959780992
.reloc	0x00040000	0x0000000c	0x00000200	0.101910425663

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x0003e218	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x0003e690	0x00000092	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0003e734	0x000003c4	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x0003eb08	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

v4.0.30319

#Strings

<>9__2_0

<Google>b__2_0

ToInt32

QA4ty2uUkTCD2tfNQSE5

get_UTF8

GetData

mscorlib

Thread

Synchronized

defaultInstance

set_Mode

CipherMode

Invoke

IDisposable

RuntimeTypeHandle

GetTypeFromHandle

Google

Console

get_Name

WriteLine

GetType

System.Core

get_Culture

set_Culture

resourceCulture

MethodBase

ApplicationSettingsBase

Dispose

EditorBrowsableState

STAThreadAttribute

CompilerGeneratedAttribute

GuidAttribute

GeneratedCodeAttribute

DebuggerNonUserCodeAttribute

DebuggableAttribute

EditorBrowsableAttribute

ComVisibleAttribute

AssemblyTitleAttribute

AssemblyTrademarkAttribute

TargetFrameworkAttribute

ExtensionAttribute

AssemblyFileVersionAttribute

AssemblyConfigurationAttribute

AssemblyDescriptionAttribute

CompilationRelaxationsAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyCompanyAttribute

RuntimeCompatibilityAttribute

QA4ty2uUkTCD2tfNQSE5.exe

Nofesuzjnnzpgvknixdnmf

System.Threading

Encoding

System.Runtime.Versioning

String

ComputeHash

TransformFinalBlock

System.ComponentModel

get_Fsrkdowztsrdgzxobfszprfl

Program

System

SymmetricAlgorithm

HashAlgorithm

ICryptoTransform

resourceMan

System.Configuration

System.Globalization

System.Reflection

Exception

MethodInfo

CultureInfo

MemberInfo

MD5CryptoServiceProvider

TripleDESCryptoServiceProvider

buffer

get_ResourceManager

System.CodeDom.Compiler

.cctor

CreateDecryptor

System.Diagnostics

ExtensionMethods

GetMethods

System.Runtime.InteropServices

System.Runtime.CompilerServices

System.Resources

Nofesuzjnnzpgvknixdnmf.Properties.Resources.resources

DebuggingModes

Nofesuzjnnzpgvknixdnmf.Properties

GetBytes

Settings

GetInts

Arrays

GetObject

get_Default

ThreadStart

Convert

System.Text

set_Key

System.Security.Cryptography

get_Assembly

GetAssembly

op_Equality

WrapNonExceptionThrows

ImgBurnPreview

LIGHTNING UK!

ImgBurnPreview Application

$50747cd9-0997-4580-889a-67353ab570fc

1.1.6.0

.NETFramework,Version=v4.0

FrameworkDisplayName

.NET Framework 4A

3System.Resources.Tools.StronglyTypedResourceBuilder

16.0.0.0

KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator

11.0.0.0

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

gitX)!]

wEPkC

8]b^0

d^xUs

N+7C%r

0mo)cB

V[=)0_D

U;/0f1

TI$\b*

E@jo'zv

.)9Vl'

.)9Vl'O[|m

#`aT!!

N(ViLV

Uf'.xV

.QeEHX

G?l}3U

Mpy*qm

'2MT&'

{,X_t*

,"UTK+|

*U#4mo

%"pDJ|

^[.MjrXA.t

}sT6B7

qMS+C9q

wvpWn}

#=,gL(

;S4L2v

6BySYc

3LdL|}

-G;W;v

JMRs/g

v>5Wyt

tLFJwc

]pes/V

tLFJwc

|^r?k\O

,v^Sfg

twv}kH

:[<{`72

jaIDz(>

_.nZp.

+&O^_oq>

P>*omVL

*|^*TzZ

oCY]E4

[3+U#7

+7'~8j

bkQ^cI

x*pbbMB

8t-Fu,

v!Dsrd*q

D]7h 2Y

[_()h

?_Z`L

2m)!ni

*$dXt

eT\v*By

Xm7@%]b

ar|u;k3

awPNtm

7J}N0p;

GpDy/I

sWl&TP]

@"41;C

uGpDy/I

GpDy/I

@"41;C

{.&6if

l\/+!h

EA/WF(

*}$C(FsP

TBNud;

+Rv7T}

ZJ"D"u

H,Kxa

7DVeck

A5XOI'

1l}+^Y

1bFq0

ArFdsM

H?O6<P

MXR34

>O6\oZ

%TO6\oZ

0X]}3O

$X=^B(

vnq# l

N;bySO

BQZ]jQ8

cQ?~=~

u`q/ea

q b]HN

}jkSt#

s!B@*R

Ze:4t)

mk1n]"

b}9j~&

VrV;Or

~(<-S

h71,m9f

W*<K%D

|2Q4C#

!^}umVf

V:UiZ3*K

uL6@I=

rJ`x'3

c_yPd0^7

VNL0sg

=VTQk!

B~3W*!

;pj|=j

T6@xV{

;pj|=j

ag2[C(I

i~?e7%

B~3W*!

.$+59KRN

yLWkU9

MCyqL;

~{MmGC+

(]Agh!

/<"]|t

tgZD|^2

,5,Ae2,

}P&\Os

%bK;Q)

,5,Ae2,

3-}{TEB&[

&Daux*

[2`)qNb

8.QeDv

A>]|*J

"?$e7C5@

F-C_)<2

2Od;W@

QMif%S

`1DrQ

F-C_)<VK39

15`8W3},

;/}ROs

8@V"N_

bOK<npC

qBAsc

)PCS@:

Y;a*8i

I~N?b?:

(p[>J;

u!sI;w

Au$baK

\7,%"c

@4tRu>

:s7'G

Jp)]7"

0Ed\\_

qS5Uqp

O,fRCA

r_)-~f

"/q$j%~

C5A>E

^Y^ufB

2G>7WgG.

whMYx3-

*hU`3I

=*gi)e

_Oo**xiG

%A_$Dh

,1-D+|

aC9^nD

%<Bl.V

(b2u*j

uk{Mo[#

&o/H6-

*?J3y~

1L+A+e

dX#p1bEy

A1 vCi

Nt*>,`:4

%lt*ye/>mQX

D~l+N

M~/k$

9eon61H<!

3cM7bu

tNe}yib'

Y_J:4<

&c@RMX

<dO&AE

Y:P}Xc

T^r%h9

"m^rDGj@

Nl1QO&

1EJpR*

oPr2L>

% (FpDP

eFY*/Yu

"2Z7|f

ca@wAF

P?$RHR

2LY\X}

ph9'Ae

%m<#,N6

3OEA4m,

Dz#Nm;

nO^P0>

KwyW7{x

QqEG ht

s<}4+

8<'n4U

2pyw@s@V

/&_FTQ

)9po1\

:$9b|_Q

pA+1k 2@

!t6/h#[

kqw.@3

]<>U-m

BF!_!:x`

q?p#zD

x&h?,w

`n7T~(P,nEl

\'n{Kd

}(]\aa

{2gXy&

JW/e\l/n8J

/,)|iv[

v.05oul

%<;v^?a

5fvj$K,

b {|UV

P&:WR!L

!6+Iij

r$&t 0

DiY6=uW

pC7E/ZK

S/ZGz(

J%@6V^

"lBt*S

MQ5u m

E|} I)u

.C{vbu

/,3r"elNO

qk%3=w7k(l>

|%jj{Z

Sm^)r|

zCK>b~D9

QNh")F

y.p`J

zs)+nm

_CPh[j`

T9Cgq

zGl~Ki

G2_(2x

U^~SCh/

/z5n&Vt

LCQS(#

6v/pc5(

P8<^C&

Rq=F?t

bzwK%K

Rhe{x5

(*}Poj

p*Gx/T

A4ImA1

Z-bYnG

+4R]#E

|D!K>A

/'^CM

Rlg-Y1

vAR]kw

q2f`2o

DfP"yFmo

?dVn?L

^a^V^#2o

'Is`ps\

cSs5se;r

Xl@P_t@

w4c;Y/

A<(sx$

5:[D}z

[XQd]T

TC`AmJ

K!LZ-@

ZLr.?B

6qZ'Z$V0

O_9[@A

WZ@,thD

NRW@G?FcT7

B9e6OV

<_{"Q&9

2ScnSs

UOYv|w+

;O*lRc

dZA&Pm

W0]pk

uVz'oB,

h#8*`1

w;X%/j

0Z2J%Zz

n{C'2a

n<DL_>

;fJ1^jb0

k1D'K]

XUmJNe

k`q0k*

iac?aM,s

,ts*gF

C:wV4w

9q_=,gSQm

vW0&+.#

\Bf,u?

JVloe<cgM

5?0|bh

WS&kZ<

K~Tcr0

sg<I6

VFfGiqmv

[@}uj\:

+PMD=g|

e<MY>b

53,mx'

zi;^{dlfeys

0 1CG

}/J)FE

^ntVF<+

FXSjcR=

5 }=KCS

.8aWs,

(>Vx#z

VPpSJ\J

BGP&~6

=aBuEJ6x

uYBdx)

{-$jC~

xWr}h:y+

LsI|U]

y4v^(C

Q'jSSe

@e39i]

RII]NA

F=0vkQm

6lZ*IJ

IuGqML

al';z=

kdaE%S

I&/|d-

Dbf/l

++i#[F

D:=F5J`

}',uC5pd{

Y{n;KV

hj^kl

>5F2UR

L `-M#

"n"Dc)Y[

Dbf/l

=\1.yb

_CorExeMain

mscoree.dll

wffffg

vfffffffp

fffbf$bfffp

vfbfdfffd&ffp

:3ccff$ff

:s6fbfp

d$&Bf`

bF`fff

f$ff{z

3d&fbg

vfffbh

fbF$fn

:6BFf`

fbffnn

vdgfdn

vff&7{;{

Ffffnz

nffFffff`

lfdfvfvffff

ffffffffffeg

nfffffffFdbFafp

ffFffffgFbfffff

ffffffefbff&bfp

ffdfVfbffGfGg

f'bf&ffF&ff

vffffFf&fg

fFf&fgg

vffffg

vfff&fff

3rrffg

ffffff

ffffffgd`

ffffff&Rff

ffFbeffd`

fbtff&g

vffffg

f;33bf`

f;nnnl

fdfff`

nffffffg

fffffdp

%;<5/'

(*^*^b

j^^`+**

f^**^2CW

^^^b3MRT

r!|!rrqqr!sq!!gIbk

||!r!~!!ss""fd^^^^`

QK}s!!~!~!~rs

~!!~|a

bb^k^^^^

wr!rrc

^^^^^^

*'^*^*^b

*7****

*hdfg5

bfd]^-

:Weca__$

;Nf6..^_4

MKVJ#Z_4^.

/2,BAAAGAC)

%1EBBHB@

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

J8VQpD1RtF37gvdPZJ8.gBcjtP1W9TdU7aiKdIg

sok17Dno8w

Ptalpzfzksoo

Nofesuzjnnzpgvknixdnmf.Properties.Resources

Fsrkdowztsrdgzxobfszprfl

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

ImgBurnPreview

CompanyName

LIGHTNING UK!

FileDescription

ImgBurnPreview

FileVersion

1.1.6.0

InternalName

QA4ty2uUkTCD2tfNQSE5.exe

LegalCopyright

LegalTrademarks

LIGHTNING UK!

OriginalFilename

QA4ty2uUkTCD2tfNQSE5.exe

ProductName

ImgBurnPreview Application

ProductVersion

1.1.6.0

Assembly Version

1.1.6.0

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CMC	Clean
CAT-QuickHeal	Clean
McAfee	Clean
Cylance	Unsafe
Zillya	Clean
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Gen:Trojan.Mardom.MN.20
K7GW	Clean
K7AntiVirus	Clean
Baidu	Clean
Cyren	Clean
Symantec	Trojan Horse
ESET-NOD32	a variant of MSIL/GenKryptik.FMJC
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Clean
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
MicroWorld-eScan	Gen:Trojan.Mardom.MN.20
Tencent	Clean
Ad-Aware	Gen:Trojan.Mardom.MN.20
Sophos	Clean
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
FireEye	Generic.mg.1eada844f6d267f4
Emsisoft	Gen:Trojan.Mardom.MN.20 (B)
Ikarus	Clean
GData	Gen:Trojan.Mardom.MN.20
Jiangmin	Clean
Webroot	Clean
Avira	TR/Dropper.MSIL.Gen8
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Arcabit	Trojan.Mardom.MN.20
ViRobot	Clean
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
TACHYON	Clean
AhnLab-V3	Clean
Acronis	suspicious
VBA32	Clean
ALYac	Gen:Trojan.Mardom.MN.20
MAX	malware (ai score=88)
Malwarebytes	MachineLearning/Anomalous.96%
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Clean
Yandex	Clean
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.AGEN!tr
BitDefenderTheta	Gen:NN.ZemsilF.34218.pm0@aG8lGH
Cybereason	malicious.ece06e
Avast	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports