popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2104-01-29 09:50:55

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00047280 0x00047400 7.97920133047
.rsrc 0x0004a000 0x000106f8 0x00010800 1.37353469726
.reloc 0x0005c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0004a100 0x0000ffe8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0005a0f8 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0005a11c 0x000003da LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0005a508 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Plugin01
Class1
<Module>
System.IO
mscorlib
Thread
Synchronized
defaultInstance
Iilsogcqobtde
Invoke
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
get_Name
AssemblyName
get_Culture
set_Culture
resourceCulture
ApplicationSettingsBase
Dispose
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
add_AssemblyResolve
CurrentDomain_AssemblyResolve
A67gmDqdYqpHVq5d122pdf.exe
A67gmDqdYqpHVq5d122pdf
get_Qqgmfrriphflnvf
System.Threading
System.Runtime.Versioning
String
NiceHash
System.ComponentModel
Iilsogcqobtde.Plugin01.dll
GetManifestResourceStream
MemoryStream
Program
System
resourceMan
AppDomain
get_CurrentDomain
Plugin
System.Configuration
System.Globalization
Action
System.Reflection
CopyTo
CultureInfo
sender
get_ResourceManager
ResolveEventHandler
System.CodeDom.Compiler
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Iilsogcqobtde.Properties.Resources.resources
DebuggingModes
Iilsogcqobtde.Properties
Settings
ResolveEventArgs
Contains
Concat
GetObject
get_Default
Prefix
ToArray
get_Assembly
GetExecutingAssembly
WrapNonExceptionThrows
IDT PC Audio
IDT, Inc.
"Copyright
2004 - 2009 IDT, Inc.
$d4cb7119-9f2c-452c-aeaa-7aa33b0bbb99
1.0.6276.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
#lk,tY
&Xu}/
8+#c;>
3#T<Gk
PEo7DE
H?:Yy.q
@8.eT'
06@Cr_
%e1O3<
/.~IH
,c):GW
]^(@WS]
j't'S?p
f7}UYb
^JB?p(Mh
O6eL9}
*N:_Ca
}i~rEpf
u#u2<
oL6"4'
05v7g+s;}o
l@bKPZW
TVs!92z
f?q'!h
EVZlY:
JWT>9lj
~m3*$r?2
#PA^5Y
kqxLNvK}
79twn,
(lJg`\
hW68ar
xj1%{.
mSKuUJ
#Ff|>|
x%Npm`
n&Ip$V
N^y7 9
e.x|$!
0:&!.\
H'.&(X
=(?%X|X
|tGt/MY
.qq!!%+
:]4,6B_
^2$ 8KOp
%(AYJd
([d4D_
=rL(cJ
xpcpy7C
Gq^=lVX
7=`laR
-cpdez
wPDdoJ
;ZG9~6
]KjjJc
jw}.d.
3S%_%OX
dFW=&E
'%g@2G/^2-
Bp=KjN 6
73^@QW
2-V[Ph
~ZI3M5u
GBT4)
RR\l2s
v[^\U+D
EnbYY6
}enH7q"
sX;63)r
9a,|Xh\_1
?$F');
u6F~UM
sIdJVEE
8g=UD\
M#%O]i
~{/$pF/
Yv?NeV9
9XE~|;+3
5QW+)y*
]T]"+/
.GHyb?
-#%/G((
78(qTp
su`g&V
nUu{Bz
|W.vr#
_I]M15
b1}9Q?
pXA\E{m
,q}:BH
r~BZ-s
X,nr3_
faQ=~jZJ
Zzzl.G
xFE|>ly
m(rMX6
Se:__k
{m0\LI
ev"$m+a(
x"9=|}t
E.cqP}N
GrvC\7#7
/?oghm^-
lbZb)/&&
|/tE|fvQ
Q-s&^l
K=lsj2
=#h;M4
'zc=0B
!_5qZ(
w3g~jQS
@@guN[
6najO5&
Rm}wX9e1
4T&Sil
MQVcj7
VN}[vYD
Iy4iG~
txJlS{
3'\ N @G%A
$jaF)&
7ZuW?Y
sOe9_e(
}&29\M
mm4sAE
)<b2N[
^d$}='KI
[xK,P<
ce`mBR
I:noX>
#-Qc'W
&PjYs`
_3R2m(
V*~_=c
/)jBC\KI
m(kxvs
0jsCj]
1GV46?UR'F
aLSN49<
H^#[Z@7
{OaQa:Fw
U8O5*S
&kxtTu
R"f@U5
sR5fn/
[WK5/p4
z<:4GY
84zVf6
RDE1n_2
ghcxY}
?yvW+v,
bQAzk
ns*g[6
TP!z"|
&6o{s$
b+S`@4'
ik?GQY
ZPkv`0bW
ERCleW
$o`Jn+G
ERVMTH
q`f.R!
m+_'Q4VJv
Eyo}/sH{1
h8MIO<
Oi<(jw
lj#Bqxm
XL;sPd
]D[I"y
_`MhSV
Z3ne,s
o|Ve[deF
%E&)%7b
'[Xw;-4)
r:V5Sd
r\!t/7
aC83B>
NsnTeu
f<5 -L
KBTa^
84gSlQ
t1fMU>
q$.-m@Q
GBQ,:`SW
G6\OYr'R
K{)Awr
/u[bhM
8s [>8d
%(Y.#hf,T
1^1!Z~
6_X>t
Z*<q_
z`GTFLP
u<|XJD
\b\e6H
=^QhQR
R/86d1,
7F{DH8W
q}b4ViT$U
jCF*gVCL
*7[{R#F+
@!IB?Z78
9V-#:.o
EVE5~=
>XL5,!
>B0c^I
TjK?eL
wd8MS"H
O23DL0
:=.=DXM@
ra"OxV)
!FK23
\[Et!!
Z_JVl5
*kmU5
gj.T8S
rVT2#a
gZi5S|
j< ^y2
k`9^AK)
SaM[e-+
^+mo9%U
i!~=bZ
RfOdWX
<++2(_E5
i\>g.`
Pw>G37x
i,'Zn,*0.
=9Q2%6$^
&<"'dA
&:z IH
v_$:+<T
oJFe^8
R[38r"
>M:a4mX
ku)IW?
3-7C8D
tW^%n$
@h)?]%
AwpZ8]p
Q{@0]M
^|nC'u
3*bF<C,
B9Qi0H
IEqU/;:
pw(9N]d
.CdvIQ1
jg\#>E
=bW)HkLa
\9g#\[.
.8E||@'
I#X#GR
HU:UG5
bC"7*g
|T6v^2
40'p-j
^M0Lyj
j96T2<
dq bh#
0;i$^
&F{'I)
RTHdan
M%PpbL
(4^mey
h&uL O-
sQx8ql
ZCACx*
t7@ZVyL
,;zet#
tXDK^@*
dqY2gtZ
#sD0MC
G[Ns~f
<R2obx
%C/pF\
Tocm-6*/
KjnN)x
]7B/^
bG"zWN
^]-'X'
B4%((.z
L^.:|58
XA\5o.p
2I"pQj
ku|O<D
Kuz V&
TG?K/4
s%EJYp
'EL}!F
C||b`7
eZvW4A
H{tp5]
K\(?ZfW
aZ9-xD
(goOjp|
#bK:u!m "3
!y7Xh"
mNEL>}y
Q{|Izs
h/YGMD
0aAuT\
q)g[$n
Ke8eC%z
2x21ID
47l7<f@
m\E9NA
Cl=Zga
>qjARNL-
*77r:c
{\s#?X
%F\P#%
)b:)RBU
ED2fv'
E!n=?[-
\13T}@q
\;x'Z8 J
%6_vi]f
bAq?;,U
h=fly,Q
Fl[fq.piK^
6:,?}
&G9+=~P'
@_8q#T
[g>Su2
,cAPuN
wq6^Op
qU8YeJX
[4},Oht
yvL":"
"WGx!&
8aWNU.!
?9OR<F
8dJIo:
[b./bOM-
slm>pC
SQ$371
K?Ri- Y@p_
%_w96B
'SUOl3
Hh'F!m
uEKQ|m
o5?b9<
4*~cY0
uuV#P#
ij&WO'QA
2;zC%g4_
VhN8gH.
-;Ewg}
w1qkI\h
VnC~M,
Uxq.-2
+}9]^?
y'}pVW
IZ(;W.
h <#5o`ZM
76z_Q:Hn
p^{X ]h
&x:qk7
4PgJqGM
@)Cwwf]~
E_~pWz
e~8=tM]
yMd4jv\D
u'8K!*
<RQ=F5
LYcKhH
YQ<#(Et
+i\xMF
*Dh9{H9^
vPr[R$
5$9 \9|kn
jH(H*00kFW&
VxO>euK
(?*L^qM
am5eeh
dfQ`I*&
D|R0zi
!PckHn
9$: b|`r
&d`l'g
-,_p{q
9{(Sh>
1"`D[Z`G=
3d(gpd
oa1!Mv*
~q,l%'
HS-i3f
f~V1nB
78rZB$5E
j'8]kB7UQ
\@m:~Y-@
00(*oG
@.yo=0E
v:/a;=
,zW>VAN_
=x8$5{
4Vs78t
S!S6OmJ
11J@xVw
\`}kmS
;&b5*Z
$6sA&!
8;{='m&
LqqS%V
BbE[(oI
"Dgs6kW
"d=@8)
doH|N>XG
Np9#EgqK
,aIsZ5TS+Q
;M[jx2=
3v-_>
Qzn"Cu
._1kj3
qO-oJlp
d(N9yLs
l\U3Q(
^yj7jA
fiRWz%U
|O<~R]
Et$]+B$
:Zq1(^
Ok9!{c
.5$+OS
7t%qF\
GLDnfH
QrK/U*B
^ia@s<Q
df_b{
ho<;~/
f3[}\-Z
7zaiN8
l+pek}
S((^|/
jQa{GIV
oj*t\?
b }<b
FE-T8D
0JO//*
.rhYau
@)~uP|
HkyY$aP
=W%H,*
X{)>wG
oQ}S2+X
Ml1;AdvpB
}R1=YN
9dbH)e
2@@bUM
G;km =
rp)a[@
--IX'#
w(PV+!
i+s}Q>@
F4@/Mg
Arw'X`EY
Y9lVv8
*]z0Pr
t2K-<K[
U(QDK\
)(I&$&2m
E{57PV
%k-JA0
O%&yVK
DD0aTH
+2}W\_K
Z<Uk<-E
Ab%jCo
|AJ?f;
m}B"U3o
B}\'a^
tD_1 VL
>591CC
:$~5A
NO}wr$p)
hg*4V)zz
6"m7t}R
ylvc'h
/\?!KW[
/nI>l
BNL4{x
K!3/TC
4d9lE%2#
$MWrs(
e;bExe7(
r;Z>}G
(qO:&VD
}Jt]O?
{\}<X%
xb+G?K
m]u_w-
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
Plugin01
Class1
get_UTF8
<Module>
mscorlib
methodName
typeName
GetType
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Encoding
Plugin01.dll
System
Plugin
System.Reflection
Exception
InvokeMember
Binder
GetBuffer
buffer
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetBytes
BindingFlags
Object
System.Text
Assembly
WrapNonExceptionThrows
Plugin01
Copyright
2021
$03189a77-bd0f-47ce-aca1-3cc88f79aae5
1.0.0.0
_CorDllMain
mscoree.dll
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Plugin
Iilsogcqobtde.
Iilsogcqobtde.Properties.Resources
Qqgmfrriphflnvf
b7enew6lcHY45wMZRLe.iqTNkt6YYgMJfqDCseC
oRj6wooffL
Yjmooehbvlsoqkor
Qqgmfrriphflnvf
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Plugin01
FileVersion
1.0.0.0
InternalName
Plugin01.dll
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
Plugin01.dll
ProductName
Plugin01
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
IDT PC Audio
CompanyName
IDT, Inc.
FileDescription
IDT PC Audio
FileVersion
1.0.6276.0
InternalName
A67gmDqdYqpHVq5d122pdf.exe
LegalCopyright
Copyright
2004 - 2009 IDT, Inc.
LegalTrademarks
IDT PC Audio
OriginalFilename
A67gmDqdYqpHVq5d122pdf.exe
ProductName
IDT PC Audio
ProductVersion
1.0.6276.0
Assembly Version
1.0.6276.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes MachineLearning/Anomalous.100%
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Trojan.Mardom.MN.22
K7GW Clean
CrowdStrike Clean
Baidu Clean
Cyren Clean
Symantec MSIL.Packed.9
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky VHO:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Trojan.Mardom.MN.22
Rising Clean
Ad-Aware Gen:Trojan.Mardom.MN.22
Emsisoft Gen:Trojan.Mardom.MN.22 (B)
Comodo Clean
F-Secure Heuristic.HEUR/AGEN.1143694
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Generic.mg.6318403488d61f1b
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1143694
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Clean
Arcabit Trojan.Mardom.MN.22
ViRobot Clean
ZoneAlarm Clean
GData Gen:Trojan.Mardom.MN.22
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Gen:Trojan.Mardom.MN.22
MAX malware (ai score=81)
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.MSIL.Krypt
eGambit Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.34236.wm0@ae4IrEe
Cybereason Clean
Avast Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.