Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x000376f4	0x00037800	7.23549049258
.rsrc	0x0003a000	0x00021cd8	0x00021e00	6.63359504054
.reloc	0x0005c000	0x0000000c	0x00000200	0.101910425663

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON	0x000574c8	0x00004228	LANG_NEUTRAL	SUBLANG_NEUTRAL	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON	0x0005b6f0	0x0000005a	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0005b74c	0x0000039c	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x0005bae8	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

gSWfW!J

'O0\_@

"7@^0u!{

1N5i17,

|WFnEZ

9+?w(a

8qyM/-

oS1bbc+

0mM%At

9W%(^

=\+e=T"

/Y;WB6c2>o

OGwM8~

T]$u_&

\iCO38

BdqOoJ

sGx]>z

DywXF]

YHa##r

=R.CHk

}J4B.v

HNlUDvk

?:f9(?

c8"6Hi

U:!ftM

te~"^U

E:kP+.

2m#E'^Z{|r

/H/Pdd

d1/NXv

Ey7<6

/bMXY([#T7xr

l`/@vt

%3=<E[

B[[L:Rs$

Kl^qjvh0

EK(>du

^V|m!Qqi

3Dm\,d

Z,;0q5

I3W+]o

`o^3*H

)Td09Ar(=

-qCt-0

$$oGFVJS

=??F@Qwj

@f9lT/

IQo);of

i{p`tos

p C/]KC

3YP\6XL

d7\O'V

@e/W8b;Y

5Azk=h

{zn+7mH

-A7k]Y

"L4"vR

De@@5,

OUjI&B

2=)T5L*

(7W59:

n5f=dL

,6odY1

X_T>x7E=<P

N]!1=QY

@?Niqg

#>PG2C

,e4t1K

sg|'I

c2B6Dc]

`3_Hk>2

0V@~I(

1r.fxp?

D8,+.1

G{JL';

&i&U5JG&_

n+e_<C

&>EAlU.

DZ.Io5V

g?m^QC

>)WB}M

QWBN_

Y5i206>I

H]>m)j

7;n2o

=]AoUt

.#1V!3S8

oN:vK

mT|5J|>

v*Z8"X

W-h&c'f

&_Gmy+

?t`#Mi

Um;bdC

74^9o?

QoPJ}$

b3(dRz_

?CvP1v

$B'mox

.Nr{%H

&y#]>1b

P0s/$

>$Q&d?

]E_7zN

LYnS_]

eg@}jFs*1

s4-pz\a6g

+lD?^?DD

4{w+<.

~)0@L\

&<Lk\l

G]\3Zc

(UOD#A

k8:~DO

]mp6~#

Bw3UYD

lljU$d

*KHNFwh

N:T=)i

?6$ />H

e]aB4#`

=@y>i~

'6suT@}

#?LPGP

,%Vn2'

fn)]`>

5#xQ\rpo

.j'r0n(

"<eH@k

BijW.4TxRe

(Eq"?H

'"Klz

6S"hux

eY}9h,

jDfug0

ARxdz8

r7"z(0l

vMb;YJ

PD*FzH

#3L14M 6

!5z1 VHp

vi1`SOV/)-F

f;\V>nv

%(V?8s9

."6FO30

f8#y8L

MNMjan)J

HSHWLD

KsH\SqTdno

XqMILu@

lV.`q@

PI!]HOQj

V(v\P+

o4y^~

O?9?s$

0ta3#8

kV}j[T

^lW3Zp.x

_[.REe

-Y:Kb(

YBRz[

2>iJ

y%dj-5

wlx5zk

8F}>m(Qq

Lg_SLf

e;T+3q>O]

4$fY6O

yx2XXd

s*Uw_Z

U1/(y^

>]\2'y

Z\+Q0L

KEbXts

x4PiEJg

$[.2^l

+i~-y$

N9z%GE

.SR4=`

V\?*og

N=9w$^

ddqT?D

A=6Yp%

w)4.+*

+pb\Gl

i`,0s3

KYuBD`

E43So7}

`LEAi\

m("MJ

9V}CL*U

s@PAYr

i]8znf!C

$HA-2'

TJWpeT

jT=UwE

[Cy>m/$

1w*#r(

b^C%dnz@q

":<g.*

k|u}KG

hL6@:_

Hw<^p_

*X%e=II#

`0y`r<:i

`W5Jq03

R6o@rz

T<(|4V

:6/WV A

\;R)sw::

BJJ%^%

kL$\zk

t[$.[w

Cgi}Rm

/]=V87O

\o,`G=

li5kN)V

9C=M8-/

oft4g'

W5}Z5n

|=PDGd

DG<s#K|&*w)

E:]G_h

X'(i277

]~{W-H_l

Z7 >n8la%

Z?_b`

JK\Z T

\0Z 8'2.a8

SXm+Z

9bZ =B

9p9Z 9

Z E:v>a8

g*$a8#

81Aa8s

0#A

g:K%&8

|{g_Z

W;Z }f

(,8h%+

g Za8h

_bj/

2)pq%+

rk-a8z

_bY*

TeuOZ

}^%&8{

,\nZ Gr

Z ;y#Ga8

F.bZ #.

EJpZ <

h"RH8

__~mZ

+$j%&8a

Z_bX

5*ZmZ J

62Z fP

Y_cX*

',wc%&

l(8X+

}Av%+

hzZa8h

Gj\a8X

hrZ 81Y

}|!Z b

Vf Z \$

v6sK

%S,Z <

>Gk/Z

\OF]a%

$BYpZ

>1?a8^

v>['%+

G2KpZa8

,g ]g1

+ ]84B(

K.o)%+

irK%&+

4U%&8B

l_h%&+

J;%&8+

'v"Z ]

x;%&8E

oxZa8c

o*u2%&

h7%%&8

H{{G%&

v2.0.50727

#Strings

Publisher.exe

mscorlib

SuppressIldasmAttribute

System.Runtime.CompilerServices

Assembly

System.Reflection

.cctor

System

RuntimeTypeHandle

MethodInfo

MethodBase

Thread

System.Threading

ParameterizedThreadStart

ResolveEventArgs

ValueType

Object

Stream

System.IO

<d{16i32y],t(wma%4'6 Lze

System.Windows.Forms

IContainer

System.ComponentModel

TextBox

EventArgs

Dispose

IDisposable

ComponentResourceManager

Control

List`1

System.Collections.Generic

ThreadStart

ApartmentState

CultureInfo

System.Globalization

KeyNotFoundException

RegexOptions

System.Text.RegularExpressions

RegistryKey

Microsoft.Win32

ManualResetEvent

WaitHandle

WebClient

System.Net

AppDomain

ResolveEventHandler

<>9__3_0

AssemblyName

RijndaelManaged

System.Security.Cryptography

SymmetricAlgorithm

PaddingMode

CipherMode

ICryptoTransform

MemoryStream

CryptoStream

CryptoStreamMode

Encoding

System.Text

RawSecurityDescriptor

System.Security.AccessControl

GetKernelObjectSecurity

advapi32.dll

SetKernelObjectSecurity

GetCurrentProcess

kernel32.dll

Win32Exception

GenericSecurityDescriptor

RawAcl

SecurityIdentifier

System.Security.Principal

WellKnownSidType

CommonAce

AceFlags

AceQualifier

GenericAce

value__

PROCESS_CREATE_PROCESS

PROCESS_CREATE_THREAD

PROCESS_DUP_HANDLE

PROCESS_QUERY_INFORMATION

PROCESS_QUERY_LIMITED_INFORMATION

PROCESS_SET_INFORMATION

PROCESS_SET_QUOTA

PROCESS_SUSPEND_RESUME

PROCESS_TERMINATE

PROCESS_VM_OPERATION

PROCESS_VM_READ

PROCESS_VM_WRITE

DELETE

READ_CONTROL

SYNCHRONIZE

WRITE_DAC

WRITE_OWNER

STANDARD_RIGHTS_REQUIRED

PROCESS_ALL_ACCESS

IsWow64Process

Process

System.Diagnostics

au'*kRRE{~Px;|fE{b;a#kkj!

ResourceManager

System.Resources

Settings

FF__PNzYek3LnBtDXPkk.Properties

ApplicationSettingsBase

System.Configuration

SettingsBase

Default

RemoteCertificateValidationCallback

System.Net.Security

WebRequest

HttpRequestCachePolicy

System.Net.Cache

HttpRequestCacheLevel

RequestCachePolicy

WebResponse

StreamReader

TextReader

RequestCacheLevel

<>9__1_0

X509Certificate

System.Security.Cryptography.X509Certificates

X509Chain

SslPolicyErrors

ConfusedByAttribute

Attribute

Publisher

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

DebuggableAttribute

DebuggingModes

AssemblyTitleAttribute

AssemblyDescriptionAttribute

AssemblyConfigurationAttribute

AssemblyCompanyAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyTrademarkAttribute

ComVisibleAttribute

System.Runtime.InteropServices

GuidAttribute

AssemblyFileVersionAttribute

CompilerGeneratedAttribute

STAThreadAttribute

FlagsAttribute

GeneratedCodeAttribute

System.CodeDom.Compiler

DebuggerNonUserCodeAttribute

EditorBrowsableAttribute

EditorBrowsableState

Newtonsoft.Json

JsonPropertyAttribute

NewtonsoftJson.Json

<d{16i32y\]\,t(wma%4'6 Lze.resources

SigRqIUHQHuaOQUzPjmnVjWCPOpg

au'\*kRRE{~Px;|fE{b;a#kkj!.resources

FF__PNzYek3LnBtDXPkk.Resources.Newtonsoft.Json.dll

Environment

String

GetTypeFromHandle

GetMethod

Concat

Invoke

Equals

FailFast

set_IsBackground

get_CurrentThread

Debugger

get_IsAttached

IsLogging

get_IsAlive

ReadByte

get_Length

UInt32

RuntimeHelpers

InitializeArray

RuntimeFieldHandle

GetElementType

CreateInstance

Buffer

BlockCopy

get_UTF8

GetString

Intern

get_CurrentDomain

add_AssemblyResolve

get_FullName

get_Name

op_Equality

set_Name

System.Drawing

set_Size

set_TabIndex

set_Text

ContainerControl

set_AutoScaleDimensions

set_AutoScaleMode

AutoScaleMode

SystemColors

get_HotTrack

set_BackColor

set_ClientSize

ResumeLayout

PerformLayout

set_Location

Padding

set_Margin

TextBoxBase

set_Multiline

get_Controls

ControlCollection

EventHandler

add_TextChanged

SuspendLayout

Enumerator

GetEnumerator

get_Current

AddRange

IEnumerable`1

MoveNext

ThreadAbortException

Exception

DateTime

TimeSpan

get_Item

ParseExact

IFormatProvider

get_TotalMilliseconds

Remove

get_Count

Collect

FromMinutes

get_Now

op_LessThanOrEqual

op_GreaterThanOrEqual

SetApartmentState

ResetAbort

get_InvariantCulture

IsNullOrEmpty

ToLower

Insert

Registry

CurrentUser

Replace

CreateSubKey

GetValue

GetExecutingAssembly

get_Location

WaitOne

OpenRead

Contains

GetManifestResourceNames

GetManifestResourceStream

set_Padding

set_Mode

set_KeySize

set_BlockSize

Convert

FromBase64String

CreateDecryptor

get_ASCII

CreateEncryptor

GetBytes

FlushFinalBlock

ToArray

ToBase64String

get_BinaryLength

GetBinaryForm

get_DiscretionaryAcl

InsertAce

IntPtr

get_Size

get_Handle

GetProcessesByName

LocalMachine

OpenSubKey

ToString

GetSubKeyNames

LastIndexOf

Substring

get_Assembly

Synchronized

HttpWebRequest

JsonConvert

DeserializeObject

get_UtcNow

op_Subtraction

op_LessThan

ServicePointManager

set_ServerCertificateValidationCallback

Create

set_Method

set_ContentType

set_CachePolicy

set_ContentLength

GetRequestStream

GetResponse

GetResponseStream

ReadToEnd

DownloadString

ConfuserEx v1.0.0

WrapNonExceptionThrows

FF__PNzYek3LnBtDXPkk

2021

$77a1d40f-04ff-4fac-bb64-cb085f43f94c

1.1.1.1

3System.Resources.Tools.StronglyTypedResourceBuilder

15.0.0.0

KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator

15.9.0.0

link_show

internt_explorer

chrome

firefox

nbr_show_all

nbr_show_perday

start_time

end_time

prices

ListInformation

nameLink

ModePublisher

BetweenTime

TimeInterPops

UrlTrack

trackPostVar

TrackDecrPrmKey

TrackDecrPrmIv

ListLink

_CorExeMain

mscoree.dll

8dj~x

V/$<&M

G~<CmkLw

X.pF^M

Blybq2

y]E2r$(#

3GtT~]u

KRdix

)}-j&c

~xWWZV

n?&6pg

z/D\z8ee

q(bVqxx'

G#@IJQHU$S

o(w-uZ9

G-_*\2N

=LT,z%T

S}{qz\{

%Kk#m7i

;0I)+{

Xj..7&U

Y|#oEV-R

xj5AcO

^uFg|3

/<llXB

UX[]([

[w%w^?

]?@I(%

<\0$IG~z

.PE=T'

mkOI B

^pHOt

eaD*7*?4

`q\"W_#O

,*QWqU<

cY9Klp

\3C_iM

wF@s$W

+_<7NJ

`w{HO/

M<?8'C

5hh/)Y

o9\+*

}l{-el

J:ce[Hc

&}7#s}

iGW\}b

@`M}:l

m4%Bji

n+h-VU

KV\[%Wu

hj.wi/

?bpeL

8}9=;V

5 793HR(/

n7Jd!'Kz

em}G1\

_]w$v7-

ARv'`Y

:d,ycW

lc|9PhX

Y%e`S

W\sn1"

kmPi<Hi

'zwysnZ

:eiuWg

?yd#M\

|bwP]3(:n

ff|#Fx

b]{4Mc

\Uj$WW

j[x5Me

m^{6If

d]p)Jj

j\{:Gl

a[m*Hn

pfz2Gu

pfz2Fw

m_u#H~

csskm

_Y}+V]

f_|#R`

ldt!Gv

^kr&fm

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

FF__PNzYek3LnBtDXPkk

CompanyName

FF__PNzYek3LnBtDXPkk

FileDescription

FF__PNzYek3LnBtDXPkk

FileVersion

1.1.1.1

InternalName

Publisher.exe

LegalCopyright

2021

LegalTrademarks

OriginalFilename

Publisher.exe

ProductName

FF__PNzYek3LnBtDXPkk

ProductVersion

1.1.1.1

Assembly Version

1.1.1.1

Antivirus	Signature
Bkav	Clean
Lionic	Clean
Elastic	malicious (high confidence)
DrWeb	Adware.WizzMonetize.1
MicroWorld-eScan	Gen:Variant.Bulz.544019
FireEye	Generic.mg.fffd2903ec20ac27
CAT-QuickHeal	Clean
McAfee	Artemis!FFFD2903EC20
Cylance	Unsafe
VIPRE	Clean
Sangfor	Adware.Win32.Csdi.gen
K7AntiVirus	Adware ( 0056a4511 )
BitDefender	Gen:Variant.Bulz.544019
K7GW	Adware ( 0056a4511 )
Cybereason	malicious.366191
BitDefenderTheta	Gen:NN.ZemsilF.34266.wm0@aCuUWTf
Cyren	Clean
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Adware.CsdiMonetize.BD
Zoner	Clean
TrendMicro-HouseCall	Clean
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	not-a-virus:HEUR:AdWare.MSIL.Csdi.gen
Alibaba	AdWare:MSIL/CsdiMonetize.8370ed0a
NANO-Antivirus	Clean
ViRobot	Adware.Csdimonetize.367104
Tencent	Msil.Adware.Csdi.Ejpd
Ad-Aware	Gen:Variant.Bulz.544019
Sophos	Generic PUA AM (PUA)
Comodo	TrojWare.Win32.UMal.fxafe@0
F-Secure	Clean
Baidu	Clean
Zillya	Clean
TrendMicro	TROJ_FRS.0NA104K421
McAfee-GW-Edition	Artemis!PUP
CMC	Clean
Emsisoft	Gen:Variant.Bulz.544019 (B)
SentinelOne	Static AI - Malicious PE
GData	Gen:Variant.Bulz.544019
Jiangmin	Clean
Webroot	Clean
Avira	ADWARE/CsdiMonetize.jxpwa
MAX	malware (ai score=100)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Ransom.Win32.Bladabindi.vb
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Backdoor:Win32/Bladabindi!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Adware/Win.Generic.C4711995
Acronis	Clean
VBA32	TScope.Trojan.MSIL
ALYac	Gen:Variant.Bulz.544019
TACHYON	Clean
Malwarebytes	Adware.Csdimonetize
Panda	Trj/GdSda.A
APEX	Malicious
Rising	Clean
Yandex	Clean
Ikarus	Clean
eGambit	Unsafe.AI_Score_100%
Fortinet	Adware/CsdiMonetize
AVG	FileRepMalware
Avast	FileRepMalware
CrowdStrike	win/malicious_confidence_60% (D)
MaxSecure	Trojan.Malware.300983.susgen

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports