popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2093-10-01 14:26:58

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005024 0x00005200 6.23237936643
.rsrc 0x00008000 0x00000578 0x00000600 3.98680343147
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000080a0 0x000002ec LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000838c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
:wof, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
clr-namespace:wof
wof.MainWindow
XPresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
NWindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
SPresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
9http://schemas.microsoft.com/winfx/2006/xaml/presentation
NSystem.Xaml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
x,http://schemas.microsoft.com/winfx/2006/xaml
d2http://schemas.microsoft.com/expression/blend/2008
mc;http://schemas.openxmlformats.org/markup-compatibility/2006
clr-namespace:wof
Title$
MainWindow
#E5E5E5._
RowDefinitions
#BC2F2E.+
10 0 0 0q
Center=
Orientation$
Horizontal=
Center=
Right=
10 0 10 0q
0 0 10 0q
ColumnDefinitions
0 0 1 0q
#E5E5E5._
#F3F3F5
15 10 0 0q
/#iconfont)
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
10 0 0 0q
Center=
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
10 0 0 0q
Center=
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
10 0 0 0q
Center=
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
10 0 0 0q
Center=
#666666
0 40 0 0q
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
Center=
10 0 0 0q
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
Center=
10 0 0 0q
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
Center=
10 0 0 0q
#666666
0 40 0 0q
Columns$
#666666
Right=
0 0 15 0q
#666666
Horizontal=
Center=
0 10 0 0q
/#iconfont)
#666666$
Center=
Center=
10 0 0 0q
#666666
0 0 0 1q
#E5E5E5
15 0 0 0q
#666666$
Center=
Horizontal=
Right=
/#iconfont)
#666666$
Center=
Center=
/#iconfont)
#666666$
10 0 10 0q
ImageSource$
background.png
CornerRadius$
#DEE0E1$
Horizontal=
Center=
#DF3B3B$
Center=
/#iconfont)
Center=
#DF3B3B$
15 0 15 0q
Center=
/#iconfont)
Center=
#DF3B3B$
Center=
/#iconfont)
Center=
Center=
00:00 / 00:00
Right=
#666666
#E5E5E5$
0 10 0 0q
Horizontal=
Center=
10 0 0 0q
/#iconfont)
#666666$
Center=
/#iconfont)
#666666$
Center=
/#iconfont)
#666666$
Center=
/#iconfont)
#666666$
Center=
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
GETCACHE1
IEnumerable`1
ToUInt32
Dictionary`2
NR_D5665
d66666666
<Module>
TOAPPEND
VIRUS_DOWNLOADED_AS_STRING
NR_SPL
THE_INTERACTION
System.IO
TOTAL_LIST
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
connectionId
_contentLoaded
Synchronized
UriKind
Replace
defaultInstance
instance
Enumerable
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
NR_CallByName
SecurityProtocolType
System.Core
get_Culture
set_Culture
resourceCulture
Capture
ApplicationSettingsBase
Dispose
EditorBrowsableState
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
ThemeInfoAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
WriteByte
ToByte
get_Value
set_Expect100Continue
wof.exe
NewLateBinding
System.Runtime.Versioning
ToString
get_Length
NR_Sushi
NR_Loki
set_StartupUri
PresentationFramework
System.ComponentModel
LateCall
System.Xaml
set_SecurityProtocol
MemoryStream
get_Item
System
resourceMan
Boolean
Application
ResourceDictionaryLocation
System.Configuration
System.Globalization
cInteraction
System.Reflection
MatchCollection
GroupCollection
CultureInfo
System.Windows.Markup
System.Linq
ToChar
NR_DetroitSatar
Border
get_ResourceManager
ServicePointManager
System.CodeDom.Compiler
Splitter
IEnumerator
GetEnumerator
.cctor
IComponentConnector
System.Diagnostics
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
wof.g.resources
wof.Properties.Resources.resources
DebuggingModes
Matches
wof.Properties
Settings
System.Windows.Controls
Contains
System.Text.RegularExpressions
System.Collections
get_Groups
get_Chars
System.Windows
Concat
Object
System.Windows.Markup.IComponentConnector.Connect
LateGet
System.Net
target
get_Default
WebClient
LoadComponent
InitializeComponent
get_Current
SuperVert
Convert
MoveNext
AppendText
MainWindow
ToArray
get_Assembly
STORE_ASSEMBLY_FILE
OverlappedData
get_Alienable
FormatterTypeStyle
System.Runtime.InteropServices.WindowsRuntime
SettingsBase
ContractRuntimeIgnoredAttribute
System.Threading
String
System.Security.AccessControl
Stream
InternalEncodingDataItem
System.Deployment.Internal.Isolation
ResourceManager
get_Blocker
IClosableToIDisposableAdapter
wof.Properties.
.resources
AceFlags
System.Runtime.Serialization.Formatters
System.Diagnostics.Contracts
Connect
Window
SizedArray
System.Security.Policy
Assembly
System.Runtime.Serialization.Formatters.Binary
get_mediocrity
set_mediocrity
WrapNonExceptionThrows
Copyright
2019
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
PresentationBuildTasks
4.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
hoigs;
0M2er64f2f39Egc1
b62ac843Qcq2u8j1
e078d8LWXcf8cC41
E330y3B1fGc4e6c1
4vQebDA9fFbaa8c1
3c18285t424c82A1
b3V6e14c34r300q1
cp6ccGeac8c73Ib0
211103130341Z
221103130341Z0
0M2er64f2f39Egc1
b62ac843Qcq2u8j1
e078d8LWXcf8cC41
E330y3B1fGc4e6c1
4vQebDA9fFbaa8c1
3c18285t424c82A1
b3V6e14c34r300q1
cp6ccGeac8c73Ib0
&=M7 -
0M2er64f2f39Egc1
b62ac843Qcq2u8j1
e078d8LWXcf8cC41
E330y3B1fGc4e6c1
4vQebDA9fFbaa8c1
3c18285t424c82A1
b3V6e14c34r300q1
cp6ccGeac8c73Ib
hoigs;
20211103130342Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
211103130342Z0+
/1(0&0$0"
mainwindow.baml
MSBAML
MainWindow.xaml
([a-zA-Z.,]*)
LINKS_IN_HERE
54D54/54o54/54w54/54n545/454l545/454o545/45a454/54d54/545S454/54t545/454r54/545i4545/454n54/5454g5454/54
67D867/876o8678/67867w876/8678n67876/867876l86787/6876o8768/67867a876/876d78/6S878/7t68/r/i768/78n67/876g876/
aok21oi20294
254654[64516G3e124]t3]234T2y325[23p52e52[3252]
124A32454s75[325325]325235[325325]32532[5325325][427437[5473547255s235]4e35m345b3454[35l35y23423]235
565446453645L]768768[78]76[86765543654[654[679]6[96]96[956o43534a535]35345345345d345
346E56][90]98[098]0985089446456n546657[65][679]86[9]689[86]9[67]976975t68r5]876y8[678P678]67o876i5654487n85t675
345I3454[35]43[6]346[56]54[76]7[657]568[56]856[n34v124342432523545435[3456456454]6546645564o46k54[6546]54654e6544
/wof;component/mainwindow.xaml
wof.Properties.Resources
https://cdn.discordapp.com/attachments/893177342426509335/905442111237816370/patch.jpg
wof.Properties.
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
wof.exe
LegalCopyright
Copyright
2019
LegalTrademarks
OriginalFilename
wof.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.79578
FireEye Trojan.GenericKDZ.79578
CAT-QuickHeal Clean
McAfee RDN/Generic Downloader.x
Cylance Unsafe
VIPRE Clean
Sangfor Clean
CrowdStrike Clean
BitDefender Trojan.GenericKDZ.79578
K7GW Trojan-Downloader ( 00589dcf1 )
K7AntiVirus Clean
BitDefenderTheta Clean
Cyren W32/MSIL_Kryptik.EHH.gen!Eldorado
Symantec Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.JIB
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan-Spy.MSIL.Stealer.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKDZ.79578
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
GData Trojan.GenericKDZ.79578
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=86)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan-Downloader.MSIL.Discord
MaxSecure Clean
Fortinet MSIL/Agent.JIB!tr.dldr
AVG FileRepMalware
Cybereason Clean
Avast FileRepMalware
No IRMA results available.