popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2082-06-11 23:01:24

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00060e04 0x00061000 3.73142220457
.rsrc 0x00064000 0x000002a4 0x00000400 2.1791249714
.reloc 0x00066000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00064058 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Osculums
Osculums.exe
<Module>
Manager
Osculums.Common
Object
System
mscorlib
Composer
Osculums.Authentication
<>c__DisplayClass2_0
ImporterInstanceSerializer
Osculums.Serialization
ProcessAccountWriter
Osculums.Writers
<>o__4
TagMethodPool
Osculums.Pools
RepositoryStubRule
Osculums.Rules
<>o__5
RecordConsumer
Osculums.Consumers
ErrorSystemProperty
Osculums.Properties
ExpressionComposerResolver
MulticastDelegate
Iterator
RefStubRule
UtilsMethodPool
DefinitionStubRule
Container
FilterComposerResolver
ParameterConsumer
Invocation
Thread
ValueType
WorkerInstanceSerializer
TaskInstanceSerializer
Bridge
RegistryStubRule
SerializerConsumer
Mapping
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=379700
TestManager
String
EntryPointNotFoundException
FindManager
SortManager
ForgotManager
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
_Listener
CallManager
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
account
.cctor
CollectManager
reference
caller_count
identifier
Replace
CancelManager
ReflectManager
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
RateManager
get_Length
FromBase64CharArray
Encoding
System.Text
get_UTF8
GetString
GetManager
_Server
_Instance
InitManager
StringBuilder
get_Chars
ToChar
Append
ToString
InstantiateManager
PopManager
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
RunManager
Action
PostManager
SelectManager
m_System
CalculateManager
CloneManager
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
semaNredaeHnwonKpttHteNmetsyS43730
Func`5
Func`6
GetMember
_Collection
m_Process
_Connection
reader
_Indexer
struct
consumer
proccesor
reponse
ViewManager
LoadLibrary
kernel32.dll
OrderManager
FreeLibrary
PushManager
result
GetProcAddress
kernel32
RestartManager
CalcManager
GetDelegateForFunctionPointer
Delegate
CreateManager
m_Broadcaster
second
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
lpBaseAddress
lreganaMnoitazirohtuAecivreSledoMecivreSmetsyS97105
lpNumberOfBytesWritten
caller
exitCode
handle
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesrepleHcnysAtneilClqSataDmetsyS57514
hNewToken
hThread
pContext
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
nCmdShow
_Customer
m_Policy
_Order
_Creator
_Watcher
_Dispatcher
authentication
specification
_Predicate
_Observer
m_Pool
repository
registry
_Definition
_State
m_Strategy
_Importer
worker
_Interceptor
client
m_Code
candidate
descriptor
_Helper
_Service
m_Param
m_Mapper
_Context
m_Algo
m_Object
_Setter
PrintManager
RemoveManager
981848FD8B17C5E8630528407D1BB11344278CED
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
EoitceleSngiseDledoMtnenopmoCmetsyS44994UcnLiAiDzEnMDgBNDUIBg==
EoitceleSngiseDledoMtnenopmoCmetsyS44994hsjPCAILjcwDQkH
IoitceleSngiseDledoMtnenopmoCmetsyS44994UY7OxsXCy4/AjsCN0AmDxJnLjo9BTwzExkoASYCTGo=
JoitceleSngiseDledoMtnenopmoCmetsyS44994jInLiAYNTczEiMYOzo6AyhlFDU6NVd3
IoitceleSngiseDledoMtnenopmoCmetsyS44994UcJISF9DwszHUQfDDUlSA==
IoitceleSngiseDledoMtnenopmoCmetsyS44994y0/DyB8OnAkDDMNDEA+GRJkD3I=
JoitceleSngiseDledoMtnenopmoCmetsyS44994BsjASAiaCoJDCsENCoUJSs7DCMAcTg6E0ZaTw==
JoitceleSngiseDledoMtnenopmoCmetsyS44994BsjFSAIITQzeDdENCQqBRI5EH4AFRIEKyNfBBMbGmo=
JoitceleSngiseDledoMtnenopmoCmetsyS44994kY7JyYIDxMJJ0geNCo+DyUAFDs7cSB/
JoitceleSngiseDledoMtnenopmoCmetsyS44994kdIZAwlCwowEiMhDzo6GSgAEAs7cF96KywGQg==
IoitceleSngiseDledoMtnenopmoCmetsyS44994kcnZxQIMTswHTcfP0BJABUQFHs9A1d3
JoitceleSngiseDledoMtnenopmoCmetsyS44994kdIZAwlCxYwEiMhDzo6GSgAEAs7cF96KywGQg==
JoitceleSngiseDledoMtnenopmoCmetsyS44994UcnZxQIMTswHTcfP0BJABUQFHs9A1d3
JoitceleSngiseDledoMtnenopmoCmetsyS44994RgnLSYYaC48DRkNNCU2Hg==
oitceleSngiseDledoMtnenopmoCmetsyS44994
IoitceleSngiseDledoMtnenopmoCmetsyS44994kcnZxN9YDcJeEgHNCQUBRM6EDk9NVd3
FoitceleSngiseDledoMtnenopmoCmetsyS44994C0/OyElFDsmJyMHDDNNSA==
JoitceleSngiseDledoMtnenopmoCmetsyS44994UcZISZ+PTIIJyMCCgVNSA==
semaNredaeHnwonKpttHteNmetsyS43730
Replace
FromBase64CharArray
ToCharArray
Length
GetString
puqWBOYBjJqtnr
VoitceleSngiseDledoMtnenopmoCmetsyS44994FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUFWWlVwZ0FBQUFBQUFBQUFPQUFBZ0VMQVRBQUFJZ0JBQUFNQUFBQUFBQUFPbzBCQUFBZ0FBQUF3QUVBQUFCQUFBQWdBQUFBQkFBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFBQUFnQUFCQUFBVkw0QkFBSUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFPaU1BUUJQQUFBQUFNQUJBTlFFQUFBQUFBQUFBQUFBQUFDWUFRRDRDQUFBQU9BQkFBd0FBQURNakFFQUhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFzSVVCQUFBZ0FBQUFpQUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUF3QUVBQUFnQUFBQ01BUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQU9BQkFBQUVBQUFBbEFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Osculums.exe
LegalCopyright
OriginalFilename
Osculums.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.79325
FireEye Generic.mg.fc48a319b30c94e5
CAT-QuickHeal Clean
McAfee GenericRXPZ-YL!FC48A319B30C
Cylance Unsafe
VIPRE Clean
K7AntiVirus Clean
BitDefender Trojan.GenericKDZ.79325
K7GW Clean
Cybereason malicious.16915f
BitDefenderTheta Gen:NN.ZemsilF.34266.ym0@aCcrrhd
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ADAC
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Convagent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKDZ.79325
Emsisoft Trojan.GenericKDZ.79325 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.fz
CMC Clean
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKDZ.79325
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D135DD
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.LEG!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
ALYac Trojan.GenericKDZ.79325
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
MaxSecure Clean
Fortinet MSIL/Kryptik.ACCF!tr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (D)
No IRMA results available.