popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2088-12-11 09:56:10

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00059044 0x00059200 3.77048725269
.rsrc 0x0005c000 0x000002ac 0x00000400 2.19278869352
.reloc 0x0005e000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0005c058 0x00000254 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Trumpeters
Trumpeters.exe
<Module>
ErrorConsumerDescriptor
Trumpeters.Descriptors
Object
System
mscorlib
QueuePrinterVisitor
Trumpeters.Visitors
<>c__DisplayClass2_0
AdvisorTokenProperty
Trumpeters.Properties
ValGlobalFactory
Trumpeters.Factories
<>o__4
FacadePolicy
Trumpeters.Polices
Printer
<>o__5
ParameterConfigurationBridge
Trumpeters.Bridges
CandidateVisitorContainer
Trumpeters.Containers
ConfigWrapperState
Trumpeters.States
StatusTokenProperty
MulticastDelegate
ProductVisitorContainer
BroadcasterPolicy
MerchantTokenProperty
Dispatcher
MockConsumerDescriptor
Template
ResolverPolicy
Record
Property
ValueType
Trumpeters.Shared
ComparatorConfigurationBridge
ParamVisitorContainer
AttributeTokenProperty
DispatcherGlobalFactory
Watcher
CollectionConfigurationBridge
MapperPolicy
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=347788
PushIdentifier
String
EntryPointNotFoundException
SetupIdentifier
RateIdentifier
StopIdentifier
Func`1
Boolean
IntPtr
Invoke
InvalidOleVariantTypeException
System.Runtime.InteropServices
ResolveIdentifier
UInt64
UInt32
UInt16
op_Explicit
Marshal
SizeOf
Application
System.Windows.Forms
get_ExecutablePath
op_Inequality
Thread
System.Threading
ToInt64
GetTypeFromHandle
RuntimeTypeHandle
AllocHGlobal
FreeHGlobal
_Identifier
_Wrapper
.cctor
DestroyIdentifier
result
m_Visitor
Replace
IncludeIdentifier
PopIdentifier
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
Convert
CallSiteBinder
System.Runtime.CompilerServices
System.Core
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
ToCharArray
CheckIdentifier
get_Length
FromBase64CharArray
Encoding
System.Text
get_UTF8
GetString
UpdateIdentifier
context
_Token
ForgotIdentifier
StringBuilder
get_Chars
ToChar
Append
ToString
PostIdentifier
FillIdentifier
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Exception
AwakeIdentifier
Action
CountIdentifier
ExcludeIdentifier
global
ChangeIdentifier
CloneIdentifier
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
IEnumerable`1
System.Collections.Generic
Func`4
lennahCnoisseSylpeRytiruceSsgnitteSrevreSnoisseSytiruceSytiruceSledoMecivreSmetsyS8972
Func`5
Func`6
GetMember
m_Algo
m_Observer
m_Server
m_Struct
candidate
m_Param
_Product
_Expression
m_Model
m_Annotation
WriteIdentifier
LoadLibrary
kernel32.dll
CalcIdentifier
FreeLibrary
ManageIdentifier
visitor
GetProcAddress
kernel32
configuration
ConnectIdentifier
ReflectIdentifier
GetDelegateForFunctionPointer
Delegate
AddIdentifier
m_Consumer
hProcess
isWow64
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
lpBaseAddress
lesaBrehctapsiDlennahCrehctapsiDledoMecivreSmetsyS28692
lpNumberOfBytesWritten
counter
exitCode
instance
handle
selection
hToken
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcesytreporPseitreporPegasseMslennahCledoMecivreSmetsyS85104
hNewToken
hThread
pContext
ProcessHandle
BaseAddress
ZeroBits
RegionSize
AllocationType
Protect
second
config
nCmdShow
schema
_Initializer
reader
m_Field
m_Policy
m_Event
_Serializer
m_Order
service
m_Specification
m_Test
m_Worker
registry
m_System
container
m_Advisor
attribute
status
_Merchant
decorator
_Client
_Importer
comparator
collection
_Parser
_Manager
tokenizer
m_List
m_Bridge
m_Mapping
getter
_Predicate
_Thread
m_Utils
_Definition
LogoutIdentifier
InvokeIdentifier
13171052E979883F1BE5CEBD8A2D0E6DA2CAA588
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
TargetFrameworkAttribute
System.Runtime.Versioning
UnverifiableCodeAttribute
System.Security
ParamArrayAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
CompilerGeneratedAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
NitatSteNmetsyS74066H0YOhobJjkuHwwYDwg2MA==
NitatSteNmetsyS74066yEcKBoxBz85Ij0e
BitatSteNmetsyS74066HwELyEuIiY2LQ8bDH0YORtGHD8HIhMUNyIIMC4BTXc=
AitatSteNmetsyS74066wgYOhohHD86PRcBAAcENSFEJjAAEnhQ
BitatSteNmetsyS74066H02NRtEJgM6MnAGNwgbfg==
BitatSteNmetsyS74066hcAGxpFE3gtIwcUN30ALxtFPXc=
AitatSteNmetsyS74066SEcFRobQSIAIx8dDxcqEyIaPiY6VhcdN316fg==
AitatSteNmetsyS74066SEcARoxCDw6VwNdDxkUMxsYIns6Mj0jDxh/NRsYG3c=
AitatSteNmetsyS740663wEMxwxJhsACHwHDxcAOSwhJj4BVg9Y
AitatSteNmetsyS74066313cDYcIgI5PRc4NAcELyEhIg4BV3BdDxcmcw==
BitatSteNmetsyS7406630Ycy4xGDM5MgMGBH13NhwxJn4HJHhQ
AitatSteNmetsyS74066313cDYcIh45PRc4NAcELyEhIg4BV3BdDxcmcw==
AitatSteNmetsyS74066H0Ycy4xGDM5MgMGBH13NhwxJn4HJHhQ
AitatSteNmetsyS74066CIYORwhQSY1Ii0UDxgIKA==
itatSteNmetsyS74066
BitatSteNmetsyS7406630YcylEST8AV3weDxkqMxobIjwHEnhQ
MitatSteNmetsyS74066RcALxscPTMvCBceNw5zfg==
AitatSteNmetsyS74066H0mNRxHFDoBCBcbMThzfg==
lennahCnoisseSylpeRytiruceSsgnitteSrevreSnoisseSytiruceSytiruceSledoMecivreSmetsyS8972
Replace
FromBase64CharArray
ToCharArray
Length
GetString
UONCxvpJceEm
VitatSteNmetsyS74066FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUtLcERQQUFBQUFBQUFBQUFPQUFBZ0VMQVRBQUFIUUJBQUFJQUFBQUFBQUFMcE1CQUFBZ0FBQUFBQUFBQUFCQUFBQWdBQUFBQWdBQUJBQUFBQUFBQUFBRUFBQUFBQUFBQUFEZ0FRQUFBZ0FBQUFBQUFBTUFRSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFPQ1NBUUJMQUFBQUFLQUJBTjRFQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU1BQkFBd0FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFOSE1CQUFBZ0FBQUFkQUVBQUFJQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU40RUFBQUFvQUVBQUFZQUFBQjJBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQU1BQkFBQUNBQUFBZkFFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFRa3dFQUFBQUFBRWdBQUFBQ0FBVUF0SzhBQUN6akFBQURBQUFBUXdBQUJnQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Trumpeters.exe
LegalCopyright
OriginalFilename
Trumpeters.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.79325
CMC Clean
CAT-QuickHeal Clean
ALYac Trojan.GenericKDZ.79325
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Trojan.GenericKDZ.79325
K7GW Clean
Cybereason malicious.49217d
Baidu Clean
Cyren W32/MSIL_Troj.CY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ADAC
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Convagent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKDZ.79325
TACHYON Clean
Emsisoft Trojan.GenericKDZ.79325 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.972
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.fz
FireEye Generic.mg.16682361862d0d1d
Sophos Clean
Ikarus Trojan-Spy.MSIL.Agent
GData Trojan.GenericKDZ.79325
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144480
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D135DD
SUPERAntiSpyware Clean
Microsoft Trojan:MSIL/AgentTesla.LEG!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4628732
Acronis Clean
McAfee GenericRXQO-NJ!16682361862D
MAX malware (ai score=80)
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet MSIL/Kryptik.ACCF!tr
BitDefenderTheta Gen:NN.ZemsilF.34266.wm0@aWvLMap
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (D)
MaxSecure Trojan.Malware.121218.susgen
No IRMA results available.