popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-11-22 22:23:28

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000874 0x00000a00 4.55342272055
.rsrc 0x00004000 0x000047a8 0x00004800 4.95438096854
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004378 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x000085a0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00004130 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000085b8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
ddeevv.exe
Program
mscorlib
System
Object
MBXCMNCXMNCBMMBCXBMCXMBCXMNMBNCXNCXNCXNCXMNXMNCXMBCXMBCXMNCXMBCXMBCXMCXMBCXMBCXBMCXBMCX
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
ddeevv
STAThreadAttribute
System.Net
WebRequest
Create
HttpWebRequest
set_Method
WebResponse
GetResponse
System.IO
Stream
GetResponseStream
System.Text
Encoding
get_UTF8
StreamReader
TextReader
ReadToEnd
Convert
FromBase64String
System.Threading
Thread
System.Reflection
Assembly
String
Boolean
GetType
BindingFlags
Binder
InvokeMember
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
^df8KOQ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://hdhdshdhdhgds.000webhostapp.com/BASE64.devil
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
RUNNNN
https://sharepaste.net/raw/5lhtwcgyem
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
ddeevv.exe
LegalCopyright
OriginalFilename
ddeevv.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.0c88ea8e5315f872
CAT-QuickHeal Clean
ALYac Clean
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.525cb8
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent_AGen.CQ
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.AdwareTskLnk.mt
CMC Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_96%
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.34294.bm0@aqxFwmo
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike win/malicious_confidence_80% (D)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.