popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2050-12-13 19:49:09

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005eb4 0x00006000 5.83233276283
.rsrc 0x00008000 0x0000ca04 0x0000cc00 5.53711201253
.reloc 0x00016000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00013e80 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x000142e8 0x000000bc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000143a4 0x00000472 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00014818 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Fgq)f
ef B_:
e<yz
LRma Y!|8Y f
Y *%SWa}b
bY |<F
ne &&!
'XnX e
jJaDa
ef B_:
v4.0.30319
#Strings
Tftvsitv
Tftvsitv.exe
<Module>
ParameterResolverException
Xaljwirhoudsowrauscg
Object
System
mscorlib
Serializer
Resources
Xaljwirhoudsowrauscg.Properties
Settings
ApplicationSettingsBase
System.Configuration
<Module>{27861175-a88e-4743-a0ce-4aab9e007dc1}
ForgotReg
String
ViewReg
Boolean
DisableReg
m_Template
Dictionary`2
System.Collections.Generic
Hashtable
System.Collections
client
ArrayList
attribute
XMLSafe
StringEncoding
Encoding
System.Text
_Descriptor
NumberFormatInfo
System.Globalization
CheckReg
UTF8Encoding
Thread
System.Threading
GetMethod
MethodInfo
System.Reflection
MethodBase
Invoke
set_NumberDecimalSeparator
FlushTemplate
Serialize
StringBuilder
ToString
VerifyTemplate
List`1
IDictionaryEnumerator
DictionaryEntry
IDisposable
Double
ContainsKey
IEnumerator
get_Current
get_Value
get_Key
Dispose
Reverse
IFormatProvider
Concat
Append
WebRequest
System.Net
GetResponse
WebResponse
BinaryReader
System.IO
Stream
ReadBytes
Deserialize
StopTemplate
Assembly
Substring
IndexOf
get_Length
get_Chars
GetTypeFromHandle
RuntimeTypeHandle
set_Item
ConnectReg
set_NumberGroupSeparator
FlushReg
DeleteReg
CountReg
PushReg
OrderReg
SecurityProtocolType
ServicePointManager
set_SecurityProtocol
IncludeReg
Create
MapReg
GetResponseStream
LogoutReg
Replace
CustomizeReg
ToArray
FindReg
GetByteCount
DefineReg
StopReg
get_Count
VisitReg
get_Item
InitReg
CollectReg
GetEnumerator
AssetReg
MoveNext
FillReg
SelectReg
ReflectReg
GetType
LoginReg
InvokeReg
AddReg
DestroyReg
AwakeReg
TestReg
_Composer
ResourceManager
System.Resources
CultureInfo
ConcatReg
get_ResourceManager
get_Assembly
get_Culture
set_Culture
ExcludeReg
PostReg
CancelReg
Culture
defaultInstance
RunReg
get_Default
.cctor
QueryReg
ReadReg
PopReg
SettingsBase
Synchronized
Default
m_ca8410cd1dae4031987920bbb5291e81
m_f3aee389f7a142959255c0d01ba1c991
m_8e9289343af84a209be37013db2d7d84
m_2b8341ff68474079823cda8fc2032469
m_4dfc3eca0867470189bfca86f9d61db5
m_22dd161cde5f494bb08fdc355c1d151a
m_a4ed94d8ef3f411abbf86afd9a79d578
m_6de584d79d9a49f08708540ad91d2093
m_6f4046bcd951456dab5cef68ac028f8f
m_a524eba3ffed46559377729bf95f767a
m_dac8b4445604491f90634923bfe6226b
m_bce14ddd49a84272bde7afad1ab437b7
m_a440302d3cad4249be0fdf9397835fef
m_8ded132f792f4109b30bb5e9bd2934f4
m_cb4214f900c84b13ba01dea00ff76c53
m_38383d6f3e0d4b00a11073f15c86df0c
m_e996ed6afc7a4da9b746987a1916af01
m_d67474ec4eb4410da34f1fa7dceaca04
m_dafca2ab86cb467fbbd9592d4ae6c256
m_3bbacbead28f4061b7c667d8e307d7e4
m_2ca25c2ab4754358a05f53879126b118
m_684375f15dad4bda829ac19b1c41443b
m_832467433e264927bfe6d8b588deb57c
m_bf48bfcd221348488e85819a7310e106
m_dd2216a9bc34483dbb6d6c3180e32d35
m_250d2e72e076440c83e5592c7ce6e8db
m_dd05b292a8754958ba5dc3b468717f7c
m_adcabb4fb2444514a60b8f083034feba
m_c07395decf8f47138b3ef2ad0e6b7df9
m_da63cbf386d149b49c2ea711ec8c7b58
m_7be473c8b8ba4926a6e5b79a710e10e5
m_c09fd926f6414ae69c2158814dfe9594
m_a53c1ca2084a41febc35a77162f27991
m_ecc9d80e4e754e0eb09a48cdc1e6f5a1
m_9266606730834813961fbec23396a461
m_ae68beb2af9e409aa4319708bd610d04
m_5a498794dbc04baea758456c8971fe30
m_4a9a6f1d66fd42ff8e86d467ab251381
m_a438af8a00954a6aaa0abb43ef4117a5
m_50e2c4092d3547a19186135e79ca1c65
m_ed8a7dffb3054a3a959e43697ef18e89
m_0bc9dd3464594ab8b0fe05f6f77e823a
m_1696bbcd854f4db58491e8adc7a2ac87
m_3fab78bd81e14517b39407708d2498e0
m_1d1148f69db94124ad954c79f13b2021
m_9bc3abb8a7e648b78399e30c978a2222
m_6cfaadf6a8c74a6581e394a0c9d05c74
m_1a5433e290ea443886c40d703e28b58d
m_c9210d5424274ffb89979439c904554d
m_c58df2887455498ea912f59258633cb1
m_1ac76ba2fdd046098970cba8b0fa1cd4
m_2a5fc423948f4c93ba2af0c78bba831f
m_c6c4b6b011c7490a8fb30068ed9bcc34
m_039ffaa32cf54b3a8b601518a2376588
m_0604f00a6d2140638849a8bbea0ac42d
m_256f36609f3e4918ac3bb0e1c0a8f258
m_a0fc72f675a7440fb105d5344fab6e3f
m_af0af7c033a341c098f08920845f5cce
m_75ca1c7b0b53471ca1d1f70821feb971
m_bb0a1f0f99154c9996f95e426cb1ae39
m_e861c330d4c047bcb66e76ea7157f84e
m_99379beb916e461286a2de799c11c648
m_a9d1fe6a54d44e74a4a2509d79a59031
m_53275829ecd64805ac1dfec23000a4eb
m_d5dbd16e76554f88a21254336ed08620
m_6d65d3c85ccd47adb65888df5585733c
m_f13208308d7a4f44beb93a88868ce50e
m_e0c7de12f9394044853bbfb99a07febd
m_cd2fb466a8d746eb9d27432309c27ef8
m_d3702d2afafb4e22bf9ef317ac8e29bb
m_0ee14851ca19490ba1f300b53f1f1158
m_32067f07bd5c47278bee16ac2bd0523b
m_444ad59aa6a14ba5bad879bfedba3d23
m_f802775c28014056ae9317525b69a362
m_07ac5827daa940e5b185542c5b992117
m_5f2c32fac9f24a1b81f75d6f742b154c
m_05157504e9ab4a6684673a6e0cd2b178
m_25a600a8c66f413ca335e2ce6e568514
m_706b136916624399888725f4059ce1ce
m_a4e89219840f4f3abdebbe1af162a874
m_77f85aa41e224c6a8ec92bfbe9e00de9
m_4bb7f9ade3c949f2881e14ac2212d079
m_4ca968ac075a4d0a8c6daddb2c6021f4
m_a4f09e3b2b1a430cb83f2a693188c18e
m_2d68897e9e474feda0f8afe667239cf8
m_5cd3ed7afb2841af861612ced8eeb3cd
m_6cab3bb815d9419eb93012a5f1a3d51c
m_0910acb77a1742ec83a639913a67bbba
m_0cc156e4c5b241ba9d04141ee738a78d
m_354e64a162ef4516ab5a722abf5ea881
m_6dd7b83c5ec548029e30ea14c874fc5d
m_48bdbff5a3b7412083254e78e7b8740c
m_8f1c32bb869d46e9a1c88de7448df3aa
m_4afddc9707094b8cb17ebf37583ffd42
m_bbf44c210941405ca4d19ad665699928
m_2fb8f828c7bf44f59638f38ca4181180
m_35439f5c136f411a99c882958db45834
m_5aee64ac719a423792e5e0fc4440d833
m_c113141ed5fb454e92633ef76771caf5
m_5da8267935274d7db1d2d2c1ae204d46
m_f8966f4eda5f41179c3e5e15e20a2152
m_09ed6134388e4ad58e0d66a8b2b62098
m_89178049407f4b7bb50df61dc2a222d6
m_5e7af3e6f8d449bdab2f532a1cbb86fc
m_cf2596caa4a04ae4885434589f2bcbd9
m_acbd47ebae814aafa3059fb7d17dd8de
m_203485ce74514440a611f0c3fa270529
m_0687f1b574f14f4ea1545687e4d34e5e
m_a208c7e4f3624dc9adf0a3c7e1168716
m_de622c15a7944bdbaf9926051afd82d0
m_675919f626794d4ca6ab617a674005d3
m_32f9b2dce4a94b9f887ced46489ac91c
m_d6e2155655a74f649133aaea02f8377a
InsertReg
vac52d4c82b154ddc93b183024a0499ce
StartReg
CompareReg
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
STAThreadAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
Xaljwirhoudsowrauscg.Properties.Resources.resources
WrapNonExceptionThrows
(RemoteApp and Desktop Connection Runtime
Microsoft Corporation
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
$3fc1a635-7a80-447f-a095-5cfcb97f35b8
10.0.19041.746
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.10.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
yoo`q*
yoo`\i%
ywoc\\,
ywwlicai}=
ywlica
wqihaaL
>_]cYHZ[=.
'<=YallccSQD9
CD9;Y_ccccSOA6
AEJC;X_clllSYE60
+C66ENNOIYOQNSIYO61
86ANQS,
?6AAN^%
SUgceeeeeaOGC3/
SUWgklccc_PHC3/
QUWgnoqlgcTSNO&
-QfnnqrrqnhhR
3X_ee^T/
/2T^__[E<)
<A<2Segge[<-
"hhH<AADT<-
Lijske^T<-(
mGiptttsiL[
zMNROotu#
% -)!!#
/241/)
XKWc+%
d7]-+hhH
~@UUTunS
UUGQ<9
.~!|p#
YB]z,7
ieGs"v[
Mf#+;
{[}u-|A=
@|-R)a
>L-~US
%~USQ5
I2LT=1E
o9bp'\
X.EK*I2
~#_4il
_x~MWj
o[69%G
IO*C>"
1JKc39u
0LS,IBw
c5Pu}
IUm>3|
`vTm&:
-~G')v<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
{"status":true,"data":0.000041302449258564}
https://cdn.discordapp.com/attachments/937944619080097825/941330856272867358/Tftvsitv.log
Dyjxip.Oknuellnztbursjbzkfmu
Fzudrbqc
Xaljwirhoudsowrauscg.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
RemoteApp and Desktop Connection Runtime
CompanyName
Microsoft Corporation
FileDescription
RemoteApp and Desktop Connection Runtime
FileVersion
10.0.19041.746
InternalName
Tftvsitv.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
Tftvsitv.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.746
Assembly Version
10.0.19041.746
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!DEE91912C480
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.34212.em0@a0x9Mtl
VirIT Clean
Cyren W32/MSIL_Kryptik.GME.gen!Eldorado
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
TrendMicro-HouseCall Clean
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Backdoor.MSIL.Androm.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
APEX Malicious
Rising Clean
Ad-Aware Clean
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.dee91912c480b3a7
Emsisoft Clean
Ikarus Trojan-Downloader.MSIL.Agent
GData Clean
Jiangmin Clean
MaxSecure Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:Backdoor.MSIL.Androm.gen
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Trojan.Downloader.MSIL.Generic
Panda Clean
Zoner Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Clean
Fortinet MSIL/Agent.KJO!tr.dldr
Webroot Clean
AVG Win32:Malware-gen
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.