popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2075-03-21 22:33:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00167d74 0x00167e00 3.92852644304
.rsrc 0x0016a000 0x00011a8c 0x00011c00 6.27900151937
.reloc 0x0017c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0017aff0 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0017b468 0x000000bc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0017b534 0x00000358 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0017b89c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
__StaticArrayInitTypeSize=1469440
<>9__3_0
<GetList3>b__3_0
IEnumerable`1
IEnumerator`1
List`1
GetList1
Func`2
IDictionary`2
GetList2
GetList3
50BC61A425B40D2157928AD94278A4A2D892F2E9451803212A277A489E5610C7
WindowsFormsApp38
get_UTF8
<Module>
<PrivateImplementationDetails>
System.IO
mscorlib
System.Collections.Generic
get_IsStatic
encoded
ReadToEnd
AddRange
Invoke
Enumerable
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
get_Name
ValueType
System.Core
MethodBase
WebResponse
GetResponse
Dispose
Create
CreateDelegate
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Steam.exe
Encoding
System.Runtime.Versioning
ToString
GetString
Substring
Samsung
get_Length
GetResponseStream
Program
get_Item
set_Item
System
Action
System.Reflection
Exception
MethodInfo
MemberInfo
System.Linq
StreamReader
TextReader
GetBuffer
IEnumerator
GetEnumerator
.cctor
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetTypes
System.Collections
RuntimeHelpers
Object
System.Net
FirstOrDefault
ToLowerInvariant
get_Current
WebRequest
MoveNext
System.Text
Kvmbystdbgzrbduwezx
InitializeArray
ToArray
Assembly
op_Equality
WrapNonExceptionThrows
Valve Corporation
$Copyright (C) 2021 Valve Corporation
$db01507f-f3fd-47c7-aa98-204162213acf
7.45.7.87
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103001FC736630000000000000000E0000E210B010600002E0B000006000000000000E24D0B000020000000600B000000400000200000000200000400000000000000040000000000000000A00B000002000000000000030040850000100000100000000010000010000000000000100000000000000000000000884D0B005700000000600B00640300000000000000000000000000000000000000800B000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000E82D0B0000200000002E0B0000020000000000000000000000000000200000602E727372630000006403000000600B000004000000300B00000000000000000000000000400000402E72656C6F6300000C00000000800B000002000000340B000000000000000000000000004000004200000000000000000000000000000000
vffffh
vffffffg
ffffffff`
ffffffffff
ffffff`
ffffff
ddfFdfp
dffFdfH
xfFFdfFf
Fddddd
tdddddp
dddddp
wd`ddo
D@dD$G
$d`d$d
$$`d$`H
T@@@@@G
p@@@@@F
@@@@@@
@@@@@@gwt
b^_________b
a]]]]]]]]]]]]]]]]a
`\\\\\\\\\\\\\\\\\\\\`
c\[[[[[[[[[[[[[[[[[[[[[[\c
UUUUUUUUUUUUUUUUUUUUUUUUUUUU
TTTTTTTTUTUTTTTTTTTTTTTTTTTTTT
SSSRRSd
tVTSSSSSSSSSSSSSSSSRR
OOOOOY
nOOOOOOROOOOOOOROROO
NLLLLX
mOOLONLNLONOLLLLLNON
QLLLLL
QLLLLLLLLLLLLLLLLLLQ
sMLMNMZ
sMMMMNMMMMMLMMMMMMMMs
PMMMMk
MMMMKMKMKMKMMMMMKMMP
K(K((KKKKKK(KKKKK(K(q
P((((((((((((((((((+
j''''''''''''''''''
-&&&&'&&&&&'&'&'&h
f&&&&)&&&&&)&)&)-
I?;..;?I
|^\]]]]\^|
_[[[[[[[[[[[[_
eZZZZZZZZZZZZZZZZe
YOOORRQOOOQOQQQQQQQY
}SSNNNNNNNNNNU
TKKKKKKKKKKKX
~JJJJJJJJJJJJd
HHHHHHHHHHHHH
M////////////`
c0..........0
4----------
j1 <
5'&&'5
6#%$!!!!#6
,"9I?+,
; 8]]J>
=TaogWQ7
eofa\MdaB)
gbU:*0^ooeYK.
1d`FLFV
DS[oZR/
7WHr9N
+CO"Ct
`)4kf[
@D681K
b:/rO p
Dt'fby
n1EZ+"
R%Ox{V@
ARr*bb
O[|{{{
NN%;R;8
&MgNN.f
WL{;[[
AHJJ5w
LHh$:t
q-lZ1Y
cu}_`j
(yMLIG
Pb\N1,
KFxT"B
Jxid\2b
]R:\mY
%;N("P
6^iVCq
>Hc0+s
:k&;WD
@$OJ$.
E& 2>M
H+>IGe
JJGJjV
J_"!%a
3e^^.z?
>)b('I
(DdQ3
iOONLu<
xf9tP9
U^6 FY,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Bvyowlav
/ P6pL
,/KPip
/-P?pR
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Valve Corporation
FileDescription
FileVersion
7.45.7.87
InternalName
Steam.exe
LegalCopyright
Copyright (C) 2021 Valve Corporation
LegalTrademarks
OriginalFilename
Steam.exe
ProductName
ProductVersion
7.45.7.87
Assembly Version
7.45.7.87
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
ClamAV Clean
FireEye Generic.mg.94fc411bf39e8d2e
CAT-QuickHeal Clean
McAfee Artemis!94FC411BF39E
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender IL:Trojan.MSILZilla.23291
K7GW Clean
Cybereason malicious.2f45c6
Baidu Clean
VirIT Clean
Cyren W32/MSIL_Kryptik.GLW.gen!Eldorado
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.WDB
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
MicroWorld-eScan IL:Trojan.MSILZilla.23291
Rising Clean
Ad-Aware IL:Trojan.MSILZilla.23291
Sophos Generic ML PUA (PUA)
Comodo Clean
F-Secure Clean
DrWeb Trojan.Packed2.44492
VIPRE IL:Trojan.MSILZilla.23291
TrendMicro Clean
McAfee-GW-Edition Artemis
Trapmine Clean
CMC Clean
Emsisoft IL:Trojan.MSILZilla.23291 (B)
Ikarus Trojan.Agent
GData IL:Trojan.MSILZilla.23291
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=87)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
Microsoft Program:Win32/Wacapew.C!ml
Google Detected
AhnLab-V3 Clean
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.34698.En0@aub3TZm
ALYac IL:Trojan.MSILZilla.23291
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.4127197477
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Clean
Fortinet MSIL/GenKrytpik.IV!tr.dldr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.