popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-10-22 23:33:17

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000e74 0x00001000 5.10905642698
.rsrc 0x00004000 0x0002eca8 0x0002ee00 5.35147919825
.reloc 0x00034000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d75c 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x00032724 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000327e4 0x000002d4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00032af4 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
&&+"+#+(+-+2
++$+)+.
v4.0.30319
#Strings
install.exe
install
<Module>
mscorlib
Object
System
PoweredByAttribute
SmartAssembly.Attributes
Attribute
ConcurrentQueue`1
System.Collections.Concurrent
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
Assembly
Enqueue
TryDequeue
InvokeMember
BindingFlags
Binder
GetType
WebRequest
System.Net
Create
GetResponse
WebResponse
GetResponseStream
Stream
System.IO
StreamReader
TextReader
ReadToEnd
String
Substring
Convert
ToByte
Dictionary`2
System.Collections.Generic
Monitor
System.Threading
get_Length
get_Values
ValueCollection
System.Core
Enumerable
System.Linq
ToArray
IEnumerable`1
WrapNonExceptionThrows
$b14d8d62-ccad-4e26-a55a-8e8f9b75b263
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6(
#Powered by SmartAssembly 8.1.0.4892
_CorExeMain
mscoree.dll
xoeNvne
wpfMd\T
wpfMvne
xnhLf_W
wpfMvne
W#^yeV3W
dLL1Fr
uljF2ov
N29sI'
A"K"qV
[AMfH
+^jeJ**
fj#yOrK
Tw8kQ{b
TkO,l#
2+Io4L
@$IN)=
'H_$L^
O_8D.)[
M"?_]!q
An'` N
;IDAT`F
s?6H`j
@' :Ao
E~%;Hv
*c`cB
W@'Jnvt
mk+h[[
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
l.#l.+l.3l.;l.Cl.Kl.Sl.[w.c
Unogdg.Hpkhtqjawqrcgdecqnvz
Mgbvyfxxywyqbpuwarhjn
http://ripley.studio/loader/uploads/Qanjttrbv.jpeg
n~AaQ1
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
install.exe
LegalCopyright
LegalTrademarks
OriginalFilename
install.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.MSIL.Scarsi.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Lazy.256492
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Variant.Lazy.256492
Rising Clean
Ad-Aware Gen:Variant.Lazy.256492
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Lazy.256492
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm
Trapmine suspicious.low.ml.score
FireEye Generic.mg.9628afc9116db529
Emsisoft Gen:Variant.Lazy.256492 (B)
Ikarus Trojan-Downloader.MSIL.Agent
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=89)
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Gen:Variant.Lazy.256492
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!9628AFC9116D
TACHYON Clean
VBA32 Downloader.MSIL.gen.rexp
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.34726.mm0@aOB1QSc
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.