popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-10-22 10:44:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000ce4 0x00000e00 5.11743776012
.rsrc 0x00004000 0x0002ee00 0x0002ee00 5.36137295188
.reloc 0x00034000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0002d840 0x00004f8c LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x000327cc 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00032850 0x000002d4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00032b24 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
IEnumerable`1
ConcurrentQueue`1
Dictionary`2
<Module>
System.IO
mscorlib
System.Collections.Generic
ReadToEnd
Enumerable
GetType
System.Core
WebResponse
GetResponse
Create
GuidAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ToByte
TryDequeue
Enqueue
Rckjlz.exe
System.Threading
System.Runtime.Versioning
String
Substring
get_Length
GetResponseStream
System
System.Reflection
ValueCollection
System.Linq
InvokeMember
StreamReader
TextReader
Binder
Monitor
System.Runtime.InteropServices
System.Runtime.CompilerServices
get_Values
BindingFlags
Object
System.Net
System.Collections.Concurrent
Convert
WebRequest
ToArray
Assembly
Rckjlz
WrapNonExceptionThrows
$98cc82a4-1b61-4870-ae51-0f90ee6ea5b3
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
xoeNvne
wpfMd\T
wpfMvne
xnhLf_W
wpfMvne
W#^yeV3W
dLL1Fr
uljF2ov
N29sI'
A"K"qV
[AMfH
+^jeJ**
fj#yOrK
Tw8kQ{b
TkO,l#
2+Io4L
@$IN)=
'H_$L^
O_8D.)[
M"?_]!q
An'` N
;IDAT`F
s?6H`j
@' :Ao
E~%;Hv
*c`cB
W@'Jnvt
mk+h[[
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Btgrwjybsjocswimwq.Cpwppimmrzcsteb
Wnhuoepxhsfor
http://ripley.studio/loader/uploads/Yjnhiv.jpeg
n~AaQ1
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Rckjlz.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Rckjlz.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Cyren W32/MSIL_Kryptik.IAJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Clean
Cynet Malicious (score: 100)
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan.MSIL.Scarsi.gen
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Avast CrypterX-gen [Trj]
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.54e5e90fbafdf6f0
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!54E5E90FBAFD
MAX Clean
VBA32 Downloader.MSIL.gen.rexp
Malwarebytes Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.34726.mm0@aK@FFgk
AVG CrypterX-gen [Trj]
Panda Clean
No IRMA results available.