popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-10-21 06:59:48

PDB Path

C:\Users\Administrator\Documents\CryptoObfuscator_Output\HHkPoJhH.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003bbc8 0x0003bc00 7.91096468599
.reloc 0x0003e000 0x0000000c 0x00000200 0.101910425663
.rsrc 0x00040000 0x000083a4 0x00008400 6.84580675255

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00043db8 0x000040a2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00043db8 0x000040a2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00043db8 0x000040a2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00043db8 0x000040a2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x00047e5c 0x0000003e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00047e9c 0x0000031c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000481b8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.reloc
B.rsrc
+9o(Y
@_-%~
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADPR
H51$WzS
C@ ''N
NE\i0.&
N+6SLqov
> -5^K
D^|.4_
gTU!\h
z=(wEFZ
G/InN<z}#*
k3Y_1O
S@V2niW^
@P>5W^Sh
Zs"wr|
ZThEn=
slc(D.a[3
S@V2tXV
ltY[C]'
aff(2eJ
RB-ryL
HW)DAG1
mRF_WL
_7N}j
<;2.=x
m)atr/
is)1vh
b,+mmj
u0Y>@x
v|DPSP
d@=-_Y
6<~K]r_X
j[oa5o)d
.Gk>9`
[%#X4.
[7{ZC=~
=2Dw*&
!}3~S
gBcw>$RK
.YnW$Y
V>C!3o
/I6Jpj
i=L?oG
gYnW$Y
l^Z{[ia
y4&qhm
<oI^hC)I
W,W:r
R{RT^y*
ytc~VM
r){uS0{c
8g,;Qs5z
n".NXR
m0AP$1o
0KNY Y
")fb3Z
x__uW&4
b{.iq
?y'!Sf|
$|o|I?S
MXdOUu
/E&\]}
g 2jSmA
&%o[E
B4q=!LD\6
(j&A(z
^d,!3y
7msbj(
7msbj(
%wYk'Y
I4RqLZX
Y]l/e
#k*z12
$#vcoM
_=<W2g
}{rKN3j
CdG3Da,
V+%]C1HnMS~
>$O"x
`Io_1k
y,e?I*
V=gQt}:9<
N?KG!kj
ZlV4Pw6C
L8qbf;
$|;-{y
:ya_qd+
t_\lC%Ep-
%"M%1;
&D@tD3
'Gqd@l9f
aS/!,=
,6sf,+f
3z,Y@$c'4_
\\~Il,
jd>f<\@
<Wa+5qPk
!7,BBo
Bw@.voC6C
nJUBw9{
u2'CE8~
FyeKH9
Rq- ld
oM&1r.
g4=%>R
?aJEI<
hRt+l6{
hu|t|a
`-*zd=45
);tL#>2
%3"}qNT
KT]/Iia
mCQ<3@
r7@ "|p
jX/if6
m<;mQr
a&1<Hga
jP$!Kw
H\D^Km
sTeyJK3
b?6G=m
ymh:"X
0]Bv5
lU-/I>r
-q&&pW(R3
8+$nXx2
|<,3hk
"O?ooN
zxkXnr
B%sTU<JE
lxd~Ux
g]b=?
([Yieg
B>#vMEr
8&1:.WD
s:c3?"
~Uk!Ct
vKOm(W
mAH>M3&
VU~R:P
rh#dX]
T)40%u
!{NP`/
l#_7#f
$$FquQ
!TZ1v0
B>ABNlo7W
T)40%Z?
o!-euz
|S$+=
}K"])E
"J%/,76
=WWbM?
(CdyLF:J
Q5cK%J
vkIz<y
2v-ef/+@
C/H 9~
~\^8 G4`C
7G>6O=
F1oUfD
jJ1S<W
UylQ!-
<NH]2
O"`zG)*
(|"v@Vp:G
yjWWtJ
`rEgxg
ei{h"a
<I0dA@}vw
^TJ2R!
JUP!G
;@D:|JN5G
Hgb'u1
rlFw;
rlFw;
Mx@8p*
^r~|/4
~HmNQS
Pwtx(nMnF
.'$WzS
w9Mvl,y
w9Mvl,y
B,fGPo=
5S82]@~
Dsf9""
F<+FXL]
~%yne"
xW\(DA
/{MS<D6
*D$WzS
*I$WzS
xb yfG[
rlFw;
?K;X}Q
F!\ppP
D$WzS
FH$WzS
]z6tU%l
L54<t9
>M+(Va
aq]B@%:
m!$gEy
TER&YO
14`7PK
9%Y*qli
~_d)vn
7t<nx,
v]U$WzS
v]U$WzS
zz3hrh
@;%*>.
XO$WzS
xvZa,j
=ti:*Lx
EO#{;k
|Lq;Mn
8>$WzS
4X$WzS
{y$WzS
_$AF<
cA$WzS
8&$WzS
i$V<fE
~"t]YifR+
;t;`9"
{F!Oll
2xR>h97
<qf$WzS
V2/%JV"
y1ga["hB
:^?X%5
< r?4:h
rdIo^,B8`
BU_H}Tt
b(=sAC
V$vJ]K
xEKnxL
%eeT>T
BdJ@Il
,)~Mb=
Lfqh96
+L"K~Gm
lGpnd
/gQ;JG
; ,-`$
93!.vjg
\L=BY0
<vr9M#?
r4ZPy+
Aj679R
fGNuko
R&'{!{
cN2"bBcR
M2|9+lg
y ]qU!#
_S*?n<
z7+IZ[u
WMW_d<~7
#u%Ih-
Y6z8!n
:(q>qw
1~.=;+
qw>@85
$*8^Fk
{w<}4t
5|] _~g
GVYro~
)gv1$E
*M?5"
?LM%t}h,
oz;ev:{
o#Zp_@O
hA*zJeL*
`'<~j2
N[c>Q~
Q)MVloyTSI
2\Prhv
lC_,,w
}:56I]
LM}ET0
-TY}k
l*vR<<
<$K"[/
ZKvm#]~Fk
JifYv4c9
3<WL{
6kWK#
3f_dg#'O
S-g2ij,^
qw>@85
2\Prhv
OfkEV]
NpX]@
MK;f4
fKn+FK`')Yj
pW0i]tK
&C6AxX
jk|IXN
:hfnK1`[
Dy `D7
!yULnj
-cTeVhc
.f&qt1
w.f^J6
r^!>7y`:4
Lg`XAM
u;^?P'4+/
%oJ0>F
lmmI|xzK8
L!s3^8
r*SZSC
,TI<s)h
dYw|$%e]
-y1X<Y
*'UYW
L+jBHD
biY>Fq
VB1Jox
pu'vB{
565#_
WvvJST
E|~#I'
0>R.M
5-JH'+
&c2AYt
uzo%B<
b@jg2{\
c\@.Wn
[,"1-'
F!QHr_Y
D&ZN3
If<!\Q1
zQ\WWb
9sG`C
3fJuf/.m
j"{?M(F
3?,G{w
+0</<N
aU;':3
2$ zP%TT
D9Go01
h>.Noy
o$$!?IR
[_6H\J
j>L/O1
T%Cv(E;
-P'(a#
mZ>t.P
Dkcj!rN
+0</<vT
+0</<vT
>+3@[w
+qss`3
59clB@
A659clB@
?0QB%X^u]
7uQLC5
&+UfMs
#td];;I
oJ,ED1
RSDSZ:
C:\Users\Administrator\Documents\CryptoObfuscator_Output\HHkPoJhH.pdb
v4.0.30319
#Strings
HHkPoJhH
HHkPoJhH.exe
mscorlib
Microsoft.VisualBasic
System
System.Windows.Forms
System.Drawing
kernel32.dll
user32.dll
HHkPoJhH.Resources.resources
HHkPoJhH$
ConsoleApplicationBase
Microsoft.VisualBasic.ApplicationServices
CallType
Conversions
Microsoft.VisualBasic.CompilerServices
DesignerGeneratedAttribute
NewLateBinding
ProjectData
StandardModuleAttribute
Versioned
Computer
Microsoft.VisualBasic.Devices
HideModuleNameAttribute
Interaction
MyGroupCollectionAttribute
Strings
Activator
AppDomain
ArgumentException
AsyncCallback
Attribute
BitConverter
Boolean
GeneratedCodeAttribute
System.CodeDom.Compiler
Hashtable
System.Collections
Component
System.ComponentModel
Container
HelpKeywordAttribute
System.ComponentModel.Design
EditorBrowsableAttribute
EditorBrowsableState
IContainer
ApplicationSettingsBase
System.Configuration
SettingsBase
Convert
DebuggableAttribute
System.Diagnostics
DebuggingModes
Debugger
DebuggerHiddenAttribute
DebuggerNonUserCodeAttribute
DebuggerStepThroughAttribute
Process
ProcessStartInfo
ProcessWindowStyle
Environment
SpecialFolder
Exception
CultureInfo
System.Globalization
NumberStyles
IAsyncResult
IDisposable
IntPtr
InvalidOperationException
CompressionMode
System.IO.Compression
DeflateStream
MemoryStream
System.IO
Stream
MulticastDelegate
Object
Assembly
System.Reflection
AssemblyCompanyAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
Binder
BindingFlags
TargetInvocationException
ResourceManager
System.Resources
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
CompilerGeneratedAttribute
RuntimeCompatibilityAttribute
RuntimeHelpers
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
RuntimeEnvironment
TargetFrameworkAttribute
System.Runtime.Versioning
RuntimeTypeHandle
CipherMode
System.Security.Cryptography
DESCryptoServiceProvider
HashAlgorithm
ICryptoTransform
MD5CryptoServiceProvider
SymmetricAlgorithm
TripleDES
TripleDESCryptoServiceProvider
STAThreadAttribute
String
Encoding
System.Text
StringBuilder
Monitor
System.Threading
ParameterizedThreadStart
Thread
ThreadStaticAttribute
UInt16
UInt32
Application
AutoScaleMode
ContainerControl
Control
<Module>
DriveResolver
AssemblyInfoAttribute
BitmapService
BookmarkSettings
ContextDictionary
DialogStack
ConditionScope
ActivityDictionary`1
WindowLayout
MySettings
HHkPoJhH.My
ComponentDesigner
QueueSet
FileProvider
FileEditor
PluginType
NodeAttribute
XmlFileManager
ToolbarToken
ActivityService
BuilderDictionary
QueueEventArgs
DirectoryEventArgs
ActionSettings
PackageDesigner
EditorToken
ActivatorToken
AssistantStream
AssistantTable
BookmarkInvoker
ClientFactory
CommandContext
CommandEditor
DockingPaneManager
FunctionTree
NetworkScope
ReferenceLayout
StubDesigner
TemplateAttribute
ToolbarContext
UnregisterBuilder
generatorPosition
RebuildPage
AttachPartition
lastManager
logHeader
captionLength
managerEnabled
.cctor
get_ChangePlugin
get_ProcessSolution
get_UnregisterDevice
get_FindLine
get_DeleteStub
JoinMenuItem
ReplaceAction
FormatForm
Equals
GetHashCode
RegisterSymbol
ToString
set_ProcessSolution
UnregisterDevice
FindLine
DeleteStub
CleanDisk
ChangePlugin
ProcessSolution
ebbJKFQu4
pbStA255h
BHmsatTB9
defaultInstance
get_Default
MGGuruxIJ57IebJsnR
LaKEp1NskiL6jF1Sw7
i97MiKQfrhckv36IVA
N8VWTp4sbilEcBAlnr
get_Settings
Dispose
disposing
CopyStore
AllocateGroup
UncheckPane
UncheckEditor
DetachFunction
IncreaseAspect
DisposeAction
EditBitmap
Disconnect
AddReference
uriList
object
method
Invoke
ProcessHandle
ProcessInformationClass
ProcessInformation
ProcessInformationLength
ReturnLength
BeginInvoke
callback
EndInvoke
result
debugPort
lpOutputString
hProcess
pbDebuggerPresent
lParam
lpEnumFunc
SetLastError
CloseHandle
OpenProcess
GetCurrentProcessId
LoadLibrary
GetProcAddress
GetClassName
morT0f03m
nPZiOZ8jq
Default
Settings
get_IsDisposed
GetTypeFromHandle
ContainsKey
GetResourceString
CreateInstance
SetProjectError
get_InnerException
get_Message
Remove
GetObjectValue
get_Assembly
ReferenceEquals
GetObject
Synchronized
set_ClientSize
set_AutoScaleMode
set_Text
GetFolderPath
Concat
Replace
StrReverse
CallByName
get_ExecutablePath
FromBase64String
get_UTF8
GetString
GetExecutingAssembly
GetManifestResourceStream
get_Unicode
Intern
get_CurrentDomain
LateIndexGet
InvokeMember
CreateDecryptor
GetRuntimeDirectory
Combine
get_BigEndianUnicode
GetBytes
ComputeHash
set_Key
set_Mode
TransformFinalBlock
get_FullName
IndexOf
Substring
get_Chars
Reverse
ReadByte
set_IV
get_Length
set_Capacity
set_Position
get_InputBlockSize
get_OutputBlockSize
get_Position
TransformBlock
ToArray
Compare
get_Capacity
Format
get_IsAttached
op_Inequality
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.10.0.0
My.Settings
$3ce95441-4d2f-453b-a848-2d2ebfde84e9
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
1.0.0.0
Copyright
2022
HHkPoJhH
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
@7IDATx^
;''''=
Btm|tm}toLx/
L(HC!7A
M(LC1WE
z_>z.B
Eo(|S-~Y
v+EN(z
o(xEo
/j8my.
u/n?'<4t8;
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
BHAUZ7WHAZ
OZIA8HAZI
"3D9B94A98B-76A8-4810-B1A0-4BE7C4F9C98DA2#
SEhrUG9KaEgk
PublicKeyToken=
publickeytoken=
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
HHkPoJhH
FileVersion
1.0.0.0
InternalName
HHkPoJhH.exe
LegalCopyright
Copyright
2022
LegalTrademarks
OriginalFilename
HHkPoJhH.exe
ProductName
HHkPoJhH
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Heracles.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.63021698
FireEye Generic.mg.8f89c4cd81384874
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.63021698
Cylance Unsafe
VIPRE Trojan.GenericKD.63021698
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005976671 )
BitDefender Trojan.GenericKD.63021698
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.34726.rm0@a4PSWSe
VirIT Clean
Cyren W32/ABRisk.OEOX-5188
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Kryptik.AGFG
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:Win32/runner.ali1000123
NANO-Antivirus Clean
Cynet Malicious (score: 99)
ViRobot Clean
Rising Trojan.Generic/MSIL@AI.100 (RDM.MSIL:YL48Z2cB2/c6thxoVQHPsA)
Ad-Aware Trojan.GenericKD.63021698
TACHYON Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.Inject4.45703
Zillya Clean
TrendMicro TROJ_GEN.R049C0PJO22
McAfee-GW-Edition RDN/Real Protect-LS
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.63021698 (B)
Ikarus Trojan.MSIL.Agent
GData Trojan.GenericKD.63021698
Jiangmin Clean
Webroot Clean
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.3E3F
Kingsoft Clean
Gridinsoft Ransom.Win32.Wacatac.sa
Arcabit Trojan.Generic.D3C1A282
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft TrojanDropper:O97M/CrimsonRAT.YA!MTB
Google Detected
AhnLab-V3 Clean
Acronis suspicious
McAfee Artemis!8F89C4CD8138
MAX malware (ai score=87)
VBA32 Clean
Malwarebytes Trojan.MalPack
Panda Trj/Chgt.AA
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R049C0PJO22
Tencent Msil.Trojan-Spy.Stealer.Simw
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.AGFG!tr
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.054c4b
Avast Win32:PWSX-gen [Trj]
No IRMA results available.