popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-11-01 15:21:52

PDB Path

BCVCBBDHDDHD.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000e994 0x0000ea00 5.86978386723
.rsrc 0x00012000 0x00001652 0x00001800 5.00979578314
.reloc 0x00014000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000131c8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000131c8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00013630 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
m.EZ ?
;ujSZ
ALnZ RI
](MQZ
+%Za8k
TCZ m0
qrxhZ
^ ^~.pa%
Z K7u1a8A
1F%&8W
_lZ @=
| x'%&8T
yZ 1IHa8
5}}GZ
Z q]{a8e
L[%&8N
UZ &0_
y#Za8o
_bj/
_bY*
T45)
AP%&8r
Hao(Z
g=b7%&8
RI8%&83
Z #Q a8
Z_bX
43 >Rt
{AZ H4(>a+
?Z d8G
zvR%&8X
p/''Z 8
Y_cX*
Z *Ab>a+
[I1Z y^
dlh5Z
>azG%&
,;Z kk9
090]Z \)
OZ )%n
G;YZ j
BJZ 6R
gMSZ Q
D-Z 8#
z/Za8u
?K#G%+
vNZ 3d
v\Z YP
}Z @OA4a8
v4.0.30319
#Strings
ME!-mPC&mgM<G&i=kG"Zxexq#
BCVCBBDHDDHD$
cd1dc713c9570c45daa9dd6d9177b2a12
UInt32
ToInt32
c00d9a2ae2456b52e9d40d8e138292982
ccbb3937f02f0ca2f7bca210c1f4eaca2
c552cd917c580b1405430250845e4a9b3
c680b9036b0a899875a10e922fcfcb244
cd20365536cd185241beeb68ae0d3da54
c66d97aeae628603c8ab3b764b791af57
c1616e3a6d40b86a7cf988618c97f8e08
get_UTF8
c94ce2391c1592bef3cf60d6d1c2105c9
<Module>
nLpGXKdvmhseqOXAaWUicibbwHYC
BCVCBBDHDDHD
System.IO
set_IV
c243b1773522677ac282548669a1daa8b
mscorlib
cc0b7a61df39cce0d170b62aa7135e98c
get_CurrentThread
thread
get_IsAttached
Synchronized
ReadToEnd
set_IsBackground
set_Method
GetMethod
distance
CreateInstance
CompressionMode
get_Unicode
Invoke
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
get_Name
get_FullName
ValueType
SecurityProtocolType
GetType
GetElementType
get_Culture
set_Culture
MethodBase
ApplicationSettingsBase
WebResponse
GetResponse
Reverse
Create
EditorBrowsableState
posState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
matchByte
prevByte
get_IsAlive
add_AssemblyResolve
BCVCBBDHDDHD.exe
get_InputBlockSize
get_OutputBlockSize
inSize
outSize
windowSize
dictionarySize
IndexOf
System.Threading
Encoding
IsLogging
System.Runtime.Versioning
FromBase64String
GetString
Substring
get_Length
TransformFinalBlock
TransformBlock
System.ComponentModel
set_SecurityProtocol
GetManifestResourceStream
GetResponseStream
DeflateStream
inStream
outStream
MemoryStream
stream
System
SymmetricAlgorithm
ICryptoTransform
Boolean
IsLittleEndian
AppDomain
get_CurrentDomain
System.IO.Compression
System.Configuration
System.Globalization
System.Reflection
get_Position
set_Position
Intern
MethodInfo
CultureInfo
InvokeMember
StreamReader
TextReader
DESCryptoServiceProvider
sender
Binder
rangeDecoder
Buffer
get_ResourceManager
ServicePointManager
Debugger
ResolveEventHandler
System.CodeDom.Compiler
BitConverter
.cctor
Monitor
CreateDecryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
A.cd1dc713c9570c45daa9dd6d9177b2a12.resources
DebuggingModes
BCVCBBDHDDHD.Properties
properties
NumberStyles
numPosStates
GetBytes
BindingFlags
Settings
ResolveEventArgs
Equals
Models
NumBitLevels
numBitLevels
get_Chars
RuntimeHelpers
numTotalBits
numPosBits
numPrevBits
Object
System.Net
Default
Environment
ParameterizedThreadStart
Convert
FailFast
HttpWebRequest
System.Text
startIndex
InitializeArray
ToArray
set_Key
System.Security.Cryptography
get_Assembly
GetCallingAssembly
GetExecutingAssembly
BlockCopy
set_Capacity
op_Equality
Confuser.Core 1.6.0+447341964f
BCVCBBDHDDHD
Copyright
2022
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
1.0.0.0
$808789ae-b723-47a3-a795-dd65a025df68
WrapNonExceptionThrows
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
BCVCBBDHDDHD.pdb
_CorExeMain
mscoree.dll
&GRAPHICRATING-KOLORIA-FILE-PDF-ACROBAT
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Barys.29541
FireEye Generic.mg.307c54a647190489
CAT-QuickHeal Clean
ALYac Gen:Variant.Barys.29541
Cylance Clean
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Barys.29541
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Cyren W32/MSIL_Agent.DSJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.NXZ
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan-Spy.MSIL.Noon.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic/MSIL@AI.100 (RDM.MSIL:lo/pNhsV/j3pdvHj3nc+zA)
Ad-Aware Gen:Variant.Barys.29541
TACHYON Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Barys.29541
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
CMC Clean
Emsisoft Gen:Variant.Barys.29541 (B)
Ikarus Trojan.Inject
GData Gen:Variant.Barys.29541
Jiangmin Clean
Webroot Clean
Google Detected
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Barys.D7365
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX malware (ai score=84)
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.AGBZ!tr
BitDefenderTheta Gen:NN.ZemsilF.34754.emW@ai5JwTi
AVG Win32:SpywareX-gen [Trj]
Avast Win32:SpywareX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (D)
No IRMA results available.