popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-12-07 08:33:18

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001284 0x00001400 5.34048918738
.rsrc 0x00004000 0x00000a58 0x00000c00 3.65856518354
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004718 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00004718 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00004840 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00004160 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004868 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
Nmfxb.exe
Program
WindowsFormsApp13
mscorlib
System
Object
EventArgs
Program_Playing
EventHandler
Playing
add_Playing
remove_Playing
LiveTV
Crnpxd
sender
System.Runtime.Versioning
TargetFrameworkAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
MemberInfo
MethodInfo
Action
RuntimeTypeHandle
GetTypeFromHandle
Delegate
CreateDelegate
DynamicInvoke
Combine
System.Threading
Interlocked
CompareExchange
Remove
<LiveTV>b__0
Func`2
CS$<>9__CachedAnonymousMethodDelegate2
CompilerGeneratedAttribute
<LiveTV>b__1
CS$<>9__CachedAnonymousMethodDelegate3
get_FullName
String
op_Equality
get_Name
Assembly
GetTypes
System.Core
System.Linq
Enumerable
System.Collections.Generic
IEnumerable`1
GetMembers
op_Inequality
Invoke
System.Net
WebRequest
Create
HttpWebRequest
set_Method
WebResponse
GetResponse
System.IO
MemoryStream
Stream
GetResponseStream
CopyTo
ToArray
List`1
get_Item
System.Text
Encoding
get_UTF8
GetBytes
System.Security
UnverifiableCodeAttribute
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
KFCLEANER
Copyright
2014
$0b7a205c-4dfd-461e-b158-e9ae25b36cd4
1.0.0.0
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
wwwwwwwwwwwwwwp
DDDDDDDDDDDDDDp
DDDDDDDDDDDDDDp
LLLLLLLLLN
DDDDDDDDDDDDD@
wwwwwwwDDDDDDDGO
DDDDDD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Jkbikyycqapfnhtrkqrskw.Jkbomexeaz
Axldmnmmvnfx
http://eisnt.com/ahu-punjab/Fgxogd.bmp
Kwrfxuanhufvh
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
KFCLEANER
FileDescription
KFCLEANER
FileVersion
1.0.0.0
InternalName
Nmfxb.exe
LegalCopyright
Copyright
2014
OriginalFilename
Nmfxb.exe
ProductName
KFCLEANER
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Seraph.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.64092025
ClamAV Clean
FireEye Trojan.GenericKD.64092025
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Downloader.Msil.Seraph.V2y0
K7AntiVirus Trojan-Downloader ( 0059c2be1 )
BitDefender Trojan.GenericKD.64092025
K7GW Clean
Cybereason malicious.ae5242
Baidu Clean
VirIT Clean
Cyren Clean
Symantec MSIL.Downloader!gen8
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.OGH
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Msil.Trojan-Downloader.Ader.Vmhl
Ad-Aware Trojan.GenericKD.64092025
TACHYON Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownLoaderNET.507
VIPRE Gen:Variant.MSILHeracles.54634
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
CMC Clean
Emsisoft Trojan-Downloader.Agent (A)
SentinelOne Static AI - Suspicious PE
GData MSIL.Trojan-Downloader.Agent.BJU
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1253931
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.SmokeLoader.bot
Arcabit Trojan.MSILHeracles.DD56A
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Google Detected
AhnLab-V3 Trojan/Win.MalwareX-gen.C5325393
Acronis Clean
McAfee Artemis!B1171241B480
MAX malware (ai score=99)
VBA32 Downloader.MSIL.gen.rexp
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CL722
Rising Downloader.Seraph!8.111C6 (CLOUD)
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet MSIL/Agent.OGH!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.36106.am0@aimErMn
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.