popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-12-07 08:31:24

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000012b4 0x00001400 5.37219846845
.rsrc 0x00004000 0x00000a68 0x00000c00 3.67470794952
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004728 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00004728 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00004850 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00004160 0x000002dc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004878 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
Mgqtihug.exe
Program
WindowsFormsApp64
mscorlib
System
Object
EventArgs
Program_Playing
EventHandler
Playing
add_Playing
remove_Playing
LiveTV
Yskbak
sender
System.Runtime.Versioning
TargetFrameworkAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Mgqtihug
MemberInfo
MethodInfo
Action
RuntimeTypeHandle
GetTypeFromHandle
Delegate
CreateDelegate
DynamicInvoke
Combine
System.Threading
Interlocked
CompareExchange
Remove
<LiveTV>b__0
Func`2
CS$<>9__CachedAnonymousMethodDelegate2
CompilerGeneratedAttribute
<LiveTV>b__1
CS$<>9__CachedAnonymousMethodDelegate3
get_FullName
String
op_Equality
get_Name
Assembly
GetTypes
System.Core
System.Linq
Enumerable
System.Collections.Generic
IEnumerable`1
GetMembers
op_Inequality
Invoke
System.Net
WebRequest
Create
HttpWebRequest
set_Method
WebResponse
GetResponse
System.IO
MemoryStream
Stream
GetResponseStream
CopyTo
ToArray
List`1
get_Item
System.Text
Encoding
get_UTF8
GetBytes
System.Security
UnverifiableCodeAttribute
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
KFCLEANER
Copyright
2014
$a5baa0f4-e16d-47d7-9669-8c297601c752
1.0.0.0
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
wwwwwwwwwwwwwwp
DDDDDDDDDDDDDDp
DDDDDDDDDDDDDDp
LLLLLLLLLN
DDDDDDDDDDDDD@
wwwwwwwDDDDDDDGO
DDDDDD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Bdkaqrvr.Vbhwhmkkdolisyawhvkm
Fcqdipgjeseczhwlesz
http://eisnt.com/wp-content/cache/Bwleepvfk.jpeg
Kiawbmzohmyiywnl
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
KFCLEANER
FileDescription
KFCLEANER
FileVersion
1.0.0.0
InternalName
Mgqtihug.exe
LegalCopyright
Copyright
2014
OriginalFilename
Mgqtihug.exe
ProductName
KFCLEANER
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.MSILHeracles.54634
FireEye Gen:Variant.MSILHeracles.54634
CAT-QuickHeal Clean
McAfee Clean
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.MSILHeracles.54634
K7GW Clean
Cybereason malicious.61b347
BitDefenderTheta Gen:NN.ZemsilF.36106.am0@ayWIWQm
VirIT Clean
Cyren Clean
Symantec MSIL.Downloader!gen8
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.OGH
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
Cynet Malicious (score: 99)
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.MSILHeracles.54634
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Heuristic.HEUR/AGEN.1253931
DrWeb Trojan.DownLoaderNET.507
VIPRE Gen:Variant.MSILHeracles.54634
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
CMC Clean
Emsisoft Trojan-Downloader.Agent (A)
SentinelOne Static AI - Suspicious PE
GData MSIL.Trojan-Downloader.Agent.BJU
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1253931
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Wacatac.dd!n
Arcabit Trojan.MSILHeracles.DD56A
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
MAX malware (ai score=86)
VBA32 Downloader.MSIL.gen.rexp
Malwarebytes Trojan.Downloader
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (D)
No IRMA results available.