popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-01-21 22:22:19

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00217f74 0x00218000 5.849105705
.rsrc 0x0021a000 0x00002e00 0x00002e00 3.25503068112
.reloc 0x0021e000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0021a100 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 134217728, next used block 117440512
RT_GROUP_ICON 0x0021c6b8 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0021c6dc 0x0000039e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0021ca8c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
*AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkgAAAADAAZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAuADAALgAwAC4AMQAAAG4AbwBpAHMAcgBlAFYAIAB5AGwAYgBtAGUAcwBzAEEAAQAIADgAAAAwAC4AMAAuADAALgAxAAAAbgBvAGkAcwB
v4.0.30319
#Strings
IEnumerable`1
Func`2
<Module>
get_ASCII
System.IO
mscorlib
System.Collections.Generic
Thread
add_Load
Interlocked
CompareExchange
Invoke
Enumerable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
get_Name
GetName
AssemblyName
Combine
ValueType
System.Core
get_CodeBase
WebResponse
GetResponse
Reverse
Create
CreateDelegate
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
UnverifiableCodeAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Remove
Rlpevdv.exe
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
GetString
GetResponseStream
MemoryStream
System
AppDomain
get_CurrentDomain
Application
Action
System.Reflection
CopyTo
System.Linq
EventHandler
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetAssemblies
EnableVisualStyles
GetTypes
EventArgs
System.Windows.Forms
System.Security.Permissions
RuntimeHelpers
Object
System.Net
SetCompatibleTextRenderingDefault
FirstOrDefault
Convert
HttpWebRequest
System.Text
add_atu
remove_atu
Rlpevdv
InitializeArray
ToArray
Assembly
op_Equality
System.Security
WrapNonExceptionThrows
Opera Installer
Opera Software
Copyright Opera Software 2023
$981f21e6-bfef-43d0-ac29-1c42e50729c2
94.0.4606.54
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Gcstyeberoatpbtbrc
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Opera Installer
CompanyName
Opera Software
FileDescription
Opera Installer
FileVersion
94.0.4606.54
InternalName
Rlpevdv.exe
LegalCopyright
Copyright Opera Software 2023
LegalTrademarks
OriginalFilename
Rlpevdv.exe
ProductName
Opera Installer
ProductVersion
94.0.4606.54
Assembly Version
94.0.4606.54
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
MicroWorld-eScan IL:Trojan.MSILZilla.24482
ClamAV Clean
FireEye Generic.mg.33ebd23f0b509a3a
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender IL:Trojan.MSILZilla.24482
K7GW Clean
Cybereason malicious.dc316b
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:DZoww8Xd1t7PUR4f8yzGQA)
Sophos Generic ML PUA (PUA)
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
CMC Clean
Emsisoft IL:Trojan.MSILZilla.24482 (B)
Ikarus Clean
GData IL:Trojan.MSILZilla.24482
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1232149
MAX malware (ai score=87)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D5FA2
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Program:Win32/Wacapew.C!ml
Google Clean
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Malware.AI.2087340352
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.36212.go0@aGasrck
AVG Clean
Avast Clean
No IRMA results available.