Static | ZeroBOX

PE Compile Time

2023-03-14 03:14:57

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0001fbf4 0x0001fc00 7.77129784132
.rsrc 0x00022000 0x000004d6 0x00000600 3.71797663335
.reloc 0x00024000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000220a0 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000222ec 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
*X*X(%
d2k#gx^
+*/Mjy
5rIx?"/
J{n3L4
\i[PD2^7j
34=q.4]
D_wf\b
ZY#Xy*
}t-.Cw
Y5$h6o<
9?MTP^F
<EM8[Z[
;EQi;x
)M)>n_
fh2dz}J
<CT02b
CYB0W_R
_)dyibxy
F`)O|J
Lk<c1_5+0"
DW-Y4P
+td?<&+
:fi+`V
D./CN@
TV|a`(O
?-]SJV
14~b>/E
R+b(c)
mis:in
8A6kma{e
*ePWR6`
*!>55$
4xb}9B
JOPIb_
Y:J"sm
fRZ/v*
McNy)
G\I,OCZ}\
2!#Hq&e
'sO!G]
5w&~8D
]a"Z!
"oPh$3c
_|[n!<
,!Y~#Vw
#<xbb+7
F/k/7-
!<*y9r
cFe{RP
v Q:Z$z
^,}R56
*}[o|x
K_UA2j
7oW5<j
qpA/=>3
P&ZD#^E
fQ9831
=m&aF+)@
3+}gBR
\5<=?)D@[
IeUux{Q~bf
4&|-q
4k98!_C
>U_FQT
4uU\)U
#2UM]$
&zNpj=
u,E:8sc
N0B|%ing
aYmIoxl
lC[Nxx2D
h|wiC]*%
4"<`=5
_q(}2G=?i
q#df0o
@ejgZ
0U4fD,
f26H$b
3{Wf3,[
j9L^-y{
]`C2LO
@Zz|e~
(]5ued
;`EJ{^
7xB<.S
fjqI%]+
BhCjt{C
eb9siD
n*e/Y 08[
ry#|i
g~#U'5p
}8Y+^yj,
r<^pB(
tz6P[L
\j\n&(QG7
$VstSL
HjDSi
SiLyz#
{0TY$`
>Po\<
3Qn;{j
ys2I,C
Z_C%"I
GMC[GJ
}`5eQ-
:8a<jo
)QGttk
0au#mP
(4_=&k
[ad2Y
3 XAThB
{y1(fqc2]
`uh{4|<D]
ghklqJ
jT(lp'
+gY]s?,
o4D?v[
x|A:TVU
|Yq53~
*O?tk9&
35kEl?
[Hdn'`/x
oIQ))P
)H$mQ?
}&Q&~
?$CZR~
.=W0NDsw
e"pmq}X?
m=JRqKH
vu5lZL
ZGr]{(,
09,zE-\0
9@WY$7
"u{55X
ru7(PK
^ab6<6/
6zFDNT
cde1;+
s;br/YZ
sj.rN3:
nTwsp?
%9!%es
o"[Yi"V@
{5DC1]
]l<~2i
{]./e~
R(mL;,
fT"E<r
F]&BC.
g|-9za
L,dD4/
v*Sp&c4
B9|.XE/Ao}
d<M:]Me5\
fO@?>rq
"NFiP<
BN\ d~
W`M7RA{
<:p<gt
7a{v$~
M-=(w*:[
)-9d:~
f_JrOF9n
0,}SM
j|5Pktt
w\f/um
aF0t4)
,]K6[\
\:|uyL[
Y22NE^
*J~ZQu
OPF=l~
*~K)`ju
`p/{~P
e?f9%.U0
blHD<4lO
W%|8&YC
?R|E:P
W#3|hI
Jt~~{(V
J]cJ/a
tecVyq
E7:t:+
Cfluj`
f VRbGn
v4.0.30319
#Strings
Reserved1
ToUInt32
ToInt32
Reserved2
ToInt16
get_UTF8
9XPerQP369
PROCESS_SET_QUOTA
WRITE_DAC
PROCESS_CREATE_THREAD
PROCESS_VM_READ
STANDARD_RIGHTS_REQUIRED
PROCESS_DUP_HANDLE
PROCESS_SUSPEND_RESUME
PROCESS_TERMINATE
DELETE
PROCESS_VM_WRITE
SYNCHRONIZE
READ_CONTROL
PROCESS_QUERY_LIMITED_INFORMATION
PROCESS_SET_INFORMATION
PROCESS_QUERY_INFORMATION
PROCESS_VM_OPERATION
System.IO
ITE_OWNER
PROCESS_ALL_ACCESS
PROCESS_CREATE_PROCESS
set_IV
value__
mscorlib
ThreadId
ProcessId
GetProcessById
ResumeThread
RijndaelManaged
GenericAce
CommonAce
InsertAce
set_Mode
CryptoStreamMode
CipherMode
IDisposable
ThreadHandle
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
Console
WriteLine
WellKnownSidType
ValueType
Dispose
CompilerGeneratedAttribute
UnverifiableCodeAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
get_Size
get_BlockSize
set_BlockSize
get_KeySize
set_KeySize
SizeOf
Encoding
FromBase64String
GetString
get_Length
get_BinaryLength
Marshal
System.Security.Principal
RawAcl
get_DiscretionaryAcl
System.ComponentModel
advapi32.dll
kernel32.dll
ntdll.dll
System.Security.AccessControl
GetManifestResourceStream
CryptoStream
MemoryStream
System
SymmetricAlgorithm
GetBinaryForm
ICryptoTransform
NtUnmapViewOfSection
System.Reflection
Win32Exception
Desktop
Buffer
AceQualifier
SecurityIdentifier
BitConverter
StdError
GenericSecurityDescriptor
RawSecurityDescriptor
CreateDecryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
Rfc2898DeriveBytes
GetBytes
AceFlags
RuntimeHelpers
CreateProcess
Object
Convert
StdInput
StdOutput
System.Text
Wow64GetThreadContext
Wow64SetThreadContext
VirtualAllocEx
InitializeArray
ToArray
set_Key
System.Security.Cryptography
GetExecutingAssembly
BlockCopy
ReadProcessMemory
WriteProcessMemory
System.Security
GetKernelObjectSecurity
SetKernelObjectSecurity
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
OVhQZXJRUDM2OQ==
ZDNGWUVkcGpaYg==
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XFJlZ0FzbS5leGU=
I2NtZA==
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
Cronos-Crypter
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
LineGreen.exe
LegalCopyright
OriginalFilename
LineGreen.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Crysan.4!c
Elastic malicious (high confidence)
MicroWorld-eScan IL:Trojan.MSILZilla.17516
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.GenericFC.S27871908
ALYac IL:Trojan.MSILZilla.17516
Malwarebytes Clean
VIPRE IL:Trojan.MSILZilla.17516
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender IL:Trojan.MSILZilla.17516
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Cyren W32/Azorult.D.gen!Eldorado
Symantec Trojan Horse
tehtris Clean
ESET-NOD32 a variant of MSIL/Injector.FCD
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
Alibaba Backdoor:MSIL/ResInject.169874b3
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Injector.132608.C
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:FRPcts/wj12lj9WpBUXiiQ)
TACHYON Clean
Emsisoft IL:Trojan.MSILZilla.17516 (B)
F-Secure Clean
DrWeb Trojan.InjectNET.14
Zillya Clean
TrendMicro TrojanSpy.Win32.REDLINE.YXDCPZ
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
Trapmine malicious.high.ml.score
FireEye Generic.mg.38b7f433a65cdc9b
Sophos MSIL/Obfus-Z
Ikarus Trojan.MSIL.Injector
GData IL:Trojan.MSILZilla.17516
Jiangmin Clean
Webroot W32.Trojan.MSILZilla
Avira TR/Dropper.Gen
Antiy-AVL Clean
Gridinsoft Ransom.Win32.AzorUlt.sa
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D446C
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft VirTool:MSIL/ResInject!MTB
Google Detected
AhnLab-V3 Trojan/Win32.RL_Generic.C3984313
Acronis suspicious
McAfee GenericRXTJ-WG!38B7F433A65C
MAX malware (ai score=87)
VBA32 Clean
Cylance unsafe
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.REDLINE.YXDCPZ
Tencent Msil.Backdoor.Crysan.Kqil
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Injector.FCD!tr
BitDefenderTheta Gen:NN.ZemsilF.36344.im0@ay85uLc
AVG Win32:InjectorX-gen [Trj]
Avast Win32:InjectorX-gen [Trj]
No IRMA results available.