Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00003124	0x00003200	6.36338875035
.rsrc	0x00006000	0x000005e0	0x00000600	4.13885445717
.reloc	0x00008000	0x0000000c	0x00000200	0.0815394123432

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x000060a0	0x0000034c	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000063f0	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

QIQUQLQYQOQMQWQ%Q-Q.QmQ!Q=Q#V

WCW@WCWJWEWDWaWFWKWHWKWBWMWLWiWNWSWPWSWZWUWTWqWVW[WXW[WRW]W\WyW^WcW`WcWjWeWdWAWfWkWhWkWbWmWlWIWnWsWpWsWzWuWtWQWvW~WJW{WjWKW

W#W;W5W$W(W&W)W

W+W"W-W,W

W.W3W0W3W:W5W4W

W6W;W8W;W2W=W<W

XCX@XCXJXEXDXaXFXKXHXKXBXMXLXiXNXSXPXSXZXUXTXqXVX[XXX[XRX]X\XyX^XcX`XcXjXeXdXAXfXkXhXkXbXmXlXIXnXsXpXsXzXuXtXQXvX~XJX{XnX}X

X9X;XX5X

X'X$X#X

X&X X X+X

X=X,XWX.X3X X3X

X6X0X,X;X!X-X<X

YCY@YCYJYEYDYaYFYNYzYKYhY{YOY>YNYXYXYSYrYEYWYcYVY_YzY[YCYMY\YyY^YcYpYcYvYeYgYNYfY`YxYkYJYmYlY`YnYqY^YsYzYuYtYQYvY{YxY{YrY}Y|YYY~Y

Y#Y Y#Y*Y%Y$Y

Y&Y+Y(Y+Y"Y-Y,Y

Y.Y3Y0Y3Y:Y5Y4Y

Y6Y;Y8Y;Y2Y=Y<Y

ZCZ@ZCZSZUZDZaZFZMZ=ZKZQZ]ZOZ=ZNZSZ!ZSZGZcZWZ

ZVZ_ZvZ[ZAZMZ_ZtZ^ZhZpZcZjZeZgZrZfZ`ZBZkZHZ[ZoZ

ZnZwZdZsZQZeZtZCZvZ}Z

Z{ZaZmZ

Z#Z Z#Z*Z%Z$Z

Z&Z+Z(Z+Z"Z-Z,Z

Z.Z3Z0Z3Z:Z5Z4Z

Z6Z;Z8Z;Z2Z=Z<Z

[E[P[C[Z[U[G[6[F[O[L[K[@[M[L[e[N[V[P[S[J[E[W[&[V[_[~[[[P[M[\[P[^[a[N[c[j[e[d[A[f[k[h[k[b[m[l[I[n[s[p[s[z[u[t[Q[v[{[x[{[r[}[|[Y[~[

[#[ [#[*[%[$[

[&[+[([+["[-[,[

[.[3[0[3[:[5[4[

[6[;[([;["[-[?[

\G\T\C\`\s\D\v\F\I\9\K\H\k\L\i\N\S\P\S\Z\U\T\q\V\[\X\[\R\]\\\y\^\c\`\c\j\e\d\A\f\k\h\k\b\m\l\I\n\s\p\s\z\u\t\Q\v\{\x\{\r\}\|\Y\~\

\#\ \#\)\%\'\

\&\/\<\+\

\/\\\.\7\

\6\0\4\;\-\=\?\K\>\

]C]@]C]J]E]D]a]F]K]H]K]B]M]L]i]N]S]P]S]Z]U]T]q]V][]X][]R]]]\]y]^]c]`]c]j]e]d]A]f]k]h]k]b]m]l]I]n]s]p]s]z]u]t]Q]v]{]x]{]r]}]|]Y]~]

](]8]#]

]&]/]<]+]

]/]$].]7]E]3]

]7]F]6]?]<];]

^C^@^C^J^E^D^a^F^K^H^K^B^M^L^i^N^S^P^S^Z^U^T^q^V^[^X^[^R^]^\^y^^^c^`^c^j^e^d^A^f^k^h^k^b^m^l^I^n^s^p^s^z^u^t^Q^v^{^x^{^r^}^|^Y^~^

^(^8^#^

^&^/^<^+^

^/^$^.^7^E^3^

^7^F^6^?^<^;^

_C_@_C_J_E_D_a_F_K_H_K_B_M_L_i_N_S_P_S_Z_U_T_q_V_[_X_[_R_]_\_y_^_c_`_c_j_e_d_A_f_k_h_k_b_m_l_I_n_s_p_s_z_u_t_Q_v_{_x_{_r_}_

_#_*_%_$_

_-_/_^_._8_0_3_<_

_6_;_A_;_6_-_<_N_>_

j_i f[

v4.0.30319

#Strings

System.Runtime.CompilerServices

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

System.Reflection

AssemblyTitleAttribute

AssemblyDescriptionAttribute

AssemblyConfigurationAttribute

AssemblyCompanyAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyTrademarkAttribute

System.Runtime.InteropServices

ComVisibleAttribute

GuidAttribute

AssemblyFileVersionAttribute

System.Runtime.Versioning

TargetFrameworkAttribute

System

Object

ValueType

CompilerGeneratedAttribute

System.Diagnostics

DataReceivedEventHandler

DataReceivedEventArgs

get_Data

Console

WriteLine

Process

GetProcesses

ProcessStartInfo

set_UseShellExecute

set_StartInfo

add_OutputDataReceived

set_FileName

String

Concat

set_Arguments

set_RedirectStandardOutput

set_RedirectStandardError

add_ErrorDataReceived

BeginOutputReadLine

BeginErrorReadLine

WaitForExit

set_WindowHeight

set_WindowWidth

Assembly

GetEntryAssembly

get_Location

ProcessWindowStyle

set_WindowStyle

set_CreateNoWindow

System.Threading

AutoResetEvent

IsVolatile

Thread

WaitHandle

WaitOne

ToCharArray

EventWaitHandle

RuntimeTypeHandle

GetTypeFromHandle

get_Assembly

get_Length

Monitor

ThreadStart

System.IO

Stream

MemoryStream

System.IO.Compression

GZipStream

CompressionMode

set_Position

System.Resources

ResourceSet

GetType

ToString

System.Drawing

Bitmap

Equals

RuntimeHelpers

RuntimeFieldHandle

InitializeArray

LServiceHandler.exe

kernel32.dll

user32.dll

mscorlib

_WTFdd

_NANIeh

_WTFsd

_WTFad

_WTFqd

_WTFwd

_NANIrh

_NANIuh

_NANIwh_jiejie20230320233101

.cctor

GetConsoleWindow

ShowWindow

nCmdShow

_NANIth_jiejie20230320233101

_NANIyh

_NANIth

_NANIyh_jiejie20230320233101

_NANIwh

_NANIuh_jiejie20230320233101

_NANIih

_NANIoh

_NANIph

LServiceHandler

WrapNonExceptionThrows

LServiceHandler

2023

$e56f1ade-c237-4e06-8210-ade1cd597241

1.0.0.0

.NETFramework,Version=v4.5

FrameworkDisplayName

.NET Framework 4.5

_CorExeMain

mscoree.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

CompanyName

FileDescription

LServiceHandler

FileVersion

1.0.0.0

InternalName

LServiceHandler.exe

LegalCopyright

2023

LegalTrademarks

OriginalFilename

LServiceHandler.exe

ProductName

LServiceHandler

ProductVersion

1.0.0.0

Assembly Version

1.0.0.0

Antivirus	Signature
Bkav	W32.AIDetectNet.01
Lionic	Clean
tehtris	Clean
MicroWorld-eScan	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
McAfee	Clean
Cylance	Clean
VIPRE	Clean
Sangfor	Clean
K7AntiVirus	Clean
BitDefender	Clean
K7GW	Clean
CrowdStrike	win/malicious_confidence_70% (D)
Baidu	Clean
VirIT	Clean
Cyren	Clean
Symantec	Clean
Elastic	malicious (high confidence)
ESET-NOD32	Clean
APEX	Malicious
Paloalto	Clean
Cynet	Clean
Kaspersky	Clean
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Clean
Emsisoft	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
Trapmine	suspicious.low.ml.score
FireEye	Clean
Sophos	Clean
SentinelOne	Static AI - Suspicious PE
Jiangmin	Clean
Webroot	Clean
Avira	Clean
MAX	Clean
Antiy-AVL	Clean
Microsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
GData	Clean
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
VBA32	Clean
ALYac	Clean
TACHYON	Clean
Malwarebytes	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
Yandex	Clean
Ikarus	Clean
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Clean
BitDefenderTheta	Gen:NN.ZemsilF.36344.am0@amqshnk
AVG	Clean
Avast	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports