Static | ZeroBOX

PE Compile Time

2023-03-20 18:17:18

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00002af4 0x00002c00 5.52384933866
.rsrc 0x00006000 0x00004c00 0x00004c00 2.83151555678
.reloc 0x0000c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000a198 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0000a198 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0000a198 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0000a198 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0000a600 0x0000003e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000a640 0x000003f4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000aa34 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
IEnumerable`1
Task`1
List`1
Dictionary`2
<Module>
get_ASCII
System.IO
mscorlib
System.Collections.Generic
GetAsync
ReadAsByteArrayAsync
Prepared
NewGuid
TrimEnd
HttpResponseMessage
EndInvoke
BeginInvoke
Enumerable
IDisposable
EnlistVolatile
get_Name
get_FullName
GetDirectoryName
Combine
TransactionScope
Prepare
System.Core
Dispose
Create
MulticastDelegate
Delete
Complete
ThreadStaticAttribute
GuidAttribute
UnverifiableCodeAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
Znhvni.exe
SuppressFinalize
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
ToString
GetString
Substring
GetFullPath
GetTempPath
Znhvni
AsyncCallback
Rollback
get_Item
System
GetExtension
IEnlistmentNotification
get_TransactionInformation
Transaction
System.Reflection
TransactionScopeOption
TransactionException
CopyTo
FileInfo
FileSystemInfo
DirectoryInfo
System.Net.Http
System.Linq
AltDirectorySeparatorChar
InvokeMember
Binder
get_LocalIdentifier
.cctor
Monitor
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetDirectories
GetFiles
GetExportedTypes
set_Attributes
FileAttributes
BindingFlags
System.Threading.Tasks
System.Security.Permissions
System.Transactions
EnlistmentOptions
get_Exists
RemoveAt
Concat
InDoubt
Object
Commit
get_Result
IAsyncResult
HttpClient
PreparingEnlistment
get_Current
get_Content
HttpContent
get_Count
GetDirectoryRoot
Convert
System.Text
AppendAllText
WriteAllText
Assembly
get_IsReadOnly
CreateDirectory
op_Equality
op_Inequality
System.Security
WrapNonExceptionThrows
GM Scheduler Startup
Gammadyne Corporation
ACopyright (C) 2013 by Gammadyne Corporation - All Rights Reserved
$09b393d3-36d6-4d1a-baaa-43bf85f71e11
1.1.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGX
CdFileMgr
Jqtrkotisx.Aooyrftyowcdyo
Takxvoyuyqp
http://amandamuggleton.com.au/.wp-cli/cache/Hqiogfzdx.bmp
Failed to roll back.
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
GM Scheduler Startup
CompanyName
Gammadyne Corporation
FileDescription
GM Scheduler Startup
FileVersion
1.1.0.0
InternalName
Znhvni.exe
LegalCopyright
Copyright (C) 2013 by Gammadyne Corporation - All Rights Reserved
LegalTrademarks
OriginalFilename
Znhvni.exe
ProductName
GM Scheduler Startup
ProductVersion
1.1.0.0
Assembly Version
1.1.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!5CCC064218D4
Cylance Clean
VIPRE Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/MSIL_Kryptik.JBQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Kryptik.AIJO
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.MSIL.Agent.gen
Alibaba Trojan:MSIL/Kryptik.7f27244d
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
FireEye Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
ALYac Clean
TACHYON Clean
VBA32 Downloader.MSIL.gen.rexp
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet MSIL/Injector.DK!tr
AVG Win32:DropperX-gen [Drp]
Avast Win32:DropperX-gen [Drp]
No IRMA results available.