Static | ZeroBOX

PE Compile Time

2022-12-16 10:09:33

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000f4a4 0x0000f600 7.83695908255
.rsrc 0x00012000 0x000005bc 0x00000600 4.96961920146
.reloc 0x00014000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000120a0 0x00000330 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000123d0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
[gbG]4
pX\m44
9AYtW9
sk:MPb
2n/-vm
2o#OIU
8&:{0U=Y
\XDz_%^;
:6TGgF
|7E?Bw
1B*cFc
jGkm"^
4jP(+
n'43g=
[1?bOd'
`<n NC)
fN5sv1~
HPcE',
/l9?%^4%^<%
l95?Y/T
%b9v$+
~G_&TC
.wGskkgCcS
FOWkCcWk}SSC}Gw
mjmkln
KhlqJ]
n[2=uC%
qe0fj(0
.<haqt
RqN)Rz
:oP'DF{
IbB%fc
jSa7*[
R.)Qv2
Diz'1&
}V-}\?
Hb1&&t
+=:*)L
(Bs(uH
lD8uQt
\4pz80
]_!"#{\
#hub6),\
iI,scp
fcmgGS
fsCG}ss}}m
fo[Kmg[
<UXZRQ
]_|z}R
&9*qe~FP
Fn<VcH]&
adkyc?c
N6vkc7
(}GW-+
ac,okuC-
4mw&fKYn
zYX^BE
;d{b|F}R
NKM/:I.
my=T#?H
$WnqOl2
~#r{Rf
I~k)Vz
]J79j_Jw:j_J
*M.)bI
Zd[/qs
I0WLf
Wc2;_d
Y]*?SN
nf3j]<
Rr1UI.
!IjmW%
'B{AIg
;@D`q%
] r`c1
L&kNw{
"3q<Ut
2)3aWUJ
Hz|_$mz
gE}uo%+
@[.ejJ^wz&
^SMz^)
2DgSgSk
eekk[kg
lBE+>R
j]mM=Kt
&*BSJB
v4.0.30319
#Strings
List`1
CS$<>9__CachedAnonymousMethodDelegate1
ToInt32
CS$<>9__CachedAnonymousMethodDelegate3
get_UTF8
System.
get_HWID
set_HWID
LoadingAPI
System.IO
System.D
QuickLZ
PacketLib
mscorlib
System.Collections.Generic
Thread
<HWID>k__BackingField
<Connected>k__BackingField
<baseIp>k__BackingField
<socket>k__BackingField
<indexHost>k__BackingField
<host>k__BackingField
GetMethod
method
CreateInstance
Offline.Persistence
CompressionMode
SelectMode
ClearKeyStroke
CurrentKeyStroke
EndInvoke
BeginInvoke
IDisposable
RuntimeFieldHandle
IsInRole
WindowsBuiltInRole
get_Name
SocketOptionName
get_FriendlyName
Offline
ValueType
ProtocolType
GetType
get_PacketType
SocketType
MethodBase
Dispose
MulticastDelegate
get_AsyncState
MTAThreadAttribute
CompilerGeneratedAttribute
UnverifiableCodeAttribute
ComVisibleAttribute
TargetFrameworkAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Receive
add_AssemblyResolve
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
GetString
System.qV
Launch
AsyncCallback
callback
Offline.Special
System.Security.Principal
WindowsPrincipal
SocketOptionLevel
Install
Uninstall
ntdll.dll
DeflateStream
MemoryStream
get_Item
System
AppDomain
get_CurrentDomain
get_Plugin
System.IO.Compression
System.Reflection
set_Position
SetSocketOption
Exception
CopyTo
MethodInfo
MemberInfo
get_BaseIp
set_BaseIp
ClientSender
ResolveEventHandler
Parser
BitConverter
Serializer
Compressor
GetEnumerator
.cctor
Monitor
IntPtr
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetBytes
SocketFlags
ResolveEventArgs
PacketLib.Utils
Contains
Offline.Keyloggers
RuntimeHelpers
NtTerminateProcess
hProcess
Decompress
System.Net.Sockets
errorStatus
Object
object
Connect
PacketLib.Packet
IPacket
ConnectedPacket
KeylogOfflinePacket
SerializePacket
DeserializePacket
bufferPacket
set_CurrentPacket
packet
Socket
op_Explicit
IAsyncResult
result
Client
get_Current
GetCurrent
get_Count
ThreadStart
Convert
get_port
set_Host
get_host
MoveNext
System.Text
System.
InitializeArray
ToArray
set_Key
Assembly
AddressFamily
System.Security
WindowsIdentity
System.a
System.Po
System.
System.
System.
System.
System.
System.
System.
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
MTI3LjAuMC4xOjk4NzU=
MTI3LjAuMC4xOjc3ODg=
bG9jYWxiZWhlYWRlcnMubWNnby5pbzo5ODc1
MTIzNDU2Nzg5
JU1VVEVYJQ==
UGFja2V0
UGx1Z2luLkxhdW5jaA==
TWFpbg==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
4.8.9.2
InternalName
LegalCopyright
OriginalFilename
ProductVersion
3.7.7.2
Assembly Version
3.7.7.2
ProductName
CompanyName
LegalTrademarks
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Scrop.4!c
tehtris Clean
ClamAV Clean
FireEye Generic.mg.ca6a4db4964f4475
CAT-QuickHeal Trojan.GenericFC.S29960735
McAfee Artemis!CA6A4DB4964F
Cylance unsafe
Zillya Trojan.Agent.Win32.3192389
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0059a5f91 )
BitDefender IL:Trojan.MSILZilla.24195
K7GW Trojan ( 0059a5f91 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/MSIL_Kryptik.COR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Agent.ECO
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Dropper.MSIL.Scrop.gen
Alibaba TrojanDropper:MSIL/PSWStealer.aa6ce23b
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan IL:Trojan.MSILZilla.24195
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:ZmZBcgwRqKysAkB2XTB4dA)
Emsisoft IL:Trojan.MSILZilla.24195 (B)
F-Secure Clean
DrWeb Trojan.MulDrop21.37093
VIPRE IL:Trojan.MSILZilla.24195
TrendMicro TROJ_KRAP.SMDA
McAfee-GW-Edition GenericRXUX-HM!CA6A4DB4964F
Trapmine malicious.moderate.ml.score
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData IL:Trojan.MSILZilla.24195
Jiangmin Clean
Webroot Clean
Avira TR/Dropper.MSIL.Gen
MAX malware (ai score=82)
Antiy-AVL Trojan[Dropper]/MSIL.Scrop
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D5E83
ViRobot Trojan.Win32.Z.Agent.65536.AAWF
ZoneAlarm Clean
Microsoft Trojan:MSIL/PSWStealer.ARA!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5276325
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.36344.em0@aqzk3fo
ALYac IL:Trojan.MSILZilla.24195
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_KRAP.SMDA
Tencent Msil.Trojan-Dropper.Scrop.Rgil
Yandex Clean
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.73778965.susgen
Fortinet MSIL/Agent.ECO!tr
AVG Win32:CrypterX-gen [Trj]
Avast Win32:CrypterX-gen [Trj]
No IRMA results available.