popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-04-27 22:41:57

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000aef4 0x0000b000 5.95984230621
.rsrc 0x0000e000 0x0002bb2e 0x0002bc00 7.17092867529
.reloc 0x0003a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x000270e0 0x00012319 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x000393fc 0x00000068 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00039464 0x000004f4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00039958 0x000001d6 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
*N!m&Z
*b!m&Z
*b!m&Z
*b!m&Z
*b!m&Z
@_-#~
@_-#~
bY {z}
_b`}V
_d}V
__d}V
_b`}V
Y_bX
Y_cX
Y_bY
Y_bX
Y_bX
Y_bX
Y_bXT
Y_bY
hXhS+E
_b`}
H\InZ|
}"%\pF
%OWNx
$:5O$!.
3]wxJMld
]>0u4K
v4.0.30319
#Strings
Outwarsvulgare$
Outwarsvulgare%
List`1
ToInt32
Dictionary`2
ToInt64
get_UTF8
<Module>
stringID
B27MkntLdK
System.IO
set_IV
value__
System.Media
mscorlib
System.Collections.Generic
GetCurrentProcessId
add_Load
get_Red
get_DarkRed
RijndaelManaged
get_IsAttached
get_Checked
set_Checked
GetItemChecked
SetItemChecked
set_Enabled
set_FormattingEnabled
Append
get_Second
Replace
GetFromResource
GetCachedOrResource
get_ExitCode
set_AutoScaleMode
CompressionMode
get_Unicode
get_Message
ExceptionMessage
get_DarkOrange
EndInvoke
BeginInvoke
IDisposable
ToDouble
RuntimeFieldHandle
CloseHandle
Rectangle
ToSingle
FontStyle
set_WindowStyle
ProcessWindowStyle
set_Name
set_FileName
get_FullName
GetClassName
DateTime
DrawLine
ValueType
tacesForfare
kuruForfare
Outwarsvulgare
Compare
ButtonBase
Dispose
FillEllipse
DrawEllipse
Reverse
MulticastDelegate
CheckState
get_White
STAThreadAttribute
CompilerGeneratedAttribute
UnverifiableCodeAttribute
AttributeUsageAttribute
DoNotPruneAttribute
ObsoleteAttribute
DoNotMoveAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
DoNotEncodeStringsAttribute
CompilationRelaxationsAttribute
PoweredByAttribute
RuntimeCompatibilityAttribute
get_Minute
ReadByte
WriteByte
get_Value
TryGetValue
get_NewValue
B27MkntLdK.exe
set_Size
get_InputBlockSize
get_OutputBlockSize
set_AutoSize
set_ClientSize
IndexOf
System.Threading
Padding
SmartAssembly.StringsEncoding
PlayLooping
FromBase64String
CacheString
ToString
GetString
Substring
disposing
System.Drawing
get_Length
AsyncCallback
get_Black
add_ItemCheck
add_Tick
add_Click
set_CheckOnClick
TransformFinalBlock
TransformBlock
BuildBookmark
set_Interval
System.ComponentModel
kernel32.dll
user32.dll
ContainerControl
ListControl
GetManifestResourceStream
DeflateStream
MemoryStream
System
SymmetricAlgorithm
GetCompressionAlgorithm
ICryptoTransform
set_TextAlign
set_Margin
mistsGoddamn
System.IO.Compression
Application
get_Location
set_Location
System.Globalization
System.Reflection
ControlCollection
CheckedItemCollection
ObjectCollection
get_Position
set_Position
ArgumentOutOfRangeException
InvalidOperationException
FormatException
Button
Intern
set_ShowUpDown
ProcessStartInfo
SmartAssembly.Zip
SimpleZip
RawZip
sheolsCrowbar
DESCryptoServiceProvider
StringBuilder
Buffer
buffer
Debugger
DateTimePicker
ItemCheckEventHandler
IContainer
sheolsMourner
BitConverter
SoundPlayer
set_Anchor
set_UseVisualStyleBackColor
get_DefaultBackColor
SetLastError
GetEnumerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
get_Hour
CreateGraphics
System.Diagnostics
RawZipAndAes
RawZipAndDes
System.Runtime.CompilerServices
Brushes
EnableVisualStyles
NumberStyles
AnchorStyles
SmartAssembly.Attributes
GetBytes
Strings
ItemCheckEventArgs
get_Controls
get_Items
get_CheckedItems
System.Windows.Forms
set_AutoScaleDimensions
System.Security.Permissions
get_Chars
RuntimeHelpers
OpenProcess
GetProcAddress
AttributeTargets
set_Arguments
forfareMists
Exists
RemoveAt
Concat
set_Format
set_CustomFormat
DateTimePickerFormat
Object
GraphicsUnit
WaitForExit
SetCompatibleTextRenderingDefault
IAsyncResult
DialogResult
ContentAlignment
Environment
get_Current
set_Font
get_Count
Convert
SuspendLayout
ResumeLayout
PerformLayout
MoveNext
System.Text
set_Text
forfareKuru
get_Now
set_TabIndex
MessageBox
CheckBox
CheckedListBox
DynProx
get_Gray
InitializeArray
ToArray
set_Key
System.Security.Cryptography
GetExecutingAssembly
BlockCopy
LoadLibrary
Directory
get_Capacity
set_Capacity
op_Equality
op_Inequality
System.Security
{b25534e0-569d-4049-a220-94af60d76292}
Use `RawZip`.
Use `RawZipAndAes`.
WrapNonExceptionThrows
8.1.2.4975
#Powered by SmartAssembly 8.1.2.4975
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
222|>>>
"+++
!}}}\nnn
]__[l{{
51/[&$,
HHHxfff
###rccc
&{{{$}}}Oqqq
ppp vvv&|||#sttg
POO$^bbRenn
```>mll
fff+zzz
```=www
:>6?5.<
$$$_jjj
&"+!-+/
#'''
,&&&
+$$$
$$$+(((
qqq#vvv,zzz+}}}(qqqM
QQQ;WVVv^``
+*2v*',;/,/
WWW1kkk
ccc8iii
ZZZ1aaa
&%(1=:?
aaa7hhh
749=629
/-1y,)/
888i%%%
$$$5!!!
###8!!!
"""6!!!
&&&6!!!
)))6!!!
sss3sss
ttt*xxx8yyy7
4~~~>fff
xxx>xxx
YXXA[ZZ
'(*A..1
PPP.WVV>\\\Ackkrfrr
F>,r..8A)(2>$!(.$ (
WWW0WWW
1010('(
C
RRR/eeeuttt
^^^D```
WWW/YYY
___.dddukkk
AH:u:::0409
-[[[-]]]
5180666
s333s\\\
+(-@110
(')C)))
FFFt0000(((
%%%0+++
%%%C---
$$$D///
###B###
###B000
###B666
%%%B---
)))B...
+++B===
///?MMM
}}}?{{{
oooBnnn
vvv.yyy
/~~~u|||
|||0yyy
ttt0yyyCyyyDyyyB
B~~~B{{{B
Biiitbbb
qqqAqqq
zzzAOOO
XTTTVSS
[[[$STT^`aa
%%$^--,$..-
YYY!\ZZ
]]]$[__@ioos^dd
GA1s96-@548$'(5
&%)!&$(
HHH7YYYMWWWY][[Y\ZZW\]][ciipgrr
?90p,+4[./?W+*7Y,*2Y
LLL4LLL`KKK
.+1`0,24(#,
bbb[[[QZZZ
//.Q//.,-,
^^^```@___tggg
EKAt7:4@%$&
&&&$000a---
JJJ3VVVQ]]]tiii
04.t"&Q
QQQ#OOO`UUU
UUU3III_QQQ
nnn#ttt^eee
```XXXQ___
$!'Q#!$;<;
YYYddd@[[[tWWW
582t:=7@@@?62;
eee0\\\Paaatppp
AG;t998R,)/5509
nnn-WWW[___
74:c84<9648
zzz"rrr]xxx
\\\ ]]]IVVV
:6=P214
"yyy]|||
A111APPPkUUU
306\869!JJJ
|||"~~~]
)(+Z&%'
}}}"zzz]
,,-_###$---
uuu"|||]{{{
CCCt???@222
"xxx]yyy
CCCs...R---5+++
{{{"~~~]}}}
%%%c***9///
%%%P%%%
%%%]###"999
%%%a---$777
`...#222
%%%^(((#555
"""]"###
]'''"$$$
|||"xxx]
)))]((("(((
]***"///
]222")))
"""])))",,,
&&&])))"%%%
'''])))"000
---]***"(((
zzz"|||]vvv
"""],,,"666
+++]333"888
+++]444"000
000]888!
|||"~~~]uuu
333Y444
"yyy]vvv
###X<<<
"www]qqq
///^)))$
yyy"{{{]xxx
zzz"ttt]yyy
zzz"www]ttt
"vvv]{{{
zzz"uuu]yyy
uuuYsss
uuuWccc
lll$iii^ppp
sss2zzzP
yyy1vvv]www
yyywwwNsss
Auuuq|||
@{{{s{{{
3}}}Qwwwt{{{
~~~{{{@
ttt5nnncvvv
mmm9xxxP
]{{{a{{{`www^uuu]zzz]~~~]
]uuu]uuu]
^ssssYYY
xxx"zzz$~~~#|||#
~~~$uuu@kkksttt
{{{$sss^zzz
vvv!vvv]
"zzz]www
ttt"ttt]rrr
sss"|||]zzz
yyy"yyy]}}}
yyy"rrr]
zzz"ttt]
#yyy^www
{{{"}}}]
}}}7uuu`~~~
gggt<<<@
www$rrr^www
www^yyy$;;;
iiiThhh
Yk]_/"7
bY2j-7
AUGf>1
QhxCBJyM
<=e<=-
QJ)7F@
jd T@jE
!6F`E)
eZ EPiB
@!`V]7R
:P*j5-
"(!(#P
Mm>aje?
kI0FE"
6yi`^V
a% 2p:$
M-<7/
""RJ12
"1"Y{o
J1]E':H
lefUUm
L6:<2T
diM>@.
l,Xm*17
.*@J`ap!p&
)YI/4-
0<"hDR
I)(]j!
s//jy(
#E;^W
Jqu[32
Wo%ScF
C{fjd`
p84pd+
{6nHU|
;U]J)5
k<>>bY
fhhjV=g
C@mhp
mXfo|ng
.=Hc7zY
#}""Z'
x8"2#pks
$L)C5`
kW`m|jw
VUl1bc
Wm}E[c-B-
|>cnFl
e]1/K5
S,G4 i
E^2$Wr
=M,mTy
^UuiL@
mkM;Z
XJ@4@u
JEU"H+G
i`"vc[9
/"H[Fn
)@X@#0
8E@&``
<C/3bJ
UWh5z.
[[8%gh
)%PJD1
m%!kBA
"!%Ua"
9"[G~=Xz
\J^K))
[<<<4A
x:a||Dx
,fpKoX
9b=F,#a
h{;n0
\s}{/A
6Z=g@tO
5Q{4jDC
GHd$JHCD9
` Tcm$
mdHQlC
|>o///sJ
)D+bOE
?n)}]J
B RK}@
APT U
PyefM)
FUTuTU*
*DkDw^f
50'Q)%
|Ys:/sz
f\B D"
X_f]_/%]
HVMZJQ
A U]f-
|yY^/O
///x~~
B*uwveeedf
3101sPStj
!)0m'l
J{)g "
=3/fVs
*"afjf
CKQ+EM
hs&YsBx
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-10
201125000000Z
231129235959Z0r1
Bucharest1
Bitdefender SRL1
DEVSUP CLINSTALLER1
Bitdefender SRL0
*http://crl3.digicert.com/assured-cs-g1.crl00
*http://crl4.digicert.com/assured-cs-g1.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0L
@http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
8.<,5M
DC:[f^ Z8
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
110211120000Z
260210120000Z0o1
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
j-#O7;
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
220921000000Z
331121235959Z0F1
DigiCert1$0"
DigiCert Timestamp 2022 - 20
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-1
:bVZ`f
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
221024104510Z0/
xURhe"
kJ0NB,}
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
201214000000Z
231129235959Z0r1
Bucharest1
Bitdefender SRL1
DEVSUP CLINSTALLER1
Bitdefender SRL0
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0N
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA
20221024104510Z0
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
221024104510Z0/
/1(0&0$0"
&%'%(%)%*%+%,%-,.%/%0%2131415161
Isolator
{b25534e0-569d-4049-a220-94af60d76292}
version
Selected compression algorithm is not supported.
Unknown Header
algorithm
ERR 2003:
VS_VERSION_INFO
StringFileInfo
000004B0
Comments
This installation was built with Inno Setup.
CompanyName
Skat sept flabs
FileDescription
Installer
FileVersion
0.0.0.0
LegalCopyright
ProductName
Witoto hairst
ProductVersion
0.0.0.0
VarFileInfo
Translation
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
tehtris Clean
DrWeb Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Artemis!9F9583B07CF9
Cylance unsafe
VIPRE Clean
Sangfor Trojan.Win32.Agent.Vf3m
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Clean
K7GW Trojan ( 0059cfdb1 )
K7AntiVirus Trojan ( 0059cfdb1 )
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.36164.om2@aa!kzKg
VirIT Trojan.Win32.MSIL_Heur.A
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Kryptik_AGen.ARG
APEX Malicious
Paloalto generic.ml
Cynet Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
CMC Clean
Sophos Mal/Generic-S
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Ransom.Win32.Wacatac.sa
Xcitium Clean
Microsoft Trojan:Win32/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes Clean
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet MSIL/Kryptik_AGen.ARG!tr
AVG FileRepMalware [Misc]
Avast FileRepMalware [Misc]
No IRMA results available.