Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x001849e4	0x00184a00	5.94591376725
.rsrc	0x00188000	0x00013600	0x00013600	7.6325831906
.reloc	0x0019c000	0x0000000c	0x00000200	0.101910425663

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x0018d990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON	0x0019afe6	0x00000068	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0019b05e	0x0000039e	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x0019b40c	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADPgr<

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADTQAAAADAASEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAC4AMAAuADAALgAxAAAAbgBvAGkAcwByAGUAVgAgAHkAbABiAG0AZQBzAHMAQQABAAgAOAAAADAALgAwAC4AMAAuADEAAABuAG8AaQBzAHIAZQBWAHQAYwB1AGQAbwBy

v4.0.30319

#Strings

IEnumerable`1

IOrderedEnumerable`1

pire`1

pirf`1

Expression`1

Action`1

IEnumerator`1

IList`1

ToInt32

Func`2

Action`2

get_LCID

get_ASCII

mscorlib

get_mvtb

System.Collections.Generic

get_mvtc

get_CanRead

Thread

System.Collections.Specialized

get_Operand

Append

get_Method

GetMethod

get_IsInterface

Replace

CreateInstance

GetHashCode

get_Message

AddRange

Invoke

Nullable

IEnumerable

IDisposable

IConvertible

RuntimeTypeHandle

GetTypeFromHandle

ToSingle

get_Name

DateTime

WriteLine

HexEscape

ChangeType

get_IsValueType

GetUnderlyingType

GetType

System.Core

get_IsNeutralCulture

get_InvariantCulture

get_CurrentCulture

Capture

MethodBase

Dispose

Reverse

get_Date

Create

CreateDelegate

EditorBrowsableState

get_CanWrite

CompilerGeneratedAttribute

GuidAttribute

GeneratedCodeAttribute

DebuggerNonUserCodeAttribute

SuppressMessageAttribute

DebuggableAttribute

EditorBrowsableAttribute

ComVisibleAttribute

AssemblyTitleAttribute

AssemblyTrademarkAttribute

TargetFrameworkAttribute

ExtensionAttribute

AssemblyFileVersionAttribute

AssemblyConfigurationAttribute

AssemblyDescriptionAttribute

CompilationRelaxationsAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

ParamArrayAttribute

AssemblyCompanyAttribute

RuntimeCompatibilityAttribute

get_Value

GetValue

SetValue

Hfpylwsdiay.exe

Normalize

IndexOf

System.Threading

Encoding

System.Runtime.Versioning

ToString

GetString

IsMatch

ComputeHash

get_Length

get_Month

DaysInMonth

SequenceEqual

System.ComponentModel

get_ISOCurrencySymbol

get_Item

System

HashAlgorithm

IsAssignableFrom

NormalizationForm

ToBoolean

AppDomain

GetDomain

get_CurrentDomain

LambdaExpression

MemberExpression

UnaryExpression

System.Globalization

Action

System.Reflection

ICollection

NameValueCollection

GroupCollection

ReflectionTypeLoadException

ArgumentNullException

InvalidOperationException

ArgumentException

StringComparison

MethodInfo

CharUnicodeInfo

CultureInfo

RegionInfo

MemberInfo

NumberFormatInfo

get_InvariantInfo

PropertyInfo

System.Linq

get_Year

IFormatProvider

StringBuilder

ResourceManager

System.CodeDom.Compiler

IEnumerator

GetEnumerator

MatchEvaluator

Activator

.cctor

System.Diagnostics

System.Runtime.InteropServices

System.Runtime.CompilerServices

System.Resources

WindowsFormsApp14.Properties.Resources.resources

DebuggingModes

GetAssemblies

WindowsFormsApp14.Properties

GetProperties

CultureTypes

GetTypes

GetCultures

GetBytes

BindingFlags

System.Diagnostics.CodeAnalysis

AddTicks

Equals

Contains

System.Linq.Expressions

System.Text.RegularExpressions

System.Collections

StringSplitOptions

RegexOptions

get_Groups

get_Chars

AddDays

Concat

AppendFormat

get_IsAbstract

GetObject

Select

get_Default

ToUpperInvariant

ToLowerInvariant

get_Current

get_Count

Convert

ToList

MoveNext

System.Text

get_kvbu

get_kvbv

get_utwx

OrderBy

Hfpylwsdiay

ToArray

get_Body

System.Security.Cryptography

get_Assembly

GetUnicodeCategory

op_Equality

IsNullOrEmpty

GetProperty

get_utwy

set_utwy

get_utwz

3System.Resources.Tools.StronglyTypedResourceBuilder

16.0.0.0

Microsoft.Design+CA1011:ConsiderPassingBaseTypesAsParameters

Microsoft.Design.CA1006:DoNotNestGenericTypesInMemberSignatures

Microsoft.Performance+CA1820:TestForEmptyStringsUsingStringLength

Microsoft.Performance0CA1810:InitializeReferenceTypeStaticFieldsInline

Microsoft.Design&CA1031:DoNotCatchGeneralExceptionTypes

Microsoft.Design/CA1004:GenericMethodsShouldProvideTypeParameter

Microsoft.Design

CA1021:AvoidOutParameters

MessageId

Justification&It's necessary for the method purpose.

Microsoft.Naming*CA1702:CompoundWordsShouldBeCasedCorrectly

MessageId

NonNumericT

Justification

Microsoft.Globalization"CA1308:NormalizeStringsToUppercase

Microsoft.Design(CA1055:UriReturnValuesShouldNotBeStrings

Microsoft.Naming*CA1704:IdentifiersShouldBeSpelledCorrectly

MessageId

Gravatar

WrapNonExceptionThrows

Google Update Setup

Google LLC

Google Update

$95e7fce4-6a0b-4aa6-9607-305f35bcd6a0

1.3.36.152

.NETFramework,Version=v4.6

FrameworkDisplayName

.NET Framework 4.6

_CorExeMain

mscoree.dll

,,,,,.6..-

-....39330/0330/0333344441

A6AA<OLTSLP<AAAAC6CC=Q

R=CCCCD9DD>N

N>DDDDEEEEBI

JBEEEE

((((()6)))

)))))*9***

*****GGGGG+:;;:+GGGGG

1F6C22222

TTF61111II

w|||{{{X

cgeeuueeeeeeeeeeeeeeeeeeeeeeeeedghij

iiiiiiiiiiiiiiihiiiiiiiiiihfkj}

jjjjjf

djjjjjjjjkf

#######!

!!#$##

HRIFIISJ

KKLLRNSN

'nwwnzzzz'

wRLRSSSQSv

&" vJJJNMNNNv

XEHEEMEEET

Z8+PP++++++6((((((((6

*+,++-Z>8*QQ******yWWWWUVVVy

+******->@99pp999999

.89999999[];:oo;;;;;;?)0))////?

:;;;;;;;;]b@@ts@@@===U43544445O7<@@@@@@@Zb

``````xMDMGHEOEXY\`````a`a

URSSSJUJw^

BVVVVVSCCCBC

`WWWWVVVSSCVY

f^WWWVVDVVeZ%

%!! &&

&&& &&&&&&&$Y

fX &&&&&&&&&&&&&

&'&&&&&'&&&&&&&''& &&&&&&&&&&$'(&&&&&' &

)((()(((((((((()(((()()(((((((()()(((%&(!*++v

vuuuuuuuuvvuvvvvvuuuuuuuuuuuuuuuvvvuuv+v*uyxy

yyyyyyyyyyyyyzyxyxxxxxxxzyyyyyyyyyyyyyyyw{~{{

~}}~~}~}~}}}}}}}}}}||}}}}}}}}

}~}}~~}}{~z

||zzxxxxxxxyyzz|}

|>,,,wwwwww,,,,w,*

'*,,,>,w,w,,,,z>

=""########"##"

"#"####"#>

97777799974442

000034479999

::::::8:2

/0355888::8885:

e_W\E[.

e_\^]\\\^WWZ

:56666666;666221

ZZaZTXYXYWe

22262666656:

MLIIFF

FFFGGII

TXXYXYXXXXXST

dddd```]XX

LQKJ__aGGHHHGGG

FHGGHHHHKMJmmQL

MMMMMMKKIG

`_]]\\WW\W\e

FHIKKMMMMMMPQPmmRQ

PPPQPPPNMIH

bb`__]]W\WUe

FIMLPPPQPPPQQhRpmmR

QhhhhhhgPKH

cdd``_^\]\W

HKLQRghRhhhhRijippmk

jjjjjjjiggO

c`___\Y^

JINgijjjjjjjjjkkk

lllllllkjgg

Jgggkkoolllllosss

sssssosongg

Jggnoosossssssstr

_]#)!)A

;(jX.hbK/

_e|%b8

8Ud>G|

>uSnf

'nzdqK

zp%HoRK

&K266"

-nG`><

d@g#J/k

f%1F @

y/LBV=

l4{?qm

h4@Y[~

?:H39G`

ebRy.:+

`,"6M"

]TBk@Z

82LdLJ

icl@Hxb

JGU:bc

E]^?)y

b\k`{+

8XDaVZ

I=]wI(

>,Y,Ld

uBrp|d

hcRA$!

U}@YN6

3DzTS>6

,UWR%&

huLf9qH

I8"!o|

8ck1Hr

v{']OZ

||Y0+\

DT;T<m

503O{V

3)Kzq$M

+`V@B&

0[o:nQdS

g8@]W+

G;{VQF4

IDATDA

KFfefe

m. a

kRWt=%YG

c`[VmrB(IK

h)lC4v

WHohow@

>\SRAH

|_}?|lK\tD

>uwuV

){< h>

k=ujt z

Vma/4H

.hG[FV

k8x`qKH

j@JdmfA

bK|dcv

0y/(W/

/-xi|B

Xsog[]

{?A E`

t_@mgl

.&Hi<E

#{D+8e

myW=!/

u%q^2J

L m`_.Q,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

Jehkyeugyytiyoknlimf

GetExp

ortedTypes

Edxtnhtovmnuljdbks

FromBa

se64String

WindowsFormsApp14.Properties.Resources

Jehkyeugyytiyoknlimf

[0-9a-f]{32}

source

The property '{0}' was not found on type '{1}'.

instance

target

methodName

The method '{0}' was not found on type '{1}'.

[^0-9A-Za-z

[^0-9]*

(^{0}|{1}$)

(^[{0}]|[{1}]$)

[!\[\]{}\:;\.,?'"]*

&#{0};

[!\[\]{}\:;\.,?'String.Empty]$

(?<!_|^)([A-Z])

((\s|^)\S)(\S+)

Argument '{0}' can't be empty.

rating

http://{0}.gravatar.com/avatar/{1}.jpg

secure

{0}?{1}

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

Google Update Setup

CompanyName

Google LLC

FileDescription

Google Update Setup

FileVersion

1.3.36.152

InternalName

Hfpylwsdiay.exe

LegalCopyright

LegalTrademarks

OriginalFilename

Hfpylwsdiay.exe

ProductName

Google Update

ProductVersion

1.3.36.152

Assembly Version

1.3.36.152

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Seraph.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PackedNET.2004
MicroWorld-eScan	Gen:Heur.MSIL.Krypt.11
ClamAV	Clean
FireEye	Generic.mg.1d559db083653055
CAT-QuickHeal	Clean
ALYac	Gen:Heur.MSIL.Krypt.11
Cylance	unsafe
Zillya	Clean
Sangfor	Downloader.Msil.Kryptik.Vct4
K7AntiVirus	Trojan ( 005a4dfa1 )
BitDefender	Gen:Heur.MSIL.Krypt.11
K7GW	Trojan ( 005a4dfa1 )
Cybereason	malicious.083653
BitDefenderTheta	Gen:NN.ZemsilF.36196.Mn0@aWsnLem
VirIT	Clean
Cyren	W32/ABRisk.TQQY-1930
tehtris	Clean
ESET-NOD32	a variant of MSIL/Kryptik.AISZ
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba	TrojanDownloader:MSIL/Seraph.ff1271d6
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Malware.Obfus/MSIL@AI.98 (RDM.MSIL2:Hfp2n6h/aCweViIv9R3eoA)
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Kryptik.shuth
Baidu	Clean
VIPRE	Gen:Heur.MSIL.Krypt.11
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
Trapmine	Clean
CMC	Clean
Emsisoft	Gen:Heur.MSIL.Krypt.11 (B)
SentinelOne	Static AI - Suspicious PE
GData	Win32.Backdoor.Remcos.KILKSI
Jiangmin	Clean
Webroot	Clean
Avira	TR/Kryptik.shuth
MAX	malware (ai score=84)
Antiy-AVL	Clean
Gridinsoft	Trojan.Win32.Remcos.bot
Xcitium	Clean
Arcabit	Trojan.MSIL.Krypt.11
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft	Trojan:Win32/Casdet!rfn
Google	Detected
AhnLab-V3	Clean
Acronis	Clean
McAfee	Artemis!1D559DB08365
TACHYON	Clean
DeepInstinct	MALICIOUS
VBA32	Clean
Malwarebytes	Malware.AI.3223091315
Panda	Trj/Chgt.AD
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H0CE523
Tencent	Msil.Trojan-Downloader.Seraph.Wimw
Yandex	Clean
Ikarus	Trojan-Spy.AgentTesla
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Small.R!tr.dldr
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports