popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-05-11 21:24:42

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x001bad80 0x001bae00 6.02969838755
.rsrc 0x001be000 0x00000528 0x00000600 3.78482624856

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x001be05c 0x000002dc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x001be374 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

!This program cannot be run in DOS mode.
`.rsrc
&+$+Q+
+O+P+Q
&&&&+K
-'&+9u(
v4.0.30319
#Strings
pmZdtegi.exe
pmZdtegi
<Module>
mscorlib
Object
System
IDisposable
ValueType
PoweredByAttribute
SmartAssembly.Attributes
Attribute
Func`2
ResourceManager
System.Resources
CultureInfo
System.Globalization
Dispose
ToString
op_Implicit
System.Drawing
Bitmap
.cctor
Equals
GetHashCode
op_Addition
op_Subtraction
op_Equality
op_Inequality
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
GuidAttribute
System.Runtime.InteropServices
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
ComVisibleAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
System.Diagnostics
WindowsFormsApp18.Properties.Resources.resources
FromFile
String
Format
get_Height
Rectangle
LockBits
BitmapData
System.Drawing.Imaging
ImageLockMode
PixelFormat
get_Scan0
get_Stride
Marshal
UnlockBits
get_Width
FromArgb
get_PixelFormat
Exception
System.Core
Enumerable
System.Linq
Select
IEnumerable`1
System.Collections.Generic
ToArray
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
GetObject
Convert
GetMethod
MethodInfo
MethodBase
Invoke
ConcurrentStack`1
System.Collections.Concurrent
ToList
List`1
Encoding
System.Text
get_ASCII
GetString
Thread
System.Threading
GetDomain
AppDomain
InvokeMember
BindingFlags
Binder
WrapNonExceptionThrows
$22f88784-309a-4247-9080-291f514dffa9
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6(
#Powered by SmartAssembly 8.1.2.4975
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP4j
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQwAAAADAAUsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAuADAALgAwAC4AMQAAAG4AbwBpAHMAcgBlAFYAIAB5AGwAYgBtAGUAcwBzAEEAAQAIADgAAAAw
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
FastBitmap[Width:{0}, Height:{1}]
Invalid pixel format. Must be 24bppRGB
[R:{0}, G:{1}, B:{2}]
WindowsFormsApp18.Properties.Resources
Elwwxplstjq
FromBase64String
GetExportedTypes
Opidglyjqpovwpicwwltc
Elwwxplstjq
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
pmZdtegi.exe
LegalCopyright
LegalTrademarks
OriginalFilename
pmZdtegi.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Generic.Malware
MicroWorld-eScan Clean
FireEye Generic.mg.92188f68cfaf42d0
CAT-QuickHeal Clean
McAfee Artemis!92188F68CFAF
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Msil.Agent.Vcd2
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/GenKryptik_AGen.WV
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Trojan:MSIL/GenKryptik_AGen.4294bd1e
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:5Fjz921VErnCjMNdVrvRBw)
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
F-Secure Heuristic.HEUR/AGEN.1360909
DrWeb Trojan.Inject4.30942
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win64.AgentTesla.th
Trapmine Clean
CMC Clean
Emsisoft Clean
Ikarus Trojan-Downloader.MSIL.Agent
GData Clean
Jiangmin Clean
Webroot Clean
Google Detected
Avira HEUR/AGEN.1360909
Antiy-AVL Clean
Gridinsoft Ransom.Win64.Sabsik.sa
Xcitium Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm UDS:Trojan-Downloader.MSIL.Seraph.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
MAX Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DEB23
Tencent Win32.Trojan.Agen.Fajl
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet Clean
AVG PWSX-gen [Trj]
Cybereason malicious.9d027d
Avast PWSX-gen [Trj]
No IRMA results available.