popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2087-01-26 15:42:45

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000eb64 0x0000ec00 5.78868904755
.rsrc 0x00012000 0x000138cc 0x00013a00 6.12932819581
.reloc 0x00026000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00024d7c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x000251e4 0x000000ae LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00025294 0x0000044c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000256e0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Z?_d
_b`*
UUUU_
UUUU_
v4.0.30319
#Strings
testing
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
System
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
String
TargetFrameworkAttribute
System.Runtime.Versioning
SuppressIldasmAttribute
93c847c7-a3b0-4424-8514-5b7b5a36e94a
testing.exe
<Module>
Composer
testing.Records
Object
GlobalCodeRule
wnAvGk2ZDkNgZ882lP8.Rules
Parameter
Wrapper
SchemaProperty
ValueType
<Module>{838FCC33-A876-4F8A-A9FE-6503005843AD}
wnAvGk2ZDkNgZ882lP8.Writers
Bridge
MulticastDelegate
Writer
testing.Instances
FacadeProperty
PoolEventFilter
Attribute
SystemWriterDef`1
UtilsMethodStub
Params
ProxyRoleRecord
Producer
CreatorEventFilter
ParserPageInstance
ParamBridgeSerializer
ObserverHelperAnnotation
Visitor
StrategyPageInstance
Observer
UrlFieldFormatType
ParamsAttributeObject
testing.Objects
ManagerBridgeSerializer
testing.Serialization
TokenizerProperty
TestsWriterDef
<PrivateImplementationDetails>{B2CE3B36-5259-4417-B48B-CD37892A6567}
__StaticArrayInitTypeSize=256
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=18
method
m_Repository
.cctor
System.IO
GetTempPath
StopComposer
GetCursorPos
user32.dll
SetComposer
key_Position
insert_RESULTAt
SetCursorPos
AssetComposer
Debugger
get_IsAttached
Thread
System.Threading
Application
System.Windows.Forms
EnableVisualStyles
SetCompatibleTextRenderingDefault
ServicePointManager
System.Net
set_SecurityProtocol
SecurityProtocolType
Concat
WebClient
DownloadFile
Process
get_StartInfo
ProcessStartInfo
set_FileName
Console
ReadLine
specification
m_Exception
_Policy
Module
System.Reflection
CustomizeClient
typemdt
FieldInfo
MethodInfo
ResolveType
GetFields
MemberInfo
get_MetadataToken
ResolveMethod
MethodBase
Delegate
CreateDelegate
SetValue
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
get_ManifestModule
IntPtr
result
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
_Attribute
UInt32
merchant
Dictionary`2
System.Collections.Generic
_Callback
m_Serializer
annotation
printer
_Broadcaster
config
m_Database
m_Initializer
m_Page
_State
RSACryptoServiceProvider
System.Security.Cryptography
exporter
_Identifier
_Importer
_Iterator
_Predicate
_Container
connection
struct
m_Singleton
_Queue
SortedList
System.Collections
m_Object
_Listener
Hashtable
m_Message
thread
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
set_UseMachineKeyStore
SelectClient
SortComposer
UInt64
BitConverter
GetBytes
RunComposer
flagsconsumer
def2_high
vis3Low
UInt16
key5_Low
visitor6
GetComposer
reg_end
mean_asset2
columnconfig3
indexOf_result4
flags_reg5
result6
ConnectComposer
caller_Position
insert_HELPERAt
result2_end
offset_key3
remove_IVK4At
column_init5
CompareComposer
caller
indexOfc
indexparam2
mean_config4
offset_col5
ComputeComposer
var1_size
CheckComposer
ResetComposer
SymmetricAlgorithm
AesCryptoServiceProvider
System.Core
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
CallComposer
CryptoConfig
get_AllowOnlyFipsAlgorithms
InvokeComposer
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
ChangeComposer
Stream
selection
NewComposer
end_second2
TransformBlock
InsertComposer
selection_max
BinaryReader
visitor2
get_BaseStream
set_Position
ReadUInt32
ManageComposer
ParameterInfo
DynamicMethod
System.Reflection.Emit
ILGenerator
Monitor
GetManifestResourceStream
get_Length
ReadBytes
MemoryStream
BindingFlags
get_Item
get_Module
GetGenericArguments
get_IsStatic
get_FieldType
GetParameters
get_DeclaringType
get_IsValueType
MakeByRefType
get_ParameterType
get_ReturnType
GetILGenerator
OpCode
OpCodes
Ldarg_0
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
Exception
PrintComposer
num_config
MoveComposer
version_config
SetupComposer
CustomizeComposer
init_length
CryptoStream
ICryptoTransform
CryptoStreamMode
DestroyComposer
Convert
FromBase64String
Encoding
System.Text
get_Unicode
GetString
AddComposer
ViewComposer
ReflectComposer
visitor
Marshal
System.Runtime.InteropServices
GetMethod
CollectComposer
get_Location
Exists
GetName
AssemblyName
get_CodeBase
ToString
Replace
GetType
GetProperty
PropertyInfo
GetValue
DisableComposer
LoadLibrary
kernel32
VisitComposer
GetProcAddress
InstantiateComposer
helperHigh
GetDelegateForFunctionPointer
QueryComposer
flags_vis
util_Ptr
selection2offset
RemoveComposer
spec2low
counter3
MapComposer
next_dir
value2
CalculateComposer
info_amount
pred_Y
position_helper
CountComposer
umLocehuEC
op_Equality
ConcatComposer
FileStream
FileMode
FileAccess
FileShare
IDisposable
Dispose
FindComposer
PrepareComposer
ToArray
ListComposer
set_Key
set_IV
CreateDecryptor
InitComposer
RateComposer
CreateComposer
WriteComposer
PopComposer
ResolveComposer
LoginComposer
CloneComposer
ReadComposer
PatchComposer
PrepareClient
TestClient
WriteClient
ResetClient
CloneClient
index_setup
FillClient
RestartClient
Reverse
UpdateClient
MapClient
GetPublicKeyToken
ComputeClient
ValidateClient
CipherMode
set_Mode
PrintClient
VisitClient
PushClient
RateClient
FlushFinalBlock
SortClient
LoginClient
AddClient
ToInt32
CollectClient
ReflectClient
ExcludeClient
SetClient
LogoutClient
AwakeComposer
CreateEncryptor
ToBase64String
classthis
nativeEntry
nativeSizeOfCode
_Filter
reader
KDikMXewCI
PostComposer
InterruptComposer
instance
min_cust
serv_High
CancelComposer
ReadInt32
DefineComposer
reference
hModule
lpName
lpType
counter
lpAddress
dwSize
flAllocationType
flProtect
hProcess
lpBaseAddress
buffer
lpNumberOfBytesWritten
flNewProtect
lpflOldProtect
dwDesiredAccess
bInheritHandle
dwProcessId
value__
m_Proccesor
ForgotClient
m_Dispatcher
m_Global
m_Advisor
IncludeComposer
DeflateStream
System.IO.Compression
CompressionMode
FillComposer
List`1
GetManifestResourceNames
AddRange
IEnumerable`1
SelectComposer
ResolveEventArgs
get_Name
AppDomain
get_CurrentDomain
ResolveEventHandler
add_ResourceResolve
kLjw4iIsCLsZtxc4lksN0j
ConcatClient
EnableClient
IncludeClient
GetClient
CancelClient
RegisterClient
FindClient
VerifyClient
CopyTo
CalcClient
CreateClient
ViewClient
PublishClient
DefineClient
InterruptClient
CompareClient
TestComposer
IsLittleEndian
PublishComposer
template_start
VerifyComposer
idx_connection
size_control
LogoutComposer
no_util
SearchComposer
lengthfield
RestartComposer
ivkPtr
UpdateComposer
num_selection
RegisterComposer
size_cont
OrderComposer
StartComposer
$$method0x6000317-1
$$method0x6000332-1
$$method0x6000332-2
$$method0x6000340-1
$$method0x6000340-2
$$method0x6000353-1
$$method0x6000395-1
$$method0x60005b3-1
UnverifiableCodeAttribute
System.Security
UnmanagedFunctionPointerAttribute
CallingConvention
CharSet
FlagsAttribute
CompilerGeneratedAttribute
Customer.Model
Client.Helper
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
testing.Instances.Writer+PoolEventFilter+SystemWriterDef`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
CharSet
AYa+Cd
IsR4K"
3Rfhn M
_CorExeMain
mscoree.dll
=jcbyI{|by
'Sl/<{
=DbVY#
MeGa/o
miZ|ea
>3>>n<
}mK/$-
/;gyw?v
0x9*ANCT
\6\B!p#
)HZeH5
O^0swh
K/[|Q
=WZn?B
;'CEE
En~a$9
]sNFK7
l1W1|I
ZSMMSZ
SSQPPMMMMMMP
^VSSSQPPPMMMMMMZ
fVXVVSSQQPPMV
\XXVVVSSSQPP
^\\XXVVSSSQQ
^^\\XXVVVSSSQ
a^^^\XXXVVSSSQPPMM
aa^^^^\XXXXXVXVVVS
daaa^^\\^
hdaaa^^^\\XVVVVSRRPPPMMS
hhhaaa^^^\\\XVVVSSSQPPMMMZ
hhhhhaaa^^^\XXXVVSSQQQPPMM
hhhhhhaaa^^^^\XXVVVSSQQPPMV
hhhhhhhdaaa^^\\XXXVVSSQQPPP
hhhhhhhhhaaa^^^\\XXVVVSSQQP
hhhhhhhhhaaa^^^\\XXVVVSSQQa
(,((((
hhhhhhhhhhdaa^^^\XXXVVSSSV
.(,(( (
da^^^^\XXVVVSS
00(,((
^^^\\XXXVVS
0./((((((
^^^^\\XXVZ
000.,((("(
a^^^\\XXd
A0.,,(((("(
daa^^^\X
~000.0.(((
hdaa^^^^
900.,(0((((
hdaa^^^
<90000(((((
hhddd^i
#############
9000.0,((((
hhhddd
##############
<000.,,(((((
}GGGGGEEB@@@@8
,(/((((
//,(,(((
######################
J,((((
######################
,(((("
900//,(((((
I00/.0,((( ,
##############
##############
\QQNNNNQf
dWUSQQNNNRWQ
WWWUUSQNW
\\WWUUSQ\
_^\WWUUUQ]dNN
__^\WWWURRQNN
c___^\
ecc__^^\\WWWUQQQQ\
hcc_c^^\W\WUURQQNNQ
hdee_c__^\WWUUSQQNN
hhehe_c__^\\WWUUSQQR
heeehhcc__^^\WWUUSQQ
ehehchccc_^^\WWWUUS
c^^^\WWUU
4505##
?~~~~~{{~
_^^\WWU
745##&&
i__^\WW
D4444&&
c___^\
y74445#&#
ccc___
9944&4&&
'''''''''(
x98445&&&#
C94445&#
''''''''''''''''
9@H45##
D744000
lpppprpm
''''''''''
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,A)-A-+,,
!!!!!!!!!!!!!!!!!!!! !! !! !!!!!!!!!A!A,
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-A-,),
dG525Gd
_55432?@_
>=;543{|2
B>==55;:2
DB>>_gdaa
iKDBB>>;;5433`
iKKHHB>>;;5432x
YKKKHHBB>=5554I
0eKKKHHBB>>=54;
QsxxwxweK>>=;5
jH>>=>
OS((
hm\\XXWW+
PZ,$
f7322B~
v::53jkh
u=::7:6d
{[Tt?=<fhfhjj~
_A?==::732B
^CAA==;:753~
/lfaaa?<::7x
..,,Fc=::x
EYWTQPN
GZVVZH
K0-55U
G20+(%(S
F320/((N
@@<E0(M
UUUhooG{{;
&e`===
@kC5.\<
"Mss3n
M7e5uZ(
{qdx\!NI
]]]hkkCKK
Y}(t^%
^!`jkkQ[[
P n^y3f
-OWe/'
wMGED:
.M^'-~H
9]zuZl
vpuZz#
F6A-Pd
OM1ki
!2<l|.
[2M%P1_
@rlKU
c~UE9V
F!~+]%~
_/t_,d
1|LCu8
HieU@Y-0q
j 1j.g~Bo
eeeHeee
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Cryptography.AesCryptoServiceProvider
Value.Resolver
{11111-22222-10009-11112}
Debugger Detected
Client.Helper
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
file:///
Location
ResourceA
Virtual
Write
Process
Memory
Protect
Process
Close
Handle
kernel
32.dll
{11111-22222-20001-00001}
{11111-22222-20001-00002}
{11111-22222-30001-00001}
{11111-22222-30001-00002}
{11111-22222-40001-00001}
{11111-22222-40001-00002}
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
Python
FileVersion
3.11.3150.1013
InternalName
Python Console
LegalCopyright
Copyright
2001-2023 Python Software Foundation. Copyright
2000 BeOpen.com. Copyright
1995-2001 CNRI. Copyright
1991-1995 SMC.
OriginalFilename
Python Console
ProductVersion
3.11.3150.1013
Assembly Version
3.11.3150.1013
ProductName
Python
CompanyName
Python Software Foundation
LegalTrademarks
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.67026640
ClamAV Clean
FireEye Generic.mg.0bde80954b5c1481
CAT-QuickHeal Clean
McAfee Artemis!0BDE80954B5C
Malwarebytes Trojan.MalPack.MSIL
Zillya Clean
Sangfor Infostealer.Msil.Reline.Vtno
K7AntiVirus Trojan-Downloader ( 005a56ae1 )
BitDefender Trojan.GenericKD.67026640
K7GW Trojan-Downloader ( 005a56ae1 )
Cybereason malicious.54b5c1
BitDefenderTheta Gen:NN.ZemsilF.36196.im0@aOxmQ5c
VirIT Clean
Cyren W32/MSIL_Kryptik.GVV.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.PFF
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.MSIL.Reline.gen
Alibaba TrojanPSW:MSIL/Reline.e65fdbfa
NANO-Antivirus Clean
ViRobot Clean
Rising Stealer.Reline!8.132F4 (CLOUD)
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
F-Secure Trojan.TR/Dropper.MSIL.Gen
DrWeb Clean
VIPRE Gen:Variant.Lazy.341674
TrendMicro Trojan.Win32.SMOKELOADER.YXDELZ
McAfee-GW-Edition Artemis!Trojan
Trapmine suspicious.low.ml.score
CMC Clean
Emsisoft Trojan.GenericKD.67026640 (B)
Ikarus Trojan.Dropper
GData Trojan.GenericKD.67026640
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira TR/Dropper.MSIL.Gen
Antiy-AVL Trojan[PSW]/MSIL.Reline
Gridinsoft Trojan.Win32.Gen.bot
Xcitium Clean
Arcabit Trojan.Lazy.D536AA
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Reline.gen
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5231291
Acronis suspicious
VBA32 Clean
ALYac Gen:Variant.Lazy.341674
MAX malware (ai score=83)
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.SMOKELOADER.YXDELZ
Tencent Msil.Trojan-Downloader.Ader.Zmhl
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet PossibleThreat
AVG Win32:Malware-gen
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.