popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2061-08-12 05:54:40

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003414 0x00003600 6.42721467351
.rsrc 0x00006000 0x00014d68 0x00014e00 7.43814444879
.reloc 0x0001c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001936c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x000197d4 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00019858 0x000003f0 LANG_NEUTRAL SUBLANG_NEUTRAL SysEx File - OctavePlateau
RT_MANIFEST 0x00019c48 0x0000111f LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!--
Windows,
requestedExecutionLevel
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
requestedExecutionLevel
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--
Windows,
Windows
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!--
Windows
DPI.
Windows Presentation Foundation (WPF)
DPI,
Windows Forms
.NET Framework
"EnableWindowsFormsHighDpiAutoResizing"
"true"
app.config.
https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation.-->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!--
Windows (Windows XP
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
=WLT6J
YvRu!T
zL7t7G
Yc"5R4
2y2'+J
"iU'/~
v4.0.30319
#Strings
Dictionary`2
<Module>
SE_PRIVILEGE_ENABLED
th32ProcessID
SE_SHUTDOWN_NAME
INVALID_HANDLE_VALUE
System.IO
TOKEN_ADJUST_PRIVILEGES
ANYSIZE_ARRAY
TOKEN_QUERY
Costura
mscorlib
System.Collections.Generic
NumberOfBytesToRead
SuspendThread
TerminateThread
hThread
isAttached
Interlocked
costura.costura.dll.compressed
source
dwExitCode
set_AutoScaleMode
CompressionMode
Exchange
nullCache
IDisposable
CloseHandle
ProcessHandle
DownloadFile
get_Name
set_FileName
fullName
GetName
requestedAssemblyName
SecurityProtocolType
culture
Dispose
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
add_AssemblyResolve
bld_3.exe
set_ClientSize
Config
System.Threading
System.Runtime.Versioning
CultureToString
disposing
System.Drawing
Attach
Mdsdddddddddddddfsh
GetTempPath
get_Length
EndsWith
nullCacheLock
System.ComponentModel
kernel32.dll
ntdll.dll
set_SecurityProtocol
ContainerControl
ReadStream
LoadStream
GetManifestResourceStream
DeflateStream
MemoryStream
stream
Program
set_Item
System
AppDomain
get_CurrentDomain
FodyVersion
System.IO.Compression
Application
System.Security.Authentication
destination
System.Globalization
System.Reflection
set_Position
StringComparison
CopyTo
get_CultureInfo
get_StartInfo
ProcessStartInfo
Tfgfgfg_mp
AssemblyLoader
sender
Buffer
ServicePointManager
ResolveEventHandler
IContainer
.cctor
Monitor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
ReadFromEmbeddedResources
DebuggingModes
GetAssemblies
EnableVisualStyles
resourceNames
symbolNames
assemblyNames
get_Flags
AssemblyNameFlags
dwFlags
ResolveEventArgs
Equals
SslProtocols
System.Windows.Forms
GetCurrentProcess
BaseAddress
components
Concat
hObject
System.Net
SetCompatibleTextRenderingDefault
SystemDefault
ToLowerInvariant
WebClient
InitializeComponent
CreateToolhelp32Snapshot
kevin.app.manifest
set_Text
ProcessedByFody
ContainsKey
Hdffffdddddddddsaiy
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
NtReadVirtualMemory
op_Equality
op_Inequality
IsNullOrEmpty
WrapNonExceptionThrows
kevin.Properties
Copyright
2023
$dc804a4a-10ae-4021-93c7-60680aac7e61
4.225.255.2222
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
_CorExeMain
mscoree.dll
{-4anm
//Ccip
p_^_lAkeaEC*
(0*0choZG
{>ieaEC0
&B*/ahbP
7haEC0(
1/(Dh.
)DaaaacccaaX63+
,afffggggf`63,
+4FFbbb``X63,
I`X632+
I`66552
5`ZZZ52
=ddd[ZY+
^lllj]\
yruuuuv
"$\emhIoMGj_C?
!,8XXXXX720
)cddddd[B(
177XXVZ+(
pbbWV'
343Ms~kY
/2#32#
788=65@4
OEGz|gfdf
#?IE3"%
+8JjhVDP
03C93fW@G
:;;B76H5
&AhFK-
gNM{M{
L;i1lA
EYp@_O
#u,C`fR
]M#D$J
t)W]u%W
SjxDP
^|Z'-M`
%[ZYGq
>*`(8Qju
9(S f#D
C11YGB
IY*6$D
^L.[0p
BUR-.2
r0f0?d
l^7ba0
?<OX,Y
+C.]{%
O"TH^4f
{/@d\
'X}Lag
Lpc"]I
sN>DUU
aQ0O&PG 'ZR]b
'aWs7Zg1
t:y+t@
m_&.nCz
T>3: sG
K#zW]O
|bO|m"
F(YQT{A"
mo:cs{
IcBW=r
2G&B!j2=2
NT!85U
IDATYNQD
`C$iki
`gN_:,
*w,+0i
SKzt'n
n CA!'
r!Se0Za
IWv`g{
Vh5[Wo
J#d`glwK
e=Xcpm
cp"*3A
L:)T:P=
-:k6OtD,}n;
zBcl7,
95 `xK
Ughh-(
IDAThA
]DTBt(
,|j37-x
*F9>>O
WocN.G
9W _(r
nkLs.O
IhA64
9+jB[#
U$=]6k
.<e:w=
z>X:{CU
@B__8S7
0`T[3'Lk
\:cE)NIT
>V)mg`<aH
$%U:Sh
]w/yz3
/g={cI<
h3u7Y/
)-(7k<
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!--
Windows,
requestedExecutionLevel
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
requestedExecutionLevel
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--
Windows,
Windows
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!--
Windows
DPI.
Windows Presentation Foundation (WPF)
DPI,
Windows Forms
.NET Framework
"EnableWindowsFormsHighDpiAutoResizing"
"true"
app.config.
https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation.-->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!--
Windows (Windows XP
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
http://94.142.138.111/software/bld_3s.exe
iexplorer.exe
.compressed
costura
costura.costura.dll.compressed
SeShutdownPrivilege
5.0.0.0
4.0.0.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Diagnostics utility for Internet Explorer
FileVersion
11.0.20348.1
InternalName
IEDiagCmd.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
IEDiagCmd.exe
ProductName
Internet Explorer
ProductVersion
11.0.20348.1
Assembly Version
11.0.20348.1
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
MicroWorld-eScan Clean
ClamAV Clean
FireEye Generic.mg.e2ca6f8e77cbaa4a
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Trojan.Downloader.MSIL
VIPRE Clean
Sangfor Downloader.Msil.Agent.Vvrg
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.36196.km3@aOJiFto
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.PFF
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan-PSW.MSIL.Reline.gen
Alibaba Trojan:MSIL/Generic.f09a27fd
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Stealer.Reline!8.132F4 (CLOUD)
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
F-Secure Trojan.TR/Downloader.Gen9
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.ct
Trapmine Clean
CMC Clean
Emsisoft Clean
Ikarus Trojan-Downloader.MSIL.Agent
GData Win32.Trojan-Downloader.Generic.KAJQFS
Jiangmin Clean
Webroot W32.Trojan.Dropper
Avira TR/Downloader.Gen9
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Reline.gen
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!E2CA6F8E77CB
MAX Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DEM23
Tencent Msil.Trojan-Downloader.Ader.Qqil
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Agent.PFF!tr.dldr
AVG FileRepMalware [Pws]
Cybereason malicious.ef4602
Avast FileRepMalware [Pws]
No IRMA results available.