popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-05-23 21:58:18

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x003c6d00 0x003c6e00 5.85024432042
.rsrc 0x003ca000 0x00010df4 0x00010e00 4.78708442006
.reloc 0x003dc000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x003ca130 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x003da958 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x003da96c 0x000002d4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x003dac40 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+AAAAADAAtQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAC4AMAAuADAALgAxAAAAbgBvAGkAcwByAGUAVgAgAHkAbABiAG0AZQBzAHMAQQABAAgAOAAAADAALgAwAC4AMAAuADEAAABu
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
Toqkmje
Toqkmje.exe
System.Windows.Forms
System
mscorlib
System.Drawing
System.Core
.resources
WindowsFormsApp52.Properties.Resources.resources
.resources
.resources
.resources
.resources
Action
ArgumentNullException
Boolean
GeneratedCodeAttribute
System.CodeDom.Compiler
IEnumerable`1
System.Collections.Generic
IContainer
System.ComponentModel
Convert
Delegate
DebuggerNonUserCodeAttribute
System.Diagnostics
EventArgs
EventHandler
Func`2
CultureInfo
System.Globalization
IDisposable
IntPtr
Enumerable
System.Linq
Object
Assembly
System.Reflection
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
MethodInfo
ResourceManager
System.Resources
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
ExtensionAttribute
RuntimeCompatibilityAttribute
SuppressIldasmAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
RuntimeTypeHandle
STAThreadAttribute
Single
String
Encoding
System.Text
Application
AutoScaleMode
ButtonBase
CheckBox
ContainerControl
Control
ControlCollection
UserControl
<Module>
Dispose
.cctor
set_Checked
GetTypes
FirstOrDefault
set_AutoSize
set_Location
set_Name
set_Size
set_TabIndex
set_Text
set_UseVisualStyleBackColor
add_CheckedChanged
set_AutoScaleMode
get_Controls
ResumeLayout
PerformLayout
SuspendLayout
set_AutoScaleDimensions
get_FullName
Contains
Reverse
ToArray
GetMethods
get_ASCII
GetString
FromBase64String
GetTypeFromHandle
CreateDelegate
DynamicInvoke
set_DoubleBuffered
set_ClientSize
add_Load
get_Assembly
GetObject
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
WrapNonExceptionThrows
$b50f72d8-524c-47f9-87cf-b842103a2cb6
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
m&H+l&G>k&FPk&GZk&Ffk&Ejk&Fpk&Fuk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Ftk&Fuk&Frk&Ekk&Fgl&G[k&FPl&G@m&H-o'J
m&H3k&Fuk&E
k&F{l&G9t(Q
l&G~j&E
n'I"i&A
m&H]k&E
l&GjK"
o'Kp'M
o'Lo'L
m&I\k&F
m&Ilk&F
q'M p'M
p'M&p'L
n&Jsl&G
q'M,m&I
p'L;p'L
o'Lim&I
o'Kzm&I
r'O n&J
q'M-p'M
q'M1n&J
q'MAp'M
q'NBn&J
p'MPp'L
p'MMo&K
q'N\p'M
p'MTo&K
p'Mgp'L
r'NZo'K
p'Mjp'L
r'Nao'K
q'Mqp'L
q'Ndo'K
q'Mup'L
r'Ngp'L
q'Ntq'M
r'Oip'L
q'Ntq'M
r'Ojp'L
q'Ntq'M
r'Ojp'L
r'Ntq'M
r'Njq'M
r'Otr'N
r'Njq'M
r'Otr'N
r'Ojq'M
r'Otr'N
r'Ojq'N
s'Otr'O
r'Ojq'N
s'Ptr'O
r'Oir'N
s'Ptr'O
s'Pjr'O
s'Ptr'P
s'Qnr'O
s'Qts'P
s'Qor'O
s'Qts'P
s'Qsr'O
s'Qts'P
t'Rts'P
t'Qts'Q
t'Rts'P
t'Rts'Q
t'Rts'P
t'Rts'Q
t'Rts'Q
t(Rtt'R
t'Rts'R
t(Stt'R
t'Rts'R
t(Stt'R
t(Rts'R
u(Stt'R
u(Stt'R
u(Stu(S
u(Stt'R
u(Stu(S
u(Ttt'S
u(Ttu(T
u(Stt'S
u(Ttu(T
v(Ttu(S
v(Ttv(T
v(Ttu(T
v(Ttv(T
v(Utu(T
v(Ttv(T
v(Utu(T
v(Utv(U
v(Utv(U
v(Utv(U
v(Utv(U
v(Utv(U
v(Utv(U
v(Utv(U
v(Utv(U
w(Vtw(V
w(Utw(V
w(Vtw(V
w(Utw(V
w(Vtw(V
w(Utw(V
w(Vtw(V
w(Utw(V
w)Vtx)W
w)Vtx)W
x)Vtx)W
w)Vtx)W
x)Wtx)W
x)Wtx)W
x)Wtx)X
y)Xty)X
y)Wty)X
y)Xty)X
y)Xty)X
y)Xuy)X
y)Xty)X
y)Xqy)X
y)Xty)X
z)Yiy)X
y)Xtz)Y
y)Xiy)X
y)Xtz)Y
z)Ydy)X
y)Xuz)Y
{)Zay)Y
z)Ypz)Y
z)Z[z)Y
z)Ziz)Z
y)XSz)Y
{)Zh{)Z
z)ZLz)Y
{*Z[{)Z
{)ZBz)Y
z)YN{)Z
z)Y2{)Z
{*[A{*[
{)Z{)Z
{)Z-{*[
{*[f|*[
|*[w|*\
|*\)|*\
{*[7|*[
|*\q|*\
|*["|*\
|*[V}*]
|*\f|*\
|*[Q}*]
|*\o}*\
|*\x{*[
{*[)|*\g|*\
|*\m{*[.w(U
{)Z {*[3|*\D|*\N{*ZU}*]^}*]e|*\i|*\j|*\j|*\j|*\j|*\j|*\j|*\j|*\j|*\i|*\j|*\n|*\o|*[o{*[s{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t{*[t|*[r|*[o|*[p|*\m|*\i|*\j|*\j|*\j|*\j|*\j|*\j|*\j|*\j|*\j|*\i}*]e}*]`{*[W|*[O|*\E{*[4|*[$y)X
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPAD
Fipwuoifuwzwhhj
checkBox1
UserControl2
Fipwuoifuwzwhhj.Hbijdutbfkktvyr
UserControl3
UserControl4
WindowsFormsApp52.Properties.Resources
Fipwuoifuwzwhhj
UserControl1
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Toqkmje.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Toqkmje.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Remcos.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Lazy.345343
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!4BBBAD7EDCD5
Malwarebytes Malware.AI.3840999087
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Lazy.345343
K7GW Clean
Cybereason malicious.a21f53
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent_AGen.ASV
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.Remcos.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.97 (RDM.MSIL2:HtbJwiFDRMgchHoXNPhvQg)
TACHYON Clean
Emsisoft Gen:Variant.Lazy.345343 (B)
F-Secure Heuristic.HEUR/AGEN.1323353
DrWeb Trojan.Inject4.30942
VIPRE Gen:Variant.Lazy.345343
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Dropper.wm
Trapmine Clean
FireEye Generic.mg.4bbbad7edcd5cd1e
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Lazy.345343
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1323353
Antiy-AVL Trojan[Backdoor]/MSIL.Remcos
Gridinsoft Trojan.Win32.Remcos.bot
Xcitium Clean
Arcabit Trojan.Lazy.D544FF
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Remcos.gen
Microsoft Trojan:Win32/Woreflint.A!cl
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.C5432203
Acronis suspicious
ALYac Gen:Variant.Lazy.345343
MAX malware (ai score=84)
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H07EN23
Tencent Clean
Yandex Clean
Ikarus Trojan-Spy.AgentTesla
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent_AGen.ASV!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.36196.2p0@aO4Y0zi
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.