popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2092-03-21 20:57:55

PDB Path

BBbH.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000035b4 0x00003600 5.41046359308
.rsrc 0x00006000 0x0002a2a8 0x0002a400 4.5132475217
.reloc 0x00032000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f8d4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002fd3c 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002fdc0 0x000002fc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000300bc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
(}c5(
v4.0.30319
#Strings
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
System
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
String
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
SuppressIldasmAttribute
cda58e95-8dcf-49d5-b047-29c76f3032f5
BBbH.exe
<Module>
Program
Lime_Dropper_1
Object
<Module>{80E96A3B-8730-4026-BEF6-4B383ADEBCDA}
Idt5pgryuYoFVQiX6j
oRZtxCaSAYh6EEGEIZ
SFU4mbT3GMret7THonf
MulticastDelegate
hHEYokUTtehNq5ji0d
rE4lpnT863QnijKQK5
<PrivateImplementationDetails>{23E0AF0E-3010-451B-BA70-2FCC689B53E7}
__StaticArrayInitTypeSize=256
ValueType
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=18
nes2dAMWwusagCo1p4
Environment
GetFolderPath
SpecialFolder
Concat
Thread
System.Threading
DownloadPayload
WebClient
System.Net
DownloadData
InstallPayload
dropPath
payloadBuffer
FileStream
System.IO
Process
GetCurrentProcess
get_MainModule
ProcessModule
get_FileName
Exists
FileMode
Stream
ProcessStartInfo
set_Arguments
set_WindowStyle
ProcessWindowStyle
rcSglO3MfDK9YXU33i
TO6TQiiGDZclOQkOsK
Db6sgEr5bFOmOOXcrD
IDisposable
Dispose
Q9gLxRHmVLxlBtJRZ0
XGAXbX9YaOMTSf4TaJ
StringComparison
Equals
fqlcM5d0yk1W4guEQw
IVm4SAIouJpDUAd8qQ
LumFLsaQ9nuO22yaoD
gt0mpslPK5L2AbQYjm
set_CreateNoWindow
FPuqgKQHPQwNQjP6t8
set_FileName
clYqfhpN697OKBg5GJ
Kh2o8BSHbd
Module
nLAMaCRQ4jFRDqxdVf
CoFMQJyymvEYF
typemdt
FieldInfo
MethodInfo
MemberInfo
get_MetadataToken
ResolveType
GetFields
.cctor
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
get_ManifestModule
uoyblIxE067D8vVCqV
ResolveMethod
MethodBase
T2JkwV4vYBv0ESo0qb
Delegate
CreateDelegate
xJmO6I2U5ahAEX1oYv
SetValue
Ya8cvXNdYV1GgWfh4y
NAtZ5ASqJkuOnCpjyb
object
IntPtr
method
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
Hh5kRkRi0A
wUaMQJyVUW28k
$$method0x6000317-1
$$method0x6000332-1
$$method0x6000332-2
$$method0x6000340-1
$$method0x6000340-2
$$method0x6000353-1
$$method0x6000395-1
$$method0x60005b3-1
CompilerGeneratedAttribute
BBbH.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
WrapNonExceptionThrows
Copyright
2023
$193fbf90-adeb-4bdb-9b99-860d8aa429d2
1.0.0.0
.NETFramework,Version=v4.5.1
FrameworkDisplayName
.NET Framework 4.5.1
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
value__
System.Globalization.CultureInfo
m_isReadOnly
compareInfo
textInfo
numInfo
dateTimeInfo
calendar
m_dataItem
cultureID
m_name
m_useUserOverride
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
System.Globalization.Calendar
System.Globalization.CompareInfo
m_name
win32LCID
culture
m_SortVersion
System.Globalization.SortVersion
System.Globalization.TextInfo
m_listSeparator
m_isReadOnly
m_cultureName
customCultureName
m_nDataItem
m_useUserOverride
m_win32LangID
%System.Globalization.NumberFormatInfo"
numberGroupSizes
currencyGroupSizes
percentGroupSizes
positiveSign
negativeSign
numberDecimalSeparator
numberGroupSeparator
currencyGroupSeparator
currencyDecimalSeparator
currencySymbol
ansiCurrencySymbol
nanSymbol
positiveInfinitySymbol
negativeInfinitySymbol
percentDecimalSeparator
percentGroupSeparator
percentSymbol
perMilleSymbol
nativeDigits
m_dataItem
numberDecimalDigits
currencyDecimalDigits
currencyPositivePattern
currencyNegativePattern
numberNegativePattern
percentPositivePattern
percentNegativePattern
percentDecimalDigits
digitSubstitution
isReadOnly
m_useUserOverride
m_isInvariant
validForParseAsNumber
validForParseAsCurrency
Infinity
-Infinity
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
height
DBRfhn M
BBbH.pdb
_CorExeMain
mscoree.dll
@wuM{?
Rw@x_te
GoF1#7
(Jv*@q
D'g5Mg
A+@m0LM0B}
TSOm0L$
Kkn^|yQm
'wm%"O
RW-xOW:
-+n `Y
_/xsN7'q
.rQhtx
lWm_2k1
.TCm0Bm0B](
|8io}`
&e(Rw
@te,@vn
1M';4)
Dr3Cq
Cr@CrpDr
Dr!CrNCr
Cr.Cr[Dr
Cr;CrjDr
CrICryCr
Dr)DrVDr
Dr6DreDr
CrDCrsDr
Dr$DrQDr
Dr1Dr_Dr
Dr?DrmDr
Dr*DrYDr
DrDrLDr|Dr
Dr>DrlDr
Dr0Cr^Dr
Cr$CrQDr
DrCDrrDr
Dr6DrdDr
Dr)DrVDr
DrHDrxDr
Cr;CriDr
Cr.DrZDr
Dr!DrNDr~Dr
ACrnDr
Cr2Cr\Cq
Cr;Cr
DrHDryCq
Cr6Cr
*DrSDr
DrnCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
DrwCq
Dr?DrpDr
3DraDr
DrCCr
Dr9DreDr
CrHCr
Dr=DrjCr
Cr6DreCq
DCrsCr
Cr&CrQCr
Dr/Dr`Cr
?CroDr
DrLDr|Cr
.DrZCr
Dr-Cq
Dr1DrcDr
(CrSCr
DrEDruDr
Dr8DrhDr
+CrYCr
DrDrJDr|Dr
CrKCr{Cr
Cr)CrZCr
Dr8CrhCr
CrFCrvDr
Dr$DrUDr
DraDr
Dr2DrbDr
Cr#CrTCr
DrFDrvDr
Dr7DrgDr
Cr)CrZCr
DrKCq
Cr+Cq
HCrxCr
Cr&CrVCr
Dr4Cr
*DrcCr
Dr%CrTCr
Dr8Cr
Dr*DrZCq
CrICrzCp
Cr(CrXCr
Dr6CrfCr
DrVDr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
Dr|Dr
DreDr
Dr%DrUCr
DrGDrwDr
Cr9DrhDr
>DrnCr
#CrUCr
DrGCr
GCrwCr
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
)O71ODAOTQOTYOTaOTiOTqOTyOT
O7.[Y.SY.K_.c|.{
.#J.;Y.3Y.+Y
\YYY.exe
https://oshi.at/MvZb/YYY.exe
/C choice /C Y /N /D Y /T 1 & Del "
cmd.exe
$this.SnapToGrid
$this.TrayLargeIcon
$this.Icon
$this.Locked
$this.DrawGrid
progressBar1.Modifiers
$this.Localizable
$this.Language
$this.GridSize
$this.TrayHeight
progressBar1.Locked
-DAKIRBY309-SIMPLY-STYLED-MICROSOFT-EXCEL-2013
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
BBbH.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
BBbH.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Hesv.4!c
Elastic malicious (high confidence)
MicroWorld-eScan IL:Trojan.MSILZilla.28293
ClamAV Clean
FireEye Generic.mg.96b0ccf071277093
CAT-QuickHeal Clean
McAfee Artemis!96B0CCF07127
Malwarebytes Trojan.Crypt.MSIL
VIPRE IL:Trojan.MSILZilla.28293
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 005a6a281 )
BitDefender Trojan.GenericKD.67409523
K7GW Trojan-Downloader ( 005a6a281 )
Cybereason malicious.071277
Baidu Clean
VirIT Trojan.Win32.Genus.RAX
Cyren W32/ABRisk.AHLF-6202
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent_AGen.ATA
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.MSIL.Hesv.gen
Alibaba Trojan:MSIL/Generic.7b949b78
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1323970
DrWeb Trojan.DownloaderNET.645
Zillya Clean
TrendMicro TROJ_GEN.R014C0DF423
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.67409523 (B)
Ikarus Trojan-Spy.MSIL.Agent
GData IL:Trojan.MSILZilla.28293
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1323970
Antiy-AVL Trojan/MSIL.Hesv
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D6E85
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Hesv.gen
Microsoft TrojanDownloader:MSIL/AsyncRAT.L!MTB
Google Detected
AhnLab-V3 Downloader/Win.AsyncRAT.C5433063
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.36250.lm0@aGc0jUe
ALYac Gen:Variant.Lazy.349395
MAX malware (ai score=82)
DeepInstinct MALICIOUS
VBA32 TScope.Trojan.MSIL
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R014C0DF423
Tencent Malware.Win32.Gencirc.13c9ab55
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.PGN!tr.dldr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.