popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2099-05-12 13:02:15

PDB Path

BBbH.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000036b4 0x00003800 5.31785052476
.rsrc 0x00006000 0x00000588 0x00000600 4.023940371
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000060a0 0x000002fc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000639c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
(m(/d8
v4.0.30319
#Strings
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
System
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
String
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
SuppressIldasmAttribute
69999b96-4d2e-472b-a8af-0886aedb760d
BBbH.exe
<Module>
Td2RclP5E8Pa14HftY
PLOAgf0h6aIqGvu1XV
Object
<Module>{8C5F6D8E-1294-49B9-8428-7682CD2A0528}
txRZPftagP3i8460Bh
RKlhoIQK7Ba0E4SGWt
Pum9ay7OQctVCKfccL
MulticastDelegate
reMQQMRoQlNlQ57Q58
NXyDmbxD7nGtTpS6Nd
<PrivateImplementationDetails>{5A7006D4-2A3C-491C-B89D-765E5E2BD451}
__StaticArrayInitTypeSize=256
ValueType
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=18
lHxKfAK3Dmtt3cS71u
G6Cg5GJXU
Thread
System.Threading
Environment
GetFolderPath
SpecialFolder
Concat
o10sUhBmv
WebClient
System.Net
DownloadData
IDisposable
Dispose
tsLXZ8Mi4
FileStream
System.IO
Process
get_MainModule
ProcessModule
get_FileName
Equals
StringComparison
FileMode
Stream
PGB3mpjXA
ProcessStartInfo
GetCurrentProcess
set_Arguments
set_WindowStyle
ProcessWindowStyle
set_CreateNoWindow
set_FileName
ADwZvJGbeTJwywebUX
SnhyRDcw0GesTtle5P
xSnTrijJ3QFkhF59Jf
vTkhcsoHswN7waRYvc
rfp6rhDn45RMSgHSyL
Exists
kVFTBrgfZUC7Gm8C4d
P3xkukQlStmfTgo7tH
N4mTSS90PEm8AetIgB
C43f1iuTlxaMYgsAgC
fdQL9wxPnETSjVlXLU
cHcCswov5
Module
qfxVfZ5dDNSpru1Esp
dm4S1DLLhPFc3
typemdt
FieldInfo
MethodInfo
MemberInfo
get_MetadataToken
ResolveMethod
MethodBase
GetFields
Delegate
CreateDelegate
SetValue
.cctor
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
get_ManifestModule
lBHxCqniFTYQAgl1aS
ResolveType
T6gBSyaJJx5fAadh0Q
dVxbXS2dkkBi6ua35c
XINbLpHmlef7gLh09e
IntPtr
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
jbPEUK3UL
kNlS1DLwfScld
$$method0x6000317-1
$$method0x6000332-1
$$method0x6000332-2
$$method0x6000340-1
$$method0x6000340-2
$$method0x6000353-1
$$method0x6000395-1
$$method0x60005b3-1
CompilerGeneratedAttribute
BBbH.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
WrapNonExceptionThrows
Copyright
2023
$193fbf90-adeb-4bdb-9b99-860d8aa429d2
1.0.0.0
.NETFramework,Version=v4.5.1
FrameworkDisplayName
.NET Framework 4.5.1
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
value__
System.Globalization.CultureInfo
m_isReadOnly
compareInfo
textInfo
numInfo
dateTimeInfo
calendar
m_dataItem
cultureID
m_name
m_useUserOverride
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
System.Globalization.Calendar
System.Globalization.CompareInfo
m_name
win32LCID
culture
m_SortVersion
System.Globalization.SortVersion
System.Globalization.TextInfo
m_listSeparator
m_isReadOnly
m_cultureName
customCultureName
m_nDataItem
m_useUserOverride
m_win32LangID
%System.Globalization.NumberFormatInfo"
numberGroupSizes
currencyGroupSizes
percentGroupSizes
positiveSign
negativeSign
numberDecimalSeparator
numberGroupSeparator
currencyGroupSeparator
currencyDecimalSeparator
currencySymbol
ansiCurrencySymbol
nanSymbol
positiveInfinitySymbol
negativeInfinitySymbol
percentDecimalSeparator
percentGroupSeparator
percentSymbol
perMilleSymbol
nativeDigits
m_dataItem
numberDecimalDigits
currencyDecimalDigits
currencyPositivePattern
currencyNegativePattern
numberNegativePattern
percentPositivePattern
percentNegativePattern
percentDecimalDigits
digitSubstitution
isReadOnly
m_useUserOverride
m_isInvariant
validForParseAsNumber
validForParseAsCurrency
Infinity
-Infinity
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
height
DBRfhn M
BBbH.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
)O71ODAOTQOTYOTaOTiOTqOTyOT
O7.[Y.SY.K_.c|.{
.#J.;Y.3Y.+Y
https://hydramecs.com/YYY.exe
\YYY.exe
/C choice /C Y /N /D Y /T 1 & Del "
cmd.exe
$this.SnapToGrid
$this.TrayLargeIcon
$this.Icon
$this.Locked
$this.DrawGrid
progressBar1.Modifiers
$this.Localizable
$this.Language
$this.GridSize
$this.TrayHeight
progressBar1.Locked
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
BBbH.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
BBbH.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Tedy.4!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Tedy.373567
FireEye Generic.mg.543e32d9617d5851
CAT-QuickHeal Clean
McAfee Artemis!543E32D9617D
Malwarebytes Trojan.Crypt.MSIL
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 005a6a971 )
BitDefender Gen:Variant.Tedy.373567
K7GW Trojan-Downloader ( 005a6a971 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.36250.bm0@aSIUN4l
VirIT Trojan.Win32.Genus.RAX
Cyren W32/ABRisk.KCTM-4890
Symantec Trojan Horse
Elastic malicious (moderate confidence)
ESET-NOD32 MSIL/TrojanDownloader.Tiny.CGQ
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
Alibaba Backdoor:MSIL/Crysan.08837fa4
NANO-Antivirus Clean
ViRobot Clean
TACHYON Clean
Sophos Mal/Generic-S
Baidu Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0XF423
McAfee-GW-Edition Artemis!Trojan
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.67409276 (B)
Ikarus Trojan.Inject
GData Gen:Variant.Tedy.373567
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1323970
Antiy-AVL Trojan[Backdoor]/MSIL.Crysan
Gridinsoft Trojan.Win32.AsyncRAT.bot
Arcabit Trojan.Tedy.D5B33F
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Malware/Win.Generic.C5437168
Acronis Clean
VBA32 TScope.Trojan.MSIL
MAX malware (ai score=84)
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0XF423
Tencent Msil.Backdoor.Crysan.Ngil
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet PossibleThreat
Cybereason Clean
DeepInstinct MALICIOUS
No IRMA results available.