popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-06-08 11:00:39

PDB Path

BHNh772.pdb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
\x14_%\x0cdQr( 0x00002000 0x00022c70 0x00022e00 7.99862131346
.text 0x00026000 0x00009110 0x00009200 4.98942038307
.rsrc 0x00030000 0x00000596 0x00000600 4.08009802159

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000300a0 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000303ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.
dQr(p,
`.rsrc
!qK&o*4vu
P%)Z],
FT]6\^X
?6,$Lr
h}g}TK
6duv;~j
?trv2@8
jYcy[
o9mFU6
7A3Dot
@Q0y*8S
)9HQBN
'PW0/J
(|$m^w
ky]GFa_!
ssa~S Z
jO~:\p
MsP&SN
3P@wbk
;Np1b{h
a+=0mBu,
^7C<X
{$/_8S
_-`TMhY
NN%LDH
l!j/+~
X?x`**B
i/}NdCk
)({\1=
>m6*LE
xV-U8X
PA1viN
R:5:_<
~B]U:8(
^@u;&}
DAhO,}
.EdjD
mPt^mb1
>Sf|)R
J[krrp
+V5bh,
GMiC%|
tY]{U
YmfkD>eU
unMm(`
bU0z'FK}
w'5a~{]
[,D:9R'
=)sx`Lv
Op69oOQj|
sVQx8[
uJW-P(
Fyjg|
nON2[
2cZ)X9
UW"Rf!
k\eM(
K;V*(#
@fhQpw
pTc^t6^
K{z'+|v
_}4w+j
'SYxWwM<|
bp>h s4
wbAxfp
UO'-HE
!@;Jx.
yMQ]X#
Dpym#"R
qWYh-<
EVegiI.KPQ
Jk(zRW0
9ir+GwGQ
_[O5Fsk
)^]Gv8R
qkTS0v
4w[WCX
1].4gv
fSj1# g
cLN_N-
s{dho3
@~F-[1
L& T^u
q#{,Vr
]u;iSJ
e`\>jc
j6]x?$
}PTns
E%=4%4
JUk%TY
eK+Ib:
wTFr5|
@kdgO'
H={-/&
J k>b{
+L\S-|
w BDA1C
cT*H/h
/nL5x$
<R>e\_
}.=i)e
* ~t\l
}}"|GQ
s')u\R
2,TQazBI
`wV@Xcw)
#A\Djv
-9NE~'
j!@xn|
`;sh^
T+B<H]
j*':j"*k~
(/hX N
5b6`r*
eQ6C=i
?S| sl
K#,J*>
Uj1ntt
Bv"|xF
Ol}x/^
p2/=w3
a?7Q{B
H[O7vq'
gq/3bG
R2[/fUM
KLbpbt
T>F'O#
G!$upV>3
]wRGCsKI+Q
hqa.7J
1KhWz
JThG[PS34
0%:M[*k
-?A)TU
hw2L{j
QN#z!~
E~hm+|
("96+M
Q_B&#^
m|}zT[
YF|S%i
MNSQtU#
0[t{?$
7DX )M?Q
416IqV
&"WEk+
3JD3Tz
G3~2?+
sT[yN~l
,_G^fQ
K0*PS'
%DXvs!g
x3p_8M6
QZte]M
u+]:58
ca=s&].v
-=b(1D
6D,r#lp
^noKD4d
UWU6,
A!!:%~
r;w~a2
Ju8Dp
f-0otV
a9-33Iv
an)]Gf
Ki4|q_
V>HsaN
V]J?Oz
W)i|~@Z
rXa`'
f"?S`O
BCS$u5S
s;9Te)
RBSc/%
'N,)E}K
lyJi|l
3rvdVuN
!b30!U
3mM;3zEq9
^VbK8_
>>h:X"
$ir?2nF
d?O*BT
QQz`0
k_-Sq`,
i>>dt=
H]O Ws#
=sAHX^p
gA7*I=
"8< :)
4=!u7 M
o-qHLJ
h)-zr&zx,
fSM`_)
r,jZY7Zk
]S\'V;C
t9y2mW
T#_0&d
E`hsKR
:H`Q'P
Kxq7<P
b]?X"b
f/2CE
\H j4g
Ag`2Th
A"!"~W
8MK0YV
lH)+a=
F,n]oU5^
Nb$jwh3|
/*5KQI
4AuFZ;
#E=FgN]
,#/>D)C
K&/aFr;
jP!|z$
8/%a,Q4
}!@SkS
7c$LV/
T._\QY@
%e|c<BaK
C7u\TfO[<$
*M2/cg
ha(B"
|Pw#Yv
A.D?[~g
Tpt)Xf
ogzrJI
|g%?Y&&
T8UYY9
Y3!1e9
!}X$}_>
gW<LfBX
/5eYa/='.^ p
pLAZ r
17%&8m
ga+a8.
Z *3lPa8%
>`Da8.
|Z 2|F
q+jZ g%6
2Z Fli
BHNh772.pdb
v4.0.30319
#Strings
a7K'7ix<Mrf$O*^Q^A?"Hk8\"
BHNh772$
BHNh772%
cf595c41e34fae9d34a62be861bbebf51
UInt32
ToInt32
BHNh772
c8870bc13af2770de926d16fc75f3a824
ToInt64
ca7e8b056ae5b4203a039346f2f8d53f7
get_UTF8
c2135129d04cbdf3a825d2cb3976c0bc8
c3bafb76ede496e426f66e14e37129e39
<Module>
GetHINSTANCE
System.IO
set_IV
c1692e0dec345c6bdfc756ed39a9d601b
c92b8f3af304556f07caf6257ea1a2d6b
mscorlib
cc5c8984fa43fe4fc7bdcfd24dbfb2e2c
c3580da6fc10cb20bbe1b350fa582663c
get_CurrentThread
thread
get_IsAttached
set_IsBackground
GetMethod
c248fdb8a044a5f50e405976e03871c8e
Replace
distance
CreateInstance
CompressionMode
get_Unicode
Invoke
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
ToSingle
get_Module
get_Name
get_FullyQualifiedName
get_FullName
ValueType
GetType
GetElementType
MethodBase
Reverse
posState
STAThreadAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
matchByte
prevByte
get_IsAlive
add_AssemblyResolve
BHNh772.exe
get_InputBlockSize
get_OutputBlockSize
inSize
outSize
dwSize
windowSize
dictionarySize
IndexOf
PDatzRWhmUwYsQYYqBMOalCYIFgg
System.Threading
Encoding
IsLogging
System.Runtime.Versioning
FromBase64String
GetString
Substring
get_Length
TransformFinalBlock
TransformBlock
Marshal
kernel32.dll
GetManifestResourceStream
DeflateStream
inStream
outStream
MemoryStream
stream
System
SymmetricAlgorithm
ICryptoTransform
Boolean
IsLittleEndian
AppDomain
get_CurrentDomain
System.IO.Compression
System.Globalization
System.Reflection
get_Position
set_Position
Intern
MethodInfo
InvokeMember
DESCryptoServiceProvider
sender
Binder
rangeDecoder
Buffer
Debugger
ResolveEventHandler
BitConverter
.cctor
Monitor
CreateDecryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
properties
NumberStyles
numPosStates
GetBytes
BindingFlags
ResolveEventArgs
Equals
Models
NumBitLevels
numBitLevels
get_Chars
RuntimeHelpers
lpAddress
numTotalBits
numPosBits
numPrevBits
Object
lpflOldProtect
VirtualProtect
flNewProtect
op_Explicit
Environment
ParameterizedThreadStart
Convert
FailFast
System.Text
startIndex
InitializeArray
ToArray
set_Key
System.Security.Cryptography
GetCallingAssembly
GetExecutingAssembly
BlockCopy
set_Capacity
op_Equality
Confuser.Core 1.6.0+447341964f
Copyright
2023
$7f84feb1-d02b-41b7-a951-b990c00d9c93
.NETFramework,Version=v4.5.1
FrameworkDisplayName
.NET Framework 4.5.1
1.0.0.0
BHNh772
WrapNonExceptionThrows
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
BHNh772
FileVersion
1.0.0.0
InternalName
BHNh772.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
BHNh772.exe
ProductName
BHNh772
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Stealer.12!c
tehtris Clean
DrWeb Clean
MicroWorld-eScan Gen:Variant.MSILHeracles.87250
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!1190C6A8211A
Malwarebytes Trojan.Crypt.MSIL
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.MSILHeracles.87250
K7GW Clean
Cybereason Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Kryptik.AGKT
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:81IoHPWwrgvgWoHqoMHVqQ)
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1326434
Baidu Clean
VIPRE Gen:Variant.MSILHeracles.87250
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win64.Generic.cc
Trapmine Clean
FireEye Gen:Variant.MSILHeracles.87250
Emsisoft Gen:Variant.MSILHeracles.87250 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.MSILHeracles.87250
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1326434
MAX malware (ai score=88)
Antiy-AVL Clean
Gridinsoft Trojan.Heur!.031122C3
Xcitium Clean
Arcabit Trojan.MSILHeracles.D154D2
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Detected
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Gen:Variant.MSILHeracles.87250
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Agen.Rsmw
Yandex Clean
Ikarus Trojan-Spy.DarkCloud
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.AGKT!tr
AVG RATX-gen [Trj]
Avast RATX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.