popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2006-02-16 07:04:58

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00146664 0x00146800 4.01902845761
.rsrc 0x0014a000 0x0000061e 0x00000800 3.63607258835
.reloc 0x0014c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0014a0a0 0x00000394 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0014a434 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
F1S1F1v
C)O)H);t
^0N0L0
-SxUxKx}N!AuA
0L:L*LXu#u]B&s
PLq[|Wz
3*3y=u
f\a\H\
jweQe0R
@T@2yTNM
y2y\NA
\y}ypAv
y8yBNr
\z}npiv
g0{={;14%4m
S+n:c7erj`j&]2l
gsafnwn
XXPX6Xth~ndata
0>7>A>>
kjfm`#o%o_XQi
Jhkyfp`
*t!t]tvI`DrB?MIM]zOK
hpImD{B
!W.`.#
!D.X.#
#.8#2%~*H*
yIvMv#A
X|eehkn%a!aWVdg
Djeehan-a!a@Vag
b~C%N'HfGtG>p
kBRXRcepT
y/d"o$(+
V^w_zW|<s
A~|-q/wnx|x6O
+S$u$-T>T
Tqiqdxb9m<m\ZHk
Hxi~dxb=mNmGZ^k
Hqi|dlb
^&hag-gCPVa
F=g-jElgcwc
F g=jElmcgc!
]1Z<A:
N1_<P:
gwW~Qf^~^
r3DwKeK
n!O:B?DjK>_9_
ff{QD`:
DKeBhXnna
DQeVhKn
EUJCJ'}
V?w"z)|nsHs@
J{i8O0O
DVyMtEr
}=}jJb{
LhJ}EvE<r$v(v
jRKIFw@
jHKXF{
J:H7\1
b:z7Y1
b'Y/Y"X:W f
EQdLiGo
{>C3@5<:$:L
`>U3@5.:-:F
5/:"6$s+O+
YNY!n5_
iaXo^!Q
tbUZXY^%Q=QUfMW
tyULXY^7Q4Q_frW
`>a?VzY7YQnX_
w|X{XZYPh^nBaZa:V+g
K/K!|~M
nHOIBHD$Ku
W,P,n-
n,c!g'
G<@1P7
M<N1v7P
8[4[}Z
GOfHkXm
GEfFk~m
?!)-)j(
d0l041F
+8[0[jZOb/U`d
GUfSkYm(b"L*LqM
PyqO:G:
h:j:?;
ERD0|=|IKRz
& -';K
Uy(A
3Z(+
+?(.
}|(1
5p(3
YX(1
jk(1
$n(:
Fd(
Mo(
Nl(
cA(
Y{(
_}(
fD(
eG(
=(
_{(;
+ O#;K
 sF(!
+ L#;K
*_/($
+ L#;K
+ M#;K
=d('
+ L#;K
+ J#;K
+ L#;K
+ F#;K
wk(@
+ F#;K
 v(<
.d_(C
+ K#;K
+ J#;K
+ I#;K
<7(?
+ K#;K
+ J#;K
+ L#;K
2#(%
+ K#;K
+ O#;K
vb(=
+ H#;K
+ J#;K
Y}(;
+ N#;K
+ O#;K
+ I#;K
+ J#;K
+ H#;K
+ F#;K
+ K#;K
c @(
sl(&
+ J#;K
+ L#;K
wG((
+ I#;K
+ K#;K
+ F#;K
+ F#;K
tQ1(
MR(&
+ O#;K
 I|(!
+ K#;K
'q(<
+ L#;K
3O(/
-t('
+ M#;K
+ K#;K
+ J#;K
cA(
+ M#;K
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
'*E(aaq
i,!x~V:
un5o^$
p@yR
Iohf:rXT
>cZs'S
^[9`~>5L
1lzF|#
4}U0WcCq
rM]Cj>T
Rn)bR
9W9X9
d;*ZhC
+g0z`Ac
OCd?@FD
dW!8eX
3mimK^5
N'tZar
LT@b<?
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
u[=SMK
=BkrNh
hSZ30Uz
?c4P%t
/GHouq
l8G{+
ux[{64u
) Z+<*
iu3;My
:{k?MA
"HtjsM
yfd-|Q
|[7+;'
8R+j]q
4rz1MM
pG"#D1
Il?R4[
W'L~Hn
GydKD>
Q/&s?k
7m_z&4
|p!0Ul
DOoXp~
QEn?Bi%
}ttW\v
2URN %
=*[2"w
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lO.oip
lO1s::[qcC
v,i9}G
v,i9}G
TuxRWQ
TuxRWQ
X/#02YN;
lOy,'=
wK,"ud
H8L$^.
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
!CG}-Y
umRHCht
|mtH8i
|mtH8i
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
0po{d3
O77>*?
d&.HzB;1
h 3fK
'}e'!N
LR-mx@
d 4?~=
wA14Yy
-RJ!C:
I^ J-G
8"yNU-'
3WWg u
==-W*v
X,r(S
cx.6=|
O(E42Al.X
kgye#*J%
Plj;e)
R-G*"$
qTRDfV
\,&N63e
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
< `emg)/
f1d]l9
}XH&8t
cQUhR.!
*|UvgG
P/?h`m
1=}&&y=
vl|#/}
@hF42b
djQ}*c
eu=-"s
YB&CZ_
YC-NvR
(WFdkN
67N:G(
Tdkzpya
UYhXG]TY
}H7:/"
sK+~aP
tX"4pBo
Ft8%>q
E^pKS[7
edVQ+|
<r166
Rd(KZl
/D/Rmx
DaH;sq
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
G31IN
j=f;~n
dkNp*y
E"{swm
JLI&r2G
E"{swm
JLI&r2G
JLI&r2G
E"{swm
JLI&r2G
E"{swm
JLI&r2G
E"{swm
E"{swm
JLI&r2G
0uoyj+
v|.aE
k.&,,#
gMl1rX(
0QWO0Y
$:<\MA
^!Je6=OW
qF-;"G
%}?Dv!Pb
VRXjIt
7N8dOO3
j:m4U@
3kANF.E
ResqQ$
b?B1f/28
QL<3%_4
jVm8VO[j
I#Sr<m
s]c>[!
Lv_p3I
3bk|bx
H# [~q)
tI~EG[-*;
wKG7JJ
\[`~zv
( DU`"
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
O4HevX=
lSXf&|k
d=h`1s
QqV5+:
TnwrQn
#?5-5&
jcV^CI
'dWj:;
R~X,5z_C
UtI2P}
^W4drH
D1m;v sJ
X'Hpbk
G'[mXq
8$?#EJ
nu~Q0|
KLfAHu
*NJDf
I\vk>{
y7r|Qt
u7dr/U
RC]$h?
@1>V4e~
w"]1y*
J@).HD
kyxbB[
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
e9uT3eJ
iS;z4mt
8;:3pX`
f5gh e
6%hg=a
&$6I"Eg
/#d9cz|
NE3Zld
CbOA {\
EA?i-S
DTl7;J{,mL{b
4]o5^#hN^
5D/::s
>sm.s&
0vV0=k:
Kj!{;/=
1U/HR+"
EM_<Q|
XsCZ<j
%2T/D>
ANp2fM
'52="cI
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cQ}Axq
YetQK8Kh
hK!a8W
?`E}WA>
4I:(WuU
-`{nm$9
[a=HzL
R'J?f
ZvQkl|(
&&KK%+
#&sc#`
Ty;q5Xq
ht{V:s
4ytr}g
.Gy"y/
]{AK6C
yxLQ{zzf-p
9MKX^l
Y?$9OW
zSfA.3Dn+
@-&D3
buxK'2
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
zsrz+
heqppz/yq
G]e#q]H
ljm3$'
1x"-\b
PX<7_5
L(^FM~b!g
+Kz9lm
c{RJbV!Q
A15a&mh
A15a&mh
I~R[GuKq
m8*Cv]n
Z!2.[V
kv]DzN
BM3,/
[2 C5G>
&|N-d)
nWYq^>c
8}S1f@
KI^v||N
K4cer"'
#1>&AUc|8!
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pWdZj:
Di;.T5
OFnl6CoK
7e(EZS
7e(EZS
nl6CoK
v4.0.30319
#Strings
$I896-0
$I896-1
IComparable`1
IEnumerable`1
List`1
Converter`2
r1BSe8
Tf1t7A
B43BC7274F42CD4BF239F588256F6CF854BAFAB27778E44D17D651BD4D57A5CD
System.IO
Zo5d2W
Jd0j9Y
System.Data
ProjectData
FromArgb
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Qy39Wd
Thread
get_Red
set_Checked
set_Enabled
set_FormattingEnabled
get_IsDisposed
Synchronized
Append
CreateInstance
set_DataSource
set_AutoCompleteSource
BindingSource
GetHashCode
set_AutoScaleMode
set_AutoCompleteMode
set_SizeMode
PictureBoxSizeMode
CompressionMode
SchemaSerializationMode
get_Message
AddRange
ICloneable
IComparable
IEnumerable
IDisposable
Hashtable
ISerializable
set_Visible
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
DockStyle
set_BorderStyle
FontStyle
set_Name
get_MachineName
GetHostName
DateTime
ValueType
GetType
System.Core
ConsoleApplicationBase
ButtonBase
ApplicationSettingsBase
TextBoxBase
get_Turquoise
Dispose
Reverse
EditorBrowsableState
set_WindowState
FormWindowState
get_White
ThreadStaticAttribute
STAThreadAttribute
DesignerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SecuritySafeCriticalAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ToByte
get_AliceBlue
get_SkyBlue
GetObjectValue
Remove
set_Size
set_AutoSize
set_ClientSize
ISupportInitialize
System.Threading
NewLateBinding
GetEncoding
System.Runtime.Versioning
GetResourceString
ToString
GetString
System.Drawing
ForNextCheckObj
ForLoopInitObj
get_Black
set_Dock
System.ComponentModel
ConvertAll
get_Control
ScrollableControl
IButtonControl
ForLoopControl
ContainerControl
ListControl
ObjectFlowControl
get_IBeam
BufferedStream
GZipStream
MemoryStream
System
Pg72Dn
x9B2Fn
Boolean
TimeSpan
get_DarkCyan
get_DarkGreen
set_TextAlign
System.ComponentModel.Design
_AppDomain
GetDomain
IAutomationLiveRegion
System.IO.Compression
set_Location
System.Windows.Forms.Automation
System.Configuration
System.Globalization
System.Runtime.Serialization
op_Subtraction
System.Reflection
ControlCollection
ControlBindingsCollection
ObjectCollection
set_StartPosition
FormStartPosition
_Exception
TargetInvocationException
InvalidOperationException
get_InnerException
ArgumentException
get_Maroon
RadioButton
set_AcceptButton
Zt30Ao
CopyTo
CultureInfo
MemberInfo
set_TabStop
System.Linq
set_PasswordChar
set_DataMember
InvokeMember
set_ValueMember
set_DisplayMember
ICurrencyManagerProvider
StringBuilder
Binder
get_InactiveBorder
ResourceManager
ToInteger
System.CodeDom.Compiler
IContainer
Computer
set_ForeColor
set_BackColor
set_UseVisualStyleBackColor
ClearProjectError
SetProjectError
set_Cursor
Activator
.cctor
o9T4Bs
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
facac1a05c2dd4.Resources.resources
q5.Resources.resources
.resources
.resources
.resources
.resources
BindingFlags
get_DataBindings
ReferenceEquals
get_Controls
get_Items
System.Windows.Forms
Contains
set_AutoScaleDimensions
Conversions
System.Collections
AddYears
RuntimeHelpers
SystemColors
Cursors
Operators
IPAddress
get_TotalDays
SubtractObject
IReflect
LateGet
LateIndexGet
System.Net
LateIndexSet
get_BlueViolet
get_Highlight
get_MenuHighlight
EndInit
BeginInit
GraphicsUnit
Default
HorizontalAlignment
ContentAlignment
Environment
Component
get_Transparent
set_Font
IBindingList
get_AddressList
SuspendLayout
set_BackgroundImageLayout
ResumeLayout
PerformLayout
System.Text
set_Text
ICancelAddNew
IBindingListView
get_UtcNow
set_TabIndex
LateSetComplex
PictureBox
set_ControlBox
ComboBox
GroupBox
TextBox
InitializeArray
ToArray
ContainsKey
get_Assembly
IPHostEntry
GetHostEntry
System.Security
d4L8Kz
2-pDCJ
=F;7?9?H5J5FAE6953F?
8B<=A;5C=AF53C>3
3><BC<C>F7?=>@GF<A62G
WrapNonExceptionThrows
$ac367962-1c7b-420c-8fcc-2ce6f1ebb9e2
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
7.10.13.17
'Copyright
2010 3><BC<C>F7?=>@GF<A62G
b7ZFo5g9BQe32NyPm8i0R1KxEf4k6
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
17.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
17.6.0.0
My.Settings
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
374f8dbe14
d267f97c0
d267f97c1
d267f97c10
d267f97c11
d267f97c2
d267f97c3
d267f97c4
d267f97c5
d267f97c6
d267f97c7
d267f97c8
d267f97c9
&U'U(U)
E}FAG5H
W}XAYUZ![A\
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
8B<=A;5C=AF53C>3
CompanyName
3><BC<C>F7?=>@GF<A62G
FileDescription
=F;7?9?H5J5FAE6953F?
FileVersion
7.10.13.17
InternalName
setup.exe
LegalCopyright
Copyright
2010 3><BC<C>F7?=>@GF<A62G
OriginalFilename
setup.exe
ProductName
=F;7?9?H5J5FAE6953F?
ProductVersion
7.10.13.17
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Zilla.4!c
tehtris Clean
DrWeb Trojan.PWS.RedLineNET.7
MicroWorld-eScan IL:Trojan.MSILZilla.28568
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!AE935CDA1E1D
Cylance unsafe
VIPRE IL:Trojan.MSILZilla.28568
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005a77a41 )
BitDefender IL:Trojan.MSILZilla.28568
K7GW Trojan ( 005a77a41 )
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.36270.rn0@a0NTg9
VirIT Clean
Cyren W32/MSIL_Troj.BPP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Kryptik.AJCJ
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanSpy:MSIL/Stealer.b4b420c8
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Kryptik.1340416.F
Rising Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:M2I0Wcj7C1OBZ2ICe3mCTQ)
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1307342
Baidu Clean
Zillya Clean
TrendMicro TrojanSpy.Win32.REDLINE.YXDFVZ
McAfee-GW-Edition BehavesLike.Win32.Downloader.tt
Trapmine Clean
FireEye Generic.mg.ae935cda1e1db321
Emsisoft IL:Trojan.MSILZilla.28568 (B)
Ikarus Trojan-Spy.HawkEye
GData Win32.Trojan-Stealer.Cordimik.OE7B7A
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1307342
MAX malware (ai score=87)
Antiy-AVL Trojan/MSIL.Kryptik
Gridinsoft Trojan.Win32.Kryptik.cl
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D6F98
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft Trojan:MSIL/RedLineStealer.EM!MTB
Google Detected
AhnLab-V3 Trojan/Win.MSILZilla.C5443411
Acronis suspicious
VBA32 Clean
ALYac IL:Trojan.MSILZilla.28568
TACHYON Clean
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.REDLINE.YXDFVZ
Tencent Malware.Win32.Gencirc.13db0dcc
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.AJCJ!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.