popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-06-08 10:45:52

PDB Path

BHNh772.pdb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
\x18cPVv+QV 0x00002000 0x00042c0c 0x00042e00 7.99936615171
.text 0x00046000 0x00009138 0x00009200 4.99724372702
.rsrc 0x00050000 0x00000596 0x00000600 4.08325866806

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000500a0 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000503ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.
cPVv+QV
`.rsrc
`\h?GE
;TpD]y
TWM!CXG[x
YxG]V
0%Xp`TM
*8%wu5
b86yoE
XmXvUc
|*tSI^(
5VyMB>
KZ:d!8U
\~wy[i9
=$t,IjY
2'a.hL~]
|&PzY:
J^]"%
c$BP6l3
.?"DXYQ
fyM`7x
[GsKG>
c@Jezq
L=BP88!
ll+W?W
DRxusX
D~)/.d
Iy0rsa
E*CIO\H
K)]vN3
~-KGly2
UyG."R
@X~H{v
TrKzPj
M N.E)1
B>I6Xj
8!~Rj G
|Hr"Hn
bu7Mfu~
9=yX42`Gp.
&l%?m5
So,?j;
{7XBMyv
>.VoZD|};(V
hlf27_
p8c]}iC6d9W$`
E0O%IY
w{"Hv~,
ZNj'Pc
>vz*Tl
\}P!d)X
xm\-m!
g$:63
)X&kUfn
P|>;C*pI
JEHl<z
<mRbLN
C2x6+v
N3/o98
%{K?%2
ev.nB<-
`Ym!kz
3+$Q6{
5EP|RgQ
6gDJ!
V5\]A5
qC`{8Y
.2b+Ur
2nFG}mpD
}rQbGa
Pf[h~|
D-Y9(E
Gxo6 W
O?\y~y
ZIi,f&
wf#Qt'
rcVg'A
0dKsMt
QC#{k:e
2^EOy=
7/cLDT}
)G)3!>
R<VXy0
PAh"0UL:
CFBQM
Jj-g4nr
9E[SYm
QZz{R@
[unJ-!_x
@w.|<
Rk)$Yl
eHT0<2
u[EGNEI3c,
x# jJl
WaEcdJ
j_&<#L
hPm}%%B
qV%4#c
e^;*Bh
d2m{wCCJ*
TBV#[\T"-
z1?>z\
'?])3:Y
4C;vH,
aEVJ?B
mT:M3V
?i)_-HC
Y(/Z>-k
r*$ZULRZ|A
*On)UM
^4&/)p
MqpUg0w3_m
r17"JE
.6Xp{)
s 9&Ex8
>zDbPH
F@>/LvcD
TnCvK k
qy$~7;
#9H6oG
LKXJIa
[Oprh/7x
DnY19'+
%Y|@ (
D.#OV
e35s/B
Efswa,
_zl}+c$f
HK"N[
mR84v8k
7U$H]L
YqL Iu
aji@Z"
V ,]wg
LK`->l
|a,P-\W>,
\Q0yq"
?<mVj
yXrHXHX
+u9H\A"
3&'b>LS
*/Sids+"
v7M$Uv
8R>?8N
uJ5jP
tJs:*w
2a|?jq
(6MSsy
O"lGIoO
vc=v}
St&jwQ
VwJ:{[
" >.eZ5
B9^qY_
{dHL~1i
L~n&w'
"TFHo
f?Oq$,=
F+"lNBh
qS/NpX4
Smx=-;
CxjAR-G"i>2
:D&p2J
.iDmOP
c~9b8<
qgD6f,1
dxmjTp
_ya}b*
vV\"jML`
O7UntW
a`ECdB
[7:!h~
lBH3.a
LQ8ms(
q8QK>72
wPqLVAe
u,~<+U1
a(Mxzz0v
t6U8w.
J.a~#k
t#{]!xv}
]yx\h{?
8w~_w!*
;B)Qr$
A*[:pM
l5'<hW
+lpUq
%<P5U*
Lm&`to
:5x'!wpn
-y7D1,
3A9-=Q
>\@$Vi
E*ylt>
bh[8|ZYP,
!}Ai"s
L=tS+{v
&v<bO~
8&=W.N
%.(7#fD
pk<`^XG
{rIk,D
YMsvR8
5;6l~#
ipO?u2
8?3T^O
);DJ&}
t&[-}s
l.!l?R
MelHPF&
\L@='[-
fI1Jw\
>.tV+e
LxKoP@p
K|n(aTT
\kL(%
EQcV?s
dW9Z!q
c5IrEx
=$<[+`
p^FIhK
CtGEf?
:^hG6.
O%\IF'
#N#xZ{
"g;TB0
NSoeHq=
YXZR}-
MH>Z]{x
qV#Xvl
+mo8Eh
P;FH1c
=KrqZ}
=}[ry/
X_)2AH
c#8T
mVel,x
xur"8j
ly:Ayy
6k,lKP
*6/Z8Z
i)kjrv&J
h:"r\0
+VM[xK
k7{UwE
VtH/+'
Uv:I-c|*7
c=,ePPp
f$h"SJ
:hi> bV==|~
(u@\Q+
4?H<xi
KG(mY'
HT0qz#4
/wIMJ}
GRt~mD
GSYp_%
BNaz7~|!
d%~Pw"T
]A62OA
%&WKF%
)<(XoK
dXSA3j
QJ\!Q}
$pKNTR
?)'GFj]
F+..u
alc=t{O+
!hX[?I
Zl[yQ\
XAyT*n`<)
5ec6/n7c
a!BlSR
Si+jRQ
]SJ=Q/
8PH^04
xWzPq`
`h:;V/
k0lA"v
;MZ,?e
gPAg` T
/8x>?O
Can9F+
|P?U8
'jPNYL
rWeL9*
e.5%lT
$e;Wg"
y:fdK
yH{(Tn7
oCO=Rt
&{(#9`
&Sy2vCy
B\=LQ[
bTbma-,
E_BiXv
#v!kKKf
Gyj=+rY
#Jm{OT
Pf]*&|H
#?RPFD8
h->q_I
j=Y7}"oj
A)9@nEZ
9QK'o?q%C
v@&'g?
_SD3~Q@x
Hbp0O=Rs
3,/Y[
ty*R#dV
g+}c]U
7ia?FsF
IbW_.X
x*+d3B
(PjH4
atFRq$
+7yd3]
,?uB1OW
eFp1iY
?F;#SJ)
lHf7KRTiH
vv)FXm
PT5S>b
TEH$t%
rOui%Q
c|[)w
-B*|3k
g'H=i:E,
y" XvwOO
y(L7oV
b_(|;6
7qv1dA
VsE*5H
8!$W^A
(su9/v
_7B"8=
cRht)~
K=H4TFJa
B!*RX{
K@K+;h
|{0^eb{%
m6%V:i4
*7H"|M
Us%SN2CX
MDGqi<
~bB{]!r
]W dO],
H}]T:n
!wR>u
%;|$l%
O3@&MW
bmYPZ,'uio
a{`vk$q$U
DHt#-Cs
oE8)O3
ifU4yPW
cJ8Tma
iD>JqGk
^zN4`J
VtWUFr
&eAmEM
v2^Su[:
- "C6z^
6]GFS3
hbWFr?^<
EG@NDe
DR1_)d
Uz6P&}
0fmzqo
HYynQI
c]h-RKy
!9NC]W0
ZMP.],
n7nrJp
}o,qC @,v/
O 0Q_(
V]Z|JFR
:DM%&c
`r3Ok iP
w{eOM(u
X)^6@6X
U"/:t"7
bC9lKr
'8Po7fz
QBWwBg
5uqxg
)PUc]8
qH?puo
My9ch@
5Z3Z/<
~GmiiG]
P4%?*Uju
.y[&M:E
Gl-XK8|
vOU$D)
@zd6Gxr
Lo:vQW
(#Nx}5M
<Me`cxd
ZZ;pD'
iceI3c
q< =&
u?".'9
w5nhy0
\>3!hx
P3kXc4Rw
u\;g0O)
g"iT#
Ho;2`@];U
|NJ^|FW`
.O 2X
Tx"_<#Q
5`JC*Z
I,72Nb
BYR^#l-
$,/o<S
LA<H4M
b5_a|f
}`NVYn
T[`C3.
[1]/%h
r*/GS.
DcP(vu
F\'5w:FN#'8
wI!d`O
%o!KCh
3$ySV8
a<t1wD
d,NVis
7-(B_J
m:_wu:
LTT:<
QGj0/)
wgjZc8:
2r:2$W'[
BVr<!l
gt{945
[U*,.G>
Ikvi h,
q!}Q"Z
2/:)C@s
^(y7&Ez
XY%#z T8I
7`jalH
8PB{;-
xA$Oz|
oT|=d!6
]A|KLm
'/o?%SG'Pv
<)HD
Te-xX7
o{rf5U
C6Z_M
Aguu(H
F].+Vd
i_v1}V
gN7K0l
(vY9V_9Y'@T
A#EnU=
h"|#':
'sB][S
Z9Z (n
Hw{Z WtIXa8
(,F]Z
}k%&8/
x_ea8}
s>~Y%&8R
BHNh772.pdb
v4.0.30319
#Strings
BHNh772$
BHNh772%
iV/gtSRVPk:fTl:>9R1o^UAX,
cf595c41e34fae9d34a62be861bbebf51
UInt32
ToInt32
BHNh772
c8870bc13af2770de926d16fc75f3a824
ToInt64
ca7e8b056ae5b4203a039346f2f8d53f7
get_UTF8
c2135129d04cbdf3a825d2cb3976c0bc8
c3bafb76ede496e426f66e14e37129e39
<Module>
GetHINSTANCE
System.IO
set_IV
c1692e0dec345c6bdfc756ed39a9d601b
c92b8f3af304556f07caf6257ea1a2d6b
mscorlib
cc5c8984fa43fe4fc7bdcfd24dbfb2e2c
c3580da6fc10cb20bbe1b350fa582663c
get_CurrentThread
thread
get_IsAttached
set_IsBackground
GetMethod
c248fdb8a044a5f50e405976e03871c8e
Replace
distance
CreateInstance
CompressionMode
get_Unicode
Invoke
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
ToSingle
get_Module
get_Name
get_FullyQualifiedName
get_FullName
ValueType
GetType
GetElementType
MethodBase
Reverse
posState
STAThreadAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
matchByte
prevByte
get_IsAlive
add_AssemblyResolve
BHNh772.exe
get_InputBlockSize
get_OutputBlockSize
inSize
outSize
dwSize
windowSize
dictionarySize
gKhFlXCBMQimaFYLaZrRoNciKCLf
IndexOf
System.Threading
Encoding
IsLogging
System.Runtime.Versioning
FromBase64String
GetString
Substring
get_Length
TransformFinalBlock
TransformBlock
Marshal
kernel32.dll
GetManifestResourceStream
DeflateStream
inStream
outStream
MemoryStream
stream
System
SymmetricAlgorithm
ICryptoTransform
Boolean
IsLittleEndian
AppDomain
get_CurrentDomain
System.IO.Compression
System.Globalization
System.Reflection
get_Position
set_Position
Intern
MethodInfo
InvokeMember
DESCryptoServiceProvider
sender
Binder
rangeDecoder
Buffer
Debugger
ResolveEventHandler
BitConverter
.cctor
Monitor
CreateDecryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
properties
NumberStyles
numPosStates
GetBytes
BindingFlags
ResolveEventArgs
Equals
Models
NumBitLevels
numBitLevels
get_Chars
RuntimeHelpers
lpAddress
numTotalBits
numPosBits
numPrevBits
Object
lpflOldProtect
VirtualProtect
flNewProtect
op_Explicit
Environment
ParameterizedThreadStart
Convert
FailFast
System.Text
startIndex
InitializeArray
ToArray
set_Key
System.Security.Cryptography
GetCallingAssembly
GetExecutingAssembly
BlockCopy
set_Capacity
op_Equality
Confuser.Core 1.6.0+447341964f
Copyright
2023
$7f84feb1-d02b-41b7-a951-b990c00d9c93
.NETFramework,Version=v4.5.1
FrameworkDisplayName
.NET Framework 4.5.1
1.0.0.0
BHNh772
WrapNonExceptionThrows
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
BHNh772
FileVersion
1.0.0.0
InternalName
BHNh772.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
BHNh772.exe
ProductName
BHNh772
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Cerbu.180937
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!01BEAEFB0F56
Malwarebytes Trojan.Crypt.MSIL
VIPRE Gen:Variant.Cerbu.180937
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005993981 )
BitDefender Gen:Variant.Cerbu.180937
K7GW Trojan ( 005993981 )
Cybereason Clean
BitDefenderTheta Clean
VirIT Trojan.Win64.Agent.XK
Cyren W64/MSIL_Agent.FNO.gen!Eldorado
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 a variant of MSIL/Kryptik.AGKT
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
Alibaba TrojanSpy:MSIL/Kryptik.56f1bf08
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:16500IQ+Sl8Ww02rVhtXEg)
Sophos Mal/Generic-S
Baidu Clean
F-Secure Heuristic.HEUR/AGEN.1326434
DrWeb Trojan.Inject4.58169
Zillya Clean
TrendMicro TROJ_GEN.R002C0XF823
McAfee-GW-Edition BehavesLike.Win64.Qakbot.fc
Trapmine Clean
FireEye Generic.mg.01beaefb0f56383b
Emsisoft Gen:Variant.Cerbu.180937 (B)
Ikarus Trojan-Spy.DarkCloud
GData Gen:Variant.Cerbu.180937
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1326434
MAX malware (ai score=80)
Antiy-AVL Clean
Gridinsoft Trojan.Win64.NanoCore.bot
Xcitium Malware@#2kgik354qxf95
Arcabit Trojan.Cerbu.D2C2C9
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Noon.gen
Microsoft Trojan:MSIL/AveMariaRAT.MAAY!MTB
Google Detected
AhnLab-V3 Malware/Win.Generic.C5438822
Acronis suspicious
VBA32 Trojan.NanoBot
ALYac Gen:Variant.Cerbu.180937
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0XF823
Tencent Malware.Win32.Gencirc.13cd4d5e
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.73691310.susgen
Fortinet MSIL/Kryptik.AGKT!tr
AVG Win64:RATX-gen [Trj]
Avast Win64:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.