Static | ZeroBOX

PE Compile Time

2023-06-29 09:33:47

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00008be4 0x00008c00 5.60885925128
.rsrc 0x0000c000 0x00000240 0x00000400 4.96877165952
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000c058 0x000001e7 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
(  (
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerNonUserCodeAttribute
Microsoft.VisualBasic.Devices
Computer
DebuggerHiddenAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
Microsoft.VisualBasic
HideModuleNameAttribute
MyGroupCollectionAttribute
RuntimeHelpers
GetObjectValue
Equals
GetHashCode
RuntimeTypeHandle
GetTypeFromHandle
ToString
Activator
CreateInstance
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
m_ThreadStaticValue
get_GetInstance
System.ComponentModel.Design
HelpKeywordAttribute
STAThreadAttribute
System.Net.Sockets
TcpClient
System.IO
FileStream
FileInfo
MemoryStream
Conversions
ToBoolean
System.Reflection
Assembly
GetEntryAssembly
get_Location
Microsoft.Win32
SessionEndingEventArgs
Exception
IntPtr
op_Equality
op_Explicit
Strings
String
get_Length
ProjectData
SetProjectError
ClearProjectError
System.Text
Encoding
get_UTF8
GetString
DirectoryInfo
get_Name
ToLower
Operators
CompareString
get_Directory
get_Parent
System.Threading
Thread
Monitor
Stream
Dispose
set_ReceiveBufferSize
set_SendBufferSize
Socket
get_Client
set_SendTimeout
set_ReceiveTimeout
ToInteger
NewLateBinding
LateCall
ConditionalCompareObjectEqual
Concat
Convert
FromBase64String
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
RegistryKey
get_CurrentUser
OpenSubKey
DeleteValue
ToBase64String
GetValue
Interaction
Environ
Conversion
CompareMethod
Registry
CurrentUser
SetValue
System.Net
WebClient
System.Windows.Forms
MessageBoxButtons
MessageBoxIcon
IPEndPoint
System.Drawing
Bitmap
Rectangle
Graphics
Process
AppWinStyle
DialogResult
MessageBox
CreateObject
Boolean
ChangeType
RegistryValueKind
Cursor
GetTempPath
WriteAllBytes
get_Audio
AudioPlayMode
IPAddress
AddressFamily
SocketType
ProtocolType
EndPoint
SendTo
Exists
DownloadFile
ReadAllText
ConcatenateObject
get_Chars
ToArray
DownloadData
GetTempFileName
get_Message
LateSet
LateGet
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
get_Position
Cursors
get_Default
DrawImage
ImageFormat
get_Jpeg
WriteByte
EndApp
FileSystemInfo
get_FullName
DateTime
Environment
get_MachineName
get_UserName
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
CreateSubKey
GetValueNames
FileAttributes
StreamWriter
Application
get_ExecutablePath
SetAttributes
Delete
get_LocalMachine
FileMode
FileSystemProxy
get_FileSystem
SpecialDirectoriesProxy
get_SpecialDirectories
get_ProgramFiles
Directory
GetLogicalDrives
TextWriter
WriteLine
Command
ThreadStart
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
GetCurrentProcess
set_MinWorkingSet
ConditionalCompareObjectNotEqual
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Module
GetModules
GetTypes
EndsWith
get_Assembly
get_Handle
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
SocketFlags
Receive
ParameterizedThreadStart
GetBytes
DeleteSubKey
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
ToInt32
GetProcessById
get_MainWindowTitle
DateAndTime
get_Now
get_ProcessName
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
StringBuilder
get_CtrlKeyDown
Remove
MulticastDelegate
IAsyncResult
AsyncCallback
System.Collections.Generic
List`1
get_Capacity
get_Count
get_Item
user32
user32.dll
winmm.dll
avicap32.dll
kernel32
KERNEL32.DLL
mscorlib
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
EnumWindProc
EnumChildWindProc
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_Application
get_User
get_WebServices
GetType
Create__Instance__
instance
Dispose__Instance__
lastcap
GetForegroundWindow
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
CompDir
connect
apiBlockInput
BlockInput
fBlock
SwapMouseButton
SendMessage
wParam
lparam
SetWindowPos
hWndInsertAfter
wFlags
mciSendString
mciSendStringA
lpCommandString
lpReturnString
uReturnLength
hwndCallback
AddHome
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
Plugin
LastAS
LastAV
lastKey
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
GetWindowThreadProcessId
MapVirtualKey
ToUnicodeEx
VKCodeToUnicode
EnableWindow
bEnable
lpdwProcessID
GetClassName
GetClassNameA
lpClassName
nMaxCount
SendMessageA
lParam
lpString
EnumChildWindows
lpEnumFunc
EnumChild
protect
GetChild
TargetObject
TargetMethod
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
WebServices
GetInstance
MyTemplate
8.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Computer
My.Application
My.User
My.WebServices
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
7JU]dkr
UserProfile
Windwos.exe
windwosupdata.ddns.net
c93798a70c3b382380c596bf193ad712
Software\Microsoft\Windows\CurrentVersion\Run
SGFjS2Vk
Exsample.exe
svchost.exe
Connect
Software\
SystemDrive
Software\Microsoft\Internet Explorer\Main
Start Page
IEhome
shutdowncomputer
shutdown -s -t 00
restartcomputer
shutdown -r -t 00
logoff
shutdown -l -t 00
ErorrMsg
SAPI.Spvoice
OpenCD
set CDAudio door open
CloseCD
set CDAudio door closed
DisableKM
EnableKM
TurnOffMonitor
TurnOnMonitor
NormalMouse
ReverseMouse
DisableCMD
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
EnableCMD
DisableRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
EnableRegistry
DisableRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
DisableSR
EnableRestore
DisableTaskManager
DisableTaskMgr
EnableTaskManager
CursorShow
CursorHide
sendmusicplay
OpenSite
udpstp
pingstop
taskkill /F /IM PING.EXE
/pass.exe
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
/temp.txt
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
yy-MM-dd
??-??-??
Microsoft
Windows
netsh firewall add allowedprogram "
" ENABLE
taskkill /F /IM
autorun.inf
[autorun]
shellexecute=
netsh firewall delete allowedprogram "
Software
cmd.exe /k ping 0 & del "
" & exit
yy/MM/dd
[ENTER]
taskmgr
processviewer
processhacker
process explorer
button
static
directuihwnd
End process
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
Elastic Windows.Trojan.Njrat
MicroWorld-eScan Trojan.GenericKD.67855309
ClamAV Win.Packed.Bladabindi-7994427-0
CMC Clean
CAT-QuickHeal Backdoor.Bladabindi.B3
ALYac Generic.Dacic.D6DFC400.A.5179EB36
Malwarebytes Bladabindi.Backdoor.Bot.DDS
Zillya Trojan.Bladabindi.Win32.73216
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
BitDefender Trojan.GenericKD.67855309
K7GW Trojan ( 700000121 )
Cybereason malicious.5f411b
Baidu MSIL.Backdoor.Bladabindi.a
VirIT Trojan.Win32.DownLoader21.BPQW
Cyren W32/MSIL_Troj.AP.gen!Eldorado
Symantec Backdoor.Ratenjay!gen3
tehtris Clean
ESET-NOD32 a variant of MSIL/Bladabindi.AR
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:MSIL/njRAT.b76f55ec
NANO-Antivirus Trojan.Win32.Autoruner2.ebrjyu
ViRobot Trojan.Win.Z.Bladabindi.37888.BTY
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Emsisoft Worm.Bladabindi (A)
F-Secure Trojan.TR/ATRAPS.Gen
DrWeb Trojan.MulDrop6.47072
VIPRE Generic.Dacic.D6DFC400.A.5179EB36
TrendMicro BKDR_BLADABI.SMC
McAfee-GW-Edition BehavesLike.Win32.BackdoorNJRat.nm
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.56f10385f411be07
Sophos Troj/Bbindi-W
Ikarus Win32.Outbreak
GData MSIL.Trojan-Spy.Bladabindi.BQ
Jiangmin TrojanDropper.Autoit.dce
Webroot Clean
Avira TR/ATRAPS.Gen
MAX malware (ai score=89)
Antiy-AVL Trojan[Backdoor]/MSIL.Bladabindi.as
Gridinsoft Clean
Xcitium TrojWare.MSIL.Spy.Agent.CP@4pqytu
Arcabit Trojan.Generic.D40B63CD
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:MSIL/njRAT.RDSA!MTB
Google Detected
AhnLab-V3 Trojan/Win32.Korat.R207428
Acronis suspicious
McAfee Trojan-FIGN
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Trojan.MSIL.Bladabindi.Heur
Cylance unsafe
Panda Trj/GdSda.A
Zoner Trojan.Win32.84773
TrendMicro-HouseCall Clean
Tencent Trojan.Msil.Bladabindi.fa
Yandex Trojan.AvsMofer.dd6520
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Bladabindi.AS!tr
BitDefenderTheta Gen:NN.ZemsilF.36270.cmW@aiIjBNi
AVG MSIL:Bladabindi-JK [Trj]
Avast MSIL:Bladabindi-JK [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.