Static | ZeroBOX

PE Compile Time

2023-07-15 07:16:20

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00009714 0x00009800 5.65196861071
.rsrc 0x0000c000 0x000004d8 0x00000600 3.70858372693
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000c0a0 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000c2e8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
  (s
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Settings
ClientSocket
Messages
Helper
RemoteDesktop
AppendOutputTextDelegate
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
Mutexx
System.Threading
_appMutex
current
isConnected
System.Net.Sockets
Socket
BufferLength
BufferLengthReceived
Buffer
System.IO
MemoryStream
ManualResetEvent
allDone
SendSync
BeginConnect
IAsyncResult
BeginReceive
BeginRead
EndSend
isDisconnected
System.Diagnostics
Process
_MyProcess
get_MyProcess
set_MyProcess
WithEventsValue
processid
AppendOutputText
DataReceivedEventArgs
MyProcess_ErrorDataReceived
sender
MyProcess_OutputDataReceived
WSound
mouse_event
dwFlags
cButtons
dwExtraInfo
user32
keybd_event
Thread
capCreateCaptureWindowA
lpszWindowName
dwStyle
nWidth
nHeight
hwndParent
Handle
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
getFolders
location
getFiles
getDrives
Download
MyProcess
GetHashT
strToHash
frombase64
Plugin
AES_Encryptor
AES_Decryptor
INDATE
Comment
Antivirus
CreateMutex
CloseMutex
userAgents
IPHOST
PortHost
IsValid
Address
BitBlt
nXDest
nYDest
hdcSrc
gdi32.dll
System.Drawing
Capture
System.Drawing.Imaging
ImageCodecInfo
GetEncoderInfo
MulticastDelegate
TargetObject
TargetMethod
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
VB$AnonymousDelegate_0
_Lambda$__1
DebuggerDisplayAttribute
FileInfo
Exception
Environment
SpecialFolder
GetFolderPath
GetFileName
String
Concat
FileSystemInfo
FileAttributes
set_Attributes
ProjectData
SetProjectError
ClearProjectError
ThreadStart
Random
WaitHandle
WaitOne
STAThreadAttribute
_Lambda$__2
_Lambda$__3
DebuggerStepThroughAttribute
TimerCallback
AddressFamily
SocketType
ProtocolType
set_ReceiveBufferSize
set_SendBufferSize
Conversions
ToInteger
Connect
SocketFlags
EventWaitHandle
ComputerInfo
get_UserName
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
get_Is64BitOperatingSystem
Boolean
EndReceive
ToArray
ToLong
Stream
Dispose
WriteByte
get_Length
WaitCallback
ThreadPool
QueueUserWorkItem
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
SelectMode
BeginSend
IDisposable
Collect
_Closure$__1
$VB$Local_A
_Lambda$__6
_Lambda$__4
_Lambda$__5
DataReceivedEventHandler
remove_ErrorDataReceived
remove_OutputDataReceived
add_ErrorDataReceived
add_OutputDataReceived
Operators
AddObject
get_Data
System.Net
WebClient
StreamWriter
Bitmap
FileAttribute
Rectangle
ProcessStartInfo
DateTime
System.Collections
IEnumerator
Strings
CompareMethod
CompareString
System.Windows.Forms
Restart
SocketShutdown
Shutdown
NewLateBinding
LateCall
ChangeType
Screen
get_PrimaryScreen
get_Bounds
get_Size
ConcatenateObject
LateGet
Cursor
set_Position
Convert
ToBoolean
ToByte
UIntPtr
GetTempFileName
DownloadFile
Interaction
CreateObject
LateSet
AppWinStyle
ToInt32
Exists
get_StartInfo
set_FileName
set_Arguments
set_UseShellExecute
set_RedirectStandardError
set_RedirectStandardOutput
set_CreateNoWindow
WaitForExit
set_RedirectStandardInput
get_Id
BeginErrorReadLine
BeginOutputReadLine
get_StartTime
get_StandardInput
TextWriter
WriteLine
GetProcesses
get_ProcessName
GetFileNameWithoutExtension
GetExtension
GetProcessById
Delete
Directory
ServerComputer
Microsoft.VisualBasic.MyServices
FileSystemProxy
get_FileSystem
RenameDirectory
RenameFile
ReadAllText
GetThumbnailImageAbort
IntPtr
GetThumbnailImage
ImageFormat
get_Png
FileSystem
SetAttr
CreateDirectory
FileStream
Create
ReadAllBytes
ToBase64String
WriteAllBytes
GetTempPath
CopyDirectory
MoveDirectory
get_Audio
Microsoft.Win32
Registry
GetValue
IEnumerable
GetEnumerator
get_Current
MoveNext
Network
get_Network
MessageBox
DialogResult
UploadFile
Environ
SetValue
DirectoryInfo
GetDirectories
get_Name
GetFiles
DriveInfo
System.Collections.Generic
IEnumerator`1
DriveType
System.Collections.ObjectModel
ReadOnlyCollection`1
get_Drives
get_DriveType
AccessedThroughPropertyAttribute
DllImportAttribute
avicap32.dll
MarshalAsAttribute
UnmanagedType
user32.dll
_Lambda$__7
System.Text
Encoding
get_Default
GetBytes
GetString
get_ProcessorCount
get_MachineName
get_SystemDirectory
GetPathRoot
get_TotalSize
System.Security.Cryptography
MD5CryptoServiceProvider
StringBuilder
get_ASCII
HashAlgorithm
ComputeHash
Append
Substring
ToUpper
FromBase64String
System.Reflection
Module
Assembly
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
RijndaelManaged
ICryptoTransform
SymmetricAlgorithm
set_Key
CipherMode
set_Mode
CreateEncryptor
TransformFinalBlock
CreateDecryptor
get_LastWriteTime
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
System.Management
ManagementObjectSearcher
ManagementBaseObject
ManagementObjectCollection
ManagementObjectEnumerator
get_Item
get_DnsSafeHost
get_UTF8
EncoderParameter
EncoderParameters
Graphics
get_Width
get_Height
FromImage
FromHwnd
GetHdc
ReleaseHdc
Cursors
get_Position
op_Inequality
Encoder
Quality
get_Param
GetImageEncoders
get_MimeType
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Client
Client.exe
MyTemplate
14.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
MyProcess
WrapNonExceptionThrows
$0f2cf4c9-4b49-444d-969b-b861ccdc07b8
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
160615000000Z
240615000000Z0Z1
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
<paX7
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0c
&https://www.globalsign.com/repository/0
JEe-MI
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
200825134207Z
230826134207Z0]1
Berlin1
Berlin1
win.rar GmbH1
win.rar GmbH0
Z>Jjv%
<http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
,http://ocsp2.globalsign.com/gscodesignsha2g30V
&https://www.globalsign.com/repository/0
.http://crl.globalsign.com/gscodesignsha2g3.crl0
%%2~,1Dog%y
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
220921000000Z
331121235959Z0F1
DigiCert1$0"
DigiCert Timestamp 2022 - 20
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G3
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
230216123159Z0/
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
160615000000Z
240615000000Z0Z1
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
<paX7
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0c
&https://www.globalsign.com/repository/0
JEe-MI
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
200825134207Z
230826134207Z0]1
Berlin1
Berlin1
win.rar GmbH1
win.rar GmbH0
Z>Jjv%
<http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
,http://ocsp2.globalsign.com/gscodesignsha2g30V
&https://www.globalsign.com/repository/0
.http://crl.globalsign.com/gscodesignsha2g3.crl0
%%2~,1Dog%y
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G3
`zU`(R
20230216123202Z0
GlobalSign nv-sa1)0'
Globalsign TSA for Advanced - G4
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA384 - G40
220406074412Z
330508074412Z0S1
GlobalSign nv-sa1)0'
Globalsign TSA for Advanced - G40
RgqC7
zkld4F
&https://www.globalsign.com/repository/0
-http://ocsp.globalsign.com/ca/gstsacasha384g40C
7http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
0http://crl.globalsign.com/ca/gstsacasha384g4.crl0
1VR(K_
.@]|Gt0
GlobalSign Root CA - R61
GlobalSign1
GlobalSign0
180620000000Z
341210000000Z0[1
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA384 - G40
a:c|9#ymt
"http://ocsp2.globalsign.com/rootr606
%http://crl.globalsign.com/root-r6.crl0G
&https://www.globalsign.com/repository/0
$KtZ}r
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
190220000000Z
290318100000Z0L1 0
GlobalSign Root CA - R61
GlobalSign1
GlobalSign0
PmBf/M
'YLv9[
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0G
&https://www.globalsign.com/repository/0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
090318100000Z
290318100000Z0L1 0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
,3:;%
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA384 - G4
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA384 - G4
Z7Sy7_
168.119.98.142
<123456789>
<Xwormmm>
USB.exe
lZosFAAAHlhl0uFX
Microsoft
Service Pack
XWorm V2.2
Error:
uninstall
update
Height
Memory
getinfo
openhide
internetexplorer.application
navigate
visible
shellfuc
regfuc
WScript.Shell
RegWrite
REG_DWORD
RunBotKiller
script
Cilpper
Clipper
injRun
startusb
startsp
PSleep
PreventSleep
taskkill.exe
/pid
CMD.EXE
Process Started at:
runnnnnn
closeshell
GetText
setText
clearr
BScreen
GetDrives
FileManager
Delete
Folder
Execute
Rename
txtttt
viewimage
hidefolderfile
showfolderfile
creatnewfolder
creatfile
downloadfile
downloadedfile
sendfileto
install
NETINS
7zip\7z.exe
InsProg
RSSDis
GETWCamPlu
GETWmicPlu
Wsound
GETWsoundPlu
JustFun
MapsPLU
closeKL
HKEY_CURRENT_USER\SOFTWARE\
GETTCP
GetActiveWindows
killAct
InstallN
InstallngC
\ngrok.exe
Getpass
Pvbnet
Emails
Error!
LLCHAT
[Folder]
FileManagerSplitFileManagerSplit
FileManagerSplit
[Drive]
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Err HWID
Class1
dd/MM/yyy
Nothing
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
image/jpeg
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
Client.exe
LegalCopyright
OriginalFilename
Client.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.Common.1DEA6D06
Lionic Trojan.Win32.Witch.4!c
tehtris Clean
ClamAV Win.Packed.Msilzilla-10005608-0
FireEye Generic.mg.c16d714f359d4659
CAT-QuickHeal Trojan.XwormRAT.S30221316
McAfee GenericRXUQ-KQ!C16D714F359D
Malwarebytes Generic.Malware.AI.DDS
VIPRE IL:Trojan.MSILZilla.25629
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Unwanted-Program ( 700000121 )
BitDefender IL:Trojan.MSILZilla.25629
K7GW Unwanted-Program ( 700000121 )
Cybereason malicious.f359d4
Baidu Clean
VirIT Trojan.Win32.Genus.DPSN
Cyren W32/ABTrojan.JWZC-5309
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Xworm
ESET-NOD32 a variant of MSIL/Agent.DWN
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.MSIL.Witch.gen
Alibaba Backdoor:MSIL/AsyncRAT.fbc61eed
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.59992
MicroWorld-eScan IL:Trojan.MSILZilla.25629
Rising Backdoor.XWorm!1.E1F9 (CLASSIC)
Emsisoft IL:Trojan.MSILZilla.25629 (B)
F-Secure Trojan.TR/Agent.ghosf
DrWeb Trojan.Siggen18.32143
Zillya Clean
TrendMicro TROJ_GEN.R002C0DGF23
McAfee-GW-Edition GenericRXUQ-KQ!C16D714F359D
Trapmine malicious.high.ml.score
CMC Clean
Sophos Mal/Generic-S
Ikarus Trojan.MSIL.XWorm
GData MSIL.Backdoor.SiRAT.A
Jiangmin Clean
Webroot Clean
Avira TR/Agent.ghosf
MAX malware (ai score=83)
Antiy-AVL Trojan/MSIL.Witch
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D641D
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Witch.gen
Microsoft Backdoor:MSIL/AsyncRAT.N!MTB
Google Detected
AhnLab-V3 Trojan/Win.XWormRAT.C5120690
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.36318.dm2@aih5rxc
ALYac IL:Trojan.MSILZilla.25629
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Backdoor.MSIL.XWorm.gen
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DGF23
Tencent Malware.Win32.Gencirc.13e9e445
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Agent.DWN!tr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.