popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-07-21 17:06:37

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00055054 0x00055200 7.97751895011
.rsrc 0x00058000 0x0002a42a 0x0002a600 5.3480022496
.reloc 0x00084000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000819e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00081e50 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00081ed4 0x0000036c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00082240 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
!Us*
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
i?~%a=[
lzzgon
<+Ifm7
@Y.@O`
Y?.Ts5Y,
P5z#`TG
W)E~-
v$3xxs
yR9HoY
nO]b)S
9q<9(<^
Xp*kf9^F
x-4k0
.._kht
%SP5!{/
1!05o
:nHlaRjT
]t5W}
$OAE/dQ_
YEOQeI
9xjAd\o
w&4a{K
``crNN53"
2NwO}E
,@z}+]
4[Wz0(
U4Cf7*`
Jn%X2e
UX{u>>M=9V
`fZb5d
ZgS8{\;KE
O#ZP"Gv
]$wVhi
3Hc{zr
@3Y/P
5Jy0I:
h<`b{'UT
*(H?w2C
2KYs^Z~
}0vlDlZ
wH,w3e
wKBlw;
xnp*jT[%
Mmc/9|
sCb=ztG~
4_6o_"w
?"lMLX
l#Tde|#(N}q%
$f1g`l
PYIwY0F
cUn?prb
Dm8d9\vN
H*=[S
,9cFga
C(85*S
yG6Y/G
;|TR/-:['
;6Ti6j
jzDOKM
14;r2!
aE3|8|yj
'%$9CR
A8?GD"
BW.Hi:
@2cDc/
.QKlvx
{BG`sLt
W1?)Tw
f%Asz8Y
?`''<&c,
o3~_tfO
]:!Vbm#
E3.PW\
&ABlJ%
21k\Pbc~
o<ZE57
2\`y3Y
Of`bfz
Ovq&V0
yz.pi[
=q'k7Lm
L=Znx*
%x4S*!
1qT3$2
4dSO/]
^zp8xe
m"V2Up
Ne>~yeDb
`FGlr_
N|u3Ex
un9Qb)l
hFJsznU
&+ZYeKn0
hZ +6d:
%7{6["
,Cp--o
"-[cd
|2sLdY
uT[z)]
Xx#)Cg
qpcl&Gc
}l-Xpl
_&_tq6~[S
*Ib4th
$gy)pJ[
v2#[<P
;=m4-M
y-Z#=.1
z{P)rm
k+NZ`,v#
[=_[4ih
W1?)Tw
f%Asz8Y
?`''<&c,
o3~_tfO
]:!Vbm#
E3.PW\
&ABlJ%
21k\Pbc~
o<ZE57
2\`y3Y
Of`bfz
Ovq&V0
yz.pi[
=q'k7Lm
L=Znx*
%x4S*!
1qT3$2
4dSO/]
^zp8xe
m"V2Up
Ne>~yeDb
`FGlr_
N|u3Ex
un9Qb)l
hFJsznU
&+ZYeKn0
hZ +6d:
%7{6["
,Cp--o
"-[cd
|2sLdY
uT[z)]
Xx#)Cg
qpcl&Gc
}l-Xpl
_&_tq6~[S
*Ib4th
$gy)pJ[
v2#[<P
t'9=<%3
"-dF2Li
;=m4-M
y-Z#=.1
;=m4-M
y-Z#=.1
q:zj{{%
f5|qrM
'i=bO
sZ577`
|?<D%N
ntZ`"t
wT)Rr]
\|@.5`
std?aO
a8&QnJ
AAmlBiu
oR9'T:
LTwr!:
+o'pR;
\/;1Ie
!~dPMla
76r]'W
C<lFf+
9iC#;-
XB)0^8]
/M9wrB
5J@,J9t@
_-Zh`\
F03:87
K_&@\L
aI"6n{o
Fh7zgO$%k
X^(\xO
^%BX4Of
[#jvw;7
'jT%2Ra
3Eh`*b
K`x}5]
THkE:n
vH'Qn0
Z'{_'^
+.fxfSv/J
\r{op
K-2(.Rp
)aAD;%@[-/A
-F;*:
Dv4k>K
69~gW;
xgR;&qfYRv
Ff8`N}^
&\_k9l
1sM<1d
3]+("'x
}Yt*>,
3K{T&%
@>f1h
']9Y%}H4
-\xJ+r
muX`#@
XGs!3|jc
hcOt:un
4!?!98
2'nW9`,
teyEm_
Iu6x7Z
7$ke4W@1S
IFs)+z
y>HH,l
n<ct.3
<MyD02J
8/\hv`
"CpxSd
F?/BR9
=u!,Be
HooO@
("/8kk
^^^zjz
WI)cLG
,o9gVo
_VhpC.
Chsb>A
'?nJ8*
MV]xYAGd
_(3SpW
+>8}:l'
Xg8;aW
\AcPz
!(2Cu<6
&*I#^Z
h#G8`5
(,L]]:
v^4,^TEI
4i-WNB]
!kZ"G#
=B|(+bf
QwC'82
l&$;-2lV
U1 Y,}
&`rL".
(V7i'SkW
f@,z@!/(
@+wFAz
zk(]P>
=!vWM:
}q4`_;
tbHeg.h
%<Ll@S
8uBjf6
<jN#&vM
qF=6~G%
oK[)$hFV3
TRl=;Dx@
'!%#zO
{][:-o
qtC,:A
ZBX`3"
j?'zb.
_T/Wvh
&IQ"`N
Vk"/{@X
ZpF-Z_
G:uNgD
x*k2lw
`PK$7X"
]b@GyX7
].*;~f
!'8}Du
=RE,Oo
J5}8Kq
[gHLxq
K`DKn s
#~=*ksb
6"\$wF
q?K+X7x
>QW>nHW
z=p#ga
/ZML[
kppe"i9
:R*Adf9
'CX}`O
+"b<n
D5?Rk;
qF;>yH
pg<x)r
~J+7ni)
d>\"#;#M
4H"s93
_^)/E-
/\%E]]
>y@xz;
%nFP1I
Yi.2X=8
zXXO0c
'B.oE_
{Kn{c
NyBvKK
v-ml<*w
y,zJ,4
o1@4#O
EgjY4'
m>4/)O'"
)nrpAM
#@IRd7uVvC
Y,guW%
sJ8_1}
Y@%I2ZH
qqRr]%)[
6O[{-4|
hBY3xPJ
+b?KNju
C>WIPK
I'GMmP
mXJl%;*
,NYS)%l!@
>B$H`~#
S8DO>E
BQR>9Er
?-r"HF
,Zo$`R
J-p,Bh
+]KpKb
D~#KY+Ba
8A71sx
)#~j|]X
!*%&lc
-f`xqm/Y@
'0l%..
|_4X)-K}A
#a Wym
97X8Dvzj,#
;n4VGh
#M3]3-
cvV)X]
{DP9>aun
E#qhhA
2]74 +
0/;G<%{
wO$]u}
e5[&i]4
JYB[9.
F/eAKv
-z3A4VO
j$XCwJ
)N(cZ4
,,;?@73X{
Uaj4+V
psZ,?G!3
Z<w4Ym
BDBICN1W
vFdcjYr
mk+C?
%K9C~q
v8C>x<9
b*%S>Q
JX~c"{a`
$24d4t
AQ29lkY
$WJ$dK
0+)0GTq
$nAn*[
TU@d7f
&C0T0+
OcBLniBW
H<5c#Y
:f~:J,
+EV4S,
Wdf*$r
M7GkFju
"b~t3xCZDfY;D
D`pT#c
a|.S4K
v~'Dl`
Ck(iS3t
wJl%X#D
R[f1IT
4Q|\a;
z5-6vD
-)@6lb
*J{Il+
GK}$ZG
G*-PRt
sAO&ua
+<1]50
vyA-E8
Z]SzB_
MDBb#
@#Bi4
C[`yV.
^0+JGX
wbxB;W
1Xw3|<G
UJ"~R
<uiXeH
N&"%OJ
b`3sUK
Y|{a"m
3A54RJ
p+LN;`
LP Ec)
e%S Yq
^tDrcG
BxbdWs
y5i%1-
vh`i9@
QQ^1nx`
A8wRt.M
DdL<\P<
,tNxRzC
|x[2sh
`Guh3}R
we\/tI
bxs`1L1,1Y
_1@UxsR
b57,X9
)B sqEoo<"
7(hI,Z7
I09HBrM
Qv"?<m.
6Or?ds
|aK#0L
&qJsn#
SI(+6#}
E9r_I0
'IMmq]
JW15>
n)MOR
a JBFe
p/FVM!
)FZ764
3?c73I
'mc4%$
7<hv<T3
)X+$bjfT
DDhs6+
yYDpNd
Hpm('#
%W`+Ph
(|SyGB\T
NmgFgU
a~5;'*
LDXS a
{WN)}a
oh9Y#P
{j:W%#d
w^zs>(Hx
A"/D?.
7H\z="
y2URwn{
HS^0n=
&sbqr*I
K<PWI
L~;`f]
)-[=vat0:
R\Zv:d
\}Zo=w
\JMK+"5
a4mB
MV|3Jb
+If/C3i
WPt(vD
T~yvw&
^B((?)A
xh3!c%#F
ET.3Lj&
#g^Os2j
Y4iG4"D
?@HMoQ2;}
8{`s+A
lTo\Gt
CZ(m0!y
!Qf^d0;M?
fY$ZDE#
S|MFPn
AB"D<1
>|]?9f
S^$Rv#
-%d"ZE
($Q9TG
=#c7>j
*fE<D-
Im(xj>=
DG.aFd
&~Xp0?
i?tp#R
.Dv~g,P
SRMDtc.
0|:kW|
L0dRrR
D#QB|K
}kSA5n
&|#e\o
85R)uDP
f^%1xk
o|S8kY
zY9|xCj
=Jg|RL
+]*$J!
qug%`#
#!b&6B
L#m]1@
'Jd[#vz_
oi5ogx
|r3(4m
"Ljv;i
G+=RLw}.
2|oK[j
j3q4Hz
ub^[G,
C:&6i)-~
T~tXrg
]]:6m<
i'uOV
/B<Te
]Nme(G}
j3q2 Tp
j3q{Z~+5M
93Ww2Kx
LJD+ XaZ
hw~&abT
cUmx"V
]nrK?@
ao!mZ\{
Sv$M7|
]nrK?
8v'0GgY
z?=cXs
5{mmCM
Mc|BVf
F{h'34K/
?bDu9P
~08x1[
9Kd)/b
-=]<uD
E^|a_z
]fe77
A!-HWx
]{GJH8
] ;/Y
!:}g&u
Bm<_#u,
kN{?}&
yB`8Z}
/:Z1+R'
I)gg%u
[(lM&f%
:4mC4q
~Wlj/
*5cZ==
~Wlj/
V'O3Gk>V
\8ewN@
Yc8"n8
_D*F5Z|
p3]srRv`J$
5zkBD=
|W4=zP
~m?X;'
mgqgwS6
a\`sM8
v4.0.30319
#Strings
button1
textBox1
button2
textBox2
button3
<Module>
System.IO
volaaaa
salamanca
mscorlib
InterProc
textBox1_TextChanged
add_TextChanged
Synchronized
CreateInstance
defaultInstance
set_Mode
set_AutoScaleMode
CipherMode
get_BigEndianUnicode
set_BackgroundImage
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
DeleteFile
Battle
set_FormBorderStyle
FontStyle
set_WindowStyle
ProcessWindowStyle
set_Name
set_FileName
filename
zolalome
ReadLine
WriteLine
GetType
System.Core
get_Culture
set_Culture
resourceCulture
ButtonBase
ApplicationSettingsBase
Dispose
Create
EditorBrowsableState
Delete
mrwhite
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
MRCorporation.exe
set_Size
set_ClientSize
Encoding
System.Runtime.Versioning
ToString
Substring
disposing
System.Drawing
ComputeHash
GetTempPath
get_Length
StartsWith
button1_Click
button2_Click
button3_Click
add_Click
TransformFinalBlock
System.ComponentModel
ContainerControl
GetManifestResourceStream
Program
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
resourceMan
set_Icon
set_Location
MRCorporation
MR_Corporation
System.Configuration
System.Globalization
System.Reflection
ControlCollection
Button
CultureInfo
get_StartInfo
ProcessStartInfo
get_KeyChar
StreamReader
TextReader
SHA256CryptoServiceProvider
AesCryptoServiceProvider
Jender
sender
get_ResourceManager
ComponentResourceManager
KeyPressEventHandler
System.CodeDom.Compiler
skyler
IContainer
StreamWriter
TextWriter
set_UseVisualStyleBackColor
set_RedirectStandardError
Activator
.cctor
CreateDecryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
DebuggingModes
MRCorporation.Properties
GetExportedTypes
WriteAllBytes
GetBytes
Settings
KeyPressEventArgs
get_Controls
System.Windows.Forms
set_AutoScaleDimensions
get_Chars
Process
textBox1_KeyPress
add_KeyPress
components
set_EnableRaisingEvents
Exists
Concat
GetObject
get_Main_Project
GraphicsUnit
get_Default
DialogResult
Environment
InitializeComponent
set_Font
SuspendLayout
ResumeLayout
PerformLayout
get_StandardInput
set_RedirectStandardInput
get_StandardOutput
set_RedirectStandardOutput
System.Text
get_Text
set_Text
set_CreateNoWindow
set_TabIndex
MessageBox
set_MaximizeBox
TextBox
set_Key
System.Security.Cryptography
get_Assembly
set_WorkingDirectory
get_CurrentDirectory
MRCorporation.Properties.Resources.resources
WrapNonExceptionThrows
MR Corporation
Microsoft Innovation Center
-Copyright
Microsoft Innovation Center 2012
$e5e635b9-840a-44e3-b903-383a8425081b
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
3System.Resources.Tools.StronglyTypedResourceBuilder
17.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
17.5.0.0
_CorExeMain
mscoree.dll
)|<6e6
3n`{9C&
FV>3ozZ}l
~?Z[[-
,cjj*+
arr2{SQ
i#blO(
,E?u}
!===8u
FeD\wo
gz*me
IDAT;BE@
BIoClq3
LNNbll
QAfff0==
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Main_Project
MRCorporation.Properties.Resources
Main_Project
button1
ACER 8-digit Password Calculator
button2
SONY VAIO 7-digit Password Calculator
button3
$this.BackgroundImage
$this.Icon
Password Calculator 1.0
Error. The number of digits must be 8. Please try again!
Error. All digits must be only numbers. Please try again.
Microsoft Sans Serif
textBox1
textBox2
ACER Password Calculaor
Error. The number of digits must be 7. Please try again!
SONY VAIO Password Calculator
So40Q2q6Kx3JJw1K
Error. The number of digits must be 12. Please try again!
MR_Corporation.2.exe
Input:
password:
Error. Your code is incorrect.
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Bitvise SSH Client
CompanyName
Bitvise Limited
FileDescription
FileVersion
9.27.0.0
InternalName
BvSsh.exe
LegalCopyright
Copyright (C) 2000-2023 by Bitvise Limited.
OriginalFilename
BvSsh.exe
ProductName
Bitvise SSH Client
ProductVersion
9.27.0.0
Assembly Version
9.27.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
DrWeb Trojan.Inject4.57973
MicroWorld-eScan Clean
FireEye Generic.mg.e114ee8f34fd4856
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Malware.AI.1998692961
VIPRE Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_90% (D)
BitDefenderTheta Gen:NN.ZemsilF.36318.ap3@auZzRmb
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/MSIL_Kryptik.DSR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/GenKryptik.GLMF
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Backdoor.MSIL.Remcos.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Backdoor.Remcos!8.B89E (TFE:C:ocXBbaitTMT)
Sophos ML/PE-A
F-Secure Trojan.TR/Dropper.Gen
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine malicious.moderate.ml.score
CMC Clean
Emsisoft Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Google Detected
Avira TR/Dropper.Gen
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Remcos.gen
Microsoft Program:Win32/Wacapew.C!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.AJAC!tr
AVG Win32:RATX-gen [Trj]
Cybereason malicious.112c6d
Avast Win32:RATX-gen [Trj]
No IRMA results available.