popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-07-26 07:22:46

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00007734 0x00007800 6.085081134
.rsrc 0x0000a000 0x00011000 0x00011000 0.875611151523
.reloc 0x0001c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000a100 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x0001a938 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001a95c 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0001ac38 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
~Vu"efe 7
Ijg'Ye
Yefe 1
ce 0*R
Hd!ef W
fe nO@
fkI!
'ae M@
S!afo*
#U$Xf
a {:[*a
L= &-h
(Yef R14
Xfe E7
1YXef
A6#Yf
#Yfef
8fefe
\fe #'
r5>&aefe y
*Ye 9[]
XfefYE
2U&Yef
x$" =r
:T)Y* KM
k(f +w
f <B1*Y<
,)(?
_b`}$
_d}$
s@Yj#@
v4.0.30319
#Strings
Ldc_I4_0
Ldloc_0
Stloc_0
Ldarg_0
Ldc_I4_M1
Ldloc_1
Stloc_1
Task`1
Ldloc_2
Stloc_2
Ldloc_3
Stloc_3
Ldc_I4
Conv_I4
Ldc_I4_5
ReadUInt16
get_UTF8
<Module>
System.IO
Ldloc_S
Stloc_S
Brfalse_S
Bne_Un_S
get_IV
set_IV
GenerateIV
GetData
mscorlib
GetAsync
ReadAsByteArrayAsync
get_Millisecond
DefineMethod
GetMethod
OpCode
CryptoStreamMode
HttpResponseMessage
EndInvoke
BeginInvoke
IDisposable
Hashtable
RuntimeTypeHandle
GetTypeFromHandle
DefineDynamicModule
GetName
AssemblyName
DateTime
DefineType
CreateType
ValueType
SetReturnType
GetType
MethodBase
Dispose
Create
MulticastDelegate
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
LegalBlockSizesValue
LegalKeySizesValue
23AD.exe
set_BlockSize
get_InputBlockSize
get_OutputBlockSize
set_KeySize
Encoding
System.Runtime.Versioning
FromBase64String
ReadString
GetString
BinarySearch
Newobj
AsyncCallback
TransformFinalBlock
TransformBlock
DeclareLocal
DefineLabel
MarkLabel
GetManifestResourceStream
get_BaseStream
CryptoStream
MemoryStream
Program
get_Item
System
SymmetricAlgorithm
Random
get_CanReuseTransform
ICryptoTransform
AppDomain
get_CurrentDomain
System.Reflection
set_Position
InvalidOperationException
StringComparison
CopyTo
MethodInfo
ConstructorInfo
System.Net.Http
InvokeMember
BinaryReader
MethodBuilder
ModuleBuilder
TypeBuilder
LocalBuilder
ParameterBuilder
AssemblyBuilder
Binder
Buffer
ParameterModifier
DefineParameter
GetILGenerator
.cctor
GetConstructor
CreateDecryptor
CreateEncryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
OpCodes
DebuggingModes
MethodAttributes
TypeAttributes
ParameterAttributes
NextBytes
KeySizes
BindingFlags
get_CanTransformMultipleBlocks
System.Threading.Tasks
System.Collections
SetParameters
AssemblyBuilderAccess
Concat
Format
Object
System.Reflection.Emit
get_Result
IAsyncResult
HttpClient
get_Content
HttpContent
Convert
Callvirt
System.Text
Yfatyku
get_Now
ToArray
ToCharArray
get_Key
set_Key
GetPublicKey
GenerateKey
System.Security.Cryptography
GetExecutingAssembly
BlockCopy
WrapNonExceptionThrows
$c54ac25c-f01d-4bd6-ae1c-a42b3338095b
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
9WTNWuu2iE/bSOK+xWnXQeD1527NS+O5ymSFaeuv43PKXPea1W7bQ+y33ybZS/qE4GjSQsC6y3iFQf6E73PbX/u6ynTKV7W8w2nhYuu1wWnWFcm+0knHXuud1HLTZu+1wnHbFem+0kLwT+O+nVTQSuuj6XuFfOu6wk7KXOe1wSb/SurgwXjKcd601XTKR+G1nXrbWtGY02/MS+Cv4nLTT+e1nU7bWsq60nyFF7bpkCb/Xf2+y3/SV92+1GvbXLWIz3DOQuua1W7bQ+y331jGXuK01HjMFey6xHjSWOPg1XDRReuvw27K
DefineDynamicAssembly
TripleDES
Rijndael
System.Security.Cryptography.
, System.Security.Cryptography.Algorithms
Could not load type {0}
Create
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
23AD.exe
LegalCopyright
LegalTrademarks
OriginalFilename
23AD.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_90% (D)
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.OXE
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Sophos Clean
F-Secure Heuristic.HEUR/AGEN.1311399
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.nz
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.cca558a61d6125ec
Emsisoft Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1311399
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis suspicious
McAfee Clean
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Malwarebytes MachineLearning/Anomalous.100%
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan-Downloader.MSIL.Agent
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZemsilF.36318.gm0@aKZ@dJc
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.613894
Avast Win32:PWSX-gen [Trj]
No IRMA results available.