Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x0000112c	0x00001200	5.36179024064
.rsrc	0x00004000	0x000135de	0x00013600	7.63126993723
.reloc	0x00018000	0x0000000c	0x00000200	0.0815394123432

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x00009990	0x0000d646	LANG_NEUTRAL	SUBLANG_NEUTRAL	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON	0x00016fe6	0x00000068	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0001705e	0x00000386	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000173f4	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

v4.0.30319

#Strings

Action

components

Izidrmkgy.Form1.resources

Izidrmkgy.Properties.Resources.resources

Form1_Load

Dispose

InitializeComponent

GetAsync

get_Result

get_Content

ReadAsByteArrayAsync

set_Tag

GetType

InvokeMember

op_Inequality

get_Tag

ToInt32

SuspendLayout

set_AutoScaleDimensions

set_AutoScaleMode

set_ClientSize

set_Name

set_Opacity

set_ShowIcon

set_ShowInTaskbar

set_Text

set_WindowState

add_Load

ResumeLayout

Eiasz.exe

sender

disposing

Izidrmkgy

Program

System.Windows.Forms

Action`1

System

IContainer

System.ComponentModel

HttpClient

System.Net.Http

Task`1

System.Threading.Tasks

HttpResponseMessage

HttpContent

Control

Object

Assembly

System.Reflection

EventArgs

Convert

IDisposable

System.Drawing

ContainerControl

EventHandler

Application

CompilationRelaxationsAttribute

System.Runtime.CompilerServices

RuntimeCompatibilityAttribute

DebuggableAttribute

System.Diagnostics

AssemblyTitleAttribute

AssemblyDescriptionAttribute

AssemblyConfigurationAttribute

AssemblyCompanyAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyTrademarkAttribute

GuidAttribute

System.Runtime.InteropServices

AssemblyFileVersionAttribute

TargetFrameworkAttribute

System.Runtime.Versioning

ComVisibleAttribute

STAThreadAttribute

BindingFlags

Binder

AutoScaleMode

FormWindowState

DebuggingModes

mscorlib

WrapNonExceptionThrows

WinRAR archiver

Alexander Roshal

WinRAR

'Copyright

Alexander Roshal 1993-2023

$041f9fd3-9620-4832-ae6f-16f3f70a6b6a

6.23.0.0

.NETFramework,Version=v4.6

FrameworkDisplayName

.NET Framework 4.6

_CorExeMain

mscoree.dll

,,,,,.6..-

-....39330/0330/0333344441

A6AA<OLTSLP<AAAAC6CC=Q

R=CCCCD9DD>N

N>DDDDEEEEBI

JBEEEE

((((()6)))

)))))*9***

*****GGGGG+:;;:+GGGGG

1F6C22222

TTF61111II

w|||{{{X

cgeeuueeeeeeeeeeeeeeeeeeeeeeeeedghij

iiiiiiiiiiiiiiihiiiiiiiiiihfkj}

jjjjjf

djjjjjjjjkf

#######!

!!#$##

HRIFIISJ

KKLLRNSN

'nwwnzzzz'

wRLRSSSQSv

&" vJJJNMNNNv

XEHEEMEEET

Z8+PP++++++6((((((((6

*+,++-Z>8*QQ******yWWWWUVVVy

+******->@99pp999999

.89999999[];:oo;;;;;;?)0))////?

:;;;;;;;;]b@@ts@@@===U43544445O7<@@@@@@@Zb

``````xMDMGHEOEXY\`````a`a

URSSSJUJw^

BVVVVVSCCCBC

`WWWWVVVSSCVY

f^WWWVVDVVeZ%

%!! &&

&&& &&&&&&&$Y

fX &&&&&&&&&&&&&

&'&&&&&'&&&&&&&''& &&&&&&&&&&$'(&&&&&' &

)((()(((((((((()(((()()(((((((()()(((%&(!*++v

vuuuuuuuuvvuvvvvvuuuuuuuuuuuuuuuvvvuuv+v*uyxy

yyyyyyyyyyyyyzyxyxxxxxxxzyyyyyyyyyyyyyyyw{~{{

~}}~~}~}~}}}}}}}}}}||}}}}}}}}

}~}}~~}}{~z

||zzxxxxxxxyyzz|}

|>,,,wwwwww,,,,w,*

'*,,,>,w,w,,,,z>

=""########"##"

"#"####"#>

97777799974442

000034479999

::::::8:2

/0355888::8885:

e_W\E[.

e_\^]\\\^WWZ

:56666666;666221

ZZaZTXYXYWe

22262666656:

MLIIFF

FFFGGII

TXXYXYXXXXXST

dddd```]XX

LQKJ__aGGHHHGGG

FHGGHHHHKMJmmQL

MMMMMMKKIG

`_]]\\WW\W\e

FHIKKMMMMMMPQPmmRQ

PPPQPPPNMIH

bb`__]]W\WUe

FIMLPPPQPPPQQhRpmmR

QhhhhhhgPKH

cdd``_^\]\W

HKLQRghRhhhhRijippmk

jjjjjjjiggO

c`___\Y^

JINgijjjjjjjjjkkk

lllllllkjgg

Jgggkkoolllllosss

sssssosongg

Jggnoosossssssstr

_]#)!)A

;(jX.hbK/

_e|%b8

8Ud>G|

>uSnf

'nzdqK

zp%HoRK

&K266"

-nG`><

d@g#J/k

f%1F @

y/LBV=

l4{?qm

h4@Y[~

?:H39G`

ebRy.:+

`,"6M"

]TBk@Z

82LdLJ

icl@Hxb

JGU:bc

E]^?)y

b\k`{+

8XDaVZ

I=]wI(

>,Y,Ld

uBrp|d

hcRA$!

U}@YN6

3DzTS>6

,UWR%&

huLf9qH

I8"!o|

8ck1Hr

v{']OZ

||Y0+\

DT;T<m

503O{V

3)Kzq$M

+`V@B&

0[o:nQdS

g8@]W+

G;{VQF4

IDATDA

KFfefe

m. a

kRWt=%YG

c`[VmrB(IK

h)lC4v

WHohow@

>\SRAH

|_}?|lK\tD

>uwuV

){< h>

k=ujt z

Vma/4H

.hG[FV

k8x`qKH

j@JdmfA

bK|dcv

0y/(W/

/-xi|B

Xsog[]

{?A E`

t_@mgl

.&Hi<E

#{D+8e

myW=!/

u%q^2J

L m`_.Q,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

https://files.catbox.moe/hig3yn.mp3

vHJPFxni3Xg0WrF250.uGOXNei10bWE7Zpca3

H6UXQipHJ

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

WinRAR archiver

CompanyName

Alexander Roshal

FileDescription

WinRAR archiver

FileVersion

6.23.0.0

InternalName

Eiasz.exe

LegalCopyright

Alexander Roshal 1993-2023

LegalTrademarks

OriginalFilename

Eiasz.exe

ProductName

WinRAR

ProductVersion

6.23.0.0

Assembly Version

6.23.0.0

Antivirus	Signature
Bkav	Clean
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Clean
VIPRE	Clean
Sangfor	Downloader.Msil.Seraph.Vlzg
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Clean
K7GW	Clean
K7AntiVirus	Clean
BitDefenderTheta	Gen:NN.ZemsilCO.36350.fm0@auOGi7
VirIT	Clean
Cyren	W32/MSIL_Kryptik.GYT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Clean
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.POM
APEX	Malicious
Paloalto	Clean
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba	TrojanDownloader:MSIL/Seraph.9444d510
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Downloader.Seraph!8.111C6 (CLOUD)
Emsisoft	Clean
Baidu	Clean
F-Secure	Clean
DrWeb	Trojan.DownLoader46.714
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Artemis!Trojan
Trapmine	Clean
FireEye	Clean
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.MSIL.Agent
GData	Clean
Jiangmin	Backdoor.MSIL.getu
Webroot	W32.Malware.Gen
Avira	Clean
MAX	Clean
Antiy-AVL	Clean
Gridinsoft	Trojan.Win32.SmokeLoader.bot
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft	Trojan:MSIL/Seraph.AALF!MTB
Google	Detected
AhnLab-V3	Malware/Win.Generic.C5474856
Acronis	Clean
VBA32	Clean
TACHYON	Clean
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.POM!tr.dldr
AVG	FileRepMalware [Trj]
Cybereason	Clean
Avast	FileRepMalware [Trj]

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports