popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2044-08-11 15:09:44

PE Imphash

dae02f32a21e03ce65412f6e56942daa

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0002db34 0x0002dc00 6.04978170759
.rsrc 0x00030000 0x000003c0 0x00000400 3.11944971861
.reloc 0x00032000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00030058 0x00000366 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorDllMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
7t~a8#
8 =3TZ
j6Z G1,
ntdlT
X l.dlT
8 #JdBZ ;p
pQ},%8
sF7%&8
cR/H%&
<Z dB
X l.dlT
ntdlT N|
ddZ 0(d
8 )96OZ
8 VerZ
X ntinT
'XGR >(
pOqZ $
X ntinT
& `x=J8
 _P)48
fXzH%&8a
?e#681
EZ 5Y&Ra8I
Ps%&8d
NtCoT
& ^7no8
Z \JbLa8
NtCoT
QZ 3q&
><%&8q
Z?_b`
H,pB%8
(PZ , %Ka8
@nV|Z BVj
0nZ Q_
eJ"%&8
Z 7rz)a86
_u{p
5h-a8Z
_bj?
_bY*
4pVP%&8g
8!Z 7h
5Ey3Z }
woS%&8
wZ?%&8
JVZa8|
MMgNZ
o_^hZ
rN>Za8
AZ 5|2$a8U
|85Z /~9
/A kZa8
AZK&Za8
/}lZa8
j<;Z p
vt%O%&
S*EZ r
Z_bX
|-Dq%8
<'8jZ
hUZ tk}$a8
1iZ N#
Jm Z Z
,Q N8
Y_cX*
x~yR8w
${_a8C
O%Za8#
:d[l8
19( %&
0K}f8
*I^EI
* ST44Z
_ 4Z i
Z?_d
_b`*
X_b`
?_bsA
?_bsA
?_csA
?_csA
?_dsE
?_dsE
_bjs
_bjs
_cjs
_cjs
_dns
_dns
_dns
_cjs
_bjs
v4.0.30319
#Strings
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
System
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
String
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
NewPE.dll
<Module>
ValueType
Object
APIDelegate
ResumeThread_Delegate
MulticastDelegate
Wow64SetThreadContext_Delegate
SetThreadContext_Delegate
Wow64GetThreadContext_Delegate
GetThreadContext_Delegate
VirtualAllocEx_Delegate
WriteProcessMemory_Delegate
ReadProcessMemory_Delegate
ZwUnmapViewOfSection_Delegate
CreateProcessA_Delegate
Structure
ProcessInformation
StartupInformation
ConfusedByAttribute
Attribute
<Module>{34CE1378-1D1C-49A0-9FE0-523A35A7737A}
geUwbRLwd0WNm7K3QP
FZSxiJ5ZBJmwSxbEqP
SFU4mbT3GMret7THonf
EwV3ECxYhIse1SOarW
CociHuaT4WLV2kj8CU
hg2pYoQq5nS4UcRRnl
bRqeSLE72O1NdugcTR
pGgtnlL82qSlXNiLlrS`1
c8ihNv43S31kyl02V6
nYgvqjWcI75xBQwqaC
PAgdCSTJ5iWm1cvyjl
fyrtVaH8IKZ3nTn56j
uSoenvS025INdsxXNl
sQrf7Pb5iAPUKgCry1
dcyEUnmGvKX00QS1F5
jesjg86ja3K3wbZewF
wsdbkEtQbDyuqrNXJ1
AF8gd0JRmYcCnBuCEs
HHavse2q2GPW7SrFAT
hyOVp0cgbYqhCSR8YL
MBiHIp97M4MqqbtZOh
eLxG93FZl5M3yHxFGb
OBqe2IUAeSpOmlOQ4O
jOgQY3RGtH5fd9qQao
hSn0ucLlLMaeFvn5InR
bTUKqtLXplwjOaJo6Hj
XpYRXgLvS2Z8HELLCVO
YaeDDELdekEtZ4qXJ1p
CydMXSLujvvk8Y3dM14
pcfWqpLUHZiq5CNCNsA
j5UMoXLRwIcnpEjt1UJ
iQ4HZQLQyLCdABwFXsw
MIegr9LEMaB3mn2S8kK
eOTFqXL4MCe1DWExSFT
Exception
jB7Io5LWnK4vE2iB95i
K14OTLLT4lAAZwtUFKB
xlFl6HLHf4Wx0BoEfgp
C50CprLSCELDpjV9aKU
daEbHELbQht9GYRuEJp
dcnLnOLmJmDBGRqeOE8
f6yUdEL63YbYB5aCQOA
R3Oma8LtRwKkrYXOrgs
j9Ha11LJoma4Y5DYntf
V6kKaOL2XvatnIN8I0Z
HrpI4gLcuIdaB2erwhp
bUeJteLhNL76rUQL5ZO
JWGbihLe59w0Tjpgs7W
yDoeNELfV5aXCK5H1Ar
Dhe3JWLp0DcXGE8RZ6a
c9qBopLNoZTiN7k24Gr
bGs71YLiIW9il9yDL4a
CyiAdZLCpvyZKhkMmGc
g2JyDeLqftkG6b66Zf8
X6oonhL1IpoG9H0Sh52
eWkd24LgaAF0Pq2snjr
mP2oxFLYK5cKBXZuceg
jpakqYLktEb8W04L94Q
ntLxulLsB1ABCdvkPGX
VagEUnLrg8uVZICmTDB
iGQH0gLZd16LDXi2iXN
g6G7F6LPsY0A2sA8jx9
d8DBAAD544CE65A9
V6VagRLKaUE7SYvTS0L
RhhErALVngYO0wvaQaQ`1
<PrivateImplementationDetails>{B06F4DDC-F9F3-4018-A89B-8112CE157FCD}
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=18
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=256
fK5APpL3A4UrDLClWo
QK3ecYhBEUiAcRUpC2
A6EF7Wiai9ZKSBt05B
UICbJtTQt4E9hE1tmG
sFoKA7HSUg3UC0csUB
T9cINxduYn4tePPUMa
NAKQdsbGqX1vaI1Bc0
TcmBgSQZkMeTotHofR
nu1dj1I0l89MNpyFPh
nIn8EGWcwSQ5LBuO7V
mYnwa6m512fu1H5NmU
PmAxiBaZfiMRUf0FWD
Cns9Zl7kudRhm1KZuM
DV6Uumy4MZoUx0UUv8
W93Ex8siebhwTEGxf1
MRqF48ZsQBsS8iY5Qw
Qjq7kO0nGnmxRi1Wo3
Vj10b4KG7oeRbZfbL5
SsKYNeN79ANruNiWtS
I3RHesq6mxLwgJjaqg
TjRKke8irqAqGRyLHS
bQNatKD6JYkKgYKije
AidGGt6WjYiFoV7a9v
W390w0pUpCsKenaZoL
D6Q7UyRUUiXGkUGxU9c
TMlmeJRG0458BQKtFvb
nwt5tuRXZyBGJeO0788
XjU10uRoyKhq6xBifqJ
B5Gj7DRuwqBeZaM9c8m
r8Fjc6RjWWqcfpq7dyL
O4goT7R5oyUA6BUFdpM
pK0nW0RLrswM0pBQgkq
jwcCDcRhMQINBDlntBf
x8CRNARiYC6I5GgTWB5
lkDbIpRTcOOmYwW6cf5
jo44JORHkDbcTS1W1Kb
R7a23JRdpsgmRx1Svjh
Odu0aWRbEh97oxFKNDJ
byDIaIRQg0gtfJ06I55
uSAEBBRIiGaEHB7WMQ2
jb2E5gRWlfGuLsK2ZFT
VsJ81ERm4c2aDKM8qNs
WSJpbCRaOoANT8SXi92
f2PBmRR7iAHm4qNlkb0
hl6dG8RyL2nYjZ9FsGg
nCmExARsxnqavKy36gF
NjWXvFRZZBaXFRNtq99
WmX4bIR0rdc1Hw6f3nB
qCxWhVRKO7D7QxXlurC
UqCbmgRNLDQncPQwRud
o0MEnJRqGD2rTjQBxQZ
k3tXOQR8xeF0Gvng7xu
qfpeNORDhTG6p5HGYNx
R1xboDR6Of3OhSQcD4T
d7fq6lRpEwZmqH8oAtP
I0TgVUGU2XGDAdbEkqx
xPr25TGGDs5XaZgglHN
Cl9GVKGXPtbGqtuUgYp
TZXgUDGoA2jP2HAjyOw
mg926TGuyXF2DlMu5rX
WGKFSCGjvrBo188fU3P
OPdAudG58QmQD5QDMEe
NWfqaUGLTn0kvfeZBEN
MOvVJvGhBCxkLajEWmC
PE5S6BGiMryMrXvP9bs
w79IQ8GTHgN8uEHTBu7
uGZAB2GHjtJ42CX4RnM
lmvmBlGdVKogxLsL6vw
aOiwIXGblgbnLDQ6R0x
X6tPtaGQEvrwx1jfZJT
zAbtPRGIwGD5u9OWELU
Ge1xVeGWDxfOhLDtEBk
MY7wc3GmBFSxN9E3Cvp
G1Qk2KGa3BnTRuoK9vt
jkYXbYG71CWFrQ8mMm9
pNjNcBGyrXDmtvIHa8L
hUlQrTGsUBdutboTuh4
FaDZljGZJZIGfyMLhj6
Vqj1BMG0FwHR7ypEpmU
wEDRGSGKnTBATjFJxRe
aFiFu3GNi6ncS2ZpFX2
Qi4CXEGq9ti4mqs2hdy
mtdjs1G8RPpjMG2KVVX
VrTUo7GD0RfBZkMmFxC
rIh5GJG6b6Hpix3g7qy
JoPGoWGp3dYsC6YBNT4
CgR6bN9UYvVDh7RsBwV
u8Pi0n9GIfTOsuBfREg
XTfGW79XVwaLL3PaGxr
FLkSyT9oLPOR8mFa03s
aE7P9X9uThvQGotLVYa
v99RNS9ja4OnSj3dOlx
almWf995Oxqvc13ouIB
B2RUC19LDYx51fKVHng
HnYEYa9hRt19I32c830
mtt20x9iw4cH7VhgI7Z
QVXCpk9TxPMMPRftTrm
fG5b2t9HotZm92xmjZx
xsU0YM9dvuBCGx34XuH
JtWiBh9bjvV3buLrgbk
mBlj5c9Qkieyc9XTlwD
iX4C1m9IvW71TecMCR7
pa1eJU9WPRbpaZomf1K
z5NWLa9mmDNT99LLvth
u9QUgi9a5af98Jvvls8
y2nlQM97WlqK1PGXrxa
kJ5DtO9yQ04DqGaLLOD
i1umqn9sSGn1NGedYEX
EgOmVp9Z7LT60fVCF9j
NGjm8j90vrBtQ1B6dyZ
Id4vSd9KMDbMVmMFx2y
lgGFBe9Nbgm1ZGFCjxv
lDtW5u9qE5QSoAuF1Uo
w1g44N98Ksnk8f5L8lf
mpduTd9DyxKmBfkat2S
sb8wC596V0QZ7iG5pbl
gYGUHT9pGSRI1MKlAEb
xH72VGXUR02LTQv13kf
EkXK42XGG4lkuch1bSi
vHTfXdXXEJAksTkOL46
SFNqxGXojHwW6jM7NYr
LWj2xLXu18RPxcP1q2m
nN4Y7AXjNsHc8P5gJo6
g65i4RX5iHgUWx4huXn
LM2xssXLOtgeJqo2fFN
hhpDKoXhxqHyBk2ZRoT
l1PYt7XiOR4CQCQla2p
PDDrs9XTKsu00gsTVBR
YZKnajXHrmOQr9YbvQy
m8Xb7lXdmAUO9vcU06v
RwgqGeXbJWD7bC321bG
cG697YXQQyU8taJKHT3
ewaAhgXIToqQpTCdewr
OjehlYXWOwbbx2RIAr9
nWdA8cXmGo2axpBTQWk
cLwocpXabWtS5d22B5F
AWFDOCX7Zab2qFfJ7v8
f8DBAAD544B91773
.cctor
UInt32
Module
UInt16
IntPtr
op_Explicit
Marshal
get_FullyQualifiedName
get_Chars
GetTypeFromHandle
RuntimeTypeHandle
get_Module
GetHINSTANCE
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
VirtualProtect
kernel32.dll
MemoryStream
System.IO
m8DBAAD544B91773
Stream
UInt64
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
LoadLibraryA
kernel32
GetProcAddress
hProcess
LoadApi
CreateApi
method
ReturnParams
object
Invoke
handle
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
thread
context
address
length
protect
process
baseAddress
buffer
bufferSize
bytesWritten
bytesRead
applicationName
commandLine
processAttributes
threadAttributes
inheritHandles
creationFlags
environment
currentDirectory
startupInfo
processInformation
ToInt16
startIndex
BitConverter
MethodBase
ToInt32
GetBytes
MethodInfo
Execute
payload
Buffer
ProcessHandle
ThreadHandle
ProcessId
ThreadId
Reserved1
Desktop
Reserved2
StdInput
StdOutput
StdError
geULwbRwd
fehXyYfvhy
typemdt
FieldInfo
B0Y8gvqjc
X75gxBQwq
Assembly
dCr3AgdCS
C5iGWm1cv
YjlIFyrtV
d8IwKZ3nT
RSACryptoServiceProvider
System.Security.Cryptography
j56yjESoe
Dictionary`2
System.Collections.Generic
kv0z25INd
OxXLMNlUQr
H7PLL5iAPU
RgCL5ry1ac
List`1
YEULxnGvKX
m0QLaS1F5D
GsjL9g8ja3
R3wLFbZewF
wsdLObkEQb
jyuL7qrNXJ
LmFLA8gd0R
AYcLDCnBuC
usfLnHavse
K2GLoPW7Sr
SortedList
System.Collections
fATLB7yOVp
mgbLjYqhCS
t8YL0LWtVo
IYDLlwuQUc
PvELXLuSne
Y08Lvd87iv
jW7LdWHyFW
g1bLunKyeV
NWXLUDtKgs
c5ALRYKqRb
firstrundone
fcnLQS7gbG
Hashtable
EAfLEAC0F3
rceL4if63y
oUfLWd7RBO
u7uLTDaiuk
erPLHHD1s2
HhELSQLBcy
T52Lbk6FSX
get_Assembly
set_UseMachineKeyStore
cOhXgdDpJk
nWN5m7K3Q
ReZxSxiJZ
kJmawSxbE
LPc9wV3EC
MhIFse1SO
drWOJociH
rT47WLV2k
m8CAUYBiH
Wp7DM4Mqq
SymmetricAlgorithm
AesCryptoServiceProvider
System.Core
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
ztZnOh9Lx
MD5CryptoServiceProvider
CryptoConfig
get_AllowOnlyFipsAlgorithms
V93oZl5M3
HashAlgorithm
ComputeHash
YHxBFGbCp
VeZjNyNqf
TransformBlock
n6104RmDI
BinaryReader
get_BaseStream
set_Position
ReadUInt32
EmOXN654e
ParameterInfo
DynamicMethod
System.Reflection.Emit
ILGenerator
Monitor
System.Threading
GetManifestResourceStream
get_Length
ReadBytes
GetFields
BindingFlags
MemberInfo
get_MetadataToken
get_Item
GetGenericArguments
ResolveMethod
get_IsStatic
get_FieldType
Delegate
CreateDelegate
SetValue
GetParameters
get_DeclaringType
get_IsValueType
MakeByRefType
get_ParameterType
get_ReturnType
GetILGenerator
OpCode
OpCodes
Ldarg_0
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
QSPv3Xnak
NwEdyZnC9
gLJURA5kS
Debugger
get_IsAttached
vg8R5Zymw
s8rE5nceT
Convert
FromBase64String
Encoding
System.Text
get_Unicode
GetString
ipu4M3TNx
iBaWMeAXY
GlrTM2W85
GetMethod
TaoSI945H
get_Location
Exists
GetName
AssemblyName
get_CodeBase
ToString
Replace
GetType
GetProperty
PropertyInfo
GetValue
xrSbEXQDt
LoadLibrary
Srvm60AOc
aBh6siITT
Concat
GetDelegateForFunctionPointer
rKetPVW5O
e1UJIVZmc
jH42P6TBE
hslcEXgTI
ucthcQ5lr
c8iKhNv3S
op_Equality
NIpe3HaA9
FileStream
FileMode
FileAccess
FileShare
IDisposable
Dispose
gVAfkMyXR
Hjep8dVJy
ToArray
LE5Nnt7Xh
set_Key
set_IV
CreateDecryptor
ICryptoTransform
CryptoStream
CryptoStreamMode
G3siDhSSM
vURCAsBqe
DIAqeSpOm
nOQ14ODOg
tY3YGtH5f
q9qkQao7g
DpYsoq5nS
vUcrRRnlL
sqeZSL72O
MNdPugcTR
BPTavEfPI8
CreateEncryptor
ToBase64String
classthis
nativeEntry
nativeSizeOfCode
W4Oadd1fma
m8Zaun80eo
bNRaTBnZVA
uVaa4GpUIk
u6YaUGQ5Rc
t0UaRBG3Pj
pNJaQb5F9t
ReadInt32
YcBaEMIBPc
hModule
lpName
lpType
lpAddress
dwSize
flAllocationType
flProtect
lpBaseAddress
lpNumberOfBytesWritten
flNewProtect
lpflOldProtect
dwDesiredAccess
bInheritHandle
dwProcessId
value__
fDcLmRVPtU
Yr9XsZ2H1i
PVGanEWhlM
oLdaoiVT7G
tMVaB3hxr3
omRajHZ0wU
WABa0tWy6E
yHDalgja3A
Wc3aXvakmy
rZnaaJrE25
qWAa9mQMya
Single
Double
UIntPtr
Comparison`1
<>9__46_0
yARv6SBI2m
get_Count
TyOaFSuuHy
R2paOF1pXp
cQqa7Eegfx
dbeaA8jlro
wqZaDFXp8N
C1oBHylShu
AosBSnBKRL
stSBbD5mwM
BwOBmMoGP6
MlKB6i90Nn
GLgBtRhyOg
d37Bh8uTDv
Y69BeUt9vR
nOQdl4ODOg
tY3dXGtH5f
q9qdvQao7g
DpYddoq5nS
vUcduRRnlL
sqedUSL72O
MNddRugcTR
d6IBJRRp2Z
c8idQhNv3S
V1kdEyl02V
B0Yd4gvqjc
wLUB2Orv23
X75dWxBQwq
dCrdTAgdCS
C5idHWm1cv
YjldSFyrtV
d8IdbKZ3nT
j56dmjESoe
kv0d625INd
OxXdtNlUQr
H7PdJ5iAPU
RgCd2ry1ac
YEUdcnGvKX
m0QdhS1F5D
Gsjdeg8ja3
R3wdfbZewF
wsddpbkEQb
jyudNqrNXJ
LmFdi8gd0R
AYcdCCnBuC
usfdqHavse
K2Gd1PW7Sr
fATdY7yOVp
mgbdkYqhCS
t8YdsLWtVo
IYDdrwuQUc
PvEdZLuSne
Y08dPd87iv
jW7dKWHyFW
g1bdVnKyeV
NWXd8DtKgs
c5AdgYKqRb
fcnd3S7gbG
EAfdGAC0F3
rcedIif63y
oUfdwd7RBO
u7udyDaiuk
erPdzHD1s2
HhEuMQLBcy
T52uLk6FSX
fDcu5RVPtU
VVAuxnv6BF
PPauaFcpRf
rFou9powA0
TvpuFtHMx3
d69uOOjWrX
XJsu7LDPbi
AKNuAZ11DR
PZYuDsqDg5
OJsungeQZd
CrluoqnI7g
fdRuBgjrLs
YYHujsF82I
HL6u0YI3Yb
S5MuleAUoL
pY5uXSxpHK
qmOuvwnxTA
LJ3udQlIYO
N4muuK8Z5O
KGbuURteF6
cSauRN3PjN
xXAuQJbXWE
gRCuEnOnhD
gKku4OTsTL
SHouWnYaPf
tJ9BciOew0
BeouTiljCp
a5iuHuxxL9
AMUuSZ5Bny
s3rubpelFd
lwlumgaheq
oj9u6Fhwca
kZGutsdjSl
soGuJAfcec
UOZu2PVRec
FCHBfwKmRn
hA1BpvTi1k
QmSBNgiBCc
SF9BiX4ruC
oPHBCnNDZA
qt6BqjXoyG
HSsB1KnPq6
DoQBY2qDkD
EtUBZQQZRa
WAmBPMB0G0
qU2BkdrOYs
kHZBssPC3s
ovaBrj9Y4u
z0dj5rkN6f
a5Pjxy25SY
L97BKE25N4
lqfucMK0hV
NrdBVmtKL7
RvoB8BAV82
diBBgFLiiU
EMWB3yONoS
A91BGcXunp
C1lBIaw5rr
A4nBwDQQ4V
yIwByEsukh
qiFBz81Hu6
Cp3jMBVv14
OKCjLo23lH
gyIuhELnxq
BUuja1QMZO
uFvj9I4fVf
wk1jFwCKSW
PTyjO0yydc
DWVuea1EMj
BThufJwh7w
Eqfup3BbFp
DSnj7hEZ7a
RL9jAF4lBE
NotImplementedException
QA1jDkQJ0I
YeejnUEEvx
A39joYqGSV
nGEjBfyeTD
EqvjjieJlV
GVpj08wEwV
kTXjlPLshT
tPBjXYjAJE
UDsjvgp1ei
UhNjdqxgic
RcQjuILAQC
XH6jUerVZS
WhxjRcXFCB
r4GjQb7Vvg
N3YjEEsk0h
KBbj4IwY3n
CrWjWZF3Io
XFAjTPCIM3
F9CjHFtGZY
FTijSNsYde
LIFjbWNxpq
nWdjmd2WlN
Dpmj6iSp4C
y6mjtIyqq4
qpZjJxQ46V
J96j2oqJsf
JDJjcB4nud
fBcjhfhonR
C4ujeQYOhV
Hpjjf13Ho9
ovMjpUjjfa
MCsjCH4M8g
f1xjqAe01x
AddRange
IEnumerable`1
Equals
GetHashCode
Enumerator
GetEnumerator
get_Current
MoveNext
uJ9jNuhOde
LaJjisNd9u
target
paramters
eV7XiE3C4H
GL6XCXXAY9
Ti3XqqGbnS
xvIX12K5P4
Gl4XYW9Iw1
GT5XkyXtsY
vBXXs2g5N5
kO9XrsjAAr
LHAXZHD3u1
mJvXPuZWLG
P6nXKq05L2
d6xXV9O6wf
WUtX89BpW0
wIZXgFO6U7
WT9X3IVJtU
us3XG3bSNL
hL4XIw57CM
xRkXwNANCW
tnBXycvSYh
UBIXzg2TS3
kQfvM9jv6W
yeHvLKgEPe
schv5EvJl0
Rfevxivn5c
MTHvairTKI
Qe7v9AGJpX
OEuvFnCu1u
np5vOHNAn0
xRgv7G3cbx
vQovAna5lx
hEbvDetTSD
ygDj1mPbak
liejY9ZWI8
tbKjk9l4qb
TargetInvocationException
chDjs4NQul
rEbjr309ae
gBsjZMnfbw
LedjPYTVOC
bbijKtxMDJ
ConstructorInfo
RuntimeMethodHandle
Reverse
NullReferenceException
TryGetValue
set_Item
ArithmeticException
OverflowException
Tf1j86bleG
R5TlnuhCDh
YJaloo5Icr
iy9X7mlNkM
EmptyTypes
Sizeof
iOjXUP0iwQ
emQXRxn40M
nQ3XmWfO7h
ngsX61877u
LocalBuilder
Ldelem_Ref
Unbox_Any
Castclass
Ldloc_S
Ldloca_S
Ldnull
Ldind_Ref
Stelem_Ref
VjkXtf3BeQ
Ldsflda
Ldflda
Ldsfld
p5CXJfBK9B
Newobj
mduX2x281b
Ldc_I4_M1
Ldc_I4_0
Ldc_I4_1
Ldc_I4_2
Ldc_I4_3
Ldc_I4_4
Ldc_I4_5
Ldc_I4_6
Ldc_I4_7
Ldc_I4_8
Ldc_I4_S
Ldc_I4
UaBXcOcakv
tdGXhyXof8
bltXeOrHnB
BSmXfQAMYn
xoaXpMBebu
Initblk
KbHXNoolqk
<>9__12_0
MPIvtZCIsW
tdyvUPSCoA
W6wvnQlCGV
glCvoAFEwW
LkLvBB03rl
E4wvjiQ2aY
YVbv0y1oss
nGhvlaVjva
hewvXrsnJ8
UUIvvnLNCA
InvalidCastException
CFovdms9ca
wxXvux1dbZ
RJYvRBRDtP
jyuvQjLcik
SgfvEZDVji
aKuvmhnH37
hMWvSoG03q
OyDv4akGg5
DjWvWsmuSB
HtMvTddAIt
CmTvHQWOmB
RemoveAt
StringBuilder
IFormatProvider
AppendLiteral
AppendFormatted
ToStringAndClear
0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A
4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B
62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9
7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378
97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A
C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18
C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6
D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5
PhEO0URQC
PTIfgElk5
pCqVgqUin
HKXtxKmka
LLxw1W8db
hkE2IsURC
QL11Udvcv
XDRYxHL74
PJUMnq4W1
X1uriU1US
O1o4cRRsq
UmrcHHQSW
KtnAYUWuO
f2nlUCZOY
FrLgWVVre
SF2Cslhoo
DnvB8JQhC
jGykRJ3Fv
StringSplitOptions
gVG3YCKbn
vmXPXEqMU
HonnCMpBd
fFpJ3tlya
XxGFbd4KG
Yh2EBr8GO
DYpz9S7Ve
OfJRRCKj0L
umyR9cqLmZ
uvERvCmwc0
LadRSBmY2D
ktdRxe0OJI
Process
pEZRedSrPr
tXNRfEJOmJ
d3VROJWv7L
ia6RVCguy6
YBnRtWi2Sj
TuoRwWSWfk
m5AR22sQa9
V5XR1iCTy1
im4RYEbJkh
P6iRMW0f3f
gVmRrR97CM
x8jR4ULkiG
E5wRckjMkT
L06RAjINl1
hfYRl2ogpA
Fi7RgWCUZ4
IniRCPDNtC
tZ6RBwaS2I
CURRk6iADs
AuuR3Xx09L
zaWRPa22ZJ
MkrRnlTmlq
zXiRJ6BccN
ACqRFSxsow
lMYRE3GnOE
MGIRzY7r4T
PLWGRossCO
AlXG9vIZtp
iKdGverrqp
rCKGSMVLWW
jEWGx3PICG
qrdGeC6cyp
Y34Gf09e6N
iZSGOeJEVZ
GBYGVuApd8
H7JGtAtkOp
xtAGwGW234
F8GG2OPN85
iniG1QwXcg
xMeGYrTL6e
cZ1GMpB4qB
fMXGrpPqbB
RSqG4loiIb
pDPGcX1SoQ
XNWGALxpA4
Q3nGlisarp
nlgGgveHtd
Vj4GCbHDV1
RgGGB4lGyx
StOGk3r2ka
nWlG3qS6MB
jMWGPIeITN
j3gGncviSg
lx9GJNexuY
t8TGFTYnlk
p9xGEyQXxH
NLUGzTQ527
Ahr9RKTMxb
pLm99DFb81
hE49vM0spv
E0q9S1lowA
C2l9xfcIA5
h1E9edc6kG
h8Z9fVhX4U
JZX9O2q1Tn
ghX9V5ilrk
Teg9tODTV4
frW9wk2QMt
BhF92PbhW7
D6w919WjF9
Uyb9YeqtLh
BQP9M0wxBA
i1O9rhV8W5
rqe94fbR7u
mq29cRrlBl
Vyi9AA724d
VcK9lwyAZj
OVs9gwT5ck
Ia39C6OD0G
nrY9BN9iZh
H6c9kCwugu
ygR93bdbAG
MAX9Pt0UZt
U0Q9nreW1Z
TPk9Js9901
R1a9FFZO25
R8b9EawDmN
rBf9z6YpF4
HAcXR9ftZc
YDtX9R7Q2k
U7dXvNOAMf
FuwXSOXo69
LS8XxYm3ti
yvRXeRXZCN
gnlXfm5GeF
nBtXO3W2gn
m9vXVDKsJf
YDSXtLnhkL
jrdXwYlk5i
PquX29Q1cW
TO6X1UB7tI
XG9XY6Eht4
TxyXMKWmJY
qbKXrxn8KJ
ODNX4Gkcpg
a8gXcLA4jn
qvqXA6Ght9
NHqXltOenO
GetPublicKeyToken
set_Mode
CipherMode
FlushFinalBlock
get_EntryPoint
ReadByte
GetExecutingAssembly
GetCallingAssembly
GetElementType
BlockCopy
get_UTF8
Intern
Strings
Microsoft.VisualBasic
StrReverse
get_Name
GetMethods
SizeOf
ToUInt32
get_Size
GetProcessById
ResolveType
get_ManifestModule
get_IsByRef
ReadInt64
ReadSingle
ReadDouble
op_Inequality
get_Position
Nullable
GetUnderlyingType
get_IsEnum
ToObject
ToInt64
ToUInt64
FreeHGlobal
get_InnerException
get_FullName
get_BaseType
GetBaseDefinition
get_MethodHandle
GetFunctionPointer
ResolveField
ResolveMember
AllocHGlobal
ResolveString
IsInfinity
IsAssignableFrom
FormatterServices
System.Runtime.Serialization
GetUninitializedObject
DeclareLocal
EmitCall
LocalVariableInfo
get_LocalType
ChangeType
CompareTo
get_FieldHandle
get_TypeHandle
Append
AppendFormat
UnmanagedFunctionPointerAttribute
CallingConvention
CharSet
FlagsAttribute
CompilerGeneratedAttribute
NewPE.g.resources
rAYYh7enE9M7cQAE7j.bJpNKy5RxS4jaXf1kD
qrZO6Ax1cAK4GUABWW.cQp5WmjIL7IxyBy8MY
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
WrapNonExceptionThrows
Avast Installer
AVAST Software
!Copyright (c) 2023 AVAST Software
microstub
$e06fcce8-7adc-4d71-9673-cf28fd8a5637
2.1.99.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
Confuser.Core 1.5.0+b5197549e4
CociHuaT4WLV2kj8CU.EwV3ECxYhIse1SOarW+bRqeSLE72O1NdugcTR+pGgtnlL82qSlXNiLlrS`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
CharSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
o) (TCl~
*_JhJY
a*9g?])
Ag7O69
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
value__
System.Globalization.CultureInfo
m_isReadOnly
compareInfo
textInfo
numInfo
dateTimeInfo
calendar
m_dataItem
cultureID
m_name
m_useUserOverride
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo&System.Globalization.GregorianCalendar
System.Globalization.CompareInfo
m_name
win32LCID
culture
m_SortVersion
System.Globalization.SortVersion
System.Globalization.TextInfo
m_listSeparator
m_isReadOnly
m_cultureName
customCultureName
m_nDataItem
m_useUserOverride
m_win32LangID
%System.Globalization.NumberFormatInfo"
numberGroupSizes
currencyGroupSizes
percentGroupSizes
positiveSign
negativeSign
numberDecimalSeparator
numberGroupSeparator
currencyGroupSeparator
currencyDecimalSeparator
currencySymbol
ansiCurrencySymbol
nanSymbol
positiveInfinitySymbol
negativeInfinitySymbol
percentDecimalSeparator
percentGroupSeparator
percentSymbol
perMilleSymbol
nativeDigits
m_dataItem
numberDecimalDigits
currencyDecimalDigits
currencyPositivePattern
currencyNegativePattern
numberNegativePattern
percentPositivePattern
percentNegativePattern
percentDecimalDigits
digitSubstitution
isReadOnly
m_useUserOverride
m_isInvariant
validForParseAsNumber
validForParseAsCurrency
Infinity
-Infinity
'System.Globalization.DateTimeFormatInfo+
m_name
amDesignator
pmDesignator
dateSeparator
generalShortTimePattern
generalLongTimePattern
timeSeparator
monthDayPattern
dateTimeOffsetPattern
calendar
firstDayOfWeek
calendarWeekRule
fullDateTimePattern
abbreviatedDayNames
m_superShortDayNames
dayNames
abbreviatedMonthNames
monthNames
genitiveMonthNamesm_genitiveAbbreviatedMonthNames
leapYearMonthNames
longDatePattern
shortDatePattern
yearMonthPattern
longTimePattern
shortTimePattern
allYearMonthPatterns
allShortDatePatterns
allLongDatePatterns
allShortTimePatterns
allLongTimePatterns
m_eraNames
m_abbrevEraNames
m_abbrevEnglishEraNames
optionalCalendars
m_isReadOnly
formatFlags
CultureID
m_useUserOverride
bUseCalendarInfo
nDataItem
m_isDefaultCalendar
m_dateWords
&System.Globalization.GregorianCalendar
(System.Globalization.DateTimeFormatFlags
dddd, dd MMMM yyyy
MM/dd/yyyy
yyyy MMMM
HH:mm:ss
(System.Globalization.DateTimeFormatFlags
value__
&System.Globalization.GregorianCalendar
m_type
m_currentEraValue
twoDigitYearMax
Calendar+m_currentEraValue
Calendar+m_isReadOnly
Calendar+twoDigitYearMax
+System.Globalization.GregorianCalendarTypes
+System.Globalization.GregorianCalendarTypes
value__
yyyy-MM-dd
hh:mm tt
h:mm tt
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
height
DBRfhn M
_CorDllMain
mscoree.dll
)P71PDAPPQPPYPPaPPiPPqPPyPP
P7TP7T
.#J.;j.3J.+U
! " #"$ % & ' ( ) * + , - . / 2131415161718191:1;1<1=1>1?1@1A1B1C1D1E1F1G1H1I1J1K1L1M1N1O1POQ1R1S1T1U1V1W1X1Y1[Z\Z]Z^Z_Z`ZaZ
sabcst
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Cryptography.AesCryptoServiceProvider
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
rAYYh7enE9M7cQAE7j.bJpNKy5RxS4jaXf1kD
{11111-22222-10009-11111}
{11111-22222-10009-11112}
Debugger Detected
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
file:///
Location
ResourceA
Virtual
Write
Process
Memory
Protect
Process
Close
Handle
kernel
32.dll
{11111-22222-10001-00001}
{11111-22222-10001-00002}
{11111-22222-20001-00001}
{11111-22222-20001-00002}
{11111-22222-30001-00001}
{11111-22222-30001-00002}
{11111-22222-40001-00001}
{11111-22222-40001-00002}
{11111-22222-50001-00001}
{11111-22222-50001-00002}
qrZO6Ax1cAK4GUABWW.cQp5WmjIL7IxyBy8MY
$this.SnapToGrid
$this.TrayLargeIcon
$this.Icon
$this.Locked
$this.DrawGrid
progressBar1.Modifiers
$this.Localizable
$this.Language
$this.GridSize
$this.TrayHeight
progressBar1.Locked
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Avast Installer
CompanyName
AVAST Software
FileDescription
FileVersion
2.1.99.0
InternalName
NewPE.dll
LegalCopyright
Copyright (c) 2023 AVAST Software
LegalTrademarks
microstub
OriginalFilename
NewPE.dll
ProductName
ProductVersion
2.1.99.0
Assembly Version
2.1.99.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Gen:Variant.MSILHeracles.101263
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Gen:Variant.MSILHeracles.101263
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.MSILHeracles.101263
K7GW Clean
CrowdStrike win/malicious_confidence_90% (D)
BitDefenderTheta Clean
VirIT Clean
Cyren W32/MSIL_Troj.C.gen!Eldorado
Symantec Clean
tehtris Clean
ESET-NOD32 a variant of MSIL/Injector_AGen.EM
APEX Clean
Paloalto Clean
Cynet Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Sophos Clean
Baidu Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
FireEye Gen:Variant.MSILHeracles.101263
Emsisoft Gen:Variant.MSILHeracles.101263 (B)
Ikarus Clean
GData Gen:Variant.MSILHeracles.101263
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=88)
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.MSILHeracles.D18B8F
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.MSILHeracles.101263
TACHYON Clean
DeepInstinct MALICIOUS
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Clean
Fortinet Clean
AVG Clean
Avast Clean
No IRMA results available.