Static | ZeroBOX

PE Compile Time

2067-03-01 04:16:29

PE Imphash

dae02f32a21e03ce65412f6e56942daa

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00004a14 0x00004c00 6.0465198845
.rsrc 0x00008000 0x00000368 0x00000400 2.74942259942
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00008058 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x10002000 _CorDllMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
ToInt16
ToInt32
rdYaff%
eQa cu
x"YaZ m~'
aaXXXZYeX
1vYeaZf w
;Ye /A$
ZfXZaX
ufaeY%
$ZY )s
Yfaee c6
Zae !`XDfefY 9N/
7Yf R<smffaaX
CeZYZe
afYeX
* effa
<YQafX w
.PNZY
aeYfZYe
DxeeXa
Za bI`
|ZYeXa
:nZYe
YZY ;y
aeaY #G
aXf SB+
XZaeeaaff t>*
YfYf [
-afX #?["Z
$$`ZZYe
XDZ $bC1a8
\rCmZ
Z LG}za8
j[8a8$
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
wVZ q#R
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
/_^E_
>Js?%&
JZ Lu@
?OlZ T
/ DUEpZ
8D22%&
L}Z !M
"=Za8z
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
aef mg!
ZXZXa M
f;offZ u
_XXXfYaa !
ZaXa e
5ZeX W
zZYeXa
ZeZeaY
aeZZaf%
RYaaYXe
zXYX /
^xiZY
ZZefY .
{"eX 7
eZYf 'v
qafaeY%
Z eF2/
.aaYfXefY 
ZfYaX Yb
Zeef g
aXeaa {#s
X{feX
YXfXa
v4.0.30319
#Strings
NewPE2.dll
<Module>
.cctor
NewPE2
mscorlib
Object
System
DelegateResumeThread
MulticastDelegate
object
method
Invoke
handle
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
DelegateWow64SetThreadContext
thread
context
DelegateSetThreadContext
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateVirtualAllocEx
address
length
protect
DelegateWriteProcessMemory
process
baseAddress
buffer
bufferSize
bytesWritten
DelegateReadProcessMemory
bytesRead
DelegateZwUnmapViewOfSection
DelegateCreateProcessA
applicationName
commandLine
processAttributes
threadAttributes
inheritHandles
creationFlags
environment
currentDirectory
startupInfo
processInformation
ProcessInformation
ValueType
ProcessHandle
ThreadHandle
ProcessId
ThreadId
StartupInformation
Reserved1
Desktop
Reserved2
StdInput
StdOutput
StdError
Native
Kernel32
RsmThread
Wow64SetThreadCtx
SetThreadCtx
Wow64GetThreadCtx
GetThreadCtx
VirtualAllcEx
WriteProcessMem
ReadProcessMem
ZwUnmapViewOfSec
CreateProcA
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
LoadLibraryA
kernel32
GetProcAddress
hProcess
LoadApi
CreateApi
Execute
payload
ReverseString
BinaryToString
<PrivateImplementationDetails>
23091FDFCA65D98CD7E6CDD7E4207E98035057E8168097525495410CEE4469B7
9A211BE544A8FBEE0D0F761E9FDB3EC75F389FCF6E250DA114AE7558639C92B6
__StaticArrayInitTypeSize=7
ConfusedByAttribute
Attribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
GetTypeFromHandle
RuntimeTypeHandle
Marshal
GetDelegateForFunctionPointer
Delegate
Convert
ToString
String
StringSplitOptions
Encoding
System.Text
get_Default
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
GetString
SizeOf
UInt32
Exception
ToInt32
BitConverter
GetMethod
MethodInfo
MethodBase
IntPtr
Microsoft.VisualBasic
Interaction
CallByName
CallType
GetBytes
get_Size
ToInt16
Buffer
BlockCopy
Process
GetProcessById
Strings
StrReverse
Substring
ToByte
Replace
System.Text.RegularExpressions
get_ASCII
get_Length
198-Protector v4.0-Stressed
WrapNonExceptionThrows
NewPE2
Copyright
2022
$93836e84-1d33-4fcf-a590-27e36c5cdf8e
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName.NET Framework 4 Client Profile
_CorDllMain
mscoree.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
NewPE2
FileVersion
1.0.0.0
InternalName
NewPE2.dll
LegalCopyright
Copyright
2022
LegalTrademarks
OriginalFilename
NewPE2.dll
ProductName
NewPE2
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.Common.AF8292E2
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.68113439
ClamAV Clean
FireEye Generic.mg.5616daa897af18e8
CAT-QuickHeal Clean
McAfee Artemis!5616DAA897AF
Malwarebytes Clean
VIPRE Trojan.GenericKD.68113439
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:MSIL/Runner.833208ad
K7GW Trojan ( 0058ab471 )
K7AntiVirus Trojan ( 0058ab471 )
Baidu Clean
VirIT Clean
Cyren W32/MSIL_Troj.C.gen!Eldorado
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 a variant of MSIL/Runner.AT
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.GenericKD.68113439
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Avast Win32:InjectorX-gen [Trj]
Tencent Win32.Trojan.Generic.Ngil
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1300034
DrWeb Trojan.PackedNET.1985
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Infected.mm
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKD.68113439 (B)
Ikarus Trojan-Spy.Agent
GData Trojan.GenericKD.68113439
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1300034
Antiy-AVL Trojan/MSIL.Runner
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D40F541F
ViRobot Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C4202877
Acronis suspicious
BitDefenderTheta Clean
ALYac Trojan.GenericKD.68113439
MAX malware (ai score=83)
VBA32 Clean
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DGB23
Rising Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:lPxPrANVUrqVulJEYVwRtg)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Runner.AT!tr
AVG Win32:InjectorX-gen [Trj]
DeepInstinct MALICIOUS
No IRMA results available.