Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00004774	0x00005000	5.29338720758
.rsrc	0x00008000	0x000002a8	0x00001000	0.682262739987
.reloc	0x0000a000	0x0000000c	0x00001000	0.0131269437212

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x00008058	0x0000024c	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

3msL

! sh

3fsL

v2.0.50727

#Strings

Client777.exe

Program

Keylogger

mscorlib

System

Object

registryName

splitter

victimName

version

System.Threading

stubMutex

System.IO

FileInfo

currentAssemblyFileInfo

keylogger

isConnected

System.Net.Sockets

TcpClient

tcpSocket

MemoryStream

memoryStream

bytesArray

lastCapturedImage

currentPlugin

DeleteValueFromRegistry

GetValueFromRegistry

Microsoft.Win32

RegistryValueKind

SaveValueOnRegistry

GetInfo

StringToBase64

Base64ToString

StringToBytes

BytesToString

DecompressGzip

SearchForCam

GetForegroundWindowTitle

GetHWID

Plugin

Uninstall

HandleData

CreateHash

Connect

Receive

NtSetInformationProcess

capGetDriverDescriptionA

GetVolumeInformation

GetForegroundWindow

GetWindowText

GetWindowTextLength

System.Text

StringBuilder

ToUnicodeEx

GetKeyboardState

MapVirtualKey

GetWindowThreadProcessId

GetKeyboardLayout

GetAsyncKeyState

VKCodeToUnicode

System.Windows.Forms

LastAV

LastAS

lastKey

Microsoft.VisualBasic

Microsoft.VisualBasic.Devices

Keyboard

keyboard

System.Runtime.CompilerServices

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

Client777

STAThreadAttribute

Interaction

Command

Registry

RegistryKey

CurrentUser

SetValue

Thread

Environment

ThreadStart

Application

DoEvents

System.Diagnostics

Process

GetCurrentProcess

IntPtr

op_Explicit

set_MinWorkingSet

Microsoft.VisualBasic.CompilerServices

Operators

CompareString

String

Concat

RegistryKeyPermissionCheck

CreateSubKey

DeleteValue

IDisposable

Dispose

OpenSubKey

RuntimeHelpers

GetObjectValue

GetValue

ConditionalCompareObjectEqual

Conversions

ToString

get_MachineName

get_UserName

FileSystemInfo

DateTime

get_LastWriteTime

get_Date

Computer

ServerComputer

ComputerInfo

get_Info

get_OSFullName

OperatingSystem

get_OSVersion

get_ServicePack

Strings

CompareMethod

SpecialFolder

GetFolderPath

Contains

GetValueNames

get_Length

Convert

ToBase64String

FromBase64String

Encoding

get_UTF8

GetBytes

GetString

System.IO.Compression

GZipStream

Stream

CompressionMode

set_Position

BitConverter

ToInt32

op_Equality

Environ

Conversion

System.Reflection

Assembly

Module

GetModules

GetTypes

get_FullName

EndsWith

get_Assembly

CreateInstance

DeleteSubKeyTree

AppWinStyle

WaitHandle

ConcatenateObject

get_Chars

ToArray

System.Net

WebClient

DownloadData

GetTempFileName

WriteAllBytes

get_Name

Exception

get_Message

ProjectData

ClearProjectError

NewLateBinding

LateSet

LateCall

Boolean

LateGet

CompareObjectEqual

OrObject

ToBoolean

Screen

get_PrimaryScreen

System.Drawing

Rectangle

get_Bounds

get_Width

get_Height

Bitmap

System.Drawing.Imaging

PixelFormat

Graphics

FromImage

CopyPixelOperation

CopyFromScreen

Cursors

Cursor

get_Default

get_Position

SetProjectError

ToInteger

DrawImage

ImageFormat

get_Jpeg

WriteByte

RuntimeTypeHandle

GetTypeFromHandle

ChangeType

System.Security.Cryptography

MD5CryptoServiceProvider

HashAlgorithm

ComputeHash

Monitor

Socket

get_Client

SocketFlags

set_ReceiveBufferSize

set_SendBufferSize

set_SendTimeout

set_ReceiveTimeout

DirectoryInfo

get_Directory

<Receive>b__0

ParameterizedThreadStart

<>9__CachedAnonymousMethodDelegate1

CompilerGeneratedAttribute

get_Available

SelectMode

NetworkStream

GetStream

ReadByte

ToLong

System.Runtime.InteropServices

DllImportAttribute

hProcess

processInformationClass

processInformation

processInformationLength

avicap32.dll

wDriver

lpszName

MarshalAsAttribute

UnmanagedType

cbName

lpszVer

kernel32

GetVolumeInformationA

lpRootPathName

lpVolumeNameBuffer

nVolumeNameSize

lpVolumeSerialNumber

lpMaximumComponentLength

lpFileSystemFlags

lpFileSystemNameBuffer

nFileSystemNameSize

user32.dll

GetWindowTextA

WinTitle

MaxLength

GetWindowTextLengthA

.cctor

get_ExecutablePath

OutAttribute

user32

GetProcessById

get_MainWindowTitle

DateAndTime

get_Now

get_ProcessName

get_ShiftKeyDown

get_CapsLock

ToUpper

ToLower

get_CtrlKeyDown

Remove

WrapNonExceptionThrows

_CorExeMain

mscoree.dll

Software\

yy-MM-dd

SystemDrive

Software

cmd.exe /C Y /N /D Y /T 1 & Del "

getvalue

Execute ERROR

Download ERROR

Executed As

Execute ERROR

Update ERROR

Updating To

Update ERROR

patria.duckdns.org

8930d85a9f

@!#&^%$

TllBTiBDQVQ=

yy/MM/dd

[ENTER]

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

FileDescription

FileVersion

0.0.0.0

InternalName

Client777.exe

LegalCopyright

OriginalFilename

Client777.exe

ProductVersion

0.0.0.0

Assembly Version

0.0.0.0

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.KeyLogger.4!c
tehtris	Clean
MicroWorld-eScan	Trojan.GenericKDZ.61581
ClamAV	Win.Packed.njRAT-7445143-0
FireEye	Generic.mg.e782fef1056c8725
CAT-QuickHeal	Trojan.MsilFC.S20327749
McAfee	Trojan-FSCY!E782FEF1056C
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.GenericKDZ.61581
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	TrojanSpy:MSIL/KeyLogger.44c89fb7
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (W)
Baidu	MSIL.Backdoor.Bladabindi.a
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/Razy.DC.gen!Eldorado
Symantec	Backdoor.Ratenjay!gen3
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Bladabindi.AZ
APEX	Malicious
Paloalto	Clean
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
BitDefender	Trojan.GenericKDZ.61581
NANO-Antivirus	Clean
ViRobot	Clean
Tencent	Msil.Trojan-Spy.Keylogger.Sgil
TACHYON	Clean
Sophos	Mal/Bladabi-W
F-Secure	Trojan.TR/Dropper.Gen7
DrWeb	BackDoor.Bladabindi.16104
Zillya	Clean
TrendMicro	TrojanSpy.MSIL.LIMEKEYLOG.SMLV
McAfee-GW-Edition	Trojan-FSCY!E782FEF1056C
Trapmine	malicious.moderate.ml.score
CMC	Clean
Emsisoft	Trojan.GenericKDZ.61581 (B)
SentinelOne	Static AI - Malicious PE
GData	MSIL.Backdoor.Bladabindi.AV
Jiangmin	Trojan.MSIL.oetu
Webroot	Clean
Avira	TR/Dropper.Gen7
Antiy-AVL	Trojan/MSIL.Crypt
Kingsoft	Clean
Gridinsoft	Clean
Xcitium	TrojWare.MSIL.Bladabindi.BGS@7lngf6
Arcabit	Trojan.Generic.DF08D
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
Microsoft	Trojan:MSIL/Bladabindi
Google	Detected
AhnLab-V3	Trojan/Win32.SpyGate.R292993
Acronis	Clean
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKDZ.61581
MAX	malware (ai score=81)
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	TrojanSpy.MSIL.LIMEKEYLOG.SMLV
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Yandex	Clean
Ikarus	Trojan.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Bladabindi.AS!tr
BitDefenderTheta	Gen:NN.ZemsilF.36738.cm0@aGjpbhj
AVG	MSIL:Bladabindi-JK [Trj]
Cybereason	malicious.9364d8
Avast	MSIL:Bladabindi-JK [Trj]

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports