popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2068-04-24 01:38:01

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x014eda54 0x014edc00 3.51978419637
.rsrc 0x014f0000 0x00004516 0x00004600 5.28231663719
.reloc 0x014f6000 0x0000000c 0x00000200 0.122275881259

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x014f00f0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x014f4318 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x014f432c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
BinderStub.exe
<Module>
Program
BinderStub
mscorlib
Object
System
random
Random
RandomString
length
IsAdministrator
.cctor
<>9__2_0
Func`2
<RandomString>b__2_0
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
Dictionary`2
System.Collections.Generic
System.Windows.Forms
MessageBoxIcon
List`1
Enumerator
Boolean
Process
GetCurrentProcess
get_MainModule
ProcessModule
get_FileName
ProcessStartInfo
set_Verb
set_Arguments
Environment
String
GetFolderPath
SpecialFolder
System.IO
GetTempPath
ExpandEnvironmentVariables
Directory
GetDirectories
Convert
FromBase64String
Concat
WriteAllBytes
Console
WriteLine
Thread
System.Threading
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
get_Item
MessageBox
DialogResult
MessageBoxButtons
System.Core
Enumerable
System.Linq
Repeat
IEnumerable`1
Select
ToArray
WindowsIdentity
System.Security.Principal
GetCurrent
WindowsPrincipal
IsInRole
WindowsBuiltInRole
get_Length
get_Chars
;.#w.;
TVqQAAMABAAAAAAA//8AAIsAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZKoGAAAAAAAANHwAAAAAAPAAIgILAgMAAEQzAABWEAAAAAAAMBcGAAAQAAAAAAAAAQAAAAAQAAAAAgAABgABAAEAAAAGAAEAAAAAAACwggAABgAAAAAAAAMAYIEAACAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAYIEAkAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwgQBOIgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNhqAEgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACBCMwAAEAAAAEQzAAAGAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACQaDcAAGAzAABqNwAASjMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAwIoWAADQagAAVhAAALRqAAAAAAAAAAAAAAAAAEAAAMAuaWRhdGEAAJAEAAAAYIEAAAYAAAAKewAAAAAAAAAAAAAAAABAAADALnJlbG9jAABOIgEAAHCBAAAkAQAAEHsAAAAAAAAAAAAAAAAAQAAAQi5zeW10YWIABAAAAACgggAAAgAAADR8AAAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.MSIL.Binder.13
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Heur.MSIL.Binder.13
K7GW Clean
Cybereason malicious.91fd0c
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Agent_AGen.BJR
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan.MSIL.Crypt.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Dropper.Generic!8.35E (TFE:dGZlOgwTO/kFakrH0A)
TACHYON Clean
Sophos Generic ML PUA (PUA)
Baidu Clean
F-Secure Trojan.TR/Dropper.Gen2
DrWeb Clean
VIPRE Gen:Heur.MSIL.Binder.13
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
FireEye Generic.mg.ae5fd5f483713e54
Emsisoft Gen:Heur.MSIL.Binder.13 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Heur.MSIL.Binder.13
Jiangmin Trojan.MSIL.twon
Webroot Clean
Google Clean
Avira TR/Dropper.Gen2
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium TrojWare.MSIL.Agent.GH@60rvah
Arcabit Trojan.MSIL.Binder.13
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Crypt.gen
Microsoft Trojan:Script/Phonzy.C!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5486266
Acronis Clean
VBA32 Dropper.MSIL.gen
ALYac Gen:Heur.MSIL.Binder.13
MAX malware (ai score=86)
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Gen.MSIL.Krypt
MaxSecure Clean
Fortinet Clean
AVG Win32:DropperX-gen [Drp]
Avast Win32:DropperX-gen [Drp]
CrowdStrike Clean
No IRMA results available.