popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2068-04-24 01:38:01

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000b3f84 0x000b4000 3.55984420585
.rsrc 0x000b6000 0x00000248 0x00000400 3.52628641169
.reloc 0x000b8000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x000b6058 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
BinderStub.exe
<Module>
Program
BinderStub
mscorlib
Object
System
random
Random
RandomString
length
IsAdministrator
.cctor
<>9__2_0
Func`2
<RandomString>b__2_0
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
Dictionary`2
System.Collections.Generic
System.Windows.Forms
MessageBoxIcon
List`1
Enumerator
Boolean
Process
GetCurrentProcess
get_MainModule
ProcessModule
get_FileName
ProcessStartInfo
set_Verb
set_Arguments
Environment
String
GetFolderPath
SpecialFolder
System.IO
GetTempPath
ExpandEnvironmentVariables
Directory
GetDirectories
Convert
FromBase64String
Concat
WriteAllBytes
Console
WriteLine
Thread
System.Threading
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
get_Item
MessageBox
DialogResult
MessageBoxButtons
System.Core
Enumerable
System.Linq
Repeat
IEnumerable`1
Select
ToArray
WindowsIdentity
System.Security.Principal
GetCurrent
WindowsPrincipal
IsInRole
WindowsBuiltInRole
get_Length
get_Chars
WrapNonExceptionThrows
BinderStub
Copyright
2021
$5ea83a02-dd40-4e15-ba38-974d30d3d423
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
;.#w.;
TVp4AAEAAAAEAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuJAAAUEUAAEwBBgDGFddhAAAAAAAAAADgAAIBCwEOAACSAAAAjAAAAAAAABARAAAAEAAAAAAAAAAAQAAAEAAAAAIAAAYAAQAAAAAABgABAAAAAAAAsAEAAAQAAIs2AgACAECBAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAoxQAAUAAAAAAwAQDAYwAAAAAAAAAAAAAAIgEAQDMAAACgAQAsBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXLAAABgAAAAAAAAAAAAAAAAAAAAAAAAAfMYAAAQBAAA0vwAAYAEAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAIqQAAAAEAAAAJIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABaGwAAALAAAAAcAAAAlgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAKEUAAADQAAAAAgAAALIAAAAAAAAAAAAAAAAAAEAAAMAudGxzAAAAAAgAAAAAIAEAAAIAAAC0AAAAAAAAAAAAAAAAAABAAADALnJzcmMAAADAYwAAADABAABkAAAAtgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAALAYAAACgAQAACAAAABoBAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
errrrrrrrrrrrrrrr
restart
warning
%ProgramData%
Sleeping...
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Antivirus Signature
Bkav W32.Common.B146B7A6
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
DrWeb Trojan.PackedNET.2424
MicroWorld-eScan Gen:Heur.MSIL.Binder.13
FireEye Generic.mg.c3fdabfa7e016aa9
CAT-QuickHeal Clean
ALYac Gen:Heur.MSIL.Binder.13
Malwarebytes Trojan.Injector
VIPRE Gen:Heur.MSIL.Binder.13
Sangfor Dropper.Msil.Remcos.V10a
K7AntiVirus Clean
BitDefender Gen:Heur.MSIL.Binder.13
K7GW Trojan ( 005abf931 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.36738.TmW@aOtHlIo
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/ABRisk.FYVA-1597
Symantec Trojan Horse
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.FZA
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Backdoor:MSIL/Remcos.785f5e0c
NANO-Antivirus Clean
ViRobot Clean
Rising Dropper.Generic!8.35E (TFE:dGZlOgwTO/kFakrH0A)
TACHYON Clean
Sophos Mal/MsilDrop-A
F-Secure Trojan.TR/Dropper.Gen2
Baidu Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0DJ323
McAfee-GW-Edition BehavesLike.Win32.Generic.bz
Trapmine malicious.moderate.ml.score
CMC Clean
Emsisoft Gen:Heur.MSIL.Binder.13 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Heur.MSIL.Binder.13
Jiangmin Trojan.MSIL.twon
Webroot Clean
Google Detected
Avira TR/Dropper.Gen2
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Agent.sa
Xcitium TrojWare.MSIL.Agent.GH@60rvah
Arcabit Trojan.MSIL.Binder.13
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Backdoor:MSIL/Remcos!atmn
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5486082
Acronis Clean
VBA32 Clean
MAX malware (ai score=85)
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJ323
Tencent Win32.Trojan.Generic.Zchl
Yandex Clean
Ikarus Gen.MSIL.Krypt
MaxSecure Clean
Fortinet MSIL/Agent_AGen.BJQ!tr
AVG Win32:DropperX-gen [Drp]
Cybereason malicious.fb1a1d
Avast Win32:DropperX-gen [Drp]
No IRMA results available.