popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2071-12-09 07:26:13

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006bfe4 0x0006c000 4.06725101062
.rsrc 0x0006e000 0x00000010 0x00000200 0.0
.reloc 0x00070000 0x0000000c 0x00000200 0.101910425663

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
executable.exe
<Module>
cCrypto
CryptorStub
mscorlib
Object
System
DES_Decrypt
AES_Decrypt
cryptBytes
passBytes
RC2_Decrypt
bytesToBeDecrypted
passwordBytes
RC4_Decrypt
RFC_Decrypt
XOR_Decrypt
Program
random
Random
RandomString
length
.cctor
<>9__2_0
Func`2
<RandomString>b__2_0
executable
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
TripleDESCryptoServiceProvider
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
AppSettingsReader
System.Configuration
SymmetricAlgorithm
set_Key
set_Mode
CipherMode
set_Padding
PaddingMode
CreateDecryptor
ICryptoTransform
TransformFinalBlock
Rfc2898DeriveBytes
MemoryStream
System.IO
CryptoStream
Encoding
System.Text
get_UTF8
GetBytes
System.Core
AesManaged
set_KeySize
get_KeySize
DeriveBytes
get_BlockSize
set_IV
Stream
CryptoStreamMode
IDisposable
Dispose
ToArray
RC2CryptoServiceProvider
set_BlockSize
Create
Dictionary`2
System.Collections.Generic
MethodInfo
Environment
GetFolderPath
SpecialFolder
GetTempPath
ExpandEnvironmentVariables
RSACryptoServiceProvider
String
Substring
Convert
FromBase64String
op_Equality
AppDomain
get_CurrentDomain
Assembly
get_EntryPoint
MemberInfo
get_Name
CreateInstance
MethodBase
GetParameters
ParameterInfo
Invoke
Console
WriteLine
Contains
Directory
GetDirectories
Concat
get_Item
WriteAllBytes
Process
Enumerable
System.Linq
Repeat
IEnumerable`1
Select
get_Length
get_Chars
WrapNonExceptionThrows
$00000000-0000-0000-0000-000000000000
1.0.0.0
.NETFramework,Version=v4.8.1
FrameworkDisplayName
.NET Framework 4.8.1
_CorExeMain
mscoree.dll
.S|.K|.C|.[|.s
@.#|.;|.3|.+|
saltbyte
D495560961CCCFE0
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
%APPDATA%
%TEMP%
%PROGRAMDATA%
%ProgramData%
aes:YMTpagjuGz9bJ05OfHBp7bQmWb+44pdiYF5Ai40fQswPg46bSKbMLJHtvV+ncFN1tBm4Odo5sS8f681qdvQNg4eRBA4lYybTthxHW/4t9vIZPokzMx2R1Yww/M9PFzoFclms2d90DsOVLJvKbnEpoWad0/EpVLnBKNSwQRmT4Eo0map8MpWaWsqXupYkqqgAlRFyN1QFHCha7mEbQnJxuItFg6KtYj3ijmJoxM1wkDxbFsEbugq5XxnernzN6joGDPoA5l+h+PG1LVaM0j+BAd5XIkjWYSLI5wU+OlleLhPV49KUy6cKbPpnWIPhgBZrqbcWhJ1i0fhjFaPkke6CfyeK0WozT/lpqx3OlRpxVQ0bIn3DNXHdsQlys45uM1tCZ/UdCv6S/2yoopAVwDuRlbFdWeoOh/XcKhMbb6T8JxdbpIWntIJ2sRq4bILRpUl7l5fmRRdY8zYP1Yja19EGvqsYn3p/b4lYRCGX3jH2B4+i6Cts+f6X5lP2qncnLHzFJvcksnlgW00rKJ8NGkJ22WUVnDvj0f2MDh90GnbEhBOvzsAwXM4cv6qxWno+D4ksrzgriHT0IDK2pUFgKZb6GMd1A87mzE15Ih7Ronqn7Aryd+wsLNVauKX4LJ3z82D0Qf5rqTWAkuXEnVi0O4qeqeNXeNVrFATQrZLXV9z6MY7D06s9N2bpGCgzSvMcKSX0qZLTfUfcP3UqnAdQJLaADlOWrjebrgO/5BSYGvAX7FX40Cq68OYrm0GnhJJ6P56szQ+7XQMLOgspSWAocXMf063HD6keLqSio9B5wfyzwM6wl/vgwvaXGWz2Z1GOg1uw9ur83jk0EKpKK9DHa4rTDH8kaMUundi5MVynvdOzkrlVsZd11fUBQtQ3cJngbgG4lgUBUwT7hnqIvngJqufulHsvlGmpPKbF2KRIDEJAZj/ORjeuVpO7xMWT9n9BBhX7ST+XIpzncoDz6Fr2pRy+k8nMJMb8sPFF4zdhRG5zJVp0YD9D1+iPDUre4+/+
Memory
running from memory...
%RANDOM%
Dropped to disk...
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
DrWeb Trojan.PWS.Stealer.32841
MicroWorld-eScan Gen:Heur.MSIL.Androm.9
FireEye Generic.mg.416c97ae7efb1385
CAT-QuickHeal Trojan.GenericFC.S20327135
Skyhigh Artemis!Trojan
ALYac Gen:Heur.MSIL.Androm.9
Malwarebytes Clean
VIPRE Gen:Heur.MSIL.Androm.9
K7AntiVirus Clean
BitDefender Gen:Heur.MSIL.Androm.9
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.36738.@pZ@a06zB2d
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.WHY
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:Vzyn/wzXHiOHCO5QQNH5QQ)
Emsisoft Gen:Heur.MSIL.Androm.9 (B)
F-Secure Trojan.TR/Dropper.Gen
Baidu Clean
Zillya Clean
Trapmine malicious.high.ml.score
CMC Clean
Sophos Mal/Kryptik-BA
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Varist Clean
Avira TR/Dropper.Gen
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.MSIL.Androm.9
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Heur.MSIL.Androm.9
Google Detected
AhnLab-V3 Malware/Win.Generic.C5511354
Acronis Clean
VBA32 Clean
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Generic.Simw
Yandex Clean
Ikarus Trojan.MSIL.Krypt
MaxSecure Clean
Fortinet MSIL/Kryptik.HSF!tr
AVG Win32:KeyloggerX-gen [Trj]
Cybereason malicious.076b33
Avast Win32:KeyloggerX-gen [Trj]
No IRMA results available.