popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2071-12-09 07:26:13

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0006bfe4 0x0006c000 4.06732600751
.rsrc 0x0006e000 0x000026a0 0x00002800 2.13940842201
.reloc 0x00072000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0006e0e4 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x0007068c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
executable.exe
<Module>
cCrypto
CryptorStub
mscorlib
Object
System
DES_Decrypt
AES_Decrypt
cryptBytes
passBytes
RC2_Decrypt
bytesToBeDecrypted
passwordBytes
RC4_Decrypt
RFC_Decrypt
XOR_Decrypt
Program
random
Random
RandomString
length
.cctor
<>9__2_0
Func`2
<RandomString>b__2_0
executable
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
TripleDESCryptoServiceProvider
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
AppSettingsReader
System.Configuration
SymmetricAlgorithm
set_Key
set_Mode
CipherMode
set_Padding
PaddingMode
CreateDecryptor
ICryptoTransform
TransformFinalBlock
Rfc2898DeriveBytes
MemoryStream
System.IO
CryptoStream
Encoding
System.Text
get_UTF8
GetBytes
System.Core
AesManaged
set_KeySize
get_KeySize
DeriveBytes
get_BlockSize
set_IV
Stream
CryptoStreamMode
IDisposable
Dispose
ToArray
RC2CryptoServiceProvider
set_BlockSize
Create
Dictionary`2
System.Collections.Generic
MethodInfo
Environment
GetFolderPath
SpecialFolder
GetTempPath
ExpandEnvironmentVariables
RSACryptoServiceProvider
String
Substring
Convert
FromBase64String
op_Equality
AppDomain
get_CurrentDomain
Assembly
get_EntryPoint
MemberInfo
get_Name
CreateInstance
MethodBase
GetParameters
ParameterInfo
Invoke
Console
WriteLine
Contains
Directory
GetDirectories
Concat
get_Item
WriteAllBytes
Process
Enumerable
System.Linq
Repeat
IEnumerable`1
Select
get_Length
get_Chars
WrapNonExceptionThrows
$00000000-0000-0000-0000-000000000000
1.0.0.0
.NETFramework,Version=v4.8.1
FrameworkDisplayName
.NET Framework 4.8.1
_CorExeMain
mscoree.dll
.S|.K|.C|.[|.s
@.#|.;|.3|.+|
saltbyte
D495560961CCCFE0
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
%APPDATA%
%TEMP%
%PROGRAMDATA%
%ProgramData%
rfc:7RPxZKbN6lQZxSVuZfZb6TicP4SDG3rn2ha5MR4PvZpicskRDthu0KswnmvlW9fWXztcvzMB4YSooNedVOi2tQz9BgrZ3/CGNovMStjAwsJNQ8maABdx7Xbrg8C3vyCY8ULHWrP40iryE0C3GhlFaA4mrJSs2QJ56txZpv4ESKC4wIGTSFxOMbY959Qch5bDkdPZf4y20NrEwQWav9Ez6U8Q1NtagJWXDjWZ1Bj5i3THeEnkyNs6YqaC0QjTzjLUoJl+ZCCzsD1VSc/5d9VLNoutaZwfQivR+Jbj9RLHwrOiSY1NGU/SSqFSNOuOlyXmanQ69MF6GvCiz+RKatCpT03FAtYFF+YNM+erCYsdmUewPFLvs3ttVqrfqeeOGZzrQninXC9YAjkvwEuPZ41a57996ZX+23UuFVQ8jLTYHOmbAEMf+Iua1Ux0hAi+Auun9hKTqrCo9DuExG3yLlaTvLwUOIC1OFLPZ5CsKiZsDTgIUZNbtmg+590QHnsdWpX5LHQLHGSjeioKfcGHcFXOttsNX7EBiWz4ejZF55pXmDiRuhHDA6kB2oG/PI2El+E/a9LiK00poWjk45KNBal9OGjZqrGATvU1A5TIilSOGH+17RZYjNWw3j+rpYcT00uhm1vNHjwaxe5bDHsbmARKRtboufoJb6VG6WZJHOruAPUnrigClJQJ1UQ+mii+WcLCluls2m8Buf1CVRQ9Gf7MVQ8NGY6TfRSFQnVWBMPJCszaS+ZVbd9MG9GXI4QGn2P4XvxFajUfN5Vyhe3FthEW/maPsw/TqHvXg8rUlzUSQZ2gA5a7PpYh2+/oWJYe3VpYjshhxBUd1LecuxxD1d4Lnr8vJsr6XX5vqN1ocVhILoX2Bo3ylgVbxvj85Empb23StC9MVDWLMifmDSjmvD8OT2O1AbAIJCokj4XvufSYCm5FOtNgYElGt3wuGY1k2jxrjPqKPeF162rb9eF5ef+CybxEm2J6J3LNmXB6W6tGSvV1pJqbu2JPVGO4ONME
Memory
running from memory...
%RANDOM%
Dropped to disk...
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
20C18707D0FE35EBA55525A0B89CC991
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.MSIL.Androm.9
CMC Clean
CAT-QuickHeal Trojan.GenericFC.S20327135
Skyhigh Artemis!Trojan
McAfee Artemis!942DBACE85AB
Malwarebytes Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Heur.MSIL.Androm.9
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Injector.WHY
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:WuGpi34TAURgb8Oc8Hg0eQ)
TACHYON Clean
Sophos Mal/Kryptik-BA
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.PWS.Stealer.32841
Zillya Clean
TrendMicro Clean
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.942dbace85ab0d41
Emsisoft Gen:Heur.MSIL.Androm.9 (B)
Ikarus Trojan.MSIL.Krypt
GData Gen:Heur.MSIL.Androm.9
Jiangmin Clean
Webroot Clean
Google Detected
Avira TR/Dropper.Gen
Varist Clean
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.MSIL.Androm.9
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:MSIL/ReverseRat.CCBH!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.C5511554
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.36738.6nZ@auJvzEb
ALYac Gen:Heur.MSIL.Androm.9
MAX malware (ai score=81)
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Generic.Mcnw
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Kryptik.HSF!tr
Cybereason malicious.2789be
Panda Trj/GdSda.A
No IRMA results available.