Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x001231c4	0x00123200	3.34276295766
.rsrc	0x00126000	0x00000560	0x00000600	3.91713478968
.reloc	0x00128000	0x0000000c	0x00000200	0.101910425663

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x001260a0	0x000002d4	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x00126374	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

5m-a}2

{Wa$e

>~f |$D

qc&a}X

{Wa$e

Nw2a}T

]a CQ/

{Wa$e

rwBa}

v4.0.30319

#Strings

mtx111

mtx111.exe

DecoratorMessageTask

mtx111.Tasks

Object

System

mscorlib

<>c__DisplayClass1_0

<>c__DisplayClass2_0

<Fetfg>d__2

ValueType

<Gopjreg>d__1

<Main>d__0

Resources

Akdoudfs.Properties

<Module>{00d4353e-c813-4b61-b585-a510056b6c63}

f8DBD66FAD3DF7F5

Boolean

m8DBD66FAD3E1EEA

.cctor

InsertSingleton

EnableSingleton

CallInstance

System.Threading.Tasks

AsyncTaskMethodBuilder

System.Runtime.CompilerServices

get_Task

ResetInstance

Task`1

AsyncTaskMethodBuilder`1

Create

PublishInstance

<Main>

TaskAwaiter

GetAwaiter

GetResult

QuerySingleton

IncludeSingleton

FindSingleton

_Visitor

_Model

Func`2

SetSingleton

CompareInstance

get_FullName

String

op_Equality

InvokeSingleton

SortSingleton

reponse

CompareSingleton

RateInstance

FlushSingleton

VisitSingleton

UpdateSingleton

CustomizeSingleton

MapInstance

Action

CallSingleton

RuntimeTypeHandle

GetTypeFromHandle

StartSingleton

Delegate

CreateDelegate

ValidateSingleton

DynamicInvoke

RegisterSingleton

OrderSingleton

<>1__state

<>t__builder

<>7__wrap1

<>7__wrap2

<>u__1

InitSingleton

MoveNext

IAsyncStateMachine

Assembly

System.Reflection

Exception

Directory

System.IO

CreateDirectory

DirectoryInfo

GetTempPath

get_IsCompleted

AwaitUnsafeOnCompleted

GetTypes

IntPtr

Enumerable

System.Linq

System.Core

IEnumerable`1

System.Collections.Generic

FirstOrDefault

SetException

SetResult

SetStateMachine

stateMachine

DeleteSingleton

Exists

SelectSingleton

GetFiles

PostSingleton

GetRandomFileName

ComputeSingleton

Concat

CalcSingleton

CreateText

StreamWriter

PrepareSingleton

TextWriter

Dispose

ReadSingleton

get_Length

InterruptSingleton

ResetSingleton

MoveSingleton

WriteSingleton

RunSingleton

<>8__1

FillSingleton

ManageSingleton

ReflectSingleton

TestSingleton

TaskAwaiter`1

<>u__2

MapSingleton

MemoryStream

Bitmap

System.Drawing

List`1

GetPixel

ToArray

IDisposable

LogoutSingleton

FromStream

Stream

CollectSingleton

get_Width

SetupSingleton

CreateSingleton

DisableSingleton

Application

System.Windows.Forms

CancelSingleton

ConcatSingleton

_Instance

ResourceManager

System.Resources

m_Publisher

CultureInfo

System.Globalization

ConnectSingleton

get_ResourceManager

get_Assembly

get_Culture

set_Culture

get_Ikkhelq

PushSingleton

ResolveSingleton

PrintSingleton

ForgotSingleton

GetObject

Culture

Ikkhelq

m_e8f2ff20c1ed4416a4d11eea3d266de3

m_e9b1e4c1851f40288f843ab74eec6628

m_2e24894241c94b268a54bf5d19f8fc0e

m_22a778838ba44f3cae3f6f57e3aa319a

m_b329ca4075104303a0d7eca3ee5ec4c5

m_7894bcae7ba849979c0285d176030d2a

m_796a84de71b044059ff0ae9f6adc8113

m_3518cf52741c4cd3979b97b3ed1cb380

m_4fb44066ee9d407b9945c9af230cfadf

m_ec4661b1b7d34624a91d04f0ddeefcee

m_24b75bd500ea431e8ff690f000f33a0d

m_b99922708deb4a27bf2683031b458ee5

m_d7109f53a1094222b6c4646117065d3d

m_d6cb29a3fab342828f5d4a2b9727ef71

m_235a15f9661e4763922ea1873ac75959

m_addc1a4fef0a4885b202a641fc559340

m_e7fa0b2c1d7a4c94acf44244d3a91813

m_090684a854ef466ebcd1fe919c4ece5f

m_094a4b027f0b4c208959fc902e218803

m_96c47d429dfa4c2eb03fa4e0149fa3bf

m_162847dc4d6347b79171178fc58654f1

m_585e62e53b3a4eb8af4bbd9078dda9a9

m_93c54d9b97274add9b67e99029b956ae

m_85da60d8fca84da7bf193e1d2512970c

m_0b6bb003c969446bacc03a0f8c511ef3

m_71fccae2e41445a49c9a2bdc5781e03e

m_5d1ed02da83340f5ab397ee373d58a8f

m_7df4c15a206e40bdb33709dfc79f0757

m_2146535427154e2e9aeb4087b68e0978

m_6baa4b1e9bb94ff6b33074d8d342cd24

m_9fe967ce8c4547648f17419069ff2e6f

m_89352b5c68064626821cb9d13bfea2cc

m_396bba025740421dbe9b7edb35893d97

m_a8bcea1c11094ca586b85ed7b3c48387

m_6feed85c282d4524b874dac304acf057

m_988b40134f6e47bcaadd913b1c83c748

m_77fc248eb0e84fc3b967ae2e267f9fbc

m_e4d4fde898874601842eaab6a8b6e195

m_d03a7f2f927c49239d0099622b868287

m_28097498abfb472183343068c0fe53b6

m_c55cea6f33bf498681bb50f6bae54568

m_ef755e396ce34c099f20aadbe69b8d3f

m_3adc614bcc90490aa0ccb96f9f7978a7

m_d051de80e9aa4434acf5953ff4932199

m_533312760f8545f0811441c4126e8f08

m_830ad000d33d49a892ef5cdecb8a2a01

m_3393859100db4e9eb6c9846aeb639f45

m_c05e41d582e64d708b900c04e2329107

m_b39b50c7188e4299aecb296189ae7dca

m_c91fc0c9a10544719618bf3412d8c893

m_d839586ab24545689540d11ca5b936fd

m_b7af295923574542863ebfef14c695da

m_680c7ecea10747508f814eee6910e192

m_4c890197d86647baa9dff6f6aa186880

m_665b0d7cda174b8dafc3a0f6031b6806

m_7bb7e49ccdb64d8e9f1722bc7b353b10

m_a2adf3971ee84d5d959b7df2a8b04be5

m_ed581706d4e94352b876d58f9a3b1825

m_a1b2e548e3d24d7ca1d00596acefa565

m_594874dca1e04c939615fedb6679b2c8

m_57534b3ae23e4101907fa544c4da83c1

m_dbfc427de2634d7ea7620d275ac451d4

m_7aa973a02e4c448284f26c3885556400

m_157c15bdd1dc4b8897f208a0b6f60c7d

m_f30c112175194db7ab08ffbebf3d2b43

m_f65cb487761c4e0294aedc31af011729

m_140c0f684026441f8160e215b7ceff77

m_c4fc9ab18d57431f91c2d38ac16e68a2

m_a99e986ff39a40c68bd693256a3cd52c

m_6f417c937228432a967cc516a60fa0a9

m_dc4e6884593e4f0db7b346e9814a4853

m_85717392855845a99d70282e4f987fac

m_0a4fdf375b334ae093203472f6082ea1

m_54c10ac2a3da46ffa73cab7978685047

m_16a3c27293354398be36265f869ad67e

m_c46e7d825ee642a4987d72e44e330339

m_53693eccf8ef4d649f707e7f4994d084

m_8a3bb7bd0fb542af8adb3b5d4e8bb9d1

m_527121cd585a4f698fda4d8229d229c2

m_b67ab3b2b4f347578d0b1a875ded045f

m_05935016d28443fa99ebcb0eb00c5dd4

m_507785bfd9304a5282bff3aaeae45bef

m_93b010e499a842d28f00f98d4b0f8726

m_bdc6c6af95384c92b55a1868c8fd2f94

m_026a67bd98ad43c5a6ad7b0131b8df64

m_2d4df469f7d84b57b0d3550ce9165ddc

m_b2b09456585e49e69da78d805934f839

m_94efdd98035a4126a859c88fb5fd7d6e

m_2cc21b5435714b20bd5d5de07fc6beec

m_c6f088d98cfe49628dbed2d030081862

m_237147fc35e84c7f870f848a5525338d

m_a67b77f0a7f94839b0037b46f67fc7e8

m_7040268961e949159aa55b42918a4863

m_e4a8d248cec74018a9279f91887244bc

m_0bc7649543e64e019b2f5dc2e2035291

m_f155a35df06f4b098db9097b63e41aa5

m_b2a03276a80d4a2eafe2310773f27bae

m_15b1bda643bc4b73bd46407f7d84952d

m_dcd9394662b644c48c4c9ee71bb989fc

m_881e68fc876e4d638b011786cd89766a

m_68ebffc3c28c421888d15798a9aacd44

m_48033a087a2349328417092256a9b64b

m_2d8f308c93be4d63931dca044e8abf30

m_5c9b5e48ad7d42ce963bc67a8ebf09b3

m_60293e7b9de24c6eafeb1d3b74de7daa

m_ce6fd3a7b2c2453fbd9fd7291d1fce3d

m_a4e6557b16164d9ead325f007c438377

m_50dd13c4fd674b40acaefc4efeb05f1e

m_749182ca82f44671b27a6d38084a2881

m_275cb5c97f654f3791e4703ed0bf9668

m_370dd9c092df477286363bd714a9a26c

m_5b200eba69fb4a9580a9eadbf4be0244

m_87b98a0ef8634d0fb9aa1ecd3b662a8b

m_d3e6de17688a489f994c97b4d9a3162e

m_c6ca5262a53148338373069106288d00

m_92ade8526ff1433d98a648ddf81b46e1

m_f796d7cc17b345dab95e5511fd07b584

LoginSingleton

ued00e6b511ef43738f5dd276562361f2

AddSingleton

PatchSingleton

ChangeSingleton

CompilationRelaxationsAttribute

RuntimeCompatibilityAttribute

DebuggableAttribute

System.Diagnostics

DebuggingModes

AssemblyTitleAttribute

AssemblyDescriptionAttribute

AssemblyConfigurationAttribute

AssemblyCompanyAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

AssemblyTrademarkAttribute

GuidAttribute

System.Runtime.InteropServices

AssemblyFileVersionAttribute

TargetFrameworkAttribute

System.Runtime.Versioning

ComVisibleAttribute

AsyncStateMachineAttribute

GeneratedCodeAttribute

System.CodeDom.Compiler

DebuggerNonUserCodeAttribute

CompilerGeneratedAttribute

EditorBrowsableAttribute

System.ComponentModel

EditorBrowsableState

DebuggerHiddenAttribute

Akdoudfs.Properties.Resources.resources

WrapNonExceptionThrows

$6ec4133c-1481-4a32-a8cb-baac4c44ead1

1.0.0.0

.NETFramework,Version=v4.6

FrameworkDisplayName

.NET Framework 4.6

,mtx111.Tasks.DecoratorMessageTask+<Main>d__0

/mtx111.Tasks.DecoratorMessageTask+<Gopjreg>d__1

-mtx111.Tasks.DecoratorMessageTask+<Fetfg>d__2

3System.Resources.Tools.StronglyTypedResourceBuilder

16.0.0.0

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

_CorExeMain

mscoree.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

Pflmjdhgxld.Ddcbfjatujm

Akdoudfs.Properties.Resources

Ikkhelq

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

CompanyName

FileDescription

FileVersion

1.0.0.0

InternalName

mtx111.exe

LegalCopyright

LegalTrademarks

OriginalFilename

mtx111.exe

ProductName

ProductVersion

1.0.0.0

Assembly Version

1.0.0.0

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Stealer.12!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	BehavesLike.Win32.Generic.tz
ALYac	Clean
Cylance	unsafe
VIPRE	Gen:Heur.MSIL.Androm.1
Sangfor	Downloader.Msil.Androm.Vumn
K7AntiVirus	Clean
Alibaba	Clean
K7GW	Clean
Cybereason	Clean
Arcabit	Trojan.MSIL.Androm.1
Baidu	Clean
VirIT	Clean
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.GPQX
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
BitDefender	Gen:Heur.MSIL.Androm.1
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Gen:Heur.MSIL.Androm.1
Avast	Win32:MalwareX-gen [Trj]
Rising	Ransom.Agent!8.6B7 (CLOUD)
Emsisoft	Gen:Heur.MSIL.Androm.1 (B)
F-Secure	Heuristic.HEUR/AGEN.1323350
DrWeb	Clean
Zillya	Clean
TrendMicro	Ransom.Win32.EIGHTBASE.YXDJ4Z
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.fba616f5dc56b1cd
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Agent
Jiangmin	Clean
Webroot	Clean
Varist	W32/MSIL_Agent.GLC.gen!Eldorado
Avira	HEUR/AGEN.1323350
MAX	malware (ai score=82)
Antiy-AVL	Clean
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Ransom.Win32.Phobos.bot
Xcitium	Clean
Microsoft	Ransom:Win32/Genasom
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
GData	Gen:Heur.MSIL.Androm.1
Google	Detected
AhnLab-V3	Clean
Acronis	Clean
McAfee	Artemis!FBA616F5DC56
TACHYON	Clean
VBA32	Clean
Malwarebytes	Trojan.Crypt.MSIL
Panda	Trj/Chgt.AD
Zoner	Clean
TrendMicro-HouseCall	Ransom.Win32.EIGHTBASE.YXDJ4Z
Tencent	Msil.Trojan-Downloader.Ader.Ychl
Yandex	Clean
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.BMG!tr
BitDefenderTheta	Gen:NN.ZemsilF.36792.in0@aKPQz5j
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports