popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2090-10-08 15:20:15

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000095b4 0x00009600 5.71218706805
.rsrc 0x0000c000 0x000005d0 0x00000600 4.40430739453
.reloc 0x0000e000 0x0000000c 0x00000200 0.0776331623432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000c0a0 0x00000344 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000c3e4 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
moom825
v4.0.30319
#Strings
<ReceiveAsync>d__10
<Main>d__10
<Disconnect>d__10
<SendCurrentWindow>d__10
<>c__DisplayClass13_0
<>c__DisplayClass15_0
<>9__6_0
<Concat>b__6_0
<AddToStartupNonAdmin>b__0
<RemoveStartup>b__0
<ConnectSubSockAsync>d__11
COMPRESSION_FORMAT_LZNT1
<>u__1
Func`1
IEnumerable`1
Task`1
Action`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
ArraySegment`1
List`1
<>7__wrap1
<ConnectAndSetupAsync>d__12
__StaticArrayInitTypeSize=32
Microsoft.Win32
<data>5__2
<tempXmlFile>5__2
<getdll>5__2
<conn>5__2
<comp>5__2
<socket>5__2
<HearbeatReply>5__2
<DllNodeHandler>d__2
<>u__2
Func`2
Dictionary`2
<>7__wrap2
<ReceiveAsync>d__13
<RemoveStartup>d__13
<sub>5__3
<total>5__3
<HearbeatFail>5__3
<hasdll>5__3
<process>5__3
<CreateSubSock>d__3
<>u__3
<SendAsync>d__14
<Uninstall>d__14
1D1CC35EA61331C5A85D2A960611153E37A62DCD916269D6E3B5A0DAC2EF3824
<fail>5__4
<socket>5__4
<dataLeft>5__4
<RecvAllAsync_ddos_unsafer>d__4
Func`4
<>7__wrap4
<AddToStartupNonAdmin>d__15
<e>5__5
<startTimestamp>5__5
<GetAndSendInfo>d__5
<RecvAllAsync_ddos_safer>d__5
<>7__wrap5
<AddToStartupAdmin>d__16
<lastSendTime>5__6
<Type0Receive>d__6
__StaticArrayInitTypeSize=7
<dllname>5__7
<Type1Receive>d__7
<AuthenticateAsync>d__18
get_UTF8
<setSetId>d__8
<SendAsync>d__9
<Type2Receive>d__9
<Module>
<Main>
<PrivateImplementationDetails>
630DCD2966C4336691125448BBB25B4FF412A49C732DB2C8ABC1B8581BD710DD
get_ASCII
COMPRESSION_ENGINE_MAXIMUM
System.IO
get_IV
set_IV
mscorlib
System.Collections.Generic
SendAsync
AuthenticateAsync
ReceiveAsync
ConnectSubSockAsync
FromAsync
ConnectAndSetupAsync
ConnectAsync
LocalAlloc
GetWindowThreadProcessId
setSetId
GetProcessById
Compressed
get_Connected
AwaitUnsafeOnCompleted
get_IsCompleted
ReadToEnd
Append
GetMethod
Replace
CreateInstance
CryptoStreamMode
AddSubNode
subNode
MainNode
LocalFree
get_Message
Invoke
get_Available
Enumerable
IDisposable
RuntimeFieldHandle
CloseHandle
Console
set_WindowStyle
ProcessWindowStyle
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_UserName
get_ProcessName
startup_name
DateTime
WriteLine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
SockType
ProtocolType
GetType
SocketType
ByteArrayCompare
System.Core
MethodBase
Dispose
BTruncate
Create
<>1__state
Delete
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
DeleteValue
GetValue
SetValue
GetPropertyValue
RegistryHive
Type0Receive
Type1Receive
Type2Receive
xeno rat client.exe
FinalUncompressedSize
RtlGetCompressionWorkSpaceSize
OriginalFileSize
get_TotalSize
pDestinationSize
pNeededBufferSize
CompressedBufferSize
UncompressedBufferSize
original_size
Resize
IndexOf
System.Threading
Encoding
System.Runtime.Versioning
ToString
GetString
mutex_string
Substring
ComputeHash
strToHash
GetHash
executablePath
Install_path
classpath
SourceBufferLength
DestinationBufferLength
GetWindowTextLength
AsyncCallback
CreateSubSock
FlushFinalBlock
get_Task
System.ComponentModel
Uninstall
kernel32.dll
shell32.dll
user32.dll
ntdll.dll
msvcrt.dll
CryptoStream
MemoryStream
Program
get_Item
set_Item
OperatingSystem
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
Boolean
IsLittleEndian
TimeSpan
IsUserAnAdmin
AddToStartupNonAdmin
AddToStartupAdmin
IsAdmin
get_OSVersion
GetWindowsVersion
Compression
get_Location
Action
op_Subtraction
System.Reflection
ManagementObjectCollection
ArgumentNullException
SetException
Encryption
Unknown
GetAndSendInfo
MethodInfo
DriveInfo
get_StartInfo
ProcessStartInfo
DirectoryInfo
ServerIp
memcmp
RemoveStartup
DoStartup
System.Linq
ParseHeader
StreamReader
TextReader
header
MD5CryptoServiceProvider
AsyncVoidMethodBuilder
AsyncTaskMethodBuilder
StringBuilder
<>t__builder
RecvAllAsync_ddos_safer
RecvAllAsync_ddos_unsafer
CompressedBuffer
UncompressedBuffer
WorkspaceBuffer
SourceBuffer
DestinationBuffer
RtlCompressBuffer
RtlDecompressBuffer
buffer
ManagementObjectSearcher
DllNodeHandler
DllHandler
SocketHandler
_dllhandler
ToUpper
TaskAwaiter
GetAwaiter
BitConverter
subServer
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
get_TotalMilliseconds
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
subNodes
Assemblies
ExpandEnvironmentVariables
GetValueNames
IntToBytes
GetBytes
sizetdwBytes
BindingFlags
SocketFlags
uFlags
<>4__this
System.Threading.Tasks
Contains
SocketTaskExtensions
StringSplitOptions
RuntimeHelpers
GetCurrentProcess
Compress
Decompress
System.Net.Sockets
set_Arguments
Exists
GetAntivirus
Concat
CompressionFormat
ManagementBaseObject
hObject
ManagementObject
EndDisconnect
_OnDisconnect
BeginDisconnect
System.Net
Socket
socket
T_offset
WaitForExit
IAsyncResult
GetResult
SetResult
BytesToInt
xeno rat client
xeno_rat_client
System.Management
Environment
Component
Parent
get_Current
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
Decrypt
Encrypt
ServerPort
ToList
set_ReceiveTimeout
SetRecvTimeout
ResetRecvTimeout
socktimeout
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
WriteAllText
GetWindowText
RegistryView
get_Now
GetForegroundWindow
GetCaptionOfActiveWindow
set_CreateNoWindow
SendCurrentWindow
set_NoDelay
InitializeArray
ToArray
get_Key
set_Key
OpenSubKey
OpenBaseKey
_EncryptionKey
ContainsKey
RegistryKey
System.Security.Cryptography
GetEntryAssembly
AddressFamily
SelectMany
BlockCopy
get_Factory
TaskFactory
CreateDirectory
get_SystemDirectory
GetCurrentDirectory
op_Equality
op_Inequality
WrapNonExceptionThrows
xeno rat client
Copyright
2023
$310fc5be-6f5e-479c-a246-6093a39296c0
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
/xeno_rat_client.DllHandler+<DllNodeHandler>d__2
+xeno_rat_client.Handler+<CreateSubSock>d__3
,xeno_rat_client.Handler+<GetAndSendInfo>d__5
*xeno_rat_client.Handler+<Type0Receive>d__6
*xeno_rat_client.Handler+<Type1Receive>d__7
&xeno_rat_client.Handler+<setSetId>d__8
*xeno_rat_client.Handler+<Type2Receive>d__9
0xeno_rat_client.Handler+<SendCurrentWindow>d__10
&xeno_rat_client.Node+<Disconnect>d__10
/xeno_rat_client.Node+<ConnectSubSockAsync>d__11
(xeno_rat_client.Node+<ReceiveAsync>d__13
%xeno_rat_client.Node+<SendAsync>d__14
-xeno_rat_client.Node+<AuthenticateAsync>d__18
=xeno_rat_client.SocketHandler+<RecvAllAsync_ddos_unsafer>d__4
;xeno_rat_client.SocketHandler+<RecvAllAsync_ddos_safer>d__5
-xeno_rat_client.SocketHandler+<SendAsync>d__9
1xeno_rat_client.SocketHandler+<ReceiveAsync>d__10
#xeno_rat_client.Program+<Main>d__10
1xeno_rat_client.Utils+<ConnectAndSetupAsync>d__12
*xeno_rat_client.Utils+<RemoveStartup>d__13
&xeno_rat_client.Utils+<Uninstall>d__14
1xeno_rat_client.Utils+<AddToStartupNonAdmin>d__15
.xeno_rat_client.Utils+<AddToStartupAdmin>d__16
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Plugin.Main
error with subnode, subnode type=
data can not be null!
127.0.0.1
Xeno_rat_nd8912d
nothingset
-admin
%\XenoManager\
XenoUpdateManager
\root\SecurityCenter2
SELECT * FROM AntivirusProduct
displayName
SELECT * FROM Win32_OperatingSystem
Caption
OSArchitecture
UNKNOWN
schtasks.exe
/query /v /fo csv
TaskName
Task To Run
/delete /tn "
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<Task xmlns='http://schemas.microsoft.com/windows/2004/02/mit/task'>
<Triggers>
<LogonTrigger>
<Enabled>true</Enabled>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id='Author'>
<LogonType>InteractiveToken</LogonType>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
</Settings>
<Actions>
<Exec>
<Command>
</Command>
</Exec>
</Actions>
</Task>
/Create /TN "
" /XML "
SUCCESS
/C choice /C Y /N /D Y /T 3 & Del "
cmd.exe
XenoUpdateManager
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Client
FileVersion
3.2.1.0
InternalName
xeno rat client.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
Xeno_manager.exe
ProductName
Xeno-manager
ProductVersion
1.2.3.0
Assembly Version
1.2.3.0
No antivirus signatures available.
No IRMA results available.