popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2054-09-09 03:53:31

PDB Path

C:\Users\UNKNOWN\Desktop\illegalprojeninslnsi\VisualStudio\obj\Debug\VisualStudio.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000a50 0x00000c00 4.69277527955
.rsrc 0x00004000 0x00009bae 0x00009c00 2.42155845779
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004138 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0000d5e0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000d5f4 0x000003d0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000d9c4 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
System.IO
mscorlib
NewGuid
IDisposable
DownloadFile
set_FileName
Combine
Dispose
GuidAttribute
DebuggableAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
VisualStudio.exe
System.Runtime.Versioning
ToString
GetTempPath
Program
System
System.Reflection
Exception
get_StartInfo
ProcessStartInfo
VisualStudio
FileDownloader
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
Process
Exists
Concat
Object
System.Net
WebClient
GetCurrentDirectory
WrapNonExceptionThrows
'Microsoft Visual Studio Solution (.sln)
$831b1f27-7bf5-4b91-b4bf-9d3bd1db343c
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
C:\Users\UNKNOWN\Desktop\illegalprojeninslnsi\VisualStudio\obj\Debug\VisualStudio.pdb
_CorExeMain
mscoree.dll
z!hez!h
z!hMz!h
z!hEz!h
z!hz!h
z!h#z!h
z!h?z!h
z!h#z!h
z!htz!h
z!h)z!h
z!h1z!h
z!h6z!h
z!h;z!h
BBB[BBB
z!h:z!h
BBBdBBB
z!h?z!h
BBBbBBB
z!hPz!h
z!hDz!h
BBBbBBB
z!hDz!h
z!hNz!h
BBBbBBB
z!h9z!h
z!hwz!h
BBBfBBB
z!h1z!h
BBB!BBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBeBBB
z!h-z!h
z!h%z!h
z!h&z!h
z!h:z!h
z!h8z!h
z!hMz!h
z!hcz!h
z!hzz!h
z!h,z!hnz!h
z!htz!h
z!hvz!h
z!hyz!h
z!h{z!h
z!h^z!h
z!hlz!h
z!h6z!h
z!h}z!h
z!h?z!h=
BBBPBBB
BBBiBBB
z!hWz!h
z!hNz!h
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Stealer.csproj
https://img.guildedcdn.com/ContentMediaGenericFiles/5a5b47e8be61b21d221325e7d52ceaa0-Full.zip
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Microsoft Visual Studio Solution (.sln)
FileVersion
1.0.0.0
InternalName
VisualStudio.exe
LegalCopyright
Microsoft Visual Studio Solution (.sln)
LegalTrademarks
OriginalFilename
VisualStudio.exe
ProductName
Microsoft Visual Studio Solution (.sln)
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Convagent.m!c
tehtris Clean
DrWeb Clean
MicroWorld-eScan IL:Trojan.MSILZilla.39856
FireEye IL:Trojan.MSILZilla.39856
CAT-QuickHeal Clean
Skyhigh RDN/genericac
ALYac IL:Trojan.MSILZilla.39856
Malwarebytes Trojan.Downloader.MSIL.Generic
VIPRE IL:Trojan.MSILZilla.39856
Sangfor Downloader.Msil.Zilla.Vakc
K7AntiVirus Trojan-Downloader ( 005aed771 )
BitDefender IL:Trojan.MSILZilla.39856
K7GW Trojan-Downloader ( 005aed771 )
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.36608.cm0@aeuhZco
VirIT Trojan.Win32.Genus.UHR
Symantec ML.Attribute.HighConfidence
Elastic Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.PXX
APEX Clean
Paloalto Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Backdoor.MSIL.Convagent.gen
Alibaba Backdoor:MSIL/Zilla.0dc5993e
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.44032.SC
Rising Downloader.Tiny!8.245 (CLOUD)
TACHYON Clean
Sophos Generic Reputation PUA (PUA)
F-Secure Trojan.TR/Dldr.Agent.qougu
Baidu Clean
Zillya Backdoor.Crysan.Win32.7093
TrendMicro TROJ_GEN.R014C0DL123
Trapmine Clean
CMC Clean
Emsisoft IL:Trojan.MSILZilla.39856 (B)
SentinelOne Clean
Jiangmin Clean
Webroot W32.Dropper.Gen
Avira TR/Dldr.Agent.qougu
Antiy-AVL Clean
Kingsoft malware.kb.c.818
Microsoft Trojan:MSIL/Zilla.AMBE!MTB
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Malware@#sfxdraljcuh4
Arcabit IL:Trojan.MSILZilla.D9BB0
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Convagent.gen
GData IL:Trojan.MSILZilla.39856
Varist W32/ABRisk.JAMO-7918
AhnLab-V3 Dropper/Win.DropperX-gen.C5542487
Acronis Clean
McAfee RDN/genericac
MAX malware (ai score=81)
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R014C0DL123
Tencent Malware.Win32.Gencirc.13f863ed
Yandex Clean
Ikarus Trojan.Win32.Agent
MaxSecure Clean
Fortinet MSIL/Agent.PXX!tr.dldr
AVG Win32:DropperX-gen [Drp]
Avast Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.