popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2055-10-21 21:15:15

PDB Path

C:\Users\UNKNOWN\Desktop\illegalprojeninslnsi\VisualStudio\obj\Debug\VisualStudio.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000cac 0x00000e00 5.03589728636
.rsrc 0x00004000 0x00009bac 0x00009c00 2.42069408172
.reloc 0x0000e000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00004100 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0000d5b8 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000d5dc 0x000003d0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000d9bc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
System.IO
DownloadData
mscorlib
Replace
IDisposable
set_FileName
GetRandomFileName
Combine
Dispose
GuidAttribute
DebuggableAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
VisualStudio.exe
System.Runtime.Versioning
DownloadString
Substring
GetTempPath
Program
OperatingSystem
get_OSVersion
get_Version
System.Reflection
ProcessStartInfo
VisualStudio
get_Major
get_Minor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
WriteAllBytes
Process
set_Arguments
Concat
Object
System.Net
WebClient
CSharpEquivalent
Environment
set_CreateNoWindow
WrapNonExceptionThrows
'Microsoft Visual Studio Solution (.sln)
$831b1f27-7bf5-4b91-b4bf-9d3bd1db343c
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
C:\Users\UNKNOWN\Desktop\illegalprojeninslnsi\VisualStudio\obj\Debug\VisualStudio.pdb
_CorExeMain
mscoree.dll
z!hez!h
z!hMz!h
z!hEz!h
z!hz!h
z!h#z!h
z!h?z!h
z!h#z!h
z!htz!h
z!h)z!h
z!h1z!h
z!h6z!h
z!h;z!h
BBB[BBB
z!h:z!h
BBBdBBB
z!h?z!h
BBBbBBB
z!hPz!h
z!hDz!h
BBBbBBB
z!hDz!h
z!hNz!h
BBBbBBB
z!h9z!h
z!hwz!h
BBBfBBB
z!h1z!h
BBB!BBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBVBBBeBBB
z!h-z!h
z!h%z!h
z!h&z!h
z!h:z!h
z!h8z!h
z!hMz!h
z!hcz!h
z!hzz!h
z!h,z!hnz!h
z!htz!h
z!hvz!h
z!hyz!h
z!h{z!h
z!h^z!h
z!hlz!h
z!h6z!h
z!h}z!h
z!h?z!h=
BBBPBBB
BBBiBBB
z!hWz!h
z!hNz!h
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
230316184328Z
240314184328Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
I0G1-0+
$Microsoft Ireland Operations Limited1
230012+5005170
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
c8LCaIJo
;sCkCe
;s,Ps
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://www.microsoft.com0
AIT*Sk:g
20231003044323.089Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:A000-05E0-D9471%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
230525191214Z
240201191214Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:A000-05E0-D9471%0#
Microsoft Time-Stamp Service0
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
as.,k{n?,
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:A000-05E0-D9471%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20231002173551Z
20231003173551Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
MA%nz\
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
https://rentry.co/n9dqr/raw
https://rentry.co/MuckLw/raw
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Microsoft Visual Studio Solution (.sln)
FileVersion
1.0.0.0
InternalName
VisualStudio.exe
LegalCopyright
Microsoft Visual Studio Solution (.sln)
LegalTrademarks
OriginalFilename
VisualStudio.exe
ProductName
Microsoft Visual Studio Solution (.sln)
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Legal_policy_statement
8Microsoft Visual Studio 202
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Zilla.a!c
Elastic Clean
MicroWorld-eScan Gen:Variant.Tedy.493207
CMC Clean
CAT-QuickHeal Trojan.Zilla
Skyhigh RDN/Generic.dx
McAfee RDN/Generic.dx
Cylance unsafe
VIPRE Gen:Variant.Tedy.493207
Sangfor Downloader.Msil.Agent.V06i
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Tedy.493207
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
Baidu Clean
VirIT Trojan.Win32.Genus.UUX
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 MSIL/TrojanDownloader.Agent.QDC
Cynet Malicious (score: 99)
APEX Malicious
Paloalto Clean
ClamAV Win.Downloader.Msilzilla-10016022-0
Kaspersky HEUR:Trojan-Downloader.MSIL.Agentb.gen
Alibaba Trojan:MSIL/Zilla.c5f58990
NANO-Antivirus Clean
ViRobot Clean
Rising Downloader.Agent!8.B23 (TFE:C:stcYkaeWqtV)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Redcap.cjrpf
DrWeb Clean
Zillya Clean
TrendMicro Clean
Emsisoft Gen:Variant.Tedy.493207 (B)
Ikarus Trojan.MSIL.Zilla
GData Gen:Variant.Tedy.493207
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist W32/ABRisk.QYLI-7153
Avira TR/Redcap.cjrpf
MAX malware (ai score=84)
Antiy-AVL Trojan/MSIL.Zilla
Kingsoft Clean
Gridinsoft Malware.Win32.Downloader.cc
Xcitium Clean
Arcabit Trojan.Tedy.D78697
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Agentb.gen
Microsoft Trojan:MSIL/Zilla!pz
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5570390
Acronis Clean
BitDefenderTheta Clean
TACHYON Clean
DeepInstinct MALICIOUS
Malwarebytes Trojan.Downloader.MSIL
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CC0DA524
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet PossibleThreat
AVG Win32:Malware-gen
Cybereason Clean
Avast Win32:Malware-gen
No IRMA results available.