popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-06-20 10:45:21

PE Imphash

9aebf3da4677af9275c461261e5abde3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00013000 0x00000000 0.0
UPX1 0x00014000 0x0000b000 0x0000ac00 7.92491212048
.rsrc 0x0001f000 0x00001000 0x00000600 3.08970091649

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0001f05c 0x000003fc LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.DLL:
0x41f494 LoadLibraryA
0x41f498 ExitProcess
0x41f49c GetProcAddress
0x41f4a0 VirtualProtect
Library MSVCRT.dll:
0x41f4a8 exit
!This program cannot be run in DOS mode.
(4p..[~
(">sju
66)_Vf
.N8'[0
vPrv4Ns0*
h'}t; [
4Y%9lGa
AnCNV`
\@g /:
*.fso6$
%u,`.{.
!OwP@]<
^LhQ5_
EH5BT H
z%?l69n
Ty{=*g=
(=hN]1
."D:sy
* xzQ+
(bQl?U
~]3Us?(
TY1s!6g
fK<fSzE
h8,0(!
>%2%*},y
$D.v/&'
}C|:Rs
&W>l2w
e`(oUR
FmB)e=Q0
fD.mK*z8
97IR5{
aiC- 7C
%_jGhTCG
lmX>P,&e{T
Iqsotgw
#ZvVnRb
9rNZJNFFB
WD-r)[j
ngko-7
, =(?>
6222nfb^
ddld&*
i@HV^h
mVScre
535(,52
9:$9.1jM|H-
+6cdZa
-+$;(*
#>>%95>&}%
znbZ4M
zrfZRJi
AG7%62.X
+!+*5-"
"aGw+a
1.*1/,"
H5C 3
1,:/'+
=*bofJDr
B/+A+k!
/6aE!]
= =W=M=F=
=z=c=@=
=<=8=4=0=,=
=|=r?U?
<3?s?[?
<l<k<f<\<U<
?|?v?h?c?^?W?M?B?
x=p=j=
-s=]=H=
<:<v<e<
??i?V?
Shellex
/.4i7i.com
clr_optimizaon_v3.0.
30317_325.NET Run3
e O: Servic
X86;Microsoft
Fra9work NGEN.
Default
He_apA
GetProcAddress
LoadLibraryA
*ModuleHand
tupInfoAVe
_acm)n
_g*main
,gd_XcptFilter
t_fdivp
uceX_o7
XPTPSW
KERNEL32.DLL
MSVCRT.dll
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Microsoft Corporation
FileDescription
.NET Runtime Optimization Service
FileVersion
3.0.50727.3053
InternalName
mscorsvw
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
mscorsvw.exe
PrivateBuild
20150830.01
ProductName
Microsoft .NET Framework
ProductVersion
3.0.50727.3053
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Farfli.4!c
tehtris Clean
MicroWorld-eScan Gen:Heur.Mint.Zard.30
CMC Clean
CAT-QuickHeal Trojan.Aksula.A
Skyhigh BehavesLike.Win32.Generic.pc
McAfee Artemis!3D3AEDFAEAF3
Cylance Unsafe
Zillya Trojan.Farfli.Win32.91278
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0040f7ad1 )
Alibaba Backdoor:Win32/Zegost.24e518cf
K7GW Trojan ( 0040f7ad1 )
Cybereason malicious.aeaf39
Baidu Win32.Trojan.Farfli.bg
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/Farfli.JU
APEX Malicious
Avast Win32:Evo-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win32.Generic
BitDefender Gen:Heur.Mint.Zard.30
NANO-Antivirus Clean
ViRobot Clean
Tencent Malware.Win32.Gencirc.140fa9b8
Sophos Mal/Behav-160
F-Secure Trojan.TR/Crypt.FKM.Gen
DrWeb Trojan.Siggen28.63414
VIPRE Gen:Heur.Mint.Zard.30
TrendMicro TROJ_GEN.R002C0DFL24
McAfeeD Real Protect-LS!3D3AEDFAEAF3
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.3d3aedfaeaf39544
Emsisoft Gen:Heur.Mint.Zard.30 (B)
Paloalto generic.ml
GData Gen:Heur.Mint.Zard.30
Jiangmin Trojan.Generic.hoagb
Webroot Clean
Varist W32/KillAV.AU.gen!Eldorado
Avira TR/Crypt.FKM.Gen
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Farfli
Kingsoft malware.kb.b.888
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Backdoor.Win32.Zegost.c@4m3x9i
Arcabit Trojan.Mint.Zard.30
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Backdoor:Win32/Zegost!pz
Google Detected
AhnLab-V3 Backdoor/Win.NG.R582744
Acronis Clean
BitDefenderTheta AI:Packer.BC223D901F
TACHYON Clean
VBA32 BScope.TrojanDDoS.Macri
Malwarebytes Trojan.Farfli.UPX
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DFL24
Rising Backdoor.Farfli!1.B6C5 (CLOUD)
Yandex Trojan.GenAsa!RYgRsdEvgeU
Ikarus Backdoor.Win32.Zegost
MaxSecure Clean
Fortinet W32/Farfli.PZA!tr
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Backdoor:Win/Parite.C
No IRMA results available.