popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-02 23:23:42

PE Imphash

d386d846ec8bc17cdf65ba35a0ab134d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00013000 0x00000000 0.0
UPX1 0x00014000 0x0000b000 0x0000ac00 7.92474924763
.rsrc 0x0001f000 0x00001000 0x00000600 3.19607920193

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0001f05c 0x000003fc LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.DLL:
0x41f4a8 LoadLibraryA
0x41f4ac ExitProcess
0x41f4b0 GetProcAddress
0x41f4b4 VirtualProtect
Library MSVCRT.dll:
0x41f4bc exit
Library SHELL32.dll:
0x41f4c4 None
!This program cannot be run in DOS mode.
e+]2m!
66ZEZrZ
^.n r[9
vPrv4Ns0
(lSc'M
8e1;Hs
bv:^7b
:(1&9^
GKa6N7
@vuBz
q-F0%F(
`seC`#
M\/qv`B
XIfiVb
y{=*g:
xX|PX)
U 9vPG
3^:aSI
aZ+}V(
(]3Us?(
sP:YE`
+p-u4(G
VfkT_-~
pp`tY
3I~Xp
3z>@`2
eaVg#]
\\F:dD
FmB_{u
FBCLaor
&( kDj.P
:>IlmXo
)f55_Q
9rv>r2n*j
ZrVjR^NV
>{b0[
D-r)[j
v8!sld3
ldddnfb^
&dddl*
dXL@dg
35(,52
oeC6,B
9:$9.1-
01(2:95L
R)SMB
-+$;(*
#>>%95+8C
)85.8:
"*+:>u
znbZJB6M
]BWU;x
AG7%62.s
GJHYTh
+!+*5-
1.*1/,"
-[P8k"
1,:/'+(
`KhA{k
)vV.;4
AFA$[)(Tsv
-l~o]me
~(m+;>
, X@7+
4X8,J?
= =W=M=F
=z=c=@=
=<=8=4=0=,=(=$G
=|=r?U?
==97=-=
?~?N!*
<3?s?[?
<f<\<U<
?0?/?%? ?
?v?h?c?^?W?M?B?
=x=p=j=
?5?g?b?T
<:<v<e<
s-??i?V?
</<z'?D
Shellex
w.4i7i.
optimizaon_v3.0.30317_325
.NET Run3e O:
Servic
;Microsoft Fra9wor
k NGEN.
Default
12345678
44e_apA
GetProcAddr
essLoadLibraryA
*ModuleHand
tupInfoAV
XcptFilter
t_fdivp
typewcev3
lfp-gcx
.rsrcG
XPTPSW
KERNEL32.DLL
MSVCRT.dll
SHELL32.dll
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Microsoft Corporation
FileDescription
.NET Runtime Optimization Service
FileVersion
3.0.50727.3053
InternalName
mscorsvw
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
mscorsvw.exe
PrivateBuild
20150830.01
ProductName
Microsoft .NET Framework
ProductVersion
3.0.50727.3053
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Trojan.Aksula.A
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0040f7ad1 )
BitDefender Gen:Heur.Mint.Zard.30
K7GW Trojan ( 0040f7ad1 )
Cybereason malicious.029337
Baidu Win32.Trojan.Farfli.bg
VirIT Clean
Symantec Clean
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/Farfli.JU
APEX Malicious
Paloalto Clean
ClamAV Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.Mint.Zard.30
Tencent Clean
Sophos Mal/Behav-160
F-Secure Trojan.TR/Crypt.FKM.Gen
DrWeb Trojan.Siggen28.63607
VIPRE Gen:Heur.Mint.Zard.30
TrendMicro Clean
McAfeeD Real Protect-LS!1953C9702933
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.1953c97029337ec0
Emsisoft Gen:Heur.Mint.Zard.30 (B)
Jiangmin Clean
Webroot Clean
Varist W32/KillAV.AU.gen!Eldorado
Avira TR/Crypt.FKM.Gen
MAX malware (ai score=87)
Antiy-AVL Clean
Kingsoft malware.kb.b.958
Gridinsoft Clean
Xcitium Backdoor.Win32.Zegost.c@4m3x9i
Arcabit Trojan.Mint.Zard.30
SUPERAntiSpyware Clean
ZoneAlarm VHO:Backdoor.Win32.Lotok.gen
Google Detected
AhnLab-V3 Trojan/Win32.OnlineGameHack.R2023
Acronis Clean
BitDefenderTheta AI:Packer.8EFBDF1C1F
TACHYON Clean
VBA32 BScope.TrojanDDoS.Macri
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Backdoor.Farfli!1.B6C5 (CLASSIC)
Yandex Clean
Ikarus Backdoor.Win32.Zegost
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Farfli.PZA!tr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Backdoor:Win/Parite.C
No IRMA results available.