popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2049-09-09 04:45:14

PDB Path

RunPE.pdb

PE Imphash

dae02f32a21e03ce65412f6e56942daa

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00007144 0x00007200 5.7828624272
.rsrc 0x0000a000 0x00000354 0x00000400 2.72550959758
.reloc 0x0000c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000a058 0x000002fc LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorDllMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
qX &ASya}%
PdDa}m
( a -Q"qa}r
@"Pa}*
qX &ASya}W
e #FZYa}
^Y 3@i
!6sY C
v2.0.50727
#Strings
RunPE.dll
<Module>
Class2
Project
Object
System
mscorlib
RunPEE
DelegateResumeThread
MulticastDelegate
DelegateWow64SetThreadContext
DelegateSetThreadContext
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateVirtualAllocEx
DelegateWriteProcessMemory
DelegateReadProcessMemory
DelegateZwUnmapViewOfSection
DelegateCreateProcessA
PROCESS_INFORMATION
ValueType
STARTUP_INFORMATION
<Module>{ac18c390-2b44-4e96-ba20-25a5a4767903}
m8DC99C4B847A8C7
.cctor
rORgltYNRPO9kCdpMb
lCb8AClSBFEVIgqHmG
caminhovbs
namevbs
Boolean
RegistryKey
Microsoft.Win32
ProcessStartInfo
System.Diagnostics
System.IO
Combine
String
Registry
CurrentUser
Exists
sKo86fe9HGSnuwD9Ru
Concat
jdCsFhaPKJKkHAuFtI
ljlkD5QJDjiBlqQVUp
ProcessWindowStyle
set_WindowStyle
KoLdFvvo7Bp3WbpvJo
set_FileName
BKD5yIXBRqe4pqYdO2
O8M2MxIrcxBqL8Y6kA
set_Arguments
FIoy5YnpW2lcjrJgZm
Process
U7bGgk34FJ6pe9MuuE
WaitForExit
qgy00q9HW7w1Ngk0MQ
OpenSubKey
jSfJDvOehbkq70jb2E
SetValue
C4d0BIDTpDLlTKTJvG
IDisposable
Dispose
qqicF7rwAVdOKLdhZG
fpNQYJ4XHAfTLZdNv4
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
hFv7xp0PpbcjwBXwNN
Thread
System.Threading
ParameterizedThreadStart
IntPtr
Exception
MethodInfo
System.Reflection
Assembly
TryRun
compatible
hidden
Desktop
ArgumentException
ArgumentNullException
LoadLibraryA
kernel32
GetProcAddress
hProcess
LoadApi
CreateApi
method
GetTypeFromHandle
RuntimeTypeHandle
Marshal
System.Runtime.InteropServices
GetDelegateForFunctionPointer
Delegate
Conversions
Microsoft.VisualBasic.CompilerServices
Microsoft.VisualBasic
ToGenericParameter
HandleRun
Buffer
BlockCopy
get_Size
BitConverter
ToInt32
rBogTi80hXY4MBxwGs
oORNlfqPK7qWaCHWnV
gUsEvwtNbiOm687mtr
ApartmentState
SetApartmentState
m5j3QbZ6UaddFCduBb
get_EntryPoint
tABfxix80sTto4nQLJ
MethodBase
GetParameters
ParameterInfo
P79pSP5KMl7dVSIAyL
Invoke
hCaulZcg5gEDLxqGbd
IsNullOrEmpty
yCqgjHNIKtQ4NJIGpC
bNQbbvBqaAOi25hI2X
i6ck8CEmPAqJnwXPfZ
SizeOf
JSEUQ7JvQKbX0KRWtu
get_Length
S6A63ZG8y3r2MaByHN
L6BXxZHYlUxmC4mWNg
vISNUH1T9KJ8nFohIk
thread
f9O9CRM0QTetKTOr6I
prOkLoVGiFYch1vBPr
process
baseAddress
lIuveTP8wwjVYKV1XP
handle
address
length
protect
XiQyGbWf3sF4pFjC8v
ToInt16
dkanIf2B63DWf8ECj1
GetBytes
YKp8anmvbGFk2auxI4
jaTUR5UMRervgLq4BK
vJUBFWfv5MxcOFtnUH
WC8Uocw23cvPgFvd2x
GetProcessById
Hr9RXp6Y2mldsvRtXR
object
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
context
buffer
bufferSize
bytesWritten
bytesRead
applicationName
commandLine
processAttributes
threadAttributes
inheritHandles
UInt32
creationFlags
environment
currentDirectory
startupInfo
processInformation
ProcessHandle
ThreadHandle
ProcessId
ThreadId
lpReserved
lpDesktop
lpTitle
dwXSize
dwYSize
dwXCountChars
dwYCountChars
dwFillAttribute
dwFlags
wShowWindow
cbReserved2
lpReserved2
hStdInput
hStdOutput
hStdError
vvYOVhbHnZXhVSRcDo
startupreg
netframework
nativo
WebClient
System.Net
ToString
set_Encoding
Encoding
System.Text
ReverseString
ToCharArray
wj8oxcKQMhWyu3MiMB
op_Equality
eL61cEhr3TEsU6jQVJ
Xd0LwFzhEBVfQPGGSn
SecurityProtocolType
ServicePointManager
set_SecurityProtocol
rQcd3TTSI6lCVHMl6JH
get_UTF8
rbJryoTTdjpvdQgZCqq
WaP97STAZD9pAa0scHE
DownloadString
XMNkWLT7BBsCZiElwGi
yaMjewTLB6ko7gsuukK
Convert
FromBase64String
xDJnGbTuAHxrLrabo2j
FKy1wEy8Q0ZLa270Zf
t59nbxCXLli0kLs5JD
jLkxZGTdIZ8cZpeVM0r
Reverse
m_345982f864954898914ded9b739a8cde
m_1acadc2e5cbc49da8cc4f88a90357b92
m_e7a8a62e07ca4ab99046aa798c2fbb49
m_34a410a11cbf466387c4717f0adc49c9
m_4b74b7d44bf64fc28d98fc799a763508
m_952f3e01cb9a49ab839a15d73e5e393f
m_8c29c6fd660a48f88a29b0e664d429a8
m_89c22fb2e01149bc8e53ae7bafefe869
m_bea81efe3e6e4a7787ddbb218944e237
m_19942ed99aed48e69ce3c957dee651e0
m_9b9d701bf691416c965d2cd4cd201834
m_8a7f201f5d3c452ca5d22e3da2a0b5f5
m_d8155d83dc504cdcac922d99f4ad932b
m_9b62bf1d5cc249c6b24c410eb5ea92f3
m_8096d27824c34e9f91addfa6fa82c632
m_4cd8c2e359e945638df6d9c1f335c64d
m_271dc17457e343f8b75dc3bdf62f6293
m_b6df80c0e45a42f985a1afe954eeb5eb
m_23dbcf39344c433fa995aea063fc6dcb
m_f7c3b79f19174602a4cc6d451fb86c2d
m_808b14660988405f963e91c4926cddc7
m_ecd8aa83d4af4f0d8399a54a9d9f93df
m_c6e08acf29e84fefae7f37a247d34e1d
m_49f6e2a780b4400bbc306c3aeebf8339
m_719a159cfd9740288d6b6b3d29efd7f5
m_9b357978dc88417ebf1f0675c5c1df34
m_a27b1f85bacc46f2955e88662505a542
m_8afb26d63b314168b84ff873753b4e2e
m_26704683996f4ac2b56119d9cb6965e5
m_c6517e29746546a8846e22ec6483917a
m_beda97e462f3422f8e75b9e9c514b84a
m_fc77014f3e3b437a8e67cf54b6b67a11
m_15badef8528241ddbc214638106e1ad3
m_f4c0c385940e4a9d9379aee966932c2e
m_223a1547b18546ddb9c72ae1e8a99051
m_035d7cec07a041ee9a49773caa13e961
m_179cf8b446fa4c259aa3e9bac25a2b2d
m_0e42e9b1d8b547f6be7933882e4b5938
m_8c81c47b3bed4d13a5cada1e325f2da0
m_c1034dc0614d4078a3ed0856654c8015
m_885eebc7bc0f4411a0ff0c34b431ed68
m_ae446e6181064ce9bf5b06b10f7e1f41
m_1f89c72fa378455d9ce593712cda4ad6
m_c040ad9ee0134b8f9cbbcd1fbca93822
m_955f1ce1d81d487f968f3e24e4372907
m_41554da865644deea71d428d028b5865
m_3071017a26a44847a73176487c52d2c8
m_043f2ea6cbf540dc9ddfc2652cfbbc19
m_b40e8b0496be438aace596a247a9e4bc
m_1f2794c79c1a47f695f0864c118ae0e7
m_23f278fdc22d49f29f9571532b71c3a8
m_de702471f1ba4dab8ba19745759926ac
m_cdba8433a39d4fa6b3f13f6b9f2fe2b0
m_7e6cf87e60214012be72adbd5d3c93ae
m_1521e6aa829e4f268bdf7d0cfbd0456f
m_6e8f1286b08d49208807014090a2a12c
m_ee5d61eec441471397c80f3b4edafe87
m_57afbff4032643598cf323dd540bfb75
m_5edf06f750854989a8f6addc018c4571
m_f31504589a1943a78c238297e9b00c40
m_2a06f387110a4324a09a7b41948c4d75
m_4e614dd21599453d8ddfcaf961bd507a
m_294a38ad3da74fd3b779b5d3fa49f45d
m_136f52a28fca4a3b8d42117c87eba5da
m_94a0fb93daf247b8a88da196c755d6e0
m_3476ac51ea8e4de389e86219e9f7230a
m_ac9715e0ac6e46bbb6d3295def163e85
m_bac0f8dd920c451592af53efc4091aed
m_df876e3b2c454a5a9327d95b406ac1bb
m_7c9da3aaa67741e99082dc8c49ef2fac
m_a975206067d3434e988b3eb8ab5cb628
m_d74239d60f6e472c99e63ee99c099347
m_85315fc4f7be4927b88baaf2d65b5213
m_4ec5157342364b079fa26f431ab74244
m_737be205f70449fe9ef82341b3b9d5a9
m_28823c4e3560445a9b16debef9a86311
m_40733caeefd7430c8e558a31d32053b4
m_49fa0f4e426b4dc8984700002b5085fc
m_a4882f6d0b4f444a994ab6b451519106
m_f3e369af5f804d28abe45344bc6206aa
m_2380df05286748f292ff970294dae0c6
m_c5d0a1439af442c889244645f27ec6c4
m_725abe4187014646b223ca6eae20e110
m_896ab63242ed4273b9c6d837aa5ce00e
m_5dafbb30070248dbbd9abeaa3db846ab
m_9314fecc529d46cf80c8ee4319c61fb4
m_6b9d0d28d8cd41d5ba9d4fa7afce5729
m_4921353728494f77b220ec4963009448
m_d72c6b5fe6a148789a951c28af00e1be
m_69f7740c0c1f4318b82ffbb942d4891f
m_157e7faf6d3b46409036f37b32b920b0
m_189f545bdfe44224904f538b7d845a2e
m_090d3077d2c74061a96ed3260aaf828f
m_4be767505c0646cea2b7940d4abe26e7
m_ea412072ce0f43e882bc6a679153ffcf
m_853fe006d6044cb0aa5e72171e7c0af4
m_8cdf26f6ac46457abfc7bc231c8290d6
m_ce30523f6180404fb46142677300ed59
m_a62bd5283dec49fea6b8909e9ae42871
m_9060c3e972ed4297834fdc73826ed2bc
m_5145e5e2880f4805b40282540b471028
m_4ecc0d17e9994a339ced4e18cae6e943
m_02e5e6e2d2af4813b61d13be20946435
m_26863495f2d5498cbf5f37931566e4ce
m_6e22cd42a1f342ae8ba9dd2bb0be7f2a
YE1QUdToHkart2yHgNP
e7cc9091ac7924161ae170d3de327b068
A2af3vTYJMw3DLNwecY
lSRNlcTkdqSZAgHSSrC
I5bPSYTplfYilO2JFOX
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
GuidAttribute
AssemblyFileVersionAttribute
StandardModuleAttribute
WrapNonExceptionThrows
Copyright
2024
$09558e5f-35ca-423a-81bb-1409b5d0739a
1.0.0.0
RunPE.pdb
_CorDllMain
mscoree.dll
cmd.exe
/C copy *.vbs "
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
'cmd' cannot be null or empty
'Desktop' cannot be null or empty
Desktop
'path' cannot be null or empty
kernel32
VirtualAllocEx
WriteProcessMemory
GetThreadContext
Wow64SetThreadContext
CreateProcessA
ZwUnmapViewOfSection
ReadProcessMemory
SetThreadContext
ResumeThread
Wow64GetThreadContext
C:\Windows\Microsoft.NET\Framework\v4.0.30319\
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
RunPE.dll
LegalCopyright
Copyright
2024
LegalTrademarks
OriginalFilename
RunPE.dll
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Trojan ( 005309d11 )
Alibaba Clean
K7GW Trojan ( 005690671 )
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec Clean
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.LOS
APEX Clean
Avast Win32:MalwareX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.MSIL.Krypt.6
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.6
Tencent Clean
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Trojan.InjectNET.17
VIPRE Gen:Heur.MSIL.Krypt.6
TrendMicro Clean
McAfeeD Clean
Trapmine Clean
FireEye Generic.mg.9152c6d4256e9195
Emsisoft Gen:Heur.MSIL.Krypt.6 (B)
SentinelOne Static AI - Malicious PE
GData Gen:Heur.MSIL.Krypt.6
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.MSIL.Krypt.6
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Clean
Google Detected
AhnLab-V3 Trojan/Win.MSIL.R506909
Acronis Clean
McAfee Clean
MAX malware (ai score=83)
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:GVLzqYVvw+SOXc3/Vojv3w)
Yandex Clean
Ikarus Trojan.MSIL.Injector
MaxSecure Clean
Fortinet MSIL/Injector.B!tr
BitDefenderTheta Clean
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan:MSIL/Injector.LOS
No IRMA results available.