popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-11-19 22:26:46

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000ea54 0x0000ec00 5.47150058855
.rsrc 0x00012000 0x000007ff 0x00000800 4.88486615034
.reloc 0x00014000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000120a0 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0001236c 0x00000493 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<>c__DisplayClass2_0
<Read>b__0
<>p__0
<>9__2_1
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
__StaticArrayInitTypeSize=32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
SwapInt32
X509Certificate2
<>o__3
WriteUInt64
ToUInt64
GetAsUInt64
SetAsUInt64
ToInt64
SwapInt64
ToUInt16
ToInt16
SwapInt16
HMACSHA256
Sha256
Aes256
aes256
__StaticArrayInitTypeSize=6
get_UTF8
<Module>
MessagePackLib.<PrivateImplementationDetails>
SystemParametersInfoA
1DB2A1F9902B35F8F880EF1692CE9947A193D5A698D8F568BDA721658ED4C58B
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
MapNameToOID
_hookID
get_FormatID
EXECUTION_STATE
87639126EA77B358F26532367DBA67C5310EF50A8D9888ED070CD40E1F605A8F
get_ASCII
offlineKL
WHKEYBOARDLL
AppdataL
WM_KEYDOWN
LASTINPUTINFO
System.IO
AppdataR
uptimeToDHMS
ES_CONTINUOUS
get_IV
set_IV
GenerateIV
value__
ReadServertData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
LowLevelKeyboardProc
dwThreadId
GetWindowThreadProcessId
lpdwProcessId
GetProcessById
EndRead
BeginRead
idThread
InnerAdd
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
Received
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
InnerAddMapChild
InnerAddArrayChild
Append
RegistryValueKind
CompareMethod
method
Clipboard
Replace
IsNullOrWhiteSpace
CreateInstance
vkCode
wScanCode
keyCode
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
utf8Encode
DeleteSubKeyTree
get_Message
DetectSandboxie
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
SwapDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
WriteSingle
ToSingle
SetAsSingle
DownloadFile
InstallFile
DecodeFromFile
SaveBytesToFile
IsInRole
WindowsBuiltInRole
GetActiveWindowTitle
CurrentActiveWindowTitle
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
fileName
lpModuleName
get_MachineName
get_OSFullName
get_FullName
IsValidDomainName
get_UserName
lowerName
get_ProcessName
SetName
CheckHostName
DateTime
GetLastInputTime
dwTime
LastLastIdletime
sumofidletime
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
valueType
MsgPackType
ProtocolType
uMapType
GetType
SocketType
FileShare
System.Core
Serversignature
MethodBase
Dispose
StrReverse
X509Certificate
ValidateServerCertificate
certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
lpKeyState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
innerValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
Async77nt.exe
cbSize
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
SizeOf
IndexOf
cchBuff
pwszBuff
lastInputInf
strFlag
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
SystemEvents_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
ReadString
DownloadString
WriteString
ToString
get_AsString
set_AsString
BytesAsString
GetAsString
SetAsString
GetString
BytesAsHexString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
ComputeHash
ComputeStringHash
strToHash
GetHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
loggerPath
HmacSha256Length
get_Length
IvLength
AuthKeyLength
EndsWith
fWinIni
msgpackObj
listObj
MessagePackLib.MessagePack
MsgPack
AsyncCallback
HookCallback
RemoteCertificateValidationCallback
TimerCallback
callback
unpack_msgpack
RegistryKeyPermissionCheck
FlushFinalBlock
idHook
SetHook
IsSmallDisk
strVal
RtlSetProcessIsCritical
ProcessCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
AreEqual
get_Interval
set_Interval
Client.Install
kernel32.dll
user32.dll
ntdll.dll
WriteNull
SetAsNull
MutexControl
Encode2Stream
FileStream
NetworkStream
SslStream
DecodeFromStream
CryptoStream
GZipStream
MemoryStream
lParam
uParam
pvParam
wParam
Program
get_Item
get_Is64BitOperatingSystem
Client.Algorithm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
MsgPackEnum
WriteBoolean
ToBoolean
SetAsBoolean
TimeSpan
HwidGen
children
X509Chain
AppDomain
get_CurrentDomain
Pastebin
IsAdmin
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
uAction
System.Reflection
X509CertificateCollection
ManagementObjectCollection
Client.Connection
set_Position
position
CryptographicException
ArgumentNullException
ArgumentException
Unknown
ImageCodecInfo
SendInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
SystemParametersInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
WriteMap
PreventSleep
currentApp
Microsoft.CSharp
NormalStartup
System.Linq
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
InstallFolder
IdSender
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetEncoder
get_Buffer
set_Buffer
WriteInteger
get_AsInteger
set_AsInteger
GetAsInteger
SetAsInteger
LimeLogger
DetectDebugger
ManagementObjectSearcher
SessionEndingEventHandler
Client.Helper
ToUpper
DetectManufacturer
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
KillPs
System.Diagnostics
FromSeconds
inSeconds
NativeMethods
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Walltes
Encode2Bytes
GetUtf8Bytes
utf8Bytes
Rfc2898DeriveBytes
ReadAllBytes
DecodeFromBytes
SwapBytes
LoadFileAsBytes
GetAsBytes
SetAsBytes
GetBytes
rawBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
esFlags
wFlags
Strings
InitializeSettings
SessionEndingEventArgs
Anti_Analysis
RunAntiAnalysis
ICredentials
set_Credentials
Equals
SslProtocols
ReadTools
WriteTools
BytesTools
System.Windows.Forms
Contains
Plugins
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
Browsers
SslPolicyErrors
sslPolicyErrors
FileAccess
hProcess
GetCurrentProcess
IPAddress
Compress
Decompress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
Antivirus
Concat
ImageFormat
format
WriteFloat
get_AsFloat
set_AsFloat
GetAsFloat
SetAsFloat
LastAct
FindObject
ManagementBaseObject
ForcePathObject
object
Collect
Connect
Reconnect
System.Net
Target
Client.Handle_Packet
KeepAlivePacket
ClientSocket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
op_Explicit
ClientOnExit
IAsyncResult
result
Async77nt
ToUpperInvariant
WebClient
InitializeClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
parent
System.Collections.IEnumerator.Current
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
isDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
Decrypt
Encrypt
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
GetForegroundWindow
set_CreateNoWindow
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
CloseMutex
CreateMutex
Firefox
WirteArray
InitializeArray
MsgPackArray
ToArray
get_AsArray
refAsArray
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
_authKey
MapVirtualKey
masterKey
wVirtKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
WriteBinary
ToBinary
get_SystemDirectory
SetRegistry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
C3YwtuYGPGf6cIiEfCzVtJqh8KVptvfCKXvKlaWycLX15bpY313IaD4DOkNvwwJ7qqMy0uvFbeu5gMIblfSi4Q==
KG7olP9oweZoNzpk8P74j/7P2CS5ypYQHP8VJXz4fa8oIqvE9LN9ntwLtHsEfKKun5ydttHpsAJga+96U05+TGIw5GOwuP6O3RgDDZydKu4=
3+W5mR1cbqhxcc+11L7z1FbhDLAOUVzzvMhiry3I4iSRHvDHpC+ONRw1/R8hNNZDnRqxWnXMIpxPqlTqZIql0Q==
cEtx19NwDEH8dJ93VlEOa2REF7TfScehhxsc9kYEwWZMmb6CjgjkoX1eB88HtFY4s0XygxPlnE9aDv0jER6yDA==
%AppData%
SnZ2bnc5QVJ0bm1NWTJwS2VkdVNDRXdjYU9tSU1RTUY=
wpS584+RsaAhXZ1nJNBKf+B9cI+KzTD9qyUqeJW7DHwaAd1Q1a3+kttdU2/T5+C64BrcARIWb7wlv1kQzlGHYA==
g4VGHT5SHQ+GHZ2Tqip4MVugeo8rC01tIoiue+cUygXPG7NF8P2JK2F5f58/Awp4x183gwvYMw3HHFAzXDOkYwv6pKBDcljoTOCUKPfgB5iCxT/1gfRHAjlMhA5Ija2n8Yh2qMJ1yZtV/taHbnL0pzHtOfWnZ/EinvsRL+2Jrkl9i5FkMtPmx3AHPVp9IVJEXx0dhEsKsyToEICGBt6bIGT6Bpy/I3z0had7QVEGqvrqJ/BNYn4wnjnTG10OwEb8w1lsH65ldeQtkwLOy/5lNFUdnemWWkQG2MXNhA00aMvjoKD5jJHO22NzpMlwJBqK9bzZCmZxFmYglkDC8GWjUADkQrPqLbInU+xOwxFEme+LP0HsLFwqMnRNfDLlezI07Cs+lyNkhKBF+H3+8kuKnSDxnxzXEW2cilcjY3P2uiA+asLdBdQG3bjVo/15kwDg4pycbQET7QLSAsxZPUPIscPrXUnF0uUNV4+dXvHcdJAMx687LsJR93comO03JQTpnGPJVPF/S4oym8pbt5NN8t3/ZaQ2JUKPXUzm2AgHGwESEb+fD2q6XfAdrkOUvLjyN0kScCWVcyEdlm5Pn1VTSeLBcLu58lXmar2DBc5VfbdyEPHXZu2j5/AM4Gac9lSO7nTXcL5jYNeZTToL6sy3B3dKLe1MiVeKHY2Xjld8tAP6Y4r/UsmBV1Io8qHG1Q6AiwZjsH26vvdCxIWdr/PqDP2UHuwc7WfDHTuFulVQJ4YUy6oJlD3KeabmlW7086ww4a5qj2vNi84znYlOjUHNxn+PiXDvw+bkpwyaZZUT9NDoYXiuhcTZfBnS/iq572tmdWTrIbBjxH3OYiElspyHDTQy09qy2Q0w5izbIsTvDUHSiTgN+HHHenUy2gAKbniv6VA72+kXPsdM4CBGY1SmRIW82pniBozwI/uSeNhUSEOLJyagkKYxMsqb/Ld1la3l38GmZiToMlpO7zNlTFIt/9PXj9nXjc+D0xGkT+WftKG/Yvh0lUpLOfMzhL0ktXMX
AxWckVG2kDU5TZjJdzWwlMmPrGEMk9R/RbGwNipbIIRjawumEPxfjkPFNxCGFeEY64T0y3p9K8imUXnG5oBh7uJxptQXLUaY/rm32ztvAUGNuwY3hRLU/nO9UJyzUlSngTjauo6Cum+5ZPa9YJVodRyEq5tO6erAmjEkjFRr6EfRaRrshmhO3gIzfigylDBT29XYspGix4OOkN7y352LTvafIEEN5rAZ8hn5uJ7PFgOtJTLNSw1Rbvfgw4aXs9SVzLtOagffBX3zPz2kjfZDxwVc9OBCJ02KTnOJGVWSAxzNbWyC4/NTICpBti7/m4qGf4aNodnLdwrIO+luie/s1hIIehjHCAAojBbItPPEotp3Nuoym2qigTtJwCneQG6L8cbpBBp8KcvodL0l5NGwqQWmPtPEUDKPqpO4e1Q31QuOr0GeKpu5nHgNs/iNJjOWZh9GJ9so7crM3eTC+dCp6JDV26mz4gdiEVyFlbRplDisk6M8gsQc0OT05hb2Ysxu+48RUWtw5N+1TUiZtJd9TLWGg7Lc/Ubdgzb37JLu0Qx+EMoYj/E5+I10ck6baMwBgHryUcTNlwH+Y0bCxO0FL2VfWzBQ6YSyb+p0XBy3QisDHcdEEGrpuknAHv2svtjemkLhuPf2aO2dIdiSoyBHojfMePOWBK1zQZOj9O6sJX6DhP0l/Dqah+HUl2mvXk1BZuXqAzsLbN4ycj/MBQshl/rmMb+wfYwySruUj8zJGZWIMD7GTVflnyhtOj1jl8H0U+PXy/EyYNI/nNRMdSFGyhCJMbT74pjLyhWMK/MvLKP166MpB3d3u8IQa8Q7FNo92n9pLifO8lbRWrrpCCWbNn7Cm0wiBEwSTytTGGhhyy5OGQVStYllPLTgauczhn94b46OthRLZD4JsmmU8KJdLSw4YlXPtqGhfHFSJWO0da32ONPeRrqa6vfDIOjy2+S41voOMOxT7y1Bb9z0nCIJwg==
Gy9+9vdlynEjffxCIIlqQ5iqIlliacX3X1AQiQZ1X3cadeTW5M8d4MVfUWICwNt5RvWCHlqW5Ka+mx3kIJFObQ==
3Ar3zL6xX3/z0XNMAqD2tc/lnQtJVipBkEgoBCgmHRJDoCWtkSZutL8U4AwPQszYcTuupxTFV/AJ/uVQI7iP7g==
CEfcPKH3XTpTu7mxSspomoZbi2n5acAp6o3ELHsqxee+dud0Vw4ZAb4nCeEbNy+yuOQ7MGiBqHOzf2/y7fyk1Q==
fHl5CeSTsQZL0MtH7A7zSf1177dMOPLiTpHf7+5/+BKvV5NtogsMd2xLgB7Het2sVipmxGEtTtit5AJ7gsjoZQ==
9+sBqUjlKfbdScUJxDcwbxeNj1oXcExAvE8VvQxmU6AcH1VXq5mlW7pPPmmWFcHTO9dIxHp5rF2IFGRhFj5JDA==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Performance
Pastebin
Antivirus
\Default
\Profile
\Google\Chrome\User Data
nkbihfbeogaeaoehlefnkodbefgpgknn
bfnaelmomeimhlpmgjnjophhpkkoljpa
fhbohimaelbohpjbbldcngcnapndodjp
ibnejdfjmmkpcnlpebklmnkoeoihofec
jiidiaalihmmhddjgbnbgdfflelocpak
hnfanknocfeofbddgcijnmhnfnkdnaad
fnjhmkhhmkbjkkabndcnnogagogbneec
egjidjbpglichdcondbcbdnbeeppgdph
jkjgekcefbkpogohigkgooodolhdgcda
bhghoamapcdpbohphigoooaddinpkbai
acmacodkjbdgmoleebolmdjonilkdbch
\BraveSoftware\Brave-Browser
\Microsoft\Edge\User Data
ejbalbakoplchlghecdalmeeeajnimhm
ocglkepbibnalbgmbachknglpdipeoio
\Opera Software\Opera Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Stable\Local Extension Settings\djclckkglechooblngghdinmeemkbgci
Meta_Opera
MetaOpera
\Opera Software\Opera GX Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Software\Opera GX Stable\Local Extension Settings\chrome-extension://djclckkglechooblngghdinmeemkbgci
Meta_OperaGX
MetaOperaGX
Meta_Firefox
MetaFirefox
Meta_Chrome
MetaChrome
Meta_Brave
MetaBrave
Meta_Edge
MetaEdge
Phantom_Chrome
PhantomChrome
Phantom_Brave
PhantomBrave
Binance_Chrome
BinanceChrome
Binance_Edge
BinanceEdge
TronLinkChrome
BitKeep_Chrome
BitKeepChrome
Coinbase_Chrome
CoinbaseChrome
Ronin_Chrome
RoninChrome
Trust_Chrome
TrustChrome
BitPay_Chrome
BitPayChrome
F2a_Chrome
F2aChrome
F2a_Brave
F2aBrave
F2a_Edge
F2aEdge
Rabby_Wallet
RabbyWallet
\Ledger Live
Ledger_Live
LedgerLive
\atomic
Atomic
\Exodus
Exodus
\Electrum
Electrum
\Coinomi
Coinomi
\Binance
Binance
\Bitcoin
Bitcoin_Core
Bitcoin Core
BoolWallets
\Mozilla\Firefox\Profiles
-release
\extensions\webextension@metamask.io.xpi
\Local Extension Settings
\BraveSoftware\Brave-Browser\User Data
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
Wallets
Chrome
ResetHosts
sendPlugin
Hashes
AllInOne
Password
Tokens
AVRemoval.Class1
Reset Scale succeeded!
BackProxy.Class1
wallets
\drivers\etc
\hosts.backup
\hosts
127.0.0.1
Blocked!
cmd.exe
/c taskkill.exe /im chrome.exe /f
Reset Hosts succeeded!
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.AsyncRAT.m!c
tehtris Clean
MicroWorld-eScan Generic.AsyncRAT.Marte.B.6BB4019C
CMC Clean
CAT-QuickHeal Backdoor.MsilFC.S14901152
Skyhigh BehavesLike.Win32.Fareit.km
ALYac Generic.AsyncRAT.Marte.B.6BB4019C
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Riskware ( 00584baa1 )
Alibaba Backdoor:MSIL/AsyncRat.94f69248
K7GW Riskware ( 00584baa1 )
Cybereason malicious.0ac456
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto generic.ml
Symantec Downloader
Elastic Windows.Generic.Threat
ESET-NOD32 a variant of MSIL/AsyncRAT.A
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender Generic.AsyncRAT.Marte.B.6BB4019C
NANO-Antivirus Trojan.Win32.Crysan.kpopyg
ViRobot Clean
Tencent Trojan.MSIL.Agent.kr
TACHYON Clean
Sophos Troj/AsyncRat-B
F-Secure Trojan.TR/Dropper.Gen
DrWeb BackDoor.AsyncRATNET.2
VIPRE Generic.AsyncRAT.Marte.B.6BB4019C
TrendMicro TROJ_GEN.R014C0DGA24
McAfeeD ti!B6DCB01C7C91
Trapmine Clean
FireEye Generic.mg.0bb47290ac45642a
Emsisoft Generic.AsyncRAT.Marte.B.6BB4019C (B)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist W32/Samas.B.gen!Eldorado
Avira TR/Dropper.Gen
Antiy-AVL Clean
Kingsoft MSIL.Backdoor.Crysan.gen
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Clean
Arcabit Generic.AsyncRAT.Marte.B.6BB4019C
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
GData MSIL.Backdoor.DCRat.D
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C4267562
Acronis Clean
McAfee PWS-FCQR!0BB47290AC45
MAX malware (ai score=89)
VBA32 OScope.Backdoor.MSIL.Crysan
Malwarebytes Backdoor.AsyncRAT
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R014C0DGA24
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Yandex Clean
Ikarus Backdoor.AsyncRat
Fortinet MSIL/Agent.CFQ!tr
BitDefenderTheta Gen:NN.ZemsilF.36808.dm0@aGJB9Go
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Rat:Win/AsyncRAT.Stub
No IRMA results available.