popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2083-11-10 05:39:21

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000c53f4 0x000c5400 4.0499461151
.rsrc 0x000c8000 0x0000060a 0x00000800 3.47613060903
.reloc 0x000ca000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000c80a0 0x00000380 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000c8420 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Reserved1
kernel32
ToUInt32
ToInt32
Reserved2
ToInt16
get_UTF8
<Module>
CreateProcessA
LoadLibraryA
nQEacrO6tB
System.IO
mscorlib
ThreadId
ProcessId
GetProcessById
bytesRead
ResumeThread
thread
payload
GetMethod
method
CryptoStreamMode
EndInvoke
BeginInvoke
IDisposable
ThreadHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
handle
get_Name
applicationName
commandLine
ValueType
get_ParameterType
MethodBase
Dispose
Create
CreateProcessA_Delegate
ResumeThread_Delegate
ZwUnmapViewOfSection_Delegate
Wow64GetThreadContext_Delegate
Wow64SetThreadContext_Delegate
VirtualAllocEx_Delegate
ReadProcessMemory_Delegate
WriteProcessMemory_Delegate
MulticastDelegate
EmbeddedAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
IsReadOnlyAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Liviucotfas.exe
get_Size
bufferSize
SizeOf
Encoding
System.Runtime.Versioning
FromBase64String
GetString
length
LoadApi
CreateApi
AsyncCallback
callback
Marshal
CryptoStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
bytesWritten
StartupInformation
ProcessInformation
processInformation
ZwUnmapViewOfSection
System.Reflection
Exception
MethodInfo
startupInfo
MemberInfo
ParameterInfo
Desktop
Buffer
buffer
GetDelegateForFunctionPointer
BitConverter
StdError
.cctor
CreateDecryptor
IntPtr
Liviucotfas
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
inheritHandles
threadAttributes
processAttributes
GetBytes
creationFlags
Microsoft.CodeAnalysis
ReturnParams
GetParameters
hProcess
process
GetProcAddress
baseAddress
address
Object
object
protect
IAsyncResult
result
environment
Decrypt
Convert
StdInput
StdOutput
System.Text
Wow64GetThreadContext
Wow64SetThreadContext
context
VirtualAllocEx
startIndex
ToArray
System.Security.Cryptography
ReadProcessMemory
WriteProcessMemory
currentDirectory
op_Equality
WrapNonExceptionThrows
Liviucotfas
Copyright
Liviucotfas 2024
$45686882-4992-4a9b-8b48-1c1257656f6c
3.5.4.3
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Exclude
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
fX1g9PR1hdSRbWL06zJTFZLlHPL5KP0Er/6RmOBogaD1eA4gEWZNpojQADOviTWENt1sRLP+qp4xD33PyWmXZFiPh1Fda+I2Fwdmlc85oktNEQvv2GZfa5DsHkF153eVms7c7EE0BX03u/6F+pGiT74CD5iqpVD2Huqg6JImhq+awG/bHPKAaJ73y17UnrbJA9p2Nu8FlPUFeP7+2wvBCAIw6D1kGmUVnZA1FRvaPBGK8suN4oWCa5LY7LM/q4QzMyNnMJhgl5WThUbngrtkcblIB0tBNiXLhKoQpx53iEYz+jj7fELSKN+uS5uYboYaznE6jzYUgvd/jfi6v3hM4q1Sb/moLtR1FwqbgR1iY+JstBHNFRQqNA9HreRjGqjxRZmSMzqU40MZYg7QtMZrG89wSvjk70V3W6LNw7rM1eYoZuUroMJ+gMyWglFgFDMsvIBs7vsbuevqrZxFLCY2K0JEQ6A/2I0OKF2DD8RSwLBZEFd/0FzeCccL0jW0lIMWk7ZGXMnJOKDNo1CtI/wHBjPqtFkezzFfkECRJJqJH/jGtSXANwVyi0OGSq9DLEjflpwwz11ufImTEOt7pIWy48Tjrsoc5Uoijz0JVJHyeaP+K3+H8m/dSAnLmugWNArTA8vj8JfJYjY+q3mWY2LR8llAXok/5SVKkcNQzwAAuTngVf+JsRmxPH/og/taSnIyWvojpxyQuvRQIoKzZEprs9I3IycRHIDN4KBXbWxcQPQEeGEwQoFehee6/Qj7drptMwYDmWBw158/oaXyHAWUkU5tbwpeCCsfgvuX9yKDEUxdo7LDwTy45kTPeKqNWSStShWyqpeG2NV9WPuS6UEcX7/odbqzGS0ZZlBvvHfkLyLoTMiqkNedtcLKnaHJmNMUWpTcEACeUTeeRgi/MCi5swc4wMlJQ04kCu5vJ2gNq8oYpqZhYE6LzaDhEwnZIP2Dlqcl+dXJf8Us0CDy6jPHgh1RaxYput70A8xIKWNREQMVuJ42A1BQymEvstwyxB+B
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XFJlZ0FzbS5leGU=
ToInt16
ToInt32
GetBytes
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
BlockCopy
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Liviucotfas
CompanyName
Liviucotfas
FileDescription
Liviucotfas
FileVersion
3.5.4.3
InternalName
Liviucotfas.exe
LegalCopyright
Copyright
Liviucotfas 2024
LegalTrademarks
Liviucotfas
OriginalFilename
Liviucotfas.exe
ProductName
Liviucotfas
ProductVersion
3.5.4.3
Assembly Version
3.5.4.3
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.AgentTesla.bt
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0050bedf1 )
Alibaba Trojan:MSIL/Injector.ceb6b2eb
K7GW Trojan ( 0050bedf1 )
Cybereason malicious.1d2574
huorong Trojan/MSIL.Injector.fx
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.LOS
APEX Malicious
Avast FileRepMalware [Misc]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.MSIL.Krypt.6
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.6
Tencent Malware.Win32.Gencirc.1415045a
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.InjectNET.17
VIPRE Gen:Heur.MSIL.Krypt.6
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEHDZ
McAfeeD Real Protect-LS!FECB3521D257
Trapmine Clean
FireEye Generic.mg.fecb3521d2574fba
Emsisoft Gen:Heur.MSIL.Krypt.6 (B)
Ikarus Trojan.MSIL.Injector
GData Gen:Heur.MSIL.Krypt.6
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.MSIL.Krypt.6
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C3997807
Acronis Clean
McAfee Artemis!FECB3521D257
MAX malware (ai score=88)
VBA32 Trojan.MSIL.DiscoStealer.Heur
Malwarebytes Generic.Malware/Suspicious
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEHDZ
Rising Malware.Obfus/MSIL@AI.92 (RDM.MSIL2:m6c755Q0GydxsEzGEq1hUg)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/LOS!tr
BitDefenderTheta AI:Packer.DAA13BFE1F
AVG FileRepMalware [Misc]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan:MSIL/Injector.LOS
No IRMA results available.