popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2083-11-10 05:39:21

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000cb3f4 0x000cb400 4.04902823833
.rsrc 0x000ce000 0x0000060a 0x00000800 3.47727734513
.reloc 0x000d0000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000ce0a0 0x00000380 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000ce420 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Reserved1
kernel32
ToUInt32
ToInt32
Reserved2
ToInt16
get_UTF8
<Module>
CreateProcessA
LoadLibraryA
nQEacrO6tB
System.IO
mscorlib
ThreadId
ProcessId
GetProcessById
bytesRead
ResumeThread
thread
payload
GetMethod
method
CryptoStreamMode
EndInvoke
BeginInvoke
IDisposable
ThreadHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
handle
get_Name
applicationName
commandLine
ValueType
get_ParameterType
MethodBase
Dispose
Create
CreateProcessA_Delegate
ResumeThread_Delegate
ZwUnmapViewOfSection_Delegate
Wow64GetThreadContext_Delegate
Wow64SetThreadContext_Delegate
VirtualAllocEx_Delegate
ReadProcessMemory_Delegate
WriteProcessMemory_Delegate
MulticastDelegate
EmbeddedAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
IsReadOnlyAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Liviucotfas.exe
get_Size
bufferSize
SizeOf
Encoding
System.Runtime.Versioning
FromBase64String
GetString
length
LoadApi
CreateApi
AsyncCallback
callback
Marshal
CryptoStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
bytesWritten
StartupInformation
ProcessInformation
processInformation
ZwUnmapViewOfSection
System.Reflection
Exception
MethodInfo
startupInfo
MemberInfo
ParameterInfo
Desktop
Buffer
buffer
GetDelegateForFunctionPointer
BitConverter
StdError
.cctor
CreateDecryptor
IntPtr
Liviucotfas
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
inheritHandles
threadAttributes
processAttributes
GetBytes
creationFlags
Microsoft.CodeAnalysis
ReturnParams
GetParameters
hProcess
process
GetProcAddress
baseAddress
address
Object
object
protect
IAsyncResult
result
environment
Decrypt
Convert
StdInput
StdOutput
System.Text
Wow64GetThreadContext
Wow64SetThreadContext
context
VirtualAllocEx
startIndex
ToArray
System.Security.Cryptography
ReadProcessMemory
WriteProcessMemory
currentDirectory
op_Equality
WrapNonExceptionThrows
Liviucotfas
Copyright
Liviucotfas 2024
$45686882-4992-4a9b-8b48-1c1257656f6c
3.5.4.3
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Exclude
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
fX1g9PR1hdSRbWL06zJTFZLlHPL5KP0Er/6RmOBogaD1eA4gEWZNpojQADOviTWENt1sRLP+qp4xD33PyWmXZFiPh1Fda+I2Fwdmlc85oktNEQvv2GZfa5DsHkF153eVms7c7EE0BX03u/6F+pGiT74CD5iqpVD2Huqg6JImhq9zcN0PNRT4HuG0b7/+UuaUT4WfQPSpCyhonrGYGClhW6rAzp6U66E1spHJqfC/q3EHJP0Dm0qCNQQKI1/ycOeSWbwVZnMfLSkgUqafWh0eL8SOiX2s95kJAiA6C38X66LjB2PzyrJ5FxcUFml14fjrS1O7or10PEZ92nx+2oOII0j9Pc6mRueHU4rHLDC2iX+qDlDXMKhGpDqGZCPpQUH48WAgjKTcpr5FY22d6/UCL9N6av0doImL/ZI+ezU0qoRtF67+eHmOLEPswLHciRfHu52ku9VvU7/HfQ4P3qoreXrz/ULk1LruzmmJ5fTiTWNgLZwzf+KS84HDgNUyPy2ZAYM2Ace2D/0I2QWnFlTz5fPwOSDcqNw2UvW3csP99EUYSZ18dDOLxN4vRu5R2x4tCAc8bd3vOtPdM0qHOjXuQu3yT+AEtNN2M20wgba/nTcsipEWlGhp9l5k+0kLQ1d0jBTjH5Eail0AFBe+c3QEaeqlPdFHS981Uxwmpz80jZfe/Wf5qLBI69YrdgkfqP/ShvL/inYyV6d05KxhsnVR6mfbEHyPYFgOXwRUcI20qbhHVamyNOsWtF+CFVHwr+W3HvL1gZd/5luh5ac3AXsnpHiaVGWaKSYdBFDIlr4MeEqxkZqbVD9jw98fn/0H7bqrR1qwDTkRzfW6kKqfY87J0pSnbD8CinUgHgfE9uIdW7gczeZmip2KwE2rl6fkUJoZE/XtPPnGaBqXUavPPzOr3C9Bn90LhI/nVgSpaUHHrAufy3G2nIZpq6CUG0nqjnN4IJH0k7z2XRarauty8+FxnKfd1UKOrAbISjiaUNbWI4J8crIKpEh++chD33FWR0R0
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XFJlZ0FzbS5leGU=
ToInt16
ToInt32
GetBytes
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
BlockCopy
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Liviucotfas
CompanyName
Liviucotfas
FileDescription
Liviucotfas
FileVersion
3.5.4.3
InternalName
Liviucotfas.exe
LegalCopyright
Copyright
Liviucotfas 2024
LegalTrademarks
Liviucotfas
OriginalFilename
Liviucotfas.exe
ProductName
Liviucotfas
ProductVersion
3.5.4.3
Assembly Version
3.5.4.3
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
Cynet Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 004cf1da1 )
BitDefender Gen:Heur.MSIL.Krypt.6
K7GW Trojan ( 004cf1da1 )
Cybereason malicious.5c2c82
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.LOS
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:MSIL/Injector.99f78a9e
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.6
Tencent Win32.Trojan.Generic.Timw
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.InjectNET.17
VIPRE Gen:Heur.MSIL.Krypt.6
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEHCZ
McAfeeD Real Protect-LS!52EEC7E5C2C8
Trapmine Clean
FireEye Generic.mg.52eec7e5c2c820cc
Emsisoft Gen:Heur.MSIL.Krypt.6 (B)
huorong Trojan/MSIL.Injector.fx
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira TR/Dropper.Gen
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.MSIL.Krypt.6
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Heur.MSIL.Krypt.6
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C3997807
Acronis Clean
BitDefenderTheta AI:Packer.6697CD451F
MAX malware (ai score=86)
VBA32 Trojan.MSIL.DiscoStealer.Heur
Malwarebytes Generic.Malware/Suspicious
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEHCZ
Rising Malware.Obfus/MSIL@AI.92 (RDM.MSIL2:liSVg0c0AfctNiBrxZqKug)
Yandex Clean
Ikarus Trojan.MSIL.Injector
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/LOS!tr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan:MSIL/Injector.LOS
No IRMA results available.