popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2083-11-10 05:39:21

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0002c3f4 0x0002c400 4.18102696194
.rsrc 0x00030000 0x0000060a 0x00000800 3.47035694662
.reloc 0x00032000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000300a0 0x00000380 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00030420 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Reserved1
kernel32
ToUInt32
ToInt32
Reserved2
ToInt16
get_UTF8
<Module>
CreateProcessA
LoadLibraryA
nQEacrO6tB
System.IO
mscorlib
ThreadId
ProcessId
GetProcessById
bytesRead
ResumeThread
thread
payload
GetMethod
method
CryptoStreamMode
EndInvoke
BeginInvoke
IDisposable
ThreadHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
handle
get_Name
applicationName
commandLine
ValueType
get_ParameterType
MethodBase
Dispose
Create
CreateProcessA_Delegate
ResumeThread_Delegate
ZwUnmapViewOfSection_Delegate
Wow64GetThreadContext_Delegate
Wow64SetThreadContext_Delegate
VirtualAllocEx_Delegate
ReadProcessMemory_Delegate
WriteProcessMemory_Delegate
MulticastDelegate
EmbeddedAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
IsReadOnlyAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Liviucotfas.exe
get_Size
bufferSize
SizeOf
Encoding
System.Runtime.Versioning
FromBase64String
GetString
length
LoadApi
CreateApi
AsyncCallback
callback
Marshal
CryptoStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
bytesWritten
StartupInformation
ProcessInformation
processInformation
ZwUnmapViewOfSection
System.Reflection
Exception
MethodInfo
startupInfo
MemberInfo
ParameterInfo
Desktop
Buffer
buffer
GetDelegateForFunctionPointer
BitConverter
StdError
.cctor
CreateDecryptor
IntPtr
Liviucotfas
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
inheritHandles
threadAttributes
processAttributes
GetBytes
creationFlags
Microsoft.CodeAnalysis
ReturnParams
GetParameters
hProcess
process
GetProcAddress
baseAddress
address
Object
object
protect
IAsyncResult
result
environment
Decrypt
Convert
StdInput
StdOutput
System.Text
Wow64GetThreadContext
Wow64SetThreadContext
context
VirtualAllocEx
startIndex
ToArray
System.Security.Cryptography
ReadProcessMemory
WriteProcessMemory
currentDirectory
op_Equality
WrapNonExceptionThrows
Liviucotfas
Copyright
Liviucotfas 2024
$45686882-4992-4a9b-8b48-1c1257656f6c
3.5.4.3
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Exclude
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Ef+hNgbDtRYDAVtsXjYmNesirAYwMzZMRilDMksYkXutZZ71bc1sGEiEEfuubShzI5u8JGUnmjsQrPukn9RL74Y+UdkGiZzo/52VHzYRUQZyNvaVp/5f6s78qzDDgbX+1FEbMhQASifRLY2DkzLO0L6dDOmjrVqrH6O/qcYiV/Hq51TF547n8DKohUmC7eoxcoRyJSY83yGDhpU4zghaxggDn8e/l5QkPrS+GuIoGapcO+72qWsYGXEuBgXXVpYC8tlyRExk6ZKiNX8A8kfmLNjZz+0GBPwO7ueD/OKpw3j7F9kBS+3sBfbw8rIHQHEUxsIcKQZ6l1118rqnJida3ZOvp/epkoXzdw7Z4jFBySTJmTVnMt8ppgNIzPnxYBikskhzuQS4JWHN+sEyi0kogw5a+tdhDzhIk+oetqcDsok6cenkQJbtupA1B9Nimlu80VrgHpqh6aEZIXHJgPziRec4R2xyXBYzFFCF4H4U/hbbcZ+jfuq/LNtu5euEkGTtXjXtrCDTSajJmlwiqDeKl7EWCbX6GTK+MN1D2T9pOY1GP59D/KdQmpw3RIUgWka5ON8howfXnzSw7tLM1nlqHb3mCjOFLDsZYk8tekpCcTvP2PvVb1P8DTr94bTwUHlHnDzCDuoSAtBg6dRkEUGyF5UcHt/YcGip9uqCOv4QDLntroHAfQfe1BEVhPs2MeB2LctLpBfb3ttL9rxV91CCpNAUPV2v7UqIn70DtNySihN78GmfHsKoKaIS3XixWysKgrsQDj3hLHskVjqPLFTPoaWpXqJS9LjCCVqPkFqJ87HabEZur+RauR/cp7br2Lnh3EdXtwgAfFod8SGsVmlmv+/InRZOERdia1YEXgB/aMkenPfC8iXoqA5eNTPNmQVyOJo+D/kNfQWXPCIzudDNTltqSrwqTTvAcligKTDBSA0LI0outvvjKQQRHE1DeERqFn2Krih8rEedhUAKdv2KXS5zdLFH26lG5RbMCyNFITOrdbMzUCiELJIwrbHIuau7
QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2NC4wLjMwMzE5XFJlZ0FzbS5leGU=
ToInt16
ToInt32
GetBytes
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
BlockCopy
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Liviucotfas
CompanyName
Liviucotfas
FileDescription
Liviucotfas
FileVersion
3.5.4.3
InternalName
Liviucotfas.exe
LegalCopyright
Copyright
Liviucotfas 2024
LegalTrademarks
Liviucotfas
OriginalFilename
Liviucotfas.exe
ProductName
Liviucotfas
ProductVersion
3.5.4.3
Assembly Version
3.5.4.3
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Infected.ct
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
Alibaba Trojan:MSIL/Injector.ceb6b2eb
K7GW Clean
Cybereason malicious.6aebe6
huorong Trojan/MSIL.Injector.fx
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Injector.LOS
APEX Malicious
Avast FileRepMalware [Rat]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.MSIL.Krypt.6
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.6
Tencent Win32.Trojan.Generic.Vmhl
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.InjectNET.17
VIPRE Gen:Heur.MSIL.Krypt.6
TrendMicro Backdoor.Win32.ASYNCRAT.YXEHEZ
McAfeeD Real Protect-LS!DBF56776AEBE
Trapmine Clean
FireEye Generic.mg.dbf56776aebe6a46
Emsisoft Gen:Heur.MSIL.Krypt.6 (B)
Ikarus Trojan.MSIL.Injector
GData Gen:Heur.MSIL.Krypt.6
Jiangmin Clean
Webroot W32.Trojan.TR.Dropper
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira TR/Dropper.Gen
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.MSIL.Krypt.6
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C3997807
Acronis Clean
McAfee Artemis!DBF56776AEBE
MAX malware (ai score=83)
VBA32 Trojan.MSIL.DiscoStealer.Heur
Malwarebytes Generic.Malware/Suspicious
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.ASYNCRAT.YXEHEZ
Rising Malware.Obfus/MSIL@AI.92 (RDM.MSIL2:bn44hXW4gby1DF64PqXsKg)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet Clean
BitDefenderTheta AI:Packer.892B100A1F
AVG FileRepMalware [Rat]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan:MSIL/Injector.LOS
No IRMA results available.