popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2069-09-29 11:10:53

PDB Path

C:\Users\Administrator\Desktop\RunPE-x\ConsoleApp66\obj\Release\Sentiments.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00002d34 0x00002e00 5.55451996135
.rsrc 0x00006000 0x00000620 0x00000800 3.43778362983
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00006090 0x00000390 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00006430 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<GetBytesDownloadAsync>d__0
<GetBoolAsync>d__0
<Main>d__0
<>u__1
Task`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
Reserved1
<>7__wrap1
kernel32
ToUInt32
ToInt32
Reserved2
ToInt16
ConsoleApp66
get_UTF8
<Module>
<Main>
CreateProcessA
LoadLibraryA
mscorlib
GetBytesDownloadAsync
DownloadDataTaskAsync
GetBoolAsync
ThreadId
ProcessId
GetProcessById
bytesRead
ResumeThread
thread
GetLinked
AwaitUnsafeOnCompleted
get_IsCompleted
GetMethod
method
EndInvoke
BeginInvoke
ThreadHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
handle
get_Name
applicationName
commandLine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
get_ParameterType
MethodBase
Create
CreateProcessA_Delegate
ResumeThread_Delegate
ZwUnmapViewOfSection_Delegate
Wow64GetThreadContext_Delegate
Wow64SetThreadContext_Delegate
VirtualAllocEx_Delegate
ReadProcessMemory_Delegate
WriteProcessMemory_Delegate
MulticastDelegate
<>1__state
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
IsReadOnlyAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Sentiments.exe
get_Size
bufferSize
SizeOf
Encoding
System.Runtime.Versioning
FromBase64String
GetString
length
LoadApi
CreateApi
AsyncCallback
callback
get_Task
Marshal
Program
System
Boolen
bytesWritten
StartupInformation
ProcessInformation
processInformation
ZwUnmapViewOfSection
System.Reflection
SetException
MethodInfo
startupInfo
MemberInfo
ParameterInfo
Desktop
AsyncTaskMethodBuilder
<>t__builder
Buffer
buffer
TaskAwaiter
GetAwaiter
GetDelegateForFunctionPointer
BitConverter
StdError
.cctor
IntPtr
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
inheritHandles
threadAttributes
processAttributes
GetBytes
creationFlags
Settings
System.Threading.Tasks
ReturnParams
GetParameters
hProcess
process
GetProcAddress
baseAddress
address
Sentiments
Object
object
protect
System.Net
IAsyncResult
GetResult
SetResult
result
WebClient
environment
Convert
WhiteList
StdInput
StdOutput
MoveNext
System.Text
Wow64GetThreadContext
Wow64SetThreadContext
context
VirtualAllocEx
startIndex
ReadProcessMemory
WriteProcessMemory
currentDirectory
op_Equality
WrapNonExceptionThrows
Sentiments
Sentiments OOP
Sentiments OOO
Copyright
Sentiments 2024
$E50C3DB2-9BD3-4E0C-8F7C-E073781F1AD5
3.1.5.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8;
6ConsoleApp66.DownloadAsync+<GetBytesDownloadAsync>d__0
&ConsoleApp66.Boolen+<GetBoolAsync>d__0
ConsoleApp66.Program+<Main>d__0
Exclude
RSDSYXj
C:\Users\Administrator\Desktop\RunPE-x\ConsoleApp66\obj\Release\Sentiments.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
ToInt16
ToInt32
GetBytes
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
89^39193049.9E => M.execute()
312^391U => j.execute(12)
31^333 => gqddxxx.execute(*./)
BlockCopy
aHR0cDovLzE0Ny40NS40NC4xMzEvZmlsZXMvd3l3eTguZXhl
QzpcXFdpbmRvd3NcXE1pY3Jvc29mdC5ORVRcXEZyYW1ld29ya1xcdjQuMC4zMDMxOVxcUmVnQXNtLmV4ZQ==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Sentiments OOP
CompanyName
Sentiments OOO
FileDescription
Sentiments
FileVersion
3.1.5.0
InternalName
Sentiments.exe
LegalCopyright
Copyright
Sentiments 2024
LegalTrademarks
Sentiments
OriginalFilename
Sentiments.exe
ProductName
Sentiments
ProductVersion
3.1.5.0
Assembly Version
3.1.5.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.m289
Elastic malicious (high confidence)
ClamAV Win.Packed.Pwsx-10035668-0
CMC Clean
CAT-QuickHeal Trojan.Generic
Skyhigh Artemis!Trojan
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Injector.V5x3
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Trojan:MSIL/Injector.367b1806
K7GW Trojan ( 0050bedf1 )
K7AntiVirus Trojan ( 0050bedf1 )
huorong Trojan/MSIL.Injector.fx
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Injector.LOS
APEX Clean
Avast Win32:PWSX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.MSIL.Krypt.6
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.6
Tencent Malware.Win32.Gencirc.14195d39
Sophos Mal/Generic-S
F-Secure Trojan.TR/AVI.Lumma.ssylu
DrWeb Trojan.InjectNET.17
VIPRE Gen:Heur.MSIL.Krypt.6
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEIIZ
McAfeeD ti!B72CFF53D2D6
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Heur.MSIL.Krypt.6 (B)
Ikarus Trojan.MSIL.Injector
FireEye Generic.mg.243060d6f56395aa
Jiangmin Clean
Webroot W32.Malware.Gen
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira TR/AVI.Lumma.ssylu
Fortinet MSIL/Injector.B!tr
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Malware@#qnzhuzfz8mz2
Arcabit Trojan.MSIL.Krypt.6
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win32/Multiverze
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5663268
Acronis Clean
McAfee Artemis!243060D6F563
TACHYON Clean
VBA32 Trojan.MSIL.DiscoStealer.Heur
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEIIZ
Rising Trojan.Injector!8.C4 (CLOUD)
Yandex Trojan.Agent!dfzdFVVJYYA
SentinelOne Static AI - Malicious PE
GData Gen:Heur.MSIL.Krypt.6
AVG Win32:PWSX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:MSIL/Injector.LOS
No IRMA results available.