popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2099-04-13 19:33:13

PDB Path

C:\Users\Administrator\Desktop\net8.0-windows7.0\Data\src\WalletsUpdater\WalletsUpdater\obj\Release\WalletsUpdater.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003950 0x00003a00 5.7159085817
.rsrc 0x00006000 0x000005dc 0x00000600 4.13095027005
.reloc 0x00008000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00006090 0x0000034c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000063ec 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>9__2_0
<ParseExFolder>b__2_0
<>c__DisplayClass2_0
<IsNameExistInUninstallReg>b__0
<>u__1
IEnumerable`1
Task`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
List`1
<>7__wrap1
Microsoft.Win32
<stream>5__2
<buffer>5__2
<SendMessageAndGetAnswer>d__2
<>u__2
Func`2
Dictionary`2
<SendMessage>d__3
<ReciveMessage>d__4
<Main>d__7
get_UTF8
<LoadAndDropIfExist>d__8
<Module>
<Main>
UNINSTALL_REG_PATH
System.IO
value__
ProcessData
mscorlib
get_ProgramKeysDic
System.Collections.Generic
ReadAsync
WriteAsync
Thread
Undefined
AwaitUnsafeOnCompleted
get_IsCompleted
<ProgramKeysDic>k__BackingField
<Method>k__BackingField
<Date>k__BackingField
<Ip>k__BackingField
<SenderIp>k__BackingField
<Status>k__BackingField
<Content>k__BackingField
<Port>k__BackingField
get_Method
set_Method
method
password
DestructMe
Divide
StatusCode
Storage
SendMessage
ReciveMessage
TcpMessage
message
Enumerable
IDisposable
set_WindowStyle
ProcessWindowStyle
set_FileName
GetFileName
_valueName
DateTime
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
System.Core
WalletsUpdater.Core
TcpResponse
Dispose
get_Date
set_Date
Create
Calculate
<>1__state
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
DeleteValue
GetValue
SetValue
RegistryHive
WalletsUpdater.exe
Resize
IsNameExistInUninstallReg
System.Threading
Encoding
System.Runtime.Versioning
DownloadString
ConvertToJsonString
programPath
GetFolderPath
folderPath
dropDirectoryPath
get_Length
StartsWith
WalletsUpdater.Core.Network
get_Task
Factorial
NetworkStream
GetStream
stream
Program
program
get_Item
System
IsNumberGreaterThanTen
get_Location
System.Reflection
KeyCollection
DivideByZeroException
SetException
StringComparison
RemoveFromAutorun
InAutorun
AddToAutorun
ProcessStartInfo
DirectoryInfo
get_Ip
get_SenderIp
set_SenderIp
GetMyIp
System.Linq
number
AsyncTaskMethodBuilder
<>t__builder
SpecialFolder
DropToFolder
dropFolder
ParseExFolder
_regFinder
RegisterFinder
TcpManager
_tcpManager
Autorunner
IsUpper
ExodusDropper
CurrentUser
IpParser
WalletsUpdater
TaskAwaiter
GetAwaiter
SendMessageAndGetAnswer
GetEnumerator
.cctor
SelfDestructor
IsGoodStr
System.Diagnostics
Methods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
GetSubKeyNames
WriteAllBytes
GetBytes
JoinStrings
<>4__this
System.Threading.Tasks
WalletsUpdater.Core.Utils
FilterEvenNumbers
numbers
Success
Process
IPAddress
System.Net.Sockets
set_Arguments
get_Status
set_Status
get_Keys
Concat
Format
Object
Connect
System.Net
IsDigit
GetResult
SetResult
WebClient
TcpClient
Environment
get_Current
get_Content
set_Content
content
IPEndPoint
_endPoint
get_Port
LoadAndDropIfExist
nameWithoutExt
MoveNext
System.Text
regView
RegistryView
get_Now
set_CreateNoWindow
ParseFromByteArray
ToArray
CreateSubKey
OpenSubKey
OpenBaseKey
programKey
RegistryKey
GetExecutingAssembly
CreateDirectory
Registry
_registry
op_Equality
WrapNonExceptionThrows
WalletsUpdater
Copyright
2024
$381ff471-b1cd-4e37-b440-0af5af6ff3a9
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2&
!WalletsUpdater.Program+<Main>d__7
/WalletsUpdater.Program+<LoadAndDropIfExist>d__8
DWalletsUpdater.Core.Network.TcpManager+<SendMessageAndGetAnswer>d__2
8WalletsUpdater.Core.Network.TcpManager+<SendMessage>d__3
:WalletsUpdater.Core.Network.TcpManager+<ReciveMessage>d__4
RSDSRm0
C:\Users\Administrator\Desktop\net8.0-windows7.0\Data\src\WalletsUpdater\WalletsUpdater\obj\Release\WalletsUpdater.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Value is positive and even
Value is positive and odd
Value is negative and even
Value is negative and odd
Value is zero
176.123.171.202
c62032b2-0bca-5abc-b458-fd67cfc9e49b
Ledger-Live
exodus
Exodus
Software\Microsoft\Windows\CurrentVersion\Run\
Updater.exe
Updater
\Updates
resources
app.asar
\exodus
https://api.ipify.org
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
cmd.exe
/C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del
"SenderIp": "
"Method": "{0}",
"Date": "{0}",
"Content": "
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
WalletsUpdater
FileVersion
1.0.0.0
InternalName
WalletsUpdater.exe
LegalCopyright
Copyright
2024
LegalTrademarks
OriginalFilename
WalletsUpdater.exe
ProductName
WalletsUpdater
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.SelfDel.4!c
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.MSIL
Skyhigh Artemis!Trojan
ALYac Trojan.GenericKD.74046188
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.SelfDel.Vi31
CrowdStrike win/malicious_confidence_70% (D)
Alibaba Trojan:MSIL/SelfDel.4d07d4e3
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 MSIL/Agent.XCE
APEX Clean
Avast Win32:MalwareX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.MSIL.SelfDel.gen
BitDefender Trojan.GenericKD.74046188
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.74046188
Tencent Malware.Win32.Gencirc.14195cb9
Sophos Mal/Generic-S
F-Secure Trojan.TR/SelfDel.kxxob
DrWeb Clean
VIPRE Trojan.GenericKD.74046188
TrendMicro Clean
McAfeeD Real Protect-LS!C52E326B3E71
Trapmine Clean
CTX exe.trojan.selfdel
Emsisoft Trojan.GenericKD.74046188 (B)
Ikarus Trojan.SelfDel
FireEye Generic.mg.c52e326b3e71b793
Jiangmin Trojan.MSIL.apfli
Webroot W32.Trojan.GenKD
Varist Clean
Avira TR/SelfDel.kxxob
Fortinet PossibleThreat
Antiy-AVL Trojan/MSIL.SelfDel
Kingsoft MSIL.Trojan.SelfDel.gen
Gridinsoft Trojan.Win32.Selfdel.cl
Xcitium Clean
Arcabit Trojan.Generic.D469DAEC
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.SelfDel.gen
Microsoft Trojan:Win32/Phonzy.A!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!C52E326B3E71
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0CID24
Rising Trojan.SelfDel!8.275 (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.73709937.susgen
GData Trojan.GenericKD.74046188
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:MSIL/SelfDel.gyf
No IRMA results available.