popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-09-18 23:21:22

PDB Path

c:\rje\tg\x6f8\obj\Release\'	.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000532e4 0x00053400 7.99531886541
.rsrc 0x00056000 0x000005d0 0x00000600 4.13155495845
.reloc 0x00058000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000560a0 0x00000340 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000563e0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
,j,@}g
<#hk=b
^PMJ<]
#W*J`j
;BTnSo
8u@5GA
|sVH4C;
Hl5&<
]76R>M
)2D+AL
%]f1e
]e,cjXf
1jKHo{wr
6.83:{
D0pj}x
/[ 0l&e
\SdNMR
5A@zc]
57I6QCk
.?O]4
V-9_i.
W@.T},
3E-2R9P.'
@7}Sc#
':{q,|d
CZ<m |
%mT<r}
_Ii,/p|
_M6wX7U`
*,41SYh
f0ZXv
Ye1*>S.
1}\iA$
}PTU"`
Gti'8.
O1v8.O
=@,a3m
Hz!=)N
&;$S-Df
KfbFaLS
zayr=l
hpi98*
+XQq&
_1>U5x
em"^?^,bSP
k2~/0
$QoCdKP
?8)W+?C
@"W Ne;
]dPhy~
s+:H=V
^ILS{8
}}|SX~
iG_2%>
Z\&0',
H<[MD
z"k:(G
8.`9BD'
*C|S!H
Rut[PDZn
j76R]/
438K`;
ANXxG8
z[5/];
@!vhda+w
c>"+,d
`vn\ZJ-
k<--D:)v
|OkRc]
^g7oS=
i&KC3M]*
t(LFzx
|!SB;^{8l
X&-p(w
XAqwpD\;6
edQMZA
;ws`t@
pdkDr_
abLA]qg|
ukg>I>
=G?vvx5
NPWsG^2%
Rg><4z
0)LYR3
e=hamF
O:GB-
?DK0Z}
#UaZq
Z,SdCv
Fv~?.22,
`p'(He
*WFc91
2z'r={
hw7~")
}/( 22{k
\inV`;S
140{lM
SX6.'?@w
z|Gqpgw
'F'+O"
#YH^9k
ju7KVCc
Ox<R]W8
cgK a87
5@Fko
|j?,5*~
mF;fs[
Xz5sgk
v (/G,+
OkZ&Aq.
y18,kL6
H"]ke
# !x}U
7"U!W[
5+vvv:
32x>;Z
1z*{?Z
9!H9j1m(R
'uoO7z
M=pmPB)^
M?r%I2
*kA,Q~
vt[-dy%
Zu-F/f
NW!nm9!
cNJ8vB
~ Y0x9
QH.$5K
Me8.<.
}Sp%lx
2m)?2!
Tb>C"
+C7_cs
piB9<"
K}5jr|s'
FfYo~x
pl"h
W:@2z
gbpfty
|MM #%d
J]=)~@O
6wH|*N
':`9L7
8X8*Vgp
B'@["}
Kp%;s.
e[e~o
#B_+Ul
oz(=Gb
B`v,]Fj
|57y*E
7 DHey
'1B|\4
5W$`%Ha%
u"ZWx<
gsI'!cJ
i\K&:_T#`
udU&10%Y
bpsaW#
52vPV:p
Y6-*`
uF5jyT~z
cOr(Eb
S~fU`vN)
:;h9dS
Z!^Jd-
^+De{Y
~iqeRZV
#v@=Easv
9f3\dP3
#Kl!2AI
^pL-P-u
Dt}[-9
,ii-fsV
Ay@.Z2
x5JXmf+
Xta[3_
utp.IW
-^LD:b&
=mO..Q+S
sCj0&?
r"vP`n
;~g<aLNj
u+\PZK
?t=Ub\;
;4Al Y
rOI($9
$Mbe]}
CMF^F"
k/d8HB
*pI+Jr(
h|XmUR8a
SA|uo3
7?]_8(!
u5i<F&
CTla^[
Q\Wj}p
&@=(1c
.hT2]Rq
ZS"pw+
{2~4J"
~N,K-]
<gJP-%
a@o8R-
z`Q9C@
D|-$`+
\DJ_9)
p-M$uJ
O:5=bf<
Pr:9fi
JQrutx
R_x~'[
zqPHw
9;3H!$,''
Lp 0ba
F#%!dq
Mg:*;@
T&Jwa/K
1'hj]0/T|
/VB{JOg
nVZN|{qT
6/eLPT
\|NyuM
t7Zg|EKp:
hQW~H=
{j~(;$
zxFX_if[
2uZ0W\
2/w+Yxn
6ADy>
%2'w[Y
#4hpD>
1w!0"#Mu
?]p-]p)
38a8~V
%5<m!np
BMGt@~
Ka>^i[d
]%W(Ds0guK
X(@vy(
8.#gM/
{rJH1z
4)o4m#
}1N|L<
:TC%J$|
UNf='XO$
yLb&o,
1(N~jz#
!AY*1{
k]Zi@!
RUSV=J'
62n"#d
+*-\$E
,m7Hr<
&l/(ER
_AXwhL
/TxV:!
nRYj(
1CK5Ug
F!>m~T
?OL!EH
HawYJCZ
}R!s(Jrw
({RmEX
C2'a$p
yr#LQ
w!o=nC
=okK$@
r?Fv#5%
Qn:8M[S
~sHo1h
%d@TRO
<$5@+^
EGzN]b
8<Mrowgb
M3(#D/
A]5/^@
Dl[fWN'
G8*;"^C
)1DnfY
Lg~LiN
Q3sV2r|7
YY>q `d
5E*D1_
mAt=FF
wXGD86
|n@VJV
##6dBCO86L
;;9F|3d
a|A:%q
f]|#`)8
E`g?oO
O0F"s>
1s$N3L
B#8zN<
@Zqgi<F
l4h Ich
9>Q*8>
nocjVLjM
cUF uQx
3xaG3bl
-q{X=(
${hZ_D`
s8s&'.
x*@Ug+
`]idO|
4?~yu&
ynPQ3"j
pNp.%V
kY*64*J@L
/IxRQ_b
M/I%E=y?
b#7VeF
aYJzsA
?)a{x0`p
6M10##
,D"P!7
LNmc(P
&<(e}6E
A4|pFy
BadZ8r
$5Ovph
OT kk1|W
+%o"fGI
j-hT,B
/iJ6i(}
5d1.f
I,y{#~
SL!|&>
YxV*7E
1k'FAW~
lTE^:E
50uv^%
8yBe*G
2'M0$z
>d {>sfE
mZpf%^G
8R(]{,
6\Z'nq
dzos ,
ek)(>1_
#L6YK_g
AS'#$J
_a=#!(
<42!`Z
S>Z_x8h
k)S;C,B
rA3Iqr
Mht"&uRn
t`Z7`V
ObG7a
iA7lL4
QZ=IOc|*u30
~5H{P8
P-MmAQU
rE6M&|
6_(aaU
g1LT@>
%{U]zBN
6=I1:6
+1<0s1
a6gh#&
\pwj3'
/.[gwE^o%EP
]\{[Eu
n@qJ I
Z/xe6b
'oSz|wV
1o,Ad5=
M[1sN&
%c.nr.
Kx/%p%A
:,>*/J
B=>Prd
&nb]~2
|7{R0_
E&.5V#=
!(T,/_<
!CordW
'od8:e,
f#gtfo=
{Yp/_J
`Nnl%e!wI
My,s2C
JoOZ>L
L<1{[U]
?fVp5P
fMe!ufo
u_b9h_HPh
yX5$syD~
L/6,i
:);wkX;u@\T
]2V?e8
6%]AuTe
1)q%#6
N0wE7f
5VdXf;
CtG/$c1Y
yTSE5Gk
,&av38
?z@Psf
Ev}Lw^
7eNkhz
$)/Ol
_t3toSG
wG2/2i
NvLAo8
JBd?m3
i!g~Vf
CNPf,I;-+ 1
`-?6TT
zpByd_G
n(a[6v
:<@/(YZ
o%h&6>m|
}Ghk[s,JJ
95rMNw
H,fXQ+Gfd
|&7R2|
0=W!J,
dRD>R"6Izr
Lo0I/]Qi
Q-Bt-j
&a;w&7
A}G7xE
wuTwZ^
+`y9ha\f
c.sx80
r(=v,+
@_d3BX
)d|T~ |
'XZ6M&
Q#uJgJT
2S^f,
P%O.Mr
?o|kyV
}V4/6J
W_Hk;l
Of}!pyCI
mkQ)ren
mv[~&U
PLw_lhL
1""'gN
.9a26fUj-
$wVYw8
*@HIf~
yoKz=
N>;,p
+s\P"
"u*D!F
bFrGqb
-hx5}+z
lW/L<k@
s_Y7 "Mc$A
\h&"/Q
`u-[eU
iQ!%_F
vnD9k_
E'73DY
sz{#CR
H&X@y~
d{x6\M
!~\++D
WbFz7mNWp
){H$]u8`
a 5-|[V
(Q@om>
mE`P}W7Do
h?rcKQ
5eC-2N>
8;[="j7
%vzN{{
J~U?5e
adtTtt
K;9XlBQ
f8yi(vh
4>DPEZ
G`n~+?b
sDpL[s
HXUf8F
KE=C[c;
7Ef&Yw
EAD`P6
'!8Py2E
@u#=zw
oNe6%)
j401'
ISA^@]@Y
sX=U3
w3`mW=
cj}~\b
a/'YsS7
fB[dWM#(
;)XH=V
~=u>jm8<)
JdbUYB
?BA)$s
1;tsWM
>=$H\t
+*^l[ep
(lKMoCN&,Qh2
UghKel
xqtemi
-xLTI4
TKNmIi(l
^V#i,w$QK
AGM-4:x
<}UP5r
ahq./^
>>vS&B
zx$oo=
yrv{L8
rtO~O[
C*Q!rq
g#+,PP
k+:r"qr
"7iVsF
nH:sz"s0
rj"2&!6
z2B~]&J
Y&n\Ih
/ZHPS
>3Idx+
;#$._cq
c7!w*n
%+D.![l
!t+,Y-
VhHh=U
Y2ELXk
)"uLJl
Pk(v(0b
j\ b[lbY
Z6uyJs
<E} |H
sB=0W>
bz!=cj
Q[#hYQ
91S'K]
i0-R~h
Ia]<,B
m&>i:|Pb@
kJGv!O
3vS1[l
[yL89<
gQs7>$;
TYmnBh
Y1k0,`Fq
>e^OpjU%8
u~&ume
f:b'Fu
H\*9Aw
Gz')=1
fx%Gl,
Y|:"Gg
?iye<u
QBxub8
[eI=W$.
+URYnR
^&z+&}
_ICDB*
8{hT('
*zxWA^e
6!8l:!
GB0dSBy
<:qT,|
u{4.!VDeV
g.[b"g_
>.#v/y
h|h$Gy
!T-mp+
l?8v3U
?,5U_ki7Z
_Q%VSl
v4.0.30319
#Strings
<Module>
AVP.exe
MoveAngles
Resolver
Program
jKLSjujxhhjAGyuAUIe
mscorlib
System
Object
MulticastDelegate
userBuffer
SetAccess
_founds
isAvailable
FreeConsole
VirtualProtect
LoadLibraryA
CallWindowProcW
GetModuleHandleA
System.Collections.Generic
List`1
PersonalActivation
AIOsncoiuuA
UAdhuyichgAUIshuiAuis
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
founds
access
ZAzsaruik
QAwtykuil
DSsdsAsssQ
ASxcgtjy
jikoxzaoiu
zkANsniuw
dceafre
jyrgetr
DSfdwertgtr
ASxewqrw
SAWSadew
moduleName
ioAHsiujxhbiAIkao
object
method
ZAsacr
ASgtrjtu1
ADhb87ytjt
AiowuiduyXA2
uiAsyuhgcxuiIA
callback
result
System.Runtime.Versioning
TargetFrameworkAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
.cctor
rivateImplementationDetails>{0182E4D3-F7BE-4FB6-B662-34F7F8CB4005}
CompilerGeneratedAttribute
ValueType
__StaticArrayInitTypeSize=16
$$method0x6000011-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
__StaticArrayInitTypeSize=333824
$$method0x6000011-2
Convert
ToString
String
Concat
Console
WriteLine
Exception
DllImportAttribute
KERNEL32.dll
kernel32.dll
USER32.dll
TryParse
<Main>b__0
Action
CS$<>9__CachedAnonymousMethodDelegate1
System.Threading.Tasks
System.Threading
Thread
$$method0x6000013-1
__StaticArrayInitTypeSize=1196
$$method0x6000013-2
UnmanagedFunctionPointerAttribute
CallingConvention
.NETFramework,Version=v4.7.2
FrameworkDisplayName
outfawned
winterer dowered empressement
listening triskelion
Shopman Stairs
Copyright 2024
$375c5eff-0650-4301-85ef-382cfefa9adf
1.0.0.0
WrapNonExceptionThrows
c:\rje\tg\x6f8\obj\Release\'
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
210429000000Z
360428235959Z0i1
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10
[K]taM?
SA|X=G
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
jj@0HK4
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10
220922000000Z
231019235959Z0
Private Organization1
55670374851
Stockholm1
Spotify AB1
Spotify AB0
,F<n^!CV
L+]Ry=
SE-55670374850
Mhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Mhttp://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
http://www.digicert.com/CPS0
http://ocsp.digicert.com0\
Phttp://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
DigiCert, Inc.1A0?
8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
20230313084920Z
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
220921000000Z
331121235959Z0F1
DigiCert1$0"
DigiCert Timestamp 2022 - 20
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
230313084920Z0+
/1(0&0$0"
Available updated:
Consulter
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
winterer dowered empressement
CompanyName
listening triskelion
FileDescription
outfawned
FileVersion
1.0.0.0
InternalName
VQP.exe
LegalCopyright
Copyright 2024
OriginalFilename
VQP.exe
ProductName
Shopman Stairs
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.74160038
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.AdwareFiseria.fc
ALYac Trojan.GenericKD.74160038
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Msil.Kryptik.V3w4
CrowdStrike win/malicious_confidence_70% (D)
Alibaba Trojan:MSIL/GenKryptik.86ae247f
K7GW Unwanted-Program ( 700000121 )
K7AntiVirus Unwanted-Program ( 700000121 )
huorong Trojan/MSIL.Agent.li
Baidu Clean
VirIT Trojan.Win32.MSIL.HHE
Paloalto generic.ml
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 a variant of MSIL/GenKryptik.HBSY
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Cynet Clean
Kaspersky Clean
BitDefender Trojan.GenericKD.74160038
NANO-Antivirus Clean
ViRobot Clean
Tencent Win32.Trojan.FalseSign.Ximw
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.Nekark.njleo
DrWeb Clean
VIPRE Trojan.GenericKD.74160038
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEISZ
McAfeeD ti!D737637EE5F1
Trapmine suspicious.low.ml.score
CTX exe.trojan.msil
Emsisoft Trojan.GenericKD.74160038 (B)
Ikarus Trojan-Spy.LummaStealer
FireEye Generic.mg.fac2188e4a28a0cf
Jiangmin Clean
Webroot W32.Adware.Gen
Varist W32/MSIL_Agent.ILW.gen!Eldorado
Avira TR/AD.Nekark.njleo
Fortinet MSIL/GenKryptik.HBSY!tr
Antiy-AVL Clean
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Spy.Win32.Gen.tr
Xcitium Malware@#d540618ul7dv
Arcabit Trojan.Generic.D46B97A6
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/Vidar.DF!MTB
Google Detected
AhnLab-V3 Trojan/Win.PWSX-gen.C5671855
Acronis Clean
McAfee Artemis!FAC2188E4A28
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEISZ
Rising Trojan.Kryptik!8.8 (CLOUD)
Yandex Trojan.Stelpak!a7IYoj0TvdA
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData Trojan.GenericKD.74160038
AVG Win32:PWSX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.