popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2102-12-04 05:22:02

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000af7d4 0x000af800 7.9558496119
.rsrc 0x000b2000 0x00000570 0x00000600 3.97531415024
.reloc 0x000b4000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000b20a0 0x000002e4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000b2384 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Z?_d
_b`*
vCX{X
@qga}O
ff GU$
tQEa}I
b S+Q]a}
KbLa}m
e !OhQa}
|#,d
1e r$x
cJea}Y
e !OhQa}{
v4.0.30319
#Strings
Bzcjrqlhqdf
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
System
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
String
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
Bzcjrqlhqdf.exe
<Module>
ConfigParamsResolver
Bzcjrqlhqdf.Resolver
Object
Process
Bzcjrqlhqdf.Collections
Settings
Bzcjrqlhqdf.Properties
ApplicationSettingsBase
System.Configuration
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=660720
ValueType
<Module>{8A420E86-9B7A-428E-8885-ADB693212F86}
ConsumerParamsResolver
Indexer
MulticastDelegate
WrapperAuthenticationProducer
Bzcjrqlhqdf.Producers
ParserSchemaItem
ObjectParamsResolver
Attribute
Consumer`1
MessageFactoryCollection
QueueIndexerPolicy
ListSingletonDispatcher
TestsParamsResolver
FilterIndexerPolicy
RegistryFactoryConfig
Annotation
Getter
PageSingletonDispatcher
Bzcjrqlhqdf.Dispatcher
<PrivateImplementationDetails>{107661FD-8F20-42AC-A72B-35EE0832BD78}
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=18
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=256
<Module>{81918e51-a202-4e24-8bf6-8ca4dac14509}
m8DCD7F51AF8B83C
.cctor
RegisterProcess
CompareRule
InterruptProcess
AppDomain
get_CurrentDomain
Assembly
ResolveProcess
GetType
PushProcess
InvokeMember
BindingFlags
Binder
MoveProcess
MemoryStream
System.IO
System.Security.Cryptography
ICryptoTransform
CryptoStream
SymmetricAlgorithm
set_KeySize
Convert
FromBase64String
set_IV
set_Key
get_Key
get_IV
CreateDecryptor
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Stream
CryptoStreamMode
CopyTo
IDisposable
Dispose
Create
OrderProcess
GZipStream
System.IO.Compression
ToArray
CompressionMode
BitConverter
ToInt32
ExcludeRule
ReadRule
ConnectRule
start_i
ComputeRule
defaultInstance
StartRule
get_Default
SettingsBase
Synchronized
PrintRule
CustomizeRule
Default
877A5A348AF63D35376B1EBFCAC592266CAC800DF638EA760B5E8123D23113B4
_Authentication
Module
InsertRule
ChangeVal
typemdt
FieldInfo
MethodInfo
ResolveType
MemberInfo
get_MetadataToken
ResolveMethod
MethodBase
GetFields
Delegate
CreateDelegate
SetValue
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
get_ManifestModule
ManageRule
ConcatRule
VisitRule
reference
IntPtr
counter
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
m_Factory
List`1
System.Collections.Generic
m_Predicate
facade
policy
_Specification
iterator
_Composer
m_Creator
producer
config
Hashtable
System.Collections
_Singleton
m_Event
_Registry
RSACryptoServiceProvider
_Configuration
record
_Connection
params
Dictionary`2
_Printer
candidate
m_Bridge
invocation
schema
UInt32
_Global
_State
exporter
_Tokenizer
m_Watcher
_Merchant
SortedList
m_Item
_Thread
_Expression
_Utils
set_UseMachineKeyStore
CalcVal
CallProcess
UInt64
GetBytes
PrintProcess
mean_b
previousres3
UInt16
second4start
col5_min
SortProcess
vis_high
numdic
config2_start
col3_start
vis5_min
ident6
FindProcess
selection_low
version_helper
column_selection2
pol3_start
instance4_Ptr
pred5_Low
VerifyProcess
cont_Y
lengthcomp
no__item2
max_cont3
cfg4_min
removeIVK5At
LogoutProcess
spec_Position
pol_end
ConcatProcess
InsertProcess
selection
ChangeProcess
AesCryptoServiceProvider
System.Core
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
ReadProcess
MD5CryptoServiceProvider
CryptoConfig
get_AllowOnlyFipsAlgorithms
StopProcess
HashAlgorithm
ComputeHash
SelectProcess
temp_amount
PatchProcess
lengthconsumer
setup2_Z
TransformBlock
EnableProcess
lengthdef
pred_count
next_util
BinaryReader
get_BaseStream
set_Position
ReadUInt32
DisableProcess
ParameterInfo
DynamicMethod
System.Reflection.Emit
ILGenerator
Monitor
System.Threading
GetManifestResourceStream
get_Length
ReadBytes
get_Item
get_Module
GetGenericArguments
get_IsStatic
get_FieldType
GetParameters
get_DeclaringType
get_IsValueType
MakeByRefType
get_ParameterType
get_ReturnType
GetILGenerator
OpCode
OpCodes
Ldarg_0
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
Exception
CheckProcess
first_counter
CreateProcess
length_instance
TestProcess
QueryProcess
pred_Position
PrepareProcess
AssemblyName
StackFrame
GetMethod
op_Inequality
GetName
get_Name
GetReferencedAssemblies
op_Equality
get_Count
Encoding
System.Text
get_Unicode
GetString
ComputeProcess
IncludeProcess
CalculateProcess
LoginProcess
visitor
Marshal
AwakeProcess
get_Location
Exists
get_CodeBase
ToString
Replace
GetProperty
PropertyInfo
GetValue
ListProcess
LoadLibrary
kernel32
ForgotProcess
GetProcAddress
CloneProcess
filter_min
Concat
GetDelegateForFunctionPointer
RestartProcess
version_pred
field_size
ValidateProcess
connection2counter
ConnectProcess
idx_pred
position_res
instance2
GetProcess
item_Position
idxsecond
filter_low
InitProcess
GQitAJFJE
FillProcess
FileStream
FileMode
FileAccess
FileShare
AddProcess
RunProcess
DestroyProcess
InstantiateProcess
InvokeProcess
DeleteProcess
SetProcess
FlushProcess
ReflectProcess
PublishProcess
ManageProcess
CompareProcess
SetupProcess
MoveRule
IncludeRule
RegisterRule
RestartRule
start_asset
FillRule
PopRule
Reverse
DeleteRule
LogoutRule
GetPublicKeyToken
ResolveRule
CallRule
CipherMode
set_Mode
CreateRule
InitRule
MapRule
ResetRule
FlushFinalBlock
SearchRule
InvokeRule
CloneRule
get_EntryPoint
DefineRule
CalculateRule
NewRule
ValidateRule
CollectRule
ListRule
VisitProcess
second
CreateEncryptor
ToBase64String
LoginRule
classthis
nativeEntry
nativeSizeOfCode
_Tests
_Database
m_Product
g38PJ8K3c0
NewProcess
DefineProcess
indexOf_temp
AssetProcess
ReadInt32
ResetProcess
hModule
lpName
lpType
lpAddress
dwSize
flAllocationType
flProtect
hProcess
lpBaseAddress
buffer
lpNumberOfBytesWritten
flNewProtect
lpflOldProtect
dwDesiredAccess
bInheritHandle
dwProcessId
value__
m_Code
CompareVal
0E448EF5E5E60630BDDB19388CB6378436E3C65D03DD66DA7C6EBFF563BD857A
4BED3ADC52D4904075F6BBF279EC4ACEDE079533B95E229A29809542EA324A7B
62E6F13B53D67FDD780E20D89A6E8EE503B197AC16AC3F1D2571C147FDD324C9
7F535673D836D3D77A97DB03EB3D71EA780F44372F5AEBECEBEDD696AAEB8378
97E613E5A3A47DEC76B7E50D47644B35EA4322F00D594D80D2F1C1F3644F8A4A
C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18
C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6
D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5
m_d25adea6cad04a4eb842bbaf8c146880
m_e2a4b2a1c7ba43dfba5e0fcf20c36e8e
m_18ba3a77bb29489aacdf4443c9f6b250
m_2765f6fdde9942deada834f0f51e5b65
m_939bbafe788c445caee1114a676b0b59
m_b1c996f31dac4795a1bc6e1b2f801648
m_473fd18bf12c4faca820bceb7f0d3472
m_7c3c613ff6f045f48c9d9ce9c8a4558e
m_49d3f2ad3a624336b4ad6de60983de9e
m_fc577aad52a6427fb82a02c2b5de504d
m_74294c5d67fc4bb9a9b33c8c87dd532e
m_359d6a7bc753426ba567a4a9daaa9414
m_508152c6a3a8448096268c372582ea7c
m_90e32952ddd6478b964ce0cf9077ef61
m_739e0c022fad4b00a105d173aecdc27d
m_03c27558173b432c91b53c593f635b9d
m_00d6526ab745486bb58da3ba1bd1893d
m_c6ce2fa9e1204e2398d0be4f54fb6872
m_ab457e6aa32e47f5b576d38443afaa5c
m_592a32656d4f477ea4f7a3ce941234d5
m_28458b33b09e4a90bfca91696e4d873c
m_f80bb08f9eba4ba0985a103522e07011
m_c79906bc15384f4f8303b1c3e2066b9d
m_71b81dabb0674284ba5115c9dce57a9f
m_4a9fbdcc14cc4b748b4ce90e2218011b
m_7873fe0eaa4c4f91b17fc2366ffd8c47
m_7702980a3c924c6dbbadf86593e5bfe9
m_d7f7b7a1326946789d5f81c737b2da4f
m_c908e09e879f4b079cd2dc3b0911ecf8
m_d2a2a94e0f5a4be7bda5fefe4bf746a1
m_6c351e4ece574298ad5fe664580ea2a9
m_8e8c7a616ad84242b351e1c3840147f9
m_6166613f90ad4b8ab244a944c5898bf5
m_70019c4ee5fc41c09ac27bce074d135c
m_c2b25b157951420fa7c4dfa5cfd18fc1
m_6f5b6fc09d164ffc9bb563677f9547d9
m_aef53e3f2cb247f19b9c3582a647af0d
m_4afcf0d2284844fc85b6a5983d226537
m_11ed413087ea4b949cb25ca4cc2fcd75
m_a5e46898f1d442009e359b3802885615
m_4efd40540133401dac6f056149380c65
m_dfbc115413434404bfb3553469f4ffc6
m_6f93238c03834b20a345212b1e8d0834
m_c4203f1e6c2642509600990bddd5081e
m_a58ae592c21e4113b2c0ae6a3a5e8897
m_615ae7aecb6f4de6bb4584b3c1332514
m_210a39775d3243cf90f04f11beee66ef
m_a4cc3ea89c914d5eb69131a38d653aa9
m_98f17c7a8f0143bba5bb9cfd241075e7
m_4bf0bcec1132478a845ae47cecee4140
m_bd05d6c6128d44a8b04b4e91a036acdf
m_7015218def02487ea4cf7d12b2b1b691
m_e541323adec24811bd95d004b018f8e5
m_dc7a1c9e29534ab8ad78b2f6cfa37b3f
m_5dd712a451674817842be8e9e2a957ae
m_ae53e2c5ff7a440e89a0128393fc24be
m_7bd51635a9c54869a497c1cf68110236
m_912b36fe2b4549a6852a4b6880abce30
m_88ad00a7760647c984cb08792cbb4f49
m_ac22c17c59b34f6ea3f6f74d5afc777a
m_6c65abaaab6c4615bc4435084aa04ca5
m_885a9f1549c3406db691505d9d96d89c
m_38ac387162ac4b57bb5c3d0582a2a289
m_671faa67b81a4761a76b7f6b4e4635fa
m_627ddd2b832642e98a0033711103d830
m_a74a792552354e56b50c6e544d1c4d98
m_06ecb561e6784085a1bf78c440430abf
m_2872788d676b41a28a863fe0a8105ded
m_541e185c433744ab8093bfb28c430779
m_2073e3d086434d4d9d0fc06eac07dcae
m_7c38579171f04d79ad2399dfd0b69c7a
m_03980d9582c14a1b9da3368cd28ca51b
m_3b63bef9fc014ffa9cd8c6ec22b690e9
m_305600a58ae74da08d1a32480bd174ef
m_dc6ffc38f0614f60a67fdc0478283835
m_fab6b2ad786e46d89730abd672607f76
m_d94c6bbbfa10429c8cc1cff2d1c2a04c
m_b35be8e0e3564c1a8a23e46a2ed46538
m_73337cbdfcfa4178b3f82c0db0b00625
m_1ab76062a454419e854c0acbe97f14df
m_c1828e99b5ad415bbd28a332441b4f4f
m_c25836a18ec34c048b55a8a7060ecc42
m_14894e1c3040428583459953832926d3
m_e31165be4e4a4ac08f1e058037c4cc4a
m_852da0544989432c9c29ad39d0a9d8f1
m_a8619aa062744db985736a1a4f78f3b3
m_1a696e4288234b17ad672fa44efb9b42
m_ac2ac61c90be4b23977182190e71b1f7
m_96c18aad1bed4ff1bfe4d85cd3cc77a0
m_60f4ff7940e7470e95da72ecdba6bd08
m_68bc452df5f24b08b98179386f2af959
m_1d781a08c05f4d278d85e8a8a4f67b21
m_ba5ea4adf8f24f23a62eb5da93b06a4f
m_495fc887673c40bd8b72a5dcd6158e65
m_1f46a65becbb4dd588aacc00957c42a4
m_96a424d7b26245418522c18b1feb8977
m_a380d70acf524d1fada364ca603c69cb
m_44064956d2db4e6391615c4067d5ed66
m_baa34da030224e5daf0ac19b0e1bda19
m_a7eefbf10f5a4ea69918cc68c02cd49d
m_7a7c4f42e5204d64876ab6b153ce9d60
m_5effc2936e4141a28e6504763732a0ef
m_c3415c14ba4e4472b650b07c70a1345a
m_53f98efd5c1f4159bfec6423a49031fb
m_b512a8936cc2417bb415a476d097ae39
m_4f166ec64c2f49eea790adc12318dc81
m_1321d1c1fe3a4529b1fe7f4094ff71f3
m_aabafb8a448744afa9f00ba679dfa0e3
m_31a6bc059d3e4b16818d3740bf72c941
m_471ae5a82f024e0aa502c3f38ad6ae56
m_378b7dfc2f7c486298dba4ee5c5ab5af
m_2876fd09901f4cd2914c62eabf55defd
m_660d6dee00a44a2ab9c2b78f9e9fbf3f
m_f3ff299cabcd45feb3c6c04d077ff4ce
m_7f44956de4da405ab1beab3d6e1ca3f1
m_2566c0481a0c4ef08ba18a8a7694456f
m_67a114e4163948bfa9f446bec4f1d36e
m_9ee75fca325243d99e9b7973dd1312fb
m_4f68dee185bd469b9c8083408d54b022
m_c6f20a6ac2fe43139054fb31f1d2b35e
m_d2a66f3ba14a44f9a485378927927b02
m_7b9ced30f8eb418c886cd3a693de9608
m_75d43aac928f47178186b5be13ac1364
m_aa665f52e3e5434cac965c56e2af0cf3
m_d5194b182fe94f919eb34fcbcb7110ad
m_46cb5346bbba43bf8ca6a70280e2c703
m_7401e2a3298647a598d47177140336ae
m_60afbb5976e846dea89ff1ef7249abfb
m_509cf8cc566a4d7b8cf5de7ed4dbf4e2
StopVal
m8120d00370e640e8bbf9fdc7348d51d8
CancelVal
VerifyVal
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
UnmanagedFunctionPointerAttribute
CallingConvention
CharSet
FlagsAttribute
Rule.Val
Bzcjrqlhqdf.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
WrapNonExceptionThrows
$4a725fd6-92c6-44e7-97f5-b187bcbd9bb4
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
Bzcjrqlhqdf.Producers.WrapperAuthenticationProducer+ObjectParamsResolver+Consumer`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
CharSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
value__
System.Globalization.CultureInfo
m_isReadOnly
compareInfo
textInfo
numInfo
dateTimeInfo
calendar
m_dataItem
cultureID
m_name
m_useUserOverride
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo&System.Globalization.GregorianCalendar
System.Globalization.CompareInfo
m_name
win32LCID
culture
m_SortVersion
System.Globalization.SortVersion
System.Globalization.TextInfo
m_listSeparator
m_isReadOnly
m_cultureName
customCultureName
m_nDataItem
m_useUserOverride
m_win32LangID
%System.Globalization.NumberFormatInfo"
numberGroupSizes
currencyGroupSizes
percentGroupSizes
positiveSign
negativeSign
numberDecimalSeparator
numberGroupSeparator
currencyGroupSeparator
currencyDecimalSeparator
currencySymbol
ansiCurrencySymbol
nanSymbol
positiveInfinitySymbol
negativeInfinitySymbol
percentDecimalSeparator
percentGroupSeparator
percentSymbol
perMilleSymbol
nativeDigits
m_dataItem
numberDecimalDigits
currencyDecimalDigits
currencyPositivePattern
currencyNegativePattern
numberNegativePattern
percentPositivePattern
percentNegativePattern
percentDecimalDigits
digitSubstitution
isReadOnly
m_useUserOverride
m_isInvariant
validForParseAsNumber
validForParseAsCurrency
Infinity
-Infinity
'System.Globalization.DateTimeFormatInfo+
m_name
amDesignator
pmDesignator
dateSeparator
generalShortTimePattern
generalLongTimePattern
timeSeparator
monthDayPattern
dateTimeOffsetPattern
calendar
firstDayOfWeek
calendarWeekRule
fullDateTimePattern
abbreviatedDayNames
m_superShortDayNames
dayNames
abbreviatedMonthNames
monthNames
genitiveMonthNamesm_genitiveAbbreviatedMonthNames
leapYearMonthNames
longDatePattern
shortDatePattern
yearMonthPattern
longTimePattern
shortTimePattern
allYearMonthPatterns
allShortDatePatterns
allLongDatePatterns
allShortTimePatterns
allLongTimePatterns
m_eraNames
m_abbrevEraNames
m_abbrevEnglishEraNames
optionalCalendars
m_isReadOnly
formatFlags
CultureID
m_useUserOverride
bUseCalendarInfo
nDataItem
m_isDefaultCalendar
m_dateWords
&System.Globalization.GregorianCalendar
(System.Globalization.DateTimeFormatFlags
dddd, dd MMMM yyyy
MM/dd/yyyy
yyyy MMMM
HH:mm:ss
(System.Globalization.DateTimeFormatFlags
value__
&System.Globalization.GregorianCalendar
m_type
m_currentEraValue
twoDigitYearMax
Calendar+m_currentEraValue
Calendar+m_isReadOnly
Calendar+twoDigitYearMax
+System.Globalization.GregorianCalendarTypes
+System.Globalization.GregorianCalendarTypes
value__
yyyy-MM-dd
hh:mm tt
h:mm tt
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
height
D;=1b(xQ
{O$ny3
|:;N]k
Bd[xK@
oOoRrM(;
eM)#Ib
uK0re65
VZ#r<B9
3 +5s_
'BQl"R
c{=% (
*eR&.)L
O`R/Oc~o)w
iyN2$E
oZ?(TAJ
PsNIA[
)6NeW(
Iu*85-
\iuL)N
#0Rm7:(!
JKLpl^
KjTQ}
f^D73^
7lj@,+
7;Tm(
c:J#q}
}n_Dp`]
JfVbR#
2w65`3A
bQ&5w?X
+.V#n6
E]&Tom#{.';
wI9"ax
E~W:>:,
?x3PZ!
YI]P)<?m
4\hv$]s
um @Hh
WKHTV$
6z~;D
=Kmqg}
N#]$VOgs
nz{L<"
KE|xj4
,l}|1Q
V\Gxf`
y84iye
c+J?e-t
*?\2|q8|
h{Hy3j
oTjv_2
-x#@w~
/P=_)\=
{oXEh2
U'K`$
M`_<E*
txayAZ
I:CA|%Z
.K+ir6
=S}'gD
jZIK7h
{^W)*/U
%[gTA?
&KQ;CZPY@+l
C(<}K+
ygpgOs
6v]TR<
FMk"jp.
^e'ipw
y<m;"0
DpRYjFtKy
7Df<^2p
`yGjd\`
0XR$bBM
C)`bbK[#iA
dnWY;i
"~Gs[r
=|6K[h
fw9?dE
\/aKuy
=vIy-h
hY/u$Btix
PQo\E1
bdIvG5
+:bjZa
=lmGY=
~V^X
S~RCBp
HHn|3N
=MyZ}MY
$Wxmj7E
G@+5y"
yK4,m-
V'$Ue9
r54v_+p
QaAg }
*Ke|E+m
{~JIv.
A3EFhI
fu5R#N4
OL@*aB%
I3Y$Uan
\+^VBl
-'Xt/h
\;}LG{
#]Z-n
">0wU
Hbr~f*
.jjo-W
8JBrts
Et+IPE+
xK&,ym
hYPV=<
uw0Tm6+
}f!|pN
gI|X9\
Vko93Y
tTPx,G
_9#Bs6
`u!xkjN
LufqM>
|b(* 5X5
#gX/=m9g;
dhY89k
9fQe~BmK
QTshyA
B7ZKvO
R{Dw6Y
J~FsMj
y&WpC3
u8[OSd
]6TZ:|C
.wq'z}
[3$}/
q8/YKvj
n0HCh3k
X(]Tz/1
UtOZu?
Vtn((3
Zk<nK(#
c'\jSB{
.iP4u9
\PAfYD
LDx/S_
NcsC};
}j$~=A
f5qZy-
im)|,Kr6
"=SR-)\
Lw9Sj+
X[_wi1
)4/:CI
Dl_BBE
?X?KUr
f"#Z.~@
6cqA2?
[e56c-
<+6@M-r
;9J-v#(
2gdjW*
!e<J\y
Pg-]1?
W@io'I
9RR-,N
d8p!i?
o0O~!\
|N^7gRm
!oI8IB
Qu37N'
*UzS2&+3
W)RO-=
(lkPEh$
&mbo&/
Bd"4W
F\y+u{
"K$r{8
}HO@ x
MFC86^
p^\-c5
.7sv2i
QXNh?r(
GB3H0
k I:Y-
sHZeqSxs
4jv8sW
N=Ml6:\
vI%j49
z+P~8i
3%VqxG
\@37\Hm
]cBH;l
2~B1}w
%$h8vu
6pSfx|
\S\I"g2w
LF/Ea;
9MW}=Au
s3y,OyP<x
,j>Wc4K2
U\1j2^
OR5BH_
(gt/OwH
<ydM|
h_)$gbI
O2#kHB
4%@,V6
M!=Gx[
=%pu$m7U
3;s3xm
M@dU0;
~o3jdq
*v({JG
r_{#')
87.Y3B
J@4yh3U=rM
k<bEa
7<y`5h5
HYnp1\
n5Cd>$
RJ#'e[spRq
r@#:*qnfB
;'|Z"w
s`g&ZV
}lOUN_
?wj=TnRcDD&7
%7ZBL/`
^6aYIn
KT;"i)
*F1jBBJG
3`6JIl#
VIB`SX
n@)Z{F
f;q Db0
D5 ^F
1N}n4U7
(<~\t<
|eCoQ$
vv;K>k!yQ
_*`,kOV[TmT
P5NkQl
I2+lud
h:VQOk
J`P13*
:KA$,)
unp3|)Q
;V<Mo
7|{,x%
qyd<USt
8GTHW\
swQU-`
r4"]Wl
+}D0k'
?)\t'F
Ywuuu
{zA)aW[h
i [2=Oqu
;y:/hYe
I#pk T
58olU;
#)`}ak/SdJ
x.U8z
WUokw`
B]N6<`
n=sJ2;>5
oElOko
NhfXAdCmB
4Cz7^>
"[%.=s
C^L=xy&Z
ONZ=}0_fNj(~
\TGX$K
\W(mp;
5/MUB}
'9Y2i9
te&yo,l
L&Bqed
Q+E&S&d`x
^F1iS0;
}_Q:sZ
uXy[1
\Y42f"
M`$Lpch
';_zb:
'cw^wH
3y}TDk
[ kj%r
/(C)AC
/$p2F&<W
b/>}5F
U%^aUQ
fj g%c1
ZB/2A|
&ASmJ0
VIwIND
l9skCb
H`~m.UP
]Wa2-[
pC"eMZ
HuU8oDs
O{)d2G
H:=>;U
a$]vhw
[B"%$
T&\W$@
zRwKwc_)??
6h|DAuUZ4g
,oYO,Q
P;TSrs
L>6R(|
:UE<%g-
ioNc{r
@7!I?|wYtyL"
+I<}xD
o2uf?(
&I'.ID
vAR$~y
)__;LK
I\,{+3B
a+'c!T
l(KKwYnG
)*-)L^
lfjts+
nt}Q-X
$XABB8p
N+\EMS2
5m5v[/{}
8d;KF,
kns;C5
WwEB-,Y
2Np``<B
\|+P`#k}
FZqWHd
b$g~*Vv
))t2LT
C}BdHS.Z
dDA|]o
to|(wV-
,hb=qj
x|(Obe
-PcM|j
U]\/G@sc
+a^{tg
_&.2I,
BaO7!<j
rp u7?
r|6U ?
qLgfwx
%]J!XoSu
U!R}|M
!|GlJm
C9WLPD
022Sv%
V*\MO5
RkxTEW
rtgMLd
(!Ypq`:
!?hY-%e]i4
Fj:f61
yQRW@EU$
x)Z-D
HcdRZU
I%afdUN'
[MRQp:
=M]B;Ng
?Ua&`~
^ =r6N@>I
q7F:%w,
@XO|7Y
y!IOXI
b~&#;*
Sw>-K*
,J_PMC
ZWpv_a
'5]T<_3
W#wwT,
:H.!f%
LmxC[y
%=G~H>
-(I"WnaL
*nm&f({%X
12j+1f
.g$X?][
1]O6!x
`Q+"if
hrcs72(
c:bK#$
y.>[J%6]
=|:[6=T4
t=tqh3
'$8&Hm$
G)64Pm
=fPBA U
$f)#C-
,r)jr,
l$&w3!
b4/POLb
mFmI+0
)O4Js>
W:T/xVR
b ;13;
xb1IF~
izEyWp
fx^3N9
w\hw_
8`[/8p
Bn>XwH`
EQlX<JQ
>Ytz-Ps
7 '5l
!>5CM
}VI-|b
hDz)v<
%y^rD}
~bw5sz
V[-B9X<l
9S/1p`~B
(hOB"l
-5XY_J
s8k7pn
qcv=!"S
Ac/8Mj\;y
S~`:|B
~Ow@$~
?.4v/
j.*gj b
E.(R}M
7Bob/e
G<n9:V6^
\iNv-)\m
GWbwVa
gG\(M$
C@;9o4m]
j)<QIF
"Alg-P
pHn<NmA
<a6 Vtq
z'PazN
kY34%_
CTXix*'
M+ Ifq
q7} &A
tN!>}}V
h)JdW4
&>H60!
+]6#`3
v'+Sl'
f_38Af
'o|'Lu
da6\sG
k=acw<|
bF5{{F
t'+FR
5p^ivK
s1M}cz
IwPcZ+c
YNzri{
t8kU**
=p8U..b{
+\eCOt
L3j7F4O
#fY$O-
k"C.WK:
U,:gCx
NgaUL0
Tc(zr(
2m(ZH?.
zf?ejh
f$8?QNF
%N8b*K
?}W@)s.
rG{F:39i2yNg
}lb\Kf
:hmBcx
!GVAH)
q}B!kM
UA}nO|S.);
]:Iy87^
Quwu%
6_g;}ly
+fIrAU
>~{(jk
^}\`g
hUZaf(A
{DFZ1
=7VSmU
QJ!6vf#
./9@EaV
kEoag6
%TG=eE_r1q
ELdW%!#
gS-R>,
LoDF-
J:j`-GW
m23+;
hUjdsO)'
@\pu-n
B,*$ST+
m]:Dqq
}H1rD
nLaFF]
w@'0(2
5#(Pgt#
)'o)&`
LP&T<@
]n\e|kI
JW& 'j
zn nqg
zC$mC@
'q&Q@VP
TAnN2$55
Wb0-t'r
v3%nCGy(
>]J;S-
|e]]H!
Ey&uTS
-r<Z/2
2"T5`o
U[)T'am
12S7K{
9Cd/*s
>x$u0HB
ax!xYl
0kQ9nu!
EA6"ciL
M'rxEo*U
.C;b.H
4S*rjT
n:K\gnN`
% QJb*
LrnW[+
-[|!3u
@@WG#V
"BCcc%
H=N(Gtj3
%FVL6R%
Ih<,X%#
,pj6Zv
tmRjZG
2vYL%I
DWBi8b
{9POK]
H<v Tr
B.;dwJ
YcPGzu
Bno81:
[1g(i\
Z=6|1s!
W@=0$e
JQsOm+
zLak+`D@
<f<^0#
>Fh-e4}
[k%QIn
HuZ`Y#u!
16dCX?
*!0w6JU
+i$:)8
,d;_kO
#B,h)f
1(uULD
S):&Us
+e2H#S
AEKaq{/
{@'wL.
):EIzL4%|6
u{9^8:
2wvu(l
\zj$j/
`m]yk~
PPs0$04
rqJB@
<@Tr^%
%T.CV>M
+>Rx\n
QJ?ih7
Hc6R'[=
/GsG2
`+XoN^c.
H<im:Q
TYCb7[0
U2.d6MI^
vf%2V
Y])H05
JC%ug{6
lOuw;6v
T)`F6K
bNB)-)/9-
yQ m1P
?7JwL73
OBO&:&
[EdXGcRkG
5}%zU,
9T%D/b
'=q$YC
Hdn5#z
WG}~[;
1GD")o
>61fLGt`
!9jJuH
^WS>W}
#)~nZs
'z[aazd
q=YR`$w8
N,>|-w
sw!6.Tj
w9lB'ny
E;3v#X6C
m"g2^':b
M]EI~A
d@HMD8S
.PM2*>l
j$hk|B
^mPX]T
?SutH4
cp AnZ
{Ingxc
VM0cYW
,DJ)SCzV
.9DZfb
4%rj7 FJ
`J]/![
8$pS<,Pq
{mTG*D
yNe<2k.v
E)b:,/x
Kbib=O
"d:z?v
"|@)7?
FGK?`NP
5)Zfb%
qXicxx
PBowco
\X+#~.1
Z.L's/
u##[pW
PsyZ:J
?@y(/o
qUPT55
1ZCrX<
'FM'G2
[[Kw=y
P9Tu+dZ^
RLf<j`
.q [dc/8q
ShD7q8
A K2Js
{] an
%'og`#`
dr3Zz&\
|#6}ly
SL5u<oZ
^Swfox
]OG+MM{
$6pp,R
WlvI.E
ajo+*Hy
nBz5E9
qG6gIO
YNj1G2
t4?}MX
*IN)b$R
xLC>Bo
,B1#~#
ON(MU=
0l+&O1
"h?kmx
4Ag.-J
UJ&;_f
sO{e2P
-8=Nbhu
%I)L!
\"+U40
VV:W'p
Iu#UZn
/FAoCx?d_3
l`nTa:I
5NJXaK
mc0w*D
v,q+%F
e+x|-[
jKoEsHF5
O[rIQ`
wl&bt6)
<Ur-#Q
Q^uOE+`
k]Apb" T
K!8;2n
~X=g:U
*Qz7Rp
Sb(xXxA
vP]6jNJ
8'3`rr
CqUYKh
xM^UM0
\d$WjQE
4ts{a'
4V|2i3Pr
pAd{t7
#M7#lH
$0/mU6
IdN CD
~S+:Nf/I
O5MpxzS.pi
BwNg1/
Ci+?74
Zbm(^R
zd[xa:
>TWaoYqh
$hb]M
"0t?qK$G
?%@L$KA
0"RZx^
S'DWX#
fT5C:OV
_]Yen>
2_8(N>
;|DQkh
ZDVUJ#
yB<-w#
@p-e/i6|
iQI8m
SW'(W4
wf,8B#
d1%xYt
n4gL^"
V8r4i2"
L[Ae;?Z6
v{&u.1
\Nx-yS
h:3'1y
?]$k*/-
> ;P1y
(}p|U*
z )hpH
`p\jLzmP
QT!;1B
?fi}+3
P2Z@I'
pb+PZ_
_6)jC_
a#%b+`V
F.LqSd
=@aa#CE
`A}pgpX6
3!TXON
jYlW^Q
S zV+X
/oXO7u
<Yd[{W?d
4oVcfU
ZI2+'_
({[5Sl
jgsMhQ
//{?$n
;j^WBc
G,d,:X-
IjHI}8
$P0bs15R"
$|:%]
/_}~'n
1y.F']
/v>%@SbA
(@BPG8
Ci1%&Q
?UxzvO
lu&)4oME
C&c.J%
;HCqN-
$Z2mP\l6
iB;fy(Y
sa:,$b
A,4#0w
,X&q"k5{w
)&sjp]
*{k%Oq
7DWuRH/
ap8Y1$
MsH+=D
EN{}V#
Za:W#Gz
>25FU}q
7{nI83
xk~C*l
:3IRhp
\|u^Wj
bA/H)M
myH^*&v=
c0{J96
oKyK-;
f&qWaM
~O0"+j}
njz$0t
?{gH|5o[S
@,z0<no5
]LgT!0]W
Jd@m=y
=<8@nK
<@R&F]
0h/6vC>
:#P`L3
A<hvtL
KNlHddiD@
G}K{8?
K6$-k+H
^.(R=J@
6p"{!X
.#:n;5F9,%
3g>jer
&kXW(+
sx7LCLXP
LUrraM
Z|.?bi
@N;OnE_
IyD3!2
Fu._F"
<ZPN:Mx
E4JWCF(
gcfF`<
S5Y2NG<
%QH-5e!6
MY'7?5
kH4q%If
"uLSg_
<e~I;;
@|XgA
K+C+6#
`'Tgw+$
ZMfH=W
heGCVJ
>iWd{}
~|Jzfn
rNn7F+'0
)q~m@-
g\K+MV
+0-mY>]
yk'b.F
`edc9%k
Hoqfnx
tGVYE:
|x$p \)T
]QkuI"/
|W{a]CM
9tk@Q0
#<2)"x\
wFsZ';'(S
>:WbBG
V\SB+e,+
>eq)F7
H5p)+H
#ync1v:
(Vq[^p
IMOVJN
.hpM{}
`<K/&8
ugav(7
IDR_GM
YsMXbd
h[uIFZ
f}%K!v
_$4@mt
,<^_P Z
KnLtWz
si0R_L
/\P;nU
#3lJ!X)6
RMCI.B
CFKOydY
V<S~<z
AzKmS,
e@?w%u
8rb"N
4fodILK
)hKyz)g
w`<wFbE
nl,f;J
e)[m;,
UTn*1H
eiDCc#H
Ail.\Y
7ejtuo`
@!ydDe
m]&P5 $
&zT?YL
T/"nltOqk-f
.AD`jd&
`/:TdB
+-%-9#
`fl[Oc
6xda;$/
vI|'dC
$uHsu F
"4-ZaWE
G%7P@p
!D}\o9
8Aw0t0
z4<\<S
3q&izw
janw_H
6m=a>67
IvfJ'zu
5 k7?L
V1U-q~
'<?7#8-w
z)>f#}
I|zl#
nKtv8uY
x 08abpe
I|ywX
o=hbt
4Qg" Q
7f1gcd
@p:oNmX
Lz8~S:7
IDS(ODb
7v1Jke
fiQ{z_
pm.>~'
w(a5g:B
s\`Yed
97znM[
@93x8<O<
dGK;;G
8/?_/J
+=V+w!
S`Wch0Fv
p+#(hE9I
+"`lGF
ebiVYvJ
`*c=~0
3KQh}?
jJ:*t(
>rh9Y1
FKvZue0
1`$!A`
"<5Pb`3n
2`3*Ec
,5S(/Po
^.@Ma0
g.:3s
GpQT;5
3$'%]9
-&N(hk#,|H
D]8otDx
B7tZaJ
` [Giv
[UAuK;
GHM+k@P
+3e:c:
fLQ]=4_
+ZA<k>b
Wm?pg~
l%Oj4M
C$cuQ7
T}=c`M
YMCtyQ
\k>2Dc
Xao-%k
,1q4ey
rQ4:hR
7Vc!Do
867J'P
J{%/f~
;}fwig
n}]z/}
'!9#KmYyO
!,d\=S$
(IlskF
1:ub@Nj
)/n67o
v'|BXul
tQT7<4
%=E/:M
!M'bvr
i-OvuY
Fe^su:
A_!s$+
WE<N`/g
O7g(b-
'Vd)+
bZ1^L-
)nPdLf
!]dypD
`'sPM'mW
BH"I=+
p]pi7~
kHX%IT
B/p\1$
.[?(OE
BbFwdo
Je>05z%$
FwoLtF
P'7Z;T7
/ll8uP
jG5@U->l
>0IAX0
'=]UCU
',\4dS
{ck(?BZ$
?bInsc
u`4&><
g4Lq8TM
TWfugUt)
D-'9V(
&ZKA3M
EY<yT#
BT@y$^
3*SF9f
|{!4QbGP
SyvOk+
#Id>&h
-0ubTS
+[DiX+1
y3?lO4
a8O!B%
mojkkDL^
ZpN8AN)s{
)H1}2j
<=*{mF
~9F;5%
p}:cWP
oGt#{2q
vJEmFd
NWtnX9
+&=E]QbKO3~
TXiwjw1
gGon3.
2h?p)1^y#
ARr|5;
Fzw[yn)i
~<x!`m;
bQu$Z:
*0G~-;-
Y& 8kn
2i(kwD
O0,?Iy
LVWEi?O
)Zdit
!~lZ\gU|
@ACD$c
_}po$z
\ Rl*Q
HFR<+`
NiX[hnq
,ytyLu
jv)IGq
{N "@r
Hr\Ted
?5ghYJ
sESXLZ0N2F
N"-Y1t
x*\Uk{s
wCPn/G
)@yJPEtiY
8JxukXfk
~|nXTX
dHBwR"
YB>,;y
,inK7\O!
rq 2j^
Jsm. p\w
:(}(i{
}I-XXO_z
xn18h@A
ud+J=w
y}=#4c
cv/uA[W
dhtB9i
WqWb$:
hU`yC,J
b6Mywr
kW530N
FNf=$qu"
?3y_GK
Qg3F9+
>-1= `
)1-d0^
3jpuY^
\_J_t9+PA
S}V#0SF
-Rigp`
ct8&:g
<'0g)s
tYzi/J
E1Y;tD3
:IYH8*
!io&Nu{t
9;$(vn
W&>Ybh;
LF(yA^i\b'
iWS/Z(
=yyaBqN`
0U\9}D
]qw\'fo
of[$?[[=
W7S!DnZz
^Gg`34
IF#1Cl
Ml>6<$
KuZr]T$
"G93$U
x]_K4}
G`-*o=,
%>YQyh
g}FwJ`
Yt4,ec<
Na)psl
v$H1M6[E
tCT/%7
uE(f9%
Eht':|
)R39|s
Iprpy0
Ke/w&=
TtaM%Os[m
5DbVCq
D~#5\^FN@
8*%OobD
16!2}v
5iKq8,)
R)<\~0
X%B?PPq
GY<s{
)+7iI'Z
UCq"TV+/
>!BlH"3:
7L29B
B+C_/x
|-C&Ru
g3PBzL
J;$B\[
|7\-=E"
51mZLad
NN;$HV
Rfhn M
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
)V71VDAVPQVPYVPaVPiVPqVPyVP
V7.SJ.KJ.CJ.[J.s
.#J.;J.3J.+J
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Cryptography.AesCryptoServiceProvider
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Dispatcher.Identifier
Rule.Val
GetDelegateForFunctionPointer
file:///
Location
ResourceA
Virtual
Write
Process
Memory
Protect
Process
Close
Handle
kernel
32.dll
$this.SnapToGrid
$this.TrayLargeIcon
$this.Icon
$this.Locked
$this.DrawGrid
progressBar1.Modifiers
$this.Localizable
$this.Language
$this.GridSize
$this.TrayHeight
progressBar1.Locked
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Bzcjrqlhqdf.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Bzcjrqlhqdf.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Clean
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Generic.bc
ALYac Gen:Trojan.Mardom.MN.11
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of MSIL/Kryptik.AIZW
APEX Malicious
Avast Win32:RansomX-gen [Ransom]
Cynet Clean
Kaspersky Clean
BitDefender Gen:Trojan.Mardom.MN.11
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Trojan.Mardom.MN.11
Tencent Msil.Trojan.Dropper.Kqil
Sophos ML/PE-A
F-Secure Trojan.TR/Dropper.MSIL.Gen8
DrWeb Clean
VIPRE Gen:Trojan.Mardom.MN.11
TrendMicro Clean
McAfeeD Real Protect-LS!9E73EDECC13D
Trapmine malicious.moderate.ml.score
CTX exe.trojan.mardom
Emsisoft Gen:Trojan.Mardom.MN.11 (B)
Ikarus Trojan-Spy.MSIL.Agent
FireEye Generic.mg.9e73edecc13d48a9
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Agent.IMW.gen!Eldorado
Avira TR/Dropper.MSIL.Gen8
Fortinet MSIL/Generik.BZNYUMT!tr
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Mardom.MN.11
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/Vigorf.A
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!9E73EDECC13D
TACHYON Clean
VBA32 Clean
Malwarebytes MachineLearning/Anomalous.100%
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:H+U4JO1Ao4cr6/TXf4FS2Q)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData Gen:Trojan.Mardom.MN.11
AVG Win32:RansomX-gen [Ransom]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.