popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2067-04-09 22:44:02

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000ab34 0x0000ac00 5.72682469547
.rsrc 0x0000e000 0x000005f4 0x00000600 4.32525585762
.reloc 0x00010000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000e0a0 0x00000368 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000e408 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
moom825
v4.0.30319
#Strings
<ReceiveAsync>d__10
<Disconnect>d__10
<DebugMenu>d__10
<GetIdleTimeAsync>d__20
<>9__20_0
<GetIdleTimeAsync>b__20_0
<>c__DisplayClass16_0
<>9__6_0
<Concat>b__6_0
<>c__DisplayClass18_0
<>9__8_0
<GetCaptionOfActiveWindowAsync>b__8_0
<AddToStartupNonAdmin>b__0
<RemoveStartup>b__0
<ConnectSubSockAsync>d__11
<Main>d__11
<SendUpdateInfo>d__11
COMPRESSION_FORMAT_LZNT1
<>u__1
Func`1
IEnumerable`1
Task`1
Action`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
ArraySegment`1
List`1
<>7__wrap1
__StaticArrayInitTypeSize=32
Microsoft.Win32
UInt32
<data>5__2
<tempXmlFile>5__2
<getdll>5__2
<currwin>5__2
<conn>5__2
<comp>5__2
<socket>5__2
<HearbeatReply>5__2
<>u__2
Func`2
Dictionary`2
<>7__wrap2
<ReceiveAsync>d__13
<sub>5__3
<total>5__3
<HearbeatFail>5__3
<hasdll>5__3
<process>5__3
<CreateSubSock>d__3
<DllNodeHandler>d__3
<>u__3
<SendAsync>d__14
1D1CC35EA61331C5A85D2A960611153E37A62DCD916269D6E3B5A0DAC2EF3824
<fail>5__4
<socket>5__4
<dataLeft>5__4
<RecvAllAsync_ddos_unsafer>d__4
Func`4
<>7__wrap4
<ConnectAndSetupAsync>d__15
<e>5__5
<startTimestamp>5__5
<GetAndSendInfo>d__5
<RecvAllAsync_ddos_safer>d__5
<>7__wrap5
<RemoveStartup>d__16
<lastSendTime>5__6
<Type0Receive>d__6
<Uninstall>d__17
__StaticArrayInitTypeSize=7
<dllname>5__7
<Type1Receive>d__7
<AuthenticateAsync>d__18
<AddToStartupNonAdmin>d__18
get_UTF8
<e>5__8
<GetCaptionOfActiveWindowAsync>d__8
<setSetId>d__8
<AddToStartupAdmin>d__19
<SendAsync>d__9
<Type2Receive>d__9
<Module>
<Main>
<PrivateImplementationDetails>
630DCD2966C4336691125448BBB25B4FF412A49C732DB2C8ABC1B8581BD710DD
get_ASCII
COMPRESSION_ENGINE_MAXIMUM
LASTINPUTINFO
System.IO
get_IV
set_IV
mscorlib
System.Collections.Generic
SendAsync
GetIdleTimeAsync
AuthenticateAsync
ReceiveAsync
ConnectSubSockAsync
FromAsync
ConnectAndSetupAsync
ConnectAsync
GetCaptionOfActiveWindowAsync
LocalAlloc
GetWindowThreadProcessId
setSetId
GetProcessById
Thread
Compressed
get_Connected
AwaitUnsafeOnCompleted
get_IsCompleted
ReadToEnd
Append
GetMethod
Replace
get_StackTrace
CreateInstance
CryptoStreamMode
AddSubNode
subNode
MainNode
LocalFree
get_Message
Invoke
get_Available
Enumerable
IDisposable
RuntimeFieldHandle
CloseHandle
Console
set_WindowStyle
ProcessWindowStyle
get_Name
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_UserName
get_ProcessName
AssemblyName
startup_name
GetIdleTime
DateTime
dwTime
AppendLine
WriteLine
get_NewLine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
SockType
ProtocolType
GetType
SocketType
ByteArrayCompare
System.Core
MethodBase
Dispose
BTruncate
Create
<>1__state
Delete
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
DeleteValue
GetValue
SetValue
GetPropertyValue
RegistryHive
Type0Receive
Type1Receive
Type2Receive
add_AssemblyResolve
CurrentDomain_AssemblyResolve
Remove
xeno rat client.exe
cbSize
FinalUncompressedSize
RtlGetCompressionWorkSpaceSize
OriginalFileSize
get_TotalSize
pDestinationSize
pNeededBufferSize
CompressedBufferSize
UncompressedBufferSize
original_size
Resize
SizeOf
IndexOf
System.Threading
get_Encoding
System.Runtime.Versioning
FromBase64String
ToString
GetString
mutex_string
Substring
ProcessLog
ComputeHash
strToHash
GetHash
executablePath
Install_path
classpath
SourceBufferLength
DestinationBufferLength
GetWindowTextLength
AsyncCallback
CreateSubSock
FlushFinalBlock
get_Task
Marshal
System.Security.Principal
System.ComponentModel
Uninstall
kernel32.dll
shell32.dll
User32.dll
user32.dll
ntdll.dll
msvcrt.dll
CryptoStream
MemoryStream
Program
get_Item
set_Item
OperatingSystem
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
Boolean
IsLittleEndian
TimeSpan
AppDomain
get_CurrentDomain
IsUserAnAdmin
AddToStartupNonAdmin
AddToStartupAdmin
IsAdmin
get_OSVersion
GetWindowsVersion
Compression
get_Location
Action
op_Subtraction
System.Reflection
ManagementObjectCollection
KeyCollection
add_UnhandledException
CurrentDomain_UnhandledException
ArgumentNullException
SetException
Encryption
Unknown
GetAndSendInfo
MethodInfo
SendUpdateInfo
DriveInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
ServerIp
memcmp
RemoveStartup
DoStartup
System.Linq
ParseHeader
StreamReader
TextReader
header
MD5CryptoServiceProvider
AsyncVoidMethodBuilder
AsyncTaskMethodBuilder
StringBuilder
<>t__builder
sender
RecvAllAsync_ddos_safer
RecvAllAsync_ddos_unsafer
CompressedBuffer
UncompressedBuffer
WorkspaceBuffer
SourceBuffer
DestinationBuffer
RtlCompressBuffer
RtlDecompressBuffer
buffer
ManagementObjectSearcher
DllNodeHandler
DllHandler
SocketHandler
ResolveEventHandler
UnhandledExceptionEventHandler
_dllhandler
ToUpper
TaskAwaiter
GetAwaiter
CapturingConsoleWriter
TextWriter
BitConverter
subServer
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
get_TotalMilliseconds
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
subNodes
Assemblies
ExpandEnvironmentVariables
GetValueNames
IntToBytes
GetBytes
sizetdwBytes
BindingFlags
SocketFlags
uFlags
ResolveEventArgs
UnhandledExceptionEventArgs
<>4__this
System.Threading.Tasks
System.Security.Claims
Contains
SocketTaskExtensions
StringSplitOptions
RuntimeHelpers
GetCurrentProcess
Compress
Decompress
System.Net.Sockets
set_Arguments
Exists
GetAntivirus
get_Keys
Concat
CompressionFormat
ManagementBaseObject
hObject
get_ExceptionObject
ManagementObject
EndDisconnect
_OnDisconnect
BeginDisconnect
System.Net
Socket
socket
T_offset
WaitForExit
get_Result
IAsyncResult
GetResult
SetResult
BytesToInt
xeno rat client
xeno_rat_client
System.Management
Environment
Component
Parent
get_Current
GetCurrent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
Decrypt
Encrypt
Convert
ServerPort
ToList
get_Out
originalOut
SetOut
set_ReceiveTimeout
SetRecvTimeout
ResetRecvTimeout
socktimeout
ClearCapturedOutput
GetCapturedOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
WriteAllText
GetWindowText
DebugMenu
RegistryView
get_Now
GetForegroundWindow
GetCaptionOfActiveWindow
set_CreateNoWindow
set_NoDelay
InitializeArray
ToArray
get_Key
set_Key
OpenSubKey
OpenBaseKey
_EncryptionKey
ContainsKey
RegistryKey
System.Security.Cryptography
GetExecutingAssembly
GetEntryAssembly
AddressFamily
SelectMany
BlockCopy
get_Factory
TaskFactory
CreateDirectory
get_SystemDirectory
GetCurrentDirectory
op_Equality
op_Inequality
ClaimsIdentity
WindowsIdentity
WrapNonExceptionThrows
xeno rat client
Copyright
2023
$310fc5be-6f5e-479c-a246-6093a39296c0
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
/xeno_rat_client.DllHandler+<DllNodeHandler>d__3
+xeno_rat_client.Handler+<CreateSubSock>d__3
,xeno_rat_client.Handler+<GetAndSendInfo>d__5
*xeno_rat_client.Handler+<Type0Receive>d__6
*xeno_rat_client.Handler+<Type1Receive>d__7
&xeno_rat_client.Handler+<setSetId>d__8
*xeno_rat_client.Handler+<Type2Receive>d__9
(xeno_rat_client.Handler+<DebugMenu>d__10
-xeno_rat_client.Handler+<SendUpdateInfo>d__11
&xeno_rat_client.Node+<Disconnect>d__10
/xeno_rat_client.Node+<ConnectSubSockAsync>d__11
(xeno_rat_client.Node+<ReceiveAsync>d__13
%xeno_rat_client.Node+<SendAsync>d__14
-xeno_rat_client.Node+<AuthenticateAsync>d__18
=xeno_rat_client.SocketHandler+<RecvAllAsync_ddos_unsafer>d__4
;xeno_rat_client.SocketHandler+<RecvAllAsync_ddos_safer>d__5
-xeno_rat_client.SocketHandler+<SendAsync>d__9
1xeno_rat_client.SocketHandler+<ReceiveAsync>d__10
#xeno_rat_client.Program+<Main>d__11
9xeno_rat_client.Utils+<GetCaptionOfActiveWindowAsync>d__8
1xeno_rat_client.Utils+<ConnectAndSetupAsync>d__15
*xeno_rat_client.Utils+<RemoveStartup>d__16
&xeno_rat_client.Utils+<Uninstall>d__17
1xeno_rat_client.Utils+<AddToStartupNonAdmin>d__18
.xeno_rat_client.Utils+<AddToStartupAdmin>d__19
-xeno_rat_client.Utils+<GetIdleTimeAsync>d__20
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPAD
!"#$%&'()*,+-++
Plugin.Main
xeno rat client
error with subnode, subnode type=
data can not be null!
zenofs.zapto.org
Svcchost
appdata
Windows Support
-admin
nothingset
%\XenoManager\
XenoUpdateManager
\root\SecurityCenter2
SELECT * FROM AntivirusProduct
displayName
SELECT * FROM Win32_OperatingSystem
Caption
OSArchitecture
UNKNOWN
schtasks.exe
/query /v /fo csv
TaskName
Task To Run
/delete /tn "
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<Task xmlns='http://schemas.microsoft.com/windows/2004/02/mit/task'>
<Triggers>
<LogonTrigger>
<Enabled>true</Enabled>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id='Author'>
<LogonType>InteractiveToken</LogonType>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
</Settings>
<Actions>
<Exec>
<Command>
</Command>
</Exec>
</Actions>
</Task>
/Create /TN "
" /XML "
SUCCESS
L0MgY2hvaWNlIC9DIFkgL04gL0QgWSAvVCAzICYgRGVsICI=
cmd.exe
XenoUpdateManager
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Windows
FileDescription
Host Process for windows Server
FileVersion
3.2.1.0
InternalName
xeno rat client.exe
LegalCopyright
Copyright
2023
LegalTrademarks
Windows
OriginalFilename
Microsoft
ProductName
Svchost.exe
ProductVersion
1.2.3.0
Assembly Version
1.2.3.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.XenoRAT.m!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Jalapeno.697
CMC Clean
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Skyhigh XenoRAT!D7B665428DD5
ALYac Gen:Variant.Jalapeno.697
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
Alibaba Backdoor:MSIL/Dothetuk.db46b4f3
K7GW Trojan ( 005b11ae1 )
K7AntiVirus Trojan ( 005b11ae1 )
huorong Trojan/MSIL.Agent.dj
Baidu Clean
VirIT Trojan.Win32.Genus.VHY
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.WNX
APEX Malicious
Avast Win32:BackdoorX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.Agent.gen
BitDefender Gen:Variant.Jalapeno.697
NANO-Antivirus Clean
ViRobot Clean
Tencent Backdoor.MSIL.Agent.kc
Sophos Mal/RAT-C
F-Secure Heuristic.HEUR/AGEN.1371394
DrWeb BackDoor.XenoRatNET.11
VIPRE Gen:Variant.Jalapeno.697
TrendMicro TROJ_GEN.R002C0DIN24
McAfeeD Real Protect-LS!D7B665428DD5
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Jalapeno.697 (B)
Ikarus Trojan.MSIL.XenoRat
FireEye Generic.mg.d7b665428dd59245
Jiangmin Backdoor.MSIL.gilv
Webroot Clean
Varist W32/MSIL_Agent.HBX.gen!Eldorado
Avira HEUR/AGEN.1371394
Fortinet MSIL/Agent.WNX!tr
Antiy-AVL Clean
Kingsoft malware.kb.c.997
Gridinsoft Malware.Win32.Gen.tr
Xcitium Clean
Arcabit Trojan.Jalapeno.697
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Agent.gen
Microsoft Trojan:MSIL/Dothetuk.AM!MTB
Google Detected
AhnLab-V3 Trojan/Win.XenoRAT.C5586957
Acronis Clean
VBA32 TScope.Trojan.MSIL
TACHYON Trojan/W32.DN-VBKrypt.46592
Malwarebytes Backdoor.XenoRAT
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DIN24
Rising Backdoor.XenoRAT!1.F6EA (CLASSIC)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData MSIL.Trojan.PSE.13DA3Q2
AVG Win32:BackdoorX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.