popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2080-05-14 16:33:19

PDB Path

C:\Users\Administrator\Desktop\app\app\obj\Release\net48\WindowsFormsApp3.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005510 0x00005600 7.17914335661
.rsrc 0x00008000 0x000057f8 0x00005800 4.29941132338
.reloc 0x0000e000 0x0000000c 0x00000200 0.0776331623432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00008100 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0000c338 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0000c35c 0x0000035c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000c6c8 0x0000112a LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Form1_Load>b__4_0
<DownloadAndRunFilesAsync>d__1
<>u__1
<logk4Path>5__2
<urls>5__3
WindowsFormsApp3
<client>5__4
<i>5__5
<fileName>5__6
<savePath>5__7
<Module>
System.IO
mscorlib
set_Verb
DownloadFileTaskAsync
DownloadAndRunFilesAsync
Thread
Form1_Load
add_Load
AwaitUnsafeOnCompleted
get_IsCompleted
Synchronized
defaultInstance
set_AutoScaleMode
IDisposable
set_Visible
RuntimeTypeHandle
GetTypeFromHandle
set_Name
set_FileName
GetFileName
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
get_Culture
set_Culture
resourceCulture
ApplicationSettingsBase
Dispose
Create
EditorBrowsableState
set_WindowState
FormWindowState
<>1__state
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
UnverifiableCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
WindowsFormsApp3.exe
set_ClientSize
System.Threading
System.Runtime.Versioning
String
System.Drawing
get_LocalPath
GetFolderPath
EndsWith
progressBar1_Click
pictureBox1_Click
pictureBox3_Click
System.ComponentModel
ContainerControl
Program
System
resourceMan
set_ShowIcon
Application
System.Configuration
System.Globalization
SecurityAction
System.Reflection
SetException
StringComparison
CultureInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
set_ShowInTaskbar
AsyncVoidMethodBuilder
<>t__builder
SpecialFolder
sender
get_ResourceManager
EventHandler
System.CodeDom.Compiler
TaskAwaiter
GetAwaiter
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
WindowsFormsApp3.Form1.resources
DebuggingModes
WindowsFormsApp3.Properties
EnableVisualStyles
Settings
EventArgs
<>4__this
System.Threading.Tasks
System.Windows.Forms
System.Security.Permissions
Process
Exists
Object
System.Net
get_Default
SetCompatibleTextRenderingDefault
GetResult
SetResult
WebClient
Environment
InitializeComponent
SuspendLayout
ResumeLayout
MoveNext
set_MinimizeBox
set_MaximizeBox
set_ControlBox
get_Assembly
CreateDirectory
System.Security
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
WindowsFormsApp3
Copyright
2024
$6c20ca91-09b2-43f7-ae3c-ce5bc1f35a45
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8:
5WindowsFormsApp3.Form1+<DownloadAndRunFilesAsync>d__1
3System.Resources.Tools.StronglyTypedResourceBuilder
17.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
17.9.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADf
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
;:vu>:
)u`FqW
:|.f&g
~qq&y6
R_\<S>[
R_T<K>S
R_L<C>K
5Q$Y(U
\QDYHUQ
9EAeQU
,h,pe~
a_1s9{
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
$.' ",#
(7),01444'9=82<.342
!22222222222222222222222222222222222222222222222222
_ZX17[]
u>n^gX
276[,d
oGiFU>
N=NI~g}
^HivPX
%8I8&
,!2Jr`
&fv?YZ
f/3~}F
rNrQg,
O"p0t"6
C:\Users\Administrator\Desktop\app\app\obj\Release\net48\WindowsFormsApp3.pdb
SHA256
_CorExeMain
mscoree.dll
OOOmPPP
OOOm888
TTTgSSS
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!--
Windows,
requestedExecutionLevel
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
requestedExecutionLevel
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--
Windows,
Windows
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!--
Windows
DPI.
Windows Presentation Foundation (WPF)
DPI,
Windows Forms
.NET Framework
"EnableWindowsFormsHighDpiAutoResizing"
"true"
app.config.
https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation.-->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!--
Windows (Windows XP
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
WindowsFormsApp3.Properties.Resources
2C88E6B2@27
http://182.16.35.197/chfs/shared/Microsoft.WindowsAppRuntime.Bootstrap.dll
http://182.16.35.197/chfs/shared/ieproc.log
http://182.16.35.197/chfs/shared/Microsoft.exe
http://182.16.35.197/chfs/shared/tup.gif
pictureBox1.Image
pictureBox3.Image
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
WindowsFormsApp3
FileVersion
1.0.0.0
InternalName
WindowsFormsApp3.exe
LegalCopyright
Copyright
2024
LegalTrademarks
OriginalFilename
WindowsFormsApp3.exe
ProductName
WindowsFormsApp3
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Jalapeno.12582
Cylance Unsafe
Zillya Downloader.Agent.Win32.567876
Sangfor Downloader.Msil.Agent.Vc3k
CrowdStrike win/malicious_confidence_90% (W)
Alibaba TrojanDownloader:MSIL/DropperX.272a3c85
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
huorong TrojanDownloader/MSIL.Small.hm
Baidu Clean
VirIT Trojan.Win32.MSIL.GVU
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 MSIL/TrojanDownloader.Agent.QWE
APEX Clean
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Agent.gen
BitDefender Gen:Variant.Jalapeno.12582
NANO-Antivirus Trojan.Win32.Jalapeno.koxiqh
ViRobot Clean
MicroWorld-eScan Gen:Variant.Jalapeno.12582
Tencent Malware.Win32.Gencirc.1419e811
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Agent.junma
DrWeb Clean
VIPRE Gen:Variant.Jalapeno.12582
TrendMicro TROJ_GEN.R002C0DFQ24
McAfeeD ti!9D1C23CCB738
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Jalapeno.12582 (B)
Ikarus Trojan-Downloader.MSIL.Agent
FireEye Gen:Variant.Jalapeno.12582
Jiangmin Clean
Webroot W32.Dropper.Gen
Varist W32/ABTrojan.RJTJ-5143
Avira TR/Dldr.Agent.junma
Fortinet MSIL/Agent.QWE!tr.dldr
Antiy-AVL Clean
Kingsoft MSIL.Trojan-Downloader.Agent.gen
Gridinsoft Trojan.Win32.Kryptik.dd!n
Xcitium Malware@#1so0ry74j0931
Arcabit Trojan.Jalapeno.D3126
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.MSIL.Agent.gen
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Dropper/Win.DropperX-gen.C5623079
Acronis Clean
McAfee Artemis!2664B1BBE0A0
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Downloader.MSIL.Generic
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DFQ24
Rising Downloader.Agent!8.B23 (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.73433372.susgen
GData Gen:Variant.Jalapeno.12582
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:MSIL/Jalapeno.Gen
No IRMA results available.