popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2095-01-23 08:20:26

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005e44 0x00006000 5.70761887037
.rsrc 0x00008000 0x000005ae 0x00000600 4.09143081212
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000080a0 0x00000324 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000083c4 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>c__DisplayClass2_0
<>c__DisplayClass4_0
<>c__DisplayClass5_0
<>c__DisplayClass7_0
<>9__8_0
<StartMainAppAsync>b__8_0
<>c__DisplayClass8_0
<CheckForUpdateAsync>b__0
<HashStringAsync>b__0
<AddToStartupByStartupFolderAsync>b__0
<AddToStartupByRegistryAsync>b__0
<IsRunningFromTemp>b__0
<CheckAndRestoreStartup>b__0
<MonitorProcess>d__0
<>9__4_1
<CheckForUpdateAsync>b__4_1
<>c__DisplayClass7_1
<>8__1
<StartMainAppAsync>b__1
<CheckAndRestoreStartup>b__1
<>u__1
Func`1
IEnumerable`1
Task`1
Action`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
List`1
0xb11a1
<>7__wrap1
Microsoft.Win32
<>9__4_2
<CheckForUpdateAsync>b__4_2
<hashedHWID>5__2
<webClient>5__2
<StartMainAppAsync>b__2
<CheckAndRestoreStartup>b__2
<>u__2
Func`2
KeyValuePair`2
Dictionary`2
<>7__wrap2
<CheckAndRestoreStartup>b__3
<SendDataLoop>d__3
<>u__3
<>7__wrap3
_VtblGap1_4
<CheckForUpdateAsync>d__4
<AddToStartupByRegistryAsync>d__4
_VtblGap2_5
<updatePath>5__5
<GetFileLinkAsync>d__5
<AddToStartupByStartupFolderAsync>d__5
SHA256
<webClient>5__6
<SendDataAsync>d__6
<Main>d__6
<RestoreAutoSetup>d__6
<StartCheckerAsync>d__7
<CheckAndRestoreStartup>d__7
get_UTF8
<HashStringAsync>d__8
<StartMainAppAsync>d__8
_VtblGap1_9
<GetLocalIPAddress>d__9
<Module>
<Main>
SVdzaFNoZWxsM0FB
Q2xpZW50QUFB
SVdzaFNob3J0Y3V0QUFB
SVdzaFNoZWxsQUFB
QXV0b1NldHVwQUFB
UHJvZ3JhbUFB
SVdzaFNoZWxsMkFB
V3NoU2hlbGxB
GetTypeFromCLSID
System.IO
mscorlib
System.Collections.Generic
GetHWIDAsync
SendDataAsync
CheckForUpdateAsync
HashStringAsync
ReadAsStringAsync
GetStringAsync
GetFileLinkAsync
DownloadFileTaskAsync
StartMainAppAsync
AddToStartupByStartupFolderAsync
StartCheckerAsync
PostAsync
AddToStartupByRegistryAsync
AwaitUnsafeOnCompleted
get_IsCompleted
NewGuid
Append
VPNAgentService
CreateInstance
get_IsSuccessStatusCode
set_Mode
PaddingMode
CipherMode
HttpResponseMessage
Enumerable
IDisposable
HideFile
get_MainModule
ProcessModule
get_FileName
GetFileName
get_MachineName
checkerExeName
exeName
get_FullName
processName
GetHostName
GetProcessesByName
randomKeyName
GetDirectoryName
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
System.Core
Dispose
Create
<>1__state
Delete
DispIdAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
TypeIdentifierAttribute
CompilationRelaxationsAttribute
CoClassAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
DeleteValue
SetValue
IDSM.exe
set_Padding
Encoding
IsProcessRunning
System.Runtime.Versioning
FromBase64String
ToString
GetString
ForEach
ComputeHash
out_Path
filePath
updatePath
currentExePath
GetTempPath
tempPath
startupFolderPath
GetFolderPath
get_TargetPath
set_TargetPath
checkerTargetPath
targetPath
randomShortcutPath
StartsWith
TransformFinalBlock
PathLink
get_Task
Marshal
WhenAll
serverUrl
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
TimeSpan
AppDomain
get_CurrentDomain
GetExtension
GetFileNameWithoutExtension
currentVersion
get_Location
Action
System.Reflection
SetException
StringComparison
FileInfo
FileSystemInfo
ProcessStartInfo
DirectoryInfo
IsRunningFromTemp
SendDataLoop
System.Net.Http
RestoreAutoSetup
CheckAndRestoreStartup
System.Linq
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
AsyncTaskMethodBuilder
StringBuilder
<>t__builder
SpecialFolder
CurrentUser
TaskAwaiter
GetAwaiter
Activator
.cctor
CreateDecryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetFiles
GetValueNames
get_Attributes
set_Attributes
FileAttributes
FromMinutes
GetBytes
System.Threading.Tasks
Equals
Contains
StringSplitOptions
MonitorProcess
GetLocalIPAddress
System.Net.Sockets
set_Arguments
Exists
Concat
Object
System.Net
FromResult
GetResult
SetResult
WebClient
HttpClient
client
Environment
get_Content
FormUrlEncodedContent
HttpContent
Convert
ToList
get_AddressList
CreateShortcut
MoveNext
System.Text
shortcut_ex
set_Key
OpenSubKey
RegistryKey
System.Security.Cryptography
GetExecutingAssembly
get_AddressFamily
IWshRuntimeLibrary
get_BaseDirectory
CreateDirectory
IPHostEntry
GetHostEntry
Registry
IsNullOrEmpty
WrapNonExceptionThrows
VPNAgentService
Copyright
2024
d0-95c1-4eae819e8e3b
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
OProgram+<Main>d__6, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
\Program+<StartCheckerAsync>d__7, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
\Program+<StartMainAppAsync>d__8, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
kVPNAgentService.AutoSetup+<MonitorProcess>d__0, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
xVPNAgentService.AutoSetup+<AddToStartupByRegistryAsync>d__4, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
}VPNAgentService.AutoSetup+<AddToStartupByStartupFolderAsync>d__5, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
mVPNAgentService.AutoSetup+<RestoreAutoSetup>d__6, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
sVPNAgentService.AutoSetup+<CheckAndRestoreStartup>d__7, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
fVPNAgentService.Client+<SendDataLoop>d__3, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
mVPNAgentService.Client+<CheckForUpdateAsync>d__4, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
jVPNAgentService.Client+<GetFileLinkAsync>d__5, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
gVPNAgentService.Client+<SendDataAsync>d__6, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
iVPNAgentService.Client+<HashStringAsync>d__8, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
kVPNAgentService.Client+<GetLocalIPAddress>d__9, IDSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
$F935DC21-1CF0-11D0-ADB9-00C04FD58A0B
$24BE5A30-EDFE-11D2-B933-00104B365C9F
$41904400-BE18-11D3-A28B-00104BD35090
FullName
$F935DC23-1CF0-11D0-ADB9-00C04FD58A0B
ZSystem.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
tx!|)
a7ss8ax2y29FQbGWG9yIHdewZ8iUxpaMCUx7IvTcAKmGglMdhcPPKqLCnr
2A0EmLwS02k1h1ABIb0/wB4XXw2b1BlW
ghu1mVe1f8IpN89XV8aY+45OTVkNVaZk
yCxj917P4LU=
/8vGNPvzECmdS9nxwXQJcA==
dszElCLJAczj+1rDvSnwYLxGXECE/k6Sq4eLz+RbezwaSMoPlvSygjq4CiELMgIl
OTcW9PY0gEm9AkCL1qq3ilw7p+yzl92Abxyrc6aBdNf4HQxJbjJx3A==
PTASxm4oQTrT07HaZDkCrgtR/Pv7ocho80O5kdCflF4+4+eRlFM5sPi4aR6wTbUd
2A0EmLwS02lTRZ7jwLKddaGEFfD5Ec3L
2A0EmLwS02lTRZ7jwLKddRlZWxWFXVPV
VQEnXSSwhag=
Jls/1Dnwhqo=
+XhzxVIrSqk=
vkq4WYn7DZibymgFIP7RNEXZ5WeiewUq
YZEAtLr8Wi8=
oVEfWk80CXLUA+SN4FQjGQ==
Mf1bYj+fPYeu1Schbly22g==
Q19ZigUXrEA=
TTScNoA04gs=
eacgM5mwdHkttq74GYfJ0A==
n32OGSd2LaeeoRr64iZj1wZEHgqMaxOy
kMPXdXAC+AA=
43uxw+4IWXG21dz6rLRl5g==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
VPNAgentService
FileVersion
1.0.0.0
InternalName
IDSM.exe
LegalCopyright
Copyright
2024
LegalTrademarks
OriginalFilename
IDSM.exe
ProductName
VPNAgentService
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac IL:Trojan.MSILZilla.147204
Cylance Unsafe
Sangfor Trojan.Win32.Agent.Vec0
CrowdStrike win/malicious_confidence_90% (D)
Alibaba TrojanDropper:MSIL/Scrop.024739e9
K7GW Trojan ( 005baf951 )
K7AntiVirus Trojan ( 005baf951 )
huorong Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Agent.XCZ
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Clean
Kaspersky Clean
BitDefender IL:Trojan.MSILZilla.147204
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan IL:Trojan.MSILZilla.147204
Tencent Msil.Trojan-Dropper.Scrop.Dkjl
Sophos Mal/Generic-S
F-Secure Trojan.TR/AVI.Agent.aeanu
DrWeb Clean
Zillya Clean
TrendMicro Trojan.Win32.PRIVATELOADER.YXEI1Z
McAfeeD Real Protect-LS!F19C11A58219
Trapmine Clean
CTX exe.trojan.msil
Emsisoft IL:Trojan.MSILZilla.147204 (B)
Ikarus Trojan.MSIL.Agent
FireEye IL:Trojan.MSILZilla.147204
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist Clean
Avira TR/AVI.Agent.aeanu
Fortinet MSIL/Agent.XCZ!tr
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Ransom.Win32.Wacatac.sa
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D23F04
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Malware/Win.Generic.C5675615
Acronis Clean
McAfee Artemis!F19C11A58219
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXEI1Z
Rising Dropper.Scrop!8.EABB (TFE:dGZlOgzc0ZmlXSdKgQ)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData IL:Trojan.MSILZilla.147204
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[dropper]:MSIL/Scrop.gyf
No IRMA results available.