popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-09-13 02:14:10

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00087374 0x00087400 4.40267446998
.rsrc 0x0008a000 0x00000240 0x00000400 4.97613563835
.reloc 0x0008c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0008a058 0x000001e7 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
I am virus! Fuck You :-)
pn'8B
.8O#;
pn'8;
  s;
v4.0.30319
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyFileVersionAttribute
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
System.CodeDom.Compiler
GeneratedCodeAttribute
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
Microsoft.VisualBasic.Devices
Computer
System.Diagnostics
DebuggerHiddenAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
Microsoft.VisualBasic
HideModuleNameAttribute
MyGroupCollectionAttribute
RuntimeHelpers
GetObjectValue
Equals
GetHashCode
RuntimeTypeHandle
GetTypeFromHandle
ToString
Activator
CreateInstance
CompilerGeneratedAttribute
ThreadStaticAttribute
m_ThreadStaticValue
get_GetInstance
System.ComponentModel.Design
HelpKeywordAttribute
DebuggerNonUserCodeAttribute
System.Resources
ResourceManager
System.Globalization
CultureInfo
ReferenceEquals
Assembly
get_Assembly
System.Windows.Forms
DesignerGeneratedAttribute
MulticastDelegate
IAsyncResult
AsyncCallback
IContainer
KeyEventArgs
KeyEventHandler
Control
add_KeyDown
EventArgs
EventHandler
add_Load
IDisposable
Dispose
DebuggerStepThroughAttribute
Container
SuspendLayout
System.Drawing
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
get_Aqua
set_BackColor
set_ClientSize
set_ControlBox
FormBorderStyle
set_FormBorderStyle
set_KeyPreview
set_Name
set_Opacity
set_ShowInTaskbar
FormStartPosition
set_StartPosition
set_Text
FormWindowState
set_WindowState
ResumeLayout
IntPtr
get_KeyData
BringToFront
Activate
set_Handled
FormClosedEventArgs
FormClosingEventArgs
CloseReason
get_CloseReason
CancelEventArgs
set_Cancel
Exception
op_Explicit
op_Equality
Marshal
ReadInt32
ProjectData
SetProjectError
ClearProjectError
CreateParams
get_CreateParams
get_ClassStyle
set_ClassStyle
Process
GetCurrentProcess
get_MainWindowHandle
GetProcesses
op_Inequality
get_Handle
Application
DoEvents
System.IO
GetTempPath
String
Concat
Exists
ProcessModule
get_MainModule
get_ModuleName
get_Fuchsia
set_MaximizeBox
set_MinimizeBox
set_ShowIcon
set_TransparencyKey
StreamWriter
Environment
get_UserName
Operators
CompareString
SystemInformation
get_ComputerName
Microsoft.VisualBasic.MyServices
FileSystemProxy
ServerComputer
get_FileSystem
OpenTextFileWriter
TextWriter
WriteLine
PictureBox
DebuggerBrowsableAttribute
DebuggerBrowsableState
AccessedThroughPropertyAttribute
ISupportInitialize
BeginInit
DockStyle
set_Dock
set_Location
set_Size
PictureBoxSizeMode
set_SizeMode
set_TabIndex
set_TabStop
get_Black
ControlCollection
get_Controls
EndInit
Stopwatch
set_TopMost
ToInt64
get_Audio
Interaction
Environ
get_ElapsedMilliseconds
RuntimeFieldHandle
InitializeArray
CreateProjectError
System.Timers
ElapsedEventArgs
GetProcessesByName
System.Threading
Thread
ElapsedEventHandler
add_Elapsed
set_Enabled
ThreadStart
System.Collections.Generic
List`1
System.Text
StringBuilder
NewLateBinding
LateGet
ConditionalCompareObjectEqual
Conversions
ToInteger
get_Capacity
GetProcessById
get_ProcessName
ToLower
Strings
Remove
get_Count
get_Item
Monitor
ToArray
EndApp
FlagsAttribute
SizeOf
StringToCoTaskMemAuto
FreeCoTaskMem
Finalize
AllocCoTaskMem
StructureToPtr
AppWinStyle
get_FileName
GetFullPath
get_MainWindowTitle
get_Id
FileAttributes
get_ExecutablePath
Contains
RuntimeEnvironment
GetRuntimeDirectory
GetEnvironmentVariable
SpecialFolder
GetFolderPath
GetAttributes
DirectoryInfo
System.Security.AccessControl
DirectorySecurity
ObjectSecurity
SetAccessRuleProtection
SetAccessControl
IEnumerator`1
GetFileNameWithoutExtension
SpecialDirectoriesProxy
get_SpecialDirectories
get_Programs
System.Collections.ObjectModel
ReadOnlyCollection`1
GetFiles
GetEnumerator
get_Current
System.Collections
IEnumerator
MoveNext
Microsoft.Win32
RegistryKey
Registry
CurrentUser
OpenSubKey
LocalMachine
GetValueNames
GetValue
Replace
CompareMethod
DeleteValue
Random
MoveFile
WriteAllText
FileSystem
FreeFile
OpenMode
OpenAccess
OpenShare
FileOpen
System.Security.Principal
WindowsIdentity
WindowsPrincipal
GetCurrent
WindowsBuiltInRole
IsInRole
ProcessThread
ProcessThreadCollection
get_Threads
ReadOnlyCollectionBase
System.Net.Sockets
TcpClient
FileStream
FileInfo
MemoryStream
ToBoolean
GetEntryAssembly
get_Location
SessionEndingEventArgs
get_Length
VBMath
Randomize
get_Chars
Rectangle
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
Cursor
set_Position
Encoding
get_UTF8
GetString
get_Name
get_Directory
get_Parent
Boolean
AppDomain
get_CurrentDomain
get_BaseDirectory
GetFileName
System.Net
WebClient
DownloadString
IsNullOrEmpty
CopyFile
RegistryProxy
get_Registry
SetValue
Stream
set_ReceiveBufferSize
set_SendBufferSize
Socket
get_Client
set_SendTimeout
set_ReceiveTimeout
Connect
Convert
FromBase64String
get_CurrentUser
ToBase64String
GetObject
IEnumerable
Conversion
System.IO.Compression
GZipStream
CompressionMode
LateCall
ChangeType
LateSet
SubtractObject
BitConverter
ToInt32
ExpandEnvironmentVariables
ProcessStartInfo
Graphics
SolidBrush
System.Drawing.Drawing2D
GraphicsPath
LinearGradientBrush
ColorBlend
MessageBoxButtons
MessageBoxIcon
Bitmap
CreateSubKey
Create
Delete
set_UseShellExecute
set_FileName
set_WorkingDirectory
set_Verb
SystemIcons
get_Error
get_Warning
get_Information
get_WinLogo
get_Shield
get_Application
FromHdc
DrawIcon
LineCap
set_StartCap
set_EndCap
FromArgb
set_Color
set_Width
DrawBezier
get_Yellow
get_Red
FillEllipse
AddArc
FillPath
get_Orange
get_Green
get_Blue
get_Indigo
get_Violet
set_Colors
Single
set_Positions
set_InterpolationColors
FillRectangle
WriteAllBytes
FromFile
set_Image
DialogResult
MessageBox
CreateObject
RegistryValueKind
ConcatenateObject
DownloadData
NewGuid
get_Message
CompareObjectEqual
OrObject
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
get_Position
Cursors
get_Default
DrawImage
ImageFormat
get_Jpeg
WriteByte
FileSystemInfo
get_FullName
DateTime
get_MachineName
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
OperatingSystem
get_OSVersion
get_ServicePack
RegistryKeyPermissionCheck
MsgBoxResult
MsgBoxStyle
MsgBox
FileMode
ReadAllBytes
SetAttributes
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
EnvironmentVariableTarget
SetEnvironmentVariable
GetExecutingAssembly
ToDouble
Command
SessionEndingEventHandler
SystemEvents
add_SessionEnding
set_MinWorkingSet
ConditionalCompareObjectNotEqual
get_LocalMachine
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Module
GetModules
GetTypes
EndsWith
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
SocketFlags
Receive
ParameterizedThreadStart
GetBytes
get_ProgramFiles
Directory
GetLogicalDrives
Format
get_StartInfo
set_RedirectStandardOutput
set_RedirectStandardError
WaitForExit
DeleteSubKey
DateAndTime
get_Now
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
get_CtrlKeyDown
STAThreadAttribute
ValueType
Application.exe
user32.dll
user32
kernel32.dll
kernel32
wintrust.dll
avicap32.dll
KERNEL32.DLL
winmm.dll
gdi32.dll
ntdll.dll
mscorlib
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Resources
LowLevelKeyboardProc
frmSustos
MBRSlayer
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=512
AntiTaskManager
NoTska
EnumWindProc
EnumChildWindProc
Persistence
MyAntiProcess
BotKillers
ThreadAccess
WinTrustDataUIChoice
WinTrustDataRevocationChecks
WinTrustDataChoice
WinTrustDataStateAction
WinTrustDataProvFlags
WinTrustDataUIContext
WinTrustFileInfo
WinTrustData
WinVerifyTrustResult
WinTrust
TernaryRasterOperations
GetWindow_Cmd
spredusb
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_User
get_WebServices
GetType
Create__Instance__
instance
Dispose__Instance__
resourceMan
resourceCulture
get_ResourceManager
get_Culture
set_Culture
components
keyPressAltF4
KEYEVENTF_EXTENDEDKEY
KEYEVENTF_KEYUP
VK_LWIN
WH_KEYBOARD_LL
WM_KEYUP
_hookID
WM_SYSCOMMAND
SC_MINIMIZE
disposing
InitializeComponent
Form1_KeyDown
sender
Form1_FormClosed
Form1_FormClosing
HookCallback
wParam
lParam
FindWindow
lpClassName
lpWindowName
ShowWindow
nCmdShow
SendMessage
SendMessageA
IsIconic
Form1_Load
CallNextHookEx
keybd_event
dwFlags
dwExtraInfo
GetModuleHandle
lpModuleName
SetHook
SetWindowsHookEx
idHook
dwThreadId
UnhookWindowsHookEx
unfuck
value__
Normal
ShowMinimized
ShowMaximized
ShowNoActivate
Minimize
ShowMinNoActive
ShowNA
Restore
ShowDefault
ForceMinimize
TargetObject
TargetMethod
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
Form2_Load
_PictureBox1
get_PictureBox1
set_PictureBox1
WithEventsValue
SetWindowPos
hWndInsertAfter
wFlags
MakeTopMostWindow
MakeTopMostFlag
frmSustos_Load
MouseThread
SRCCOPY
BinaryPath
_appMutex
DisKey
PasteE
PASTEBIN
SCHEDNAME
ANYRUN
Bypass
TaskMGR
SCREAM
WINMIN
Anti_CH
USB_SP
lastcap
BOT_KILL
HIDE_ME
Persis
MSGSYM
_Lambda__1
_Lambda__2
lparam
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
CompDir
connect
GetForegroundWindow
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetAntiVirus
GetWindowTextLength
GetWindowTextLengthA
mciSendString
command
buffer
bufferSize
hwndCallback
ReleaseDC
CreateSolidBrush
crColor
PatBlt
nXLeft
nYLeft
nWidth
nHeight
BitBlt
hdcDest
nXDest
nYDest
hdcSrc
StretchBlt
nXOriginDest
nYOriginDest
nWidthDest
nHeightDest
nXOriginSrc
nYOriginSrc
nWidthSrc
nHeightSrc
GetDesktopWindow
GetWindowDC
SelectObject
hgdiobj
DeleteObject
objectHandle
FindWindowEx
parentHandle
childAfter
lclassName
windowTitle
PostMessageW
NtRaiseHardError
ErrorStatus
NumberOfParameters
UnicodeStringParameterMask
Parameters
ValidResponseOption
Response
RtlAdjustPrivilege
Privilege
bEnablePrivilege
IsThreadPrivilege
PreviousValue
REGOTE
APPDATAO
checksubkey
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
Plugin
GenericWrite
GenericExecute
GenericAll
FileShareRead
FileShareWrite
OpenExisting
FileFlagDeleteOnClose
MbrSize
CreateFile
lpFileName
dwDesiredAccess
dwShareMode
lpSecurityAttributes
dwCreationDisposition
dwFlagsAndAttributes
hTemplateFile
WriteFile
lpBuffer
nNumberOfBytesToWrite
lpNumberBytesWritten
lpOverlapped
41015515FDF9CAD4120589A259F0432255E675A31A84D74A7E1201F72BA5D5CC
ComputeStringHash
Handler
EnableWindow
bEnable
GetWindowThreadProcessId
lpdwProcessID
GetClassName
GetClassNameA
nMaxCount
lpString
EnumChildWindows
lpEnumFunc
EnumChild
protect
GetChild
Startup
ProccessKilled
Startupkilled
IsWindowVisible
RunStandardBotKiller
ScanProcess
IsFileMalicious
fileloc
KillFile
location
WindowIsVisible
RunStartupKiller
StartupFucker
regkey
RemoveKey
reglocation
FileLocation
DestroyFile
IsAdmin
AllowAccess
TerminateProcessPath
TerminateProcess
CloseHandle
hHandle
OpenThread
bInheritHandle
SuspendThread
hThread
TerminateThread
dwExitCode
DIRECT_IMPERSONATION
GET_CONTEXT
IMPERSONATE
QUERY_INFORMATION
SET_CONTEXT
SET_INFORMATION
SET_THREAD_TOKEN
SUSPEND_RESUME
TERMINATE
NoGood
WholeChain
Catalog
Signer
Certificate
Ignore
Verify
AutoCache
AutoCacheFlush
UseIe4TrustFlag
NoIe4ChainFlag
NoPolicyUsageFlag
RevocationCheckNone
RevocationCheckEndCert
RevocationCheckChain
RevocationCheckChainExcludeRoot
SaferFlag
HashOnlyFlag
UseDefaultOsverCheck
LifetimeSigningFlag
CacheOnlyUrlRetrieval
Execute
Install
StructSize
pszFilePath
pgKnownSubject
_filePath
PolicyCallbackData
SIPClientData
UIChoice
RevocationChecks
UnionChoice
FileInfoPtr
StateAction
StateData
URLReference
ProvFlags
UIContext
_fileName
Success
ProviderUnknown
ActionUnknown
SubjectFormUnknown
SubjectNotTrusted
INVALID_HANDLE_VALUE
WINTRUST_ACTION_GENERIC_VERIFY_V2
WinVerifyTrust
pgActionID
pWVTData
VerifyEmbeddedSignature
fileName
SRCPAINT
SRCAND
SRCINVERT
SRCERASE
NOTSRCCOPY
NOTSRCERASE
MERGECOPY
MERGEPAINT
PATCOPY
PATPAINT
PATINVERT
DSTINVERT
BLACKNESS
WHITENESS
GW_HWNDFIRST
GW_HWNDLAST
GW_HWNDNEXT
GW_HWNDPREV
GW_OWNER
GW_CHILD
GW_ENABLEDPOPUP
LastAS
LastAV
lastKey
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
MapVirtualKey
ToUnicodeEx
VKCodeToUnicode
WebServices
GetInstance
Culture
PictureBox1
MyTemplate
11.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
15.0.0.0
PictureBox1
My.Computer
My.Application
My.User
My.WebServices
WrapNonExceptionThrows
Filter Manager Control Program
Microsoft Corporation
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
K.G.B - Burhan Alassad
$90B374FE-FD53-475C-8400-3728A6334147
10.0.22621.1
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
AOZbipw
Resources
\select.dat
USER-PC
sand.dat
PictureBox1
frmSustos
\scream.wav
\\.\PhysicalDrive0
taskmgr
ToInt32
processhacker
process explorer
procexp64
procexp32
button
static
directuihwnd
procexp
SbieCtrl
SpyTheSpy
wireshark
apateDNS
IPBlocker
TiGeR-Firewall
smsniff
exeinfoPE
NetSnifferCs
Sandboxie Control
CodeReflect
Reflector
VGAuthService
VBoxService
{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}
TASKKILL /F /IM wscript.exe
TASKKILL /F /IM cmd.exe
malware
Google.com
Microsoft.com
wscript
USERPROFILE
Software\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\RunOnce\
\Startup
ChromeUpdate
MoUsoCoreWorker.exe
Wireshark.exe
svchost.exe
167.71.14.135
Software\Microsoft\Windows\CurrentVersion\Run
VmljdGlt
WhyYouReverseMe..ImInnocent..LoveYouu..
Platinum
|Ghost|
Disabled
vbCritical
System Error
The system has detected that some files are missing or corrupted. Please update your system to ensure all necessary files are present. Error Code: 0x80070002
abcdefghijklmnopqrstuvwxyz
attrib +h "
taskkill /f im
schtasks /delete /tn "
schtasks /create /sc minute /mo 1 /tn "
" /tr
\$77KGB.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Windows\system32\userinit.exe,
\dllhost.exe
Software\
Select * From AntiVirusProduct
winmgmts:\\.\root\SecurityCenter2
ExecQuery
displayName
SystemDrive
Dispose
Position
Length
%Current%
persis
UACbyp
checkin
schedtasks
unschedtasks
spreadusbme
restartme
shutdowm
FuckMBR
FuckMBRNR
mirror
Invert
Flashbang
LightsOut
lockon
lockoff
rainbow
sysicos
icocrazy
spooky
gradient
newmouse
OpenCD
CloseCD
MonitorON
MonitorOFF
HideTask
ShowTask
HideDesk
ShowDesk
PermisaoFrmTerrror
EnviarImagemTerrorrr
EnviarImagemScreammm
SoundUp
Speech
DisWMM
NoSCRM
%SystemRoot%\system32\mmc.exe
"%1" %*
Software\Classes\mscfile\shell\open\command
eventvwr.exe
C://win.dat
Check: You have admin rights.
denied
Check: You have no admin rights.
schtasks /create /sc minute /mo 1 /tn
schtasks /delete /tn
shutdown -r -t 00 -f
shutdown -s -t 00 -f
C://test.txt
MBR Overwritten, Victim rebooted.
cmd /c start shutdown /r /f /t 3
Can't overwrite MBR. (No admin)
MBR Overwritten.
select.dat
set CDAudio door open
set CDAudio door closed
Shell_TrayWnd
Progman
ChamaFrmTerrorrr
Question
Warning
YesNoCancel
OKCancel
RetryCancel
AbortRetryCancel
SAPI.spvoice
Shutdown
/s /t 00
/r /t 00
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
yy-MM-dd
??-??-??
Microsoft
Windows
Enabled
obito.txt
nothing
vbInformation
vbExclamation
vbQuestion
/C choice /C Y /N /D Y /T 5 & Del "
cmd.exe
SEE_MASK_NOZONECHECKS
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
WriteLine
[InternetShortcut]
URL=file:///
IconIndex=17
IconFile=C:\Windows\system32\SHELL32.dll
\Microsoft\Windows\Themes\testW.exe
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAGhyug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g=W4gRE9TIG1vZGUuDQ0KJAAAAAAAAABvIWlTK0AHACtABwArQAcA+DIBASpABwD4MgYBJkAHACtABgB0QAcAqjkPAS1ABwCqOfgAKkAHACtAkAAqQAcAqjkFASpABwBS=WNoK0AHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQA8vlTYwAAAAAAAAAA4AACAQsBDh8ADgAAAHYCAAAAAAAEFwAAABAAAAAgAAAAAEAAABAAAAACAAAGAAAAAAAAAAYAAAAAAAAAALACAAAEAAAAAAAAAgBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhDkAAIwAAAAAQAAAgFUCAAAAAAAAAAAAAAAAAAAAAAAAoAIA7AAAAFA4AAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABsDAAAABAAAAAOAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnBwAAAAgAAAAHgAAABIAAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAAIBVAgAAQAAAAFYCAAAwAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAADsAAAAAKACAAACAAAAhgIAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Classes
Classes\ms-settings
Classes\ms-settings\shell
Classes\ms-settings\shell\open
Classes\ms-settings\shell\open\command
DelegateExecute
/c start computerdefaults.exe
\Microsoft\Windows\Themes\SEFAS.exe
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAGhyug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g=W4gRE9TIG1vZGUuDQ0KJAAAAAAAAABvgWhTK+AGACvgBgAr4AYA+JIAASrgBgD4kgcBJuAGACvgBwB24AYAqpkOAS3gBgCqmfkAKuAGACvgkQAq4AYAqpkEASrgBgBS=WNoK+AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQA7flTYwAAAAAAAAAA4AACAQsBDh8ACgAAACYAAAAAAABnFwAAABAAAAAgAAAAAEAAABAAAAACAAAGAAAAAAAAAAYAAAAAAAAAAGAAAAAEAAAAAAAAAgBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAArCMAAHgAAAAAMAAAOBgAAAAAAAAAAAAAAAAAAAAAAAAAUAAAsAAAAHgiAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAADYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABmCAAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAATAgAAAAgAAAACgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAADgYAAAAMAAAABoAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAACwAAAAAFAAAAACAAAAMgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
scream.wav
schtasks.exe /delete /tn "{0}" /f
/c {0}
Software
cmd.exe /c ping 0 -n 2 & del "
yy/MM/dd
[ENTER]
{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Bladabindi.4!c
Elastic Windows.Trojan.Njrat
Cynet Clean
CTX exe.trojan.msil
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Generic.ht
ALYac Generic.KillMBR.B.406241DA
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Generic.KillMBR.B.406241DA
K7GW Trojan ( 700000121 )
K7AntiVirus Trojan ( 700000121 )
huorong Backdoor/Bladabindi.e
VirIT Trojan.Win32.MSIL_Heur.B
Symantec Backdoor.Ratenjay
tehtris Clean
ESET-NOD32 a variant of MSIL/Bladabindi.BB
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Ursu-9784017-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Generic.KillMBR.B.406241DA
Tencent Trojan.Win32.Bladabindi.16000442
Sophos Mal/Agent-ATK
F-Secure Trojan.TR/Dropper.Gen2
DrWeb BackDoor.BladabindiNET.27
VIPRE Generic.KillMBR.B.406241DA
McAfeeD Real Protect-LS!AA9E75E91B3A
Trapmine malicious.moderate.ml.score
CMC Clean
Emsisoft Generic.KillMBR.B.406241DA (B)
Ikarus Trojan.MSIL.Bladabindi
FireEye Generic.mg.aa9e75e91b3ac6ad
Jiangmin TrojanDropper.Autoit.dce
Webroot W32.Malware.Gen
Varist W32/MSIL_Kryptik.JOV.gen!Eldorado
Avira TR/Dropper.Gen2
Antiy-AVL Clean
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.NjRat.tr
Xcitium Clean
Arcabit Generic.KillMBR.B.D632E1DA
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Backdoor:MSIL/Bladabindi!atmn
Google Detected
AhnLab-V3 Trojan/Win32.RL_Generic.C4309000
Acronis Clean
VBA32 Dropper.MSIL.gen
TACHYON Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Bladabindi.BA!tr
DeepInstinct MALICIOUS
alibabacloud RansomWare:MSIL/Bladabindi.AS
No IRMA results available.