popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-10-15 20:56:35

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000014f4 0x00001600 5.01624327417
.rsrc 0x00004000 0x000004f0 0x00000600 3.74140396923
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000025c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004300 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
ProcessInject.exe
Program
Protection
ShellcodeDelegate
mscorlib
System
Object
MulticastDelegate
VirtualProtect
VirtualAllocExNuma
ExecuteShellcode
ShellcodeDecrypt
value__
PAGE_NOACCESS
PAGE_READONLY
PAGE_READWRITE
PAGE_WRITECOPY
PAGE_EXECUTE
PAGE_EXECUTE_READ
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_WRITECOPY
PAGE_GUARD
PAGE_NOCACHE
PAGE_WRITECOMBINE
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
lpAddress
dwSize
flNewProtect
lpflOldProtect
System.Runtime.InteropServices
OutAttribute
hProcess
flAllocationType
flProtect
nndPreferred
EncryptStr
object
method
callback
result
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
ProcessInject
DllImportAttribute
kernel32.dll
System.Diagnostics
Process
GetCurrentProcess
get_Handle
IntPtr
op_Explicit
UIntPtr
RuntimeTypeHandle
GetTypeFromHandle
Marshal
Delegate
GetDelegateForFunctionPointer
Convert
FromBase64String
System.Security.Cryptography
RijndaelManaged
SymmetricAlgorithm
set_Key
CipherMode
set_Mode
PaddingMode
set_Padding
ICryptoTransform
CreateDecryptor
TransformFinalBlock
System.Text
Encoding
get_UTF8
GetString
Exception
get_Message
Console
WriteLine
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
jsxlEmFE5nak99kkAknJIJvkGJ2g5jJ2
VVsK1HsKXenmYSs+fWj7ARaL/uTav6TVJK9MLpj8QkLoTjQ0SZ6KAV/OwX1qlIbebFH6Kaf0rZBnVtNoYcMLEj+pe0ClgaH7tEI9mB53FuWLbMDdbs8d6N0GS8R+xPKzTnuO64MIidMFhpjNotNNAZV4MqWWSIIanQHHUR6dn1PjIe3B7qcTB43euaAqD0iRenlxROQNYTEqUhNOjEPEcY52kjQIhVGAVfzlyMlVok72fOymgMA+nm/JqzX7TIet96SdUZBv89VKRl1Xwd6OkAmhVe7pCssWGKUlg9u/Q3kSh7lojTD3xqRC5+nF3CCWCCqPEJdiyGpeEmNcONeNfDyNf7+wPNtXYNwrzsVzcBazZ5xMsNIOX+s3A7SaccTJPweTBSBCnRzByI5D9ct5em93WkatdxPzJ1RZTSz9Jgmsa+mhpdWMS1+IR0/Jd1CMfZGpc90/zJRUaptUA5/TZIsN1q7tX+udyvzr+okIgq9Omrl3gIVsR9dsxGGey9up2iS+9b3vY3HZyvEbuqURtYQI40TOEYucLW0FvGzBuY6Aqbj5k1WDkQMMYKIxvUkTByfJ23xN00bvu6Tnk2HcRaHyQ2CEPDDFVWJmO/TJI9O6uq2UvnpBGz5o24wBPCQowV3c5L3w5J6h4aX5KTLHJax4+qJETPfbNeKPCQORBjUvn1Tt83uXyemyPKeMpUGfWs9L9NON53n/XwOh9jTiyrjNv2quIxOQb6usmjOh5S4tZQVqsCjq8vLWsriEXMpe5RGgPJxVeF3hX3gxGEJ3BASr1/vTtumR6SX38pIFZhGg6qcTrZhnucQXKwPYXtWBGUhzFoL+PAmBaVqVJC3NbjoJDHw6FWXra96amcZRldza7xQ3MUf0oKxKOv3tmWoKvM3ZlWXvLTys5uGBSsJVYw==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
ProcessInject.exe
LegalCopyright
OriginalFilename
ProcessInject.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.CobaltStrike.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac IL:Trojan.MSILZilla.29964
Cylance Unsafe
Zillya Trojan.ShellcodeRunner.Win32.1354
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005abe221 )
Alibaba Clean
K7GW Trojan ( 005abe221 )
huorong Trojan/MSIL.ShellLoader.p
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec Meterpreter
tehtris Clean
ESET-NOD32 a variant of MSIL/ShellcodeRunner.BJ
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.MSIL.CobaltStrike.gen
BitDefender IL:Trojan.MSILZilla.29964
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Shellcoderunner.8192.A
MicroWorld-eScan IL:Trojan.MSILZilla.29964
Tencent Msil.Trojan.Cobaltstrike.Swhl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Redcap.fcxzc
DrWeb BackDoor.Meterpreter.274
VIPRE IL:Trojan.MSILZilla.29964
TrendMicro Clean
McAfeeD Real Protect-LS!3559372C3860
Trapmine malicious.moderate.ml.score
CTX exe.trojan.msil
Emsisoft IL:Trojan.MSILZilla.29964 (B)
Ikarus Trojan.MSIL.Shellcoderunner
FireEye Generic.mg.3559372c3860d4a4
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist Clean
Avira TR/Redcap.fcxzc
Fortinet MSIL/ShellcodeRunner.BJ!tr
Antiy-AVL Trojan/MSIL.CobaltStrike
Kingsoft malware.kb.c.999
Gridinsoft Trojan.Win32.Shellcode.sa
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D750C
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.CobaltStrike.gen
Microsoft Trojan:MSIL/CobaltStrike.ACR!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5499995
Acronis Clean
McAfee Artemis!3559372C3860
TACHYON Clean
VBA32 Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Obfus/MSIL@AI.80 (RDM.MSIL2:WnCP9Lbyz827Kf8oEHjYQQ)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData IL:Trojan.MSILZilla.29964
AVG Win32:TrojanX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/ShellLoader.p
No IRMA results available.