Static | ZeroBOX

PE Compile Time

2024-08-21 14:56:39

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00005484 0x00005600 5.57048070293
.rsrc 0x00008000 0x00000240 0x00000400 4.9660813397
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00008058 0x000001e7 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
1  (u
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
System.IO
FileInfo
FileStream
Microsoft.VisualBasic.Devices
Computer
System.Net.Sockets
TcpClient
MemoryStream
Conversions
ToBoolean
System.Reflection
Assembly
GetEntryAssembly
get_Location
Exception
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
String
Concat
OpenSubKey
DeleteValue
ProjectData
SetProjectError
ClearProjectError
RuntimeHelpers
GetObjectValue
GetValue
RegistryValueKind
CreateSubKey
SetValue
DateTime
Operators
ConditionalCompareObjectEqual
ToString
Environment
get_MachineName
get_UserName
FileSystemInfo
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
Microsoft.VisualBasic
Strings
CompareMethod
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
GetValueNames
get_Length
Convert
ToBase64String
FromBase64String
System.Text
Encoding
get_UTF8
GetBytes
GetString
System.IO.Compression
GZipStream
Stream
CompressionMode
set_Position
BitConverter
ToInt32
Dispose
IntPtr
op_Equality
op_Explicit
Interaction
Environ
Conversion
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
DirectoryInfo
get_Name
ToLower
CompareString
get_Directory
get_Parent
get_LocalMachine
AppWinStyle
Delete
DeleteSubKey
EndApp
System.Threading
Thread
Exists
FileMode
ReadAllBytes
System.Diagnostics
Process
EnvironmentVariableTarget
SetEnvironmentVariable
System.Net
WebClient
System.Drawing
Graphics
Bitmap
Rectangle
ConcatenateObject
get_Chars
ToArray
DownloadData
GetTempFileName
WriteAllBytes
get_Message
NewLateBinding
LateSet
LateCall
Boolean
LateGet
CompareObjectEqual
OrObject
System.Windows.Forms
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
Cursors
get_Default
get_Position
ToInteger
DrawImage
ImageFormat
get_Jpeg
WriteByte
RuntimeTypeHandle
GetTypeFromHandle
ChangeType
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
GetCurrentProcess
get_Handle
Monitor
Socket
get_Client
SocketFlags
set_ReceiveBufferSize
set_SendBufferSize
set_SendTimeout
set_ReceiveTimeout
Connect
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
Receive
ParameterizedThreadStart
Command
ThreadStart
SessionEndingEventArgs
SessionEndingEventHandler
SystemEvents
add_SessionEnding
Application
DoEvents
set_MinWorkingSet
ConditionalCompareObjectNotEqual
CompilerGeneratedAttribute
DebuggerStepThroughAttribute
STAThreadAttribute
StringBuilder
GetProcessById
get_MainWindowTitle
DateAndTime
get_Now
get_ProcessName
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
get_CtrlKeyDown
Remove
avicap32.dll
kernel32
user32.dll
user32
mscorlib
lastcap
.cctor
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetForegroundWindow
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
Plugin
CompDir
connect
_Lambda$__1
_Lambda$__2
LastAV
LastAS
lastKey
ToUnicodeEx
GetKeyboardState
MapVirtualKey
GetWindowThreadProcessId
GetKeyboardLayout
GetAsyncKeyState
VKCodeToUnicode
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
xadefg
SGFjS2Vk
server.exe
200f0836c6467e8bf5e81989c24c99da
troia23.ddns.net
Software\Microsoft\Windows\CurrentVersion\Run
Software\
yy-MM-dd
??-??-??
Microsoft
Windows
SystemDrive
netsh firewall delete allowedprogram "
Software
cmd.exe /c ping 0 -n 2 & del "
SEE_MASK_NOZONECHECKS
netsh firewall add allowedprogram "
" ENABLE
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
yy/MM/dd
[ENTER]
Antivirus Signature
Bkav W32.FamVT.binANHb.Worm
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Generic.TRFH5
Skyhigh BehavesLike.Win32.BackdoorNJRat.mm
ALYac Generic.MSIL.Bladabindi.FA2779B3
Cylance Unsafe
Zillya Trojan.Disfa.Win32.27264
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
Alibaba Clean
K7GW Trojan ( 700000121 )
Cybereason malicious.4f0dcd
Baidu MSIL.Backdoor.Bladabindi.a
VirIT Backdoor.Win32.Generic.AWM
Paloalto Clean
Symantec Backdoor.Ratenjay
Elastic Windows.Trojan.Njrat
ESET-NOD32 a variant of MSIL/Bladabindi.AS
APEX Malicious
Avast MSIL:Agent-DRD [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.MSIL.Bladabindi.FA2779B3
NANO-Antivirus Trojan.Win32.Disfa.dtznyx
ViRobot Backdoor.Win32.Bladabindi.Gen.A
MicroWorld-eScan Generic.MSIL.Bladabindi.FA2779B3
Tencent Trojan.Msil.Bladabindi.za
TACHYON Clean
Sophos Troj/DotNet-P
F-Secure Trojan.TR/Dropper.Gen7
DrWeb Trojan.DownLoader23.25967
VIPRE Generic.MSIL.Bladabindi.FA2779B3
TrendMicro BKDR_BLADABI.SMC
McAfeeD Real Protect-LS!47713554F0DC
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.47713554f0dcd00a
Emsisoft Trojan.Bladabindi (A)
huorong Backdoor/Bladabindi.e
GData MSIL.Backdoor.Bladabindi.AV
Jiangmin TrojanDropper.Autoit.dce
Webroot W32.Backdoor.Gen
Varist W32/MSIL_Bladabindi.AU.gen!Eldorado
Avira TR/Dropper.Gen7
Antiy-AVL Trojan[Backdoor]/MSIL.Bladabindi.as
Kingsoft malware.kb.c.1000
Gridinsoft Clean
Xcitium Backdoor.MSIL.Bladabindi.A@566ygc
Arcabit Generic.MSIL.Bladabindi.FA2779B3
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Backdoor:MSIL/Bladabindi
Google Detected
AhnLab-V3 Win-Trojan/Zbot.24064
Acronis suspicious
McAfee Trojan-FIGN
MAX malware (ai score=86)
VBA32 Trojan.MSIL.Bladabindi.Heur
Malwarebytes Generic.Malware.AI.DDS
Panda Generic Malware
Zoner Clean
TrendMicro-HouseCall BKDR_BLADABI.SMI
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Yandex Trojan.AvsMofer.dd6520
Ikarus Trojan.MSIL.Bladabindi
Fortinet MSIL/Bladabindi.AS!tr
BitDefenderTheta Gen:NN.ZemsilF.36812.bmW@ai!!rNj
AVG MSIL:Agent-DRD [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Backdoor:Win/Bladabindi.N(dyn)
No IRMA results available.