popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2051-09-08 14:36:48

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000f80 0x00001000 5.24563701323
.rsrc 0x00004000 0x000005cc 0x00000600 4.12556376054
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004090 0x0000033c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000043dc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
cbReserved2
lpReserved2
FDsfsdgfdFDsfsdfdDFG34
<Module>
MEM_RESERVE
gfDHGFHGFHDGF
get_HGFDHDFGH
set_HGFDHDFGH
PROCESS_INFORMATION
STARTUPINFO
tETETETET
MEM_COMMIT
value__
DownloadData
mscorlib
lpThreadId
dwThreadId
dwProcessId
lpNumberOfBytesRead
CreateRemoteThread
hThread
lpReserved
<HGFDHDFGH>k__BackingField
lpTitle
lpApplicationName
lpCommandLine
ValueType
flAllocationType
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
LoadToBadXml.exe
dwXSize
dwYSize
dwStackSize
dwSize
Tdfdsf
System.Runtime.Versioning
kernel32.dll
LoadToBadXml
Program
System
lpNumberOfBytesWritten
lpProcessInformation
System.Reflection
Exception
lpStartupInfo
lpDesktop
lpBuffer
hStdError
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
bInheritHandles
lpThreadAttributes
lpProcessAttributes
dwCreationFlags
dwFlags
dwXCountChars
dwYCountChars
CreateProcess
hProcess
lpBaseAddress
lpAddress
lpStartAddress
Object
flProtect
System.Net
WebClient
lpEnvironment
Testtt
hStdInput
hStdOutput
wShowWindow
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
lpCurrentDirectory
:/w$Lw
WrapNonExceptionThrows
LoadToBadXml
Copyright
2023
$77ef07cf-ff86-4cd8-be5d-c162f7438c2b
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://paswo.org/tete/chicken.bin
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
LoadToBadXml
FileVersion
1.0.0.0
InternalName
LoadToBadXml.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
LoadToBadXml.exe
ProductName
LoadToBadXml
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Stealer.12!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Gen:Variant.Zusy.537918
Cylance Unsafe
Zillya Downloader.Small.Win32.227143
Sangfor Downloader.Msil.Small.V6la
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanSpy:MSIL/Stealer.acba9d86
K7GW Trojan-Downloader ( 005b134a1 )
K7AntiVirus Trojan-Downloader ( 005b134a1 )
huorong TrojanDownloader/MSIL.Small.hp
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.DCD
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Gen:Variant.Zusy.537918
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Marsilia.6656.X
MicroWorld-eScan Gen:Variant.Zusy.537918
Tencent Malware.Win32.Gencirc.1402934f
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Small.biklg
DrWeb Clean
VIPRE Gen:Variant.Zusy.537918
TrendMicro Clean
McAfeeD ti!99B5946A77E5
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Zusy.537918 (B)
Ikarus Trojan-Downloader.MSIL.Small
FireEye Generic.mg.cba34861991587d4
Jiangmin Clean
Webroot Clean
Varist W32/SmallTrojan.DK.gen!Eldorado
Avira TR/Dldr.Small.biklg
Fortinet MSIL/Small.DCD!tr.dldr
Antiy-AVL Trojan[Downloader]/MSIL.Small
Kingsoft malware.kb.c.995
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Zusy.D8353E
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft TrojanDownloader:MSIL/AtlantidaStealer.A!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5580327
Acronis Clean
McAfee Artemis!CBA348619915
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.Heuristic.2052
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Clean
Rising Stealer.Agent!8.C2 (CLOUD)
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Clean
GData Gen:Variant.Zusy.537918
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:MSIL/AtlantidaStealer.A!MTB
No IRMA results available.