popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2051-06-08 21:28:59

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000db4 0x00000e00 5.24220839393
.rsrc 0x00004000 0x000005cc 0x00000600 4.12556376054
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004090 0x0000033c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000043dc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
cbReserved2
lpReserved2
<Module>
MEM_RESERVE
PROCESS_INFORMATION
STARTUPINFO
MEM_COMMIT
value__
DownloadData
mscorlib
lpThreadId
dwThreadId
dwProcessId
lpNumberOfBytesRead
CreateRemoteThread
hThread
lpReserved
lpTitle
lpApplicationName
lpCommandLine
ValueType
flAllocationType
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
LoadToBadXml.exe
dwXSize
dwYSize
dwStackSize
dwSize
System.Runtime.Versioning
kernel32.dll
LoadToBadXml
Program
System
lpNumberOfBytesWritten
lpProcessInformation
System.Reflection
Exception
lpStartupInfo
lpDesktop
lpBuffer
hStdError
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
bInheritHandles
lpThreadAttributes
lpProcessAttributes
dwCreationFlags
dwFlags
dwXCountChars
dwYCountChars
CreateProcess
hProcess
lpBaseAddress
lpAddress
lpStartAddress
Object
flProtect
System.Net
WebClient
lpEnvironment
hStdInput
hStdOutput
wShowWindow
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
lpCurrentDirectory
WrapNonExceptionThrows
LoadToBadXml
Copyright
2023
$77ef07cf-ff86-4cd8-be5d-c162f7438c2b
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
http://valseg.com.br/hgdhgfh/payload.bin
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
LoadToBadXml
FileVersion
1.0.0.0
InternalName
LoadToBadXml.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
LoadToBadXml.exe
ProductName
LoadToBadXml
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Stealer.12!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Gen:Variant.Zusy.537918
Cylance Unsafe
Zillya Downloader.Small.Win32.226745
Sangfor Downloader.Msil.Small.V50t
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanSpy:MSIL/Stealer.6c259213
K7GW Trojan-Downloader ( 005b134a1 )
K7AntiVirus Trojan-Downloader ( 005b134a1 )
huorong TrojanDownloader/MSIL.Small.hp
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.DCD
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Gen:Variant.Zusy.537918
NANO-Antivirus Trojan.Win32.Small.kijbai
ViRobot Trojan.Win.Z.Small.6144.HZC
MicroWorld-eScan Gen:Variant.Zusy.537918
Tencent Malware.Win32.Gencirc.13ffa0d9
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Small.kxxox
DrWeb Trojan.DownLoader46.50284
VIPRE Gen:Variant.Zusy.537918
TrendMicro TROJ_GEN.R002C0DJ524
McAfeeD ti!CB681E8AADB0
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Zusy.537918 (B)
Ikarus Trojan-Downloader.MSIL.Small
FireEye Generic.mg.24ffc25774a6e708
Jiangmin Clean
Webroot Clean
Varist W32/SmallTrojan.DK.gen!Eldorado
Avira TR/Dldr.Small.kxxox
Fortinet MSIL/Small.DCD!tr.dldr
Antiy-AVL Trojan[Downloader]/MSIL.Small
Kingsoft malware.kb.c.912
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Zusy.D8353E
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft Trojan:MSIL/Marsilia.SPCJ!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5580327
Acronis Clean
McAfee Artemis!24FFC25774A6
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.Heuristic.2052
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DJ524
Rising Stealer.Agent!8.C2 (CLOUD)
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.73709669.susgen
GData Gen:Variant.Zusy.537918
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:MSIL/Marsilia.SPCJ!MTB
No IRMA results available.