popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2102-02-08 20:57:21

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000062a4 0x00006400 5.65821094492
.rsrc 0x0000a000 0x000005a6 0x00000600 4.08542174505
.reloc 0x0000c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000a0a0 0x0000031c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000a3bc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>c__DisplayClass0_0
<>c__DisplayClass2_0
<>c__DisplayClass4_0
<>c__DisplayClass5_0
<>c__DisplayClass7_0
<>c__DisplayClass8_0
<>c__DisplayClass9_0
<CheckForUpdateAsync>b__0
<HashStringAsync>b__0
<GetFileLinkAsync>b__0
<StartMainAppAsync>b__0
<AddToStartupByStartupFolderAsync>b__0
<StartCheckerAsync>b__0
<AddToStartupByRegistryAsync>b__0
<IsRunningFromTemp>b__0
<CheckAndRestoreStartup>b__0
<MonitorProcess>b__0
<MonitorProcess>d__0
<>9__4_1
<CheckForUpdateAsync>b__4_1
<>c__DisplayClass7_1
<>8__1
<StartMainAppAsync>b__1
<CheckAndRestoreStartup>b__1
<>u__1
Func`1
IEnumerable`1
Task`1
Action`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
List`1
0xb11a1
<>7__wrap1
Microsoft.Win32
<>9__4_2
<CheckForUpdateAsync>b__4_2
<fileStream>5__2
<CheckAndRestoreStartup>b__2
<>u__2
Func`2
KeyValuePair`2
Dictionary`2
<>7__wrap2
<CheckAndRestoreStartup>b__3
<SendDataLoop>d__3
<>u__3
_VtblGap1_4
<fileStream>5__4
<CheckForUpdateAsync>d__4
<AddToStartupByRegistryAsync>d__4
_VtblGap2_5
<GetFileLinkAsync>d__5
<AddToStartupByStartupFolderAsync>d__5
SHA256
<SendDataAsync>d__6
<RestoreAutoSetup>d__6
_VtblGap1_7
<Main>d__7
<CheckAndRestoreStartup>d__7
get_UTF8
<HashStringAsync>d__8
<StartCheckerAsync>d__8
<StartMainAppAsync>d__9
<Module>
<Main>
SVdzaFNoZWxsM0FB
Q2xpZW50QUFB
SVdzaFNob3J0Y3V0QUFB
SVdzaFNoZWxsQUFB
QXV0b1NldHVwQUFB
UHJvZ3JhbUFB
SVdzaFNoZWxsMkFB
V3NoU2hlbGxB
GetTypeFromCLSID
System.IO
checkARGS
mscorlib
System.Collections.Generic
GetHWIDAsync
SendDataAsync
CheckForUpdateAsync
HashStringAsync
ReadAsStringAsync
GetFileLinkAsync
CopyToAsync
StartMainAppAsync
AddToStartupByStartupFolderAsync
StartCheckerAsync
GetAsync
PostAsync
AddToStartupByRegistryAsync
AwaitUnsafeOnCompleted
get_IsCompleted
NewGuid
Append
CreateInstance
EnsureSuccessStatusCode
get_IsSuccessStatusCode
set_Mode
FileMode
PaddingMode
CipherMode
HttpResponseMessage
Enumerable
IDisposable
HideFile
get_MainModule
ProcessModule
get_FileName
GetFileName
get_MachineName
checkerExeName
exeName
get_FullName
processName
GetProcessesByName
randomKeyName
GetDirectoryName
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
FileShare
System.Core
Dispose
Create
<>1__state
Delete
DispIdAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
TypeIdentifierAttribute
CompilationRelaxationsAttribute
CoClassAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
DeleteValue
SetValue
LKSM.exe
set_Padding
Encoding
IsProcessRunning
System.Runtime.Versioning
FromBase64String
ToString
GetString
ForEach
ComputeHash
out_Path
filePath
updatePath
currentExePath
GetTempPath
tempPath
startupFolderPath
GetFolderPath
get_TargetPath
set_TargetPath
checkerTargetPath
targetPath
randomShortcutPath
StartsWith
TransformFinalBlock
PathLink
get_Task
Marshal
WhenAll
serverUrl
FileStream
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
TimeSpan
AppDomain
get_CurrentDomain
GetExtension
GetFileNameWithoutExtension
currentVersion
get_Location
Action
System.Reflection
SetException
StringComparison
FileInfo
FileSystemInfo
ProcessStartInfo
DirectoryInfo
IsRunningFromTemp
SendDataLoop
System.Net.Http
RestoreAutoSetup
CheckAndRestoreStartup
System.Linq
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
AsyncTaskMethodBuilder
StringBuilder
<>t__builder
SpecialFolder
CurrentUser
GoogleUpdater
TaskAwaiter
GetAwaiter
Activator
.cctor
CreateDecryptor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetFiles
GetValueNames
get_Attributes
set_Attributes
FileAttributes
FromMinutes
GetBytes
System.Threading.Tasks
Equals
Contains
StringSplitOptions
FileAccess
MonitorProcess
get_Arguments
set_Arguments
out_Arguments
Exists
Concat
Object
FromResult
GetResult
SetResult
HttpClient
client
Environment
argument
get_Content
FormUrlEncodedContent
HttpContent
Convert
ToList
CreateShortcut
MoveNext
System.Text
shortcut_ex
set_Key
OpenSubKey
RegistryKey
System.Security.Cryptography
GetExecutingAssembly
IWshRuntimeLibrary
get_BaseDirectory
CreateDirectory
Registry
IsNullOrEmpty
WrapNonExceptionThrows
GoogleUpdater
Copyright
2024
&.d0-95c1-4eae819e8e3b
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
OProgram+<Main>d__7, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
\Program+<StartCheckerAsync>d__8, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
\Program+<StartMainAppAsync>d__9, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
iGoogleUpdater.AutoSetup+<MonitorProcess>d__0, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
vGoogleUpdater.AutoSetup+<AddToStartupByRegistryAsync>d__4, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
{GoogleUpdater.AutoSetup+<AddToStartupByStartupFolderAsync>d__5, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
kGoogleUpdater.AutoSetup+<RestoreAutoSetup>d__6, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
qGoogleUpdater.AutoSetup+<CheckAndRestoreStartup>d__7, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
dGoogleUpdater.Client+<SendDataLoop>d__3, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
kGoogleUpdater.Client+<CheckForUpdateAsync>d__4, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
hGoogleUpdater.Client+<GetFileLinkAsync>d__5, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
eGoogleUpdater.Client+<SendDataAsync>d__6, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
gGoogleUpdater.Client+<HashStringAsync>d__8, LKSM, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
$F935DC21-1CF0-11D0-ADB9-00C04FD58A0B
$24BE5A30-EDFE-11D2-B933-00104B365C9F
$41904400-BE18-11D3-A28B-00104BD35090
FullName
$F935DC23-1CF0-11D0-ADB9-00C04FD58A0B
ZSystem.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
cQrWjE5cx5PbvUxrfChxMu0oCnLE64DPNo2mxUHarS
zKd63U+G+zApVNvJ2aNpow==
DeZkwOaGzKp7qfH6veC4IGavzTV/Dc/1
LKNLeOFpJTvAAqodPuLXWQ==
DeZkwOaGzKoCwteDy0TfuA==
2YbUoDZ2ZxcTXcLfDkPTPblbEuFp0avFSrR3R2LsivOZb5JfCoDDunvPUm3SS8LS
EGO1yZCFdFc=
glBgxtbm+i4=
9m7vniuZu2pR4NH0n8CSBoHhP8duAvStxKL5G8KcF0TtCzd+ik5qvw==
LKNLeOFpJTuBOusUYLRslA==
LKNLeOFpJTuSfQZMsiXT7w==
yPGTwE0ir/Q=
NAKDtWqkeUE=
UBYfhHM+ICg=
LcUUt0pSpNLH78nY3BUzIYeccC217tgo
j6xNHI629MQ=
dl82OPy6NhbFVwQ6leJ3Ng==
6abwuTRDG6FnJbdR+bpSpA==
tmgrT6SVWW8=
4aAyrg+sx7xvFFbOODtjcg==
ftG5gMQ4BNtnvpxeVvw6fA==
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
GoogleUpdater
FileVersion
1.0.0.0
InternalName
LKSM.exe
LegalCopyright
Copyright
2024
LegalTrademarks
OriginalFilename
LKSM.exe
ProductName
GoogleUpdater
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Scrop.4!c
Elastic malicious (moderate confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
McAfee Artemis!8A581E21C06D
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Msil.Scrop.Vz82
CrowdStrike win/malicious_confidence_60% (D)
Alibaba Trojan:MSIL/Scrop.cdceca1a
K7GW Trojan ( 005baf951 )
K7AntiVirus Trojan ( 005baf951 )
huorong Trojan/MSIL.Agent.or
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Agent.XCZ
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan.MSIL.DOTHETUK.gen
BitDefender IL:Trojan.MSILZilla.147204
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan IL:Trojan.MSILZilla.147204
Tencent Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Agent.grium
DrWeb Clean
VIPRE IL:Trojan.MSILZilla.147204
TrendMicro Trojan.Win32.PRIVATELOADER.YXEJTZ
McAfeeD Real Protect-LS!8A581E21C06D
Trapmine Clean
CTX exe.trojan.msil
Emsisoft IL:Trojan.MSILZilla.147204 (B)
Ikarus Trojan.MSIL.Agent
FireEye IL:Trojan.MSILZilla.147204
Jiangmin Clean
Webroot W32.Trojan.Gen
Varist W32/MSIL_Agent.ITM.gen!Eldorado
Avira TR/Agent.grium
Fortinet MSIL/Agent.XCZ!tr
Antiy-AVL Clean
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D23F04
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:MSIL/Scrop.CCJC!MTB
Google Detected
AhnLab-V3 Trojan/Win.Scrop.C5684767
Acronis Clean
VBA32 Clean
TACHYON Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXEJTZ
Rising Trojan.Agent!8.B1E (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData IL:Trojan.MSILZilla.147204
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Trojan:MSIL/DOTHETUK.gyf
No IRMA results available.