popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-09-17 18:49:12

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000a14 0x00000c00 5.01924205751
.rsrc 0x00004000 0x00000288 0x00000400 2.06545587961
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004058 0x0000022c LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
D$$[[aYZQ
hws2_ThLw&
PPPP@P@Ph
WhunMa
v2.0.50727
#Strings
<Module>
Shellcode
mscorlib
System
Object
MEM_COMMIT
PAGE_EXECUTE_READWRITE
VirtualAlloc
CreateThread
CloseHandle
WaitForSingleObject
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
<PrivateImplementationDetails>{6AD214F2-8D59-420C-9903-889303FBC117}
CompilerGeneratedAttribute
ValueType
__StaticArrayInitTypeSize=354
$$method0x6000001-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
IntPtr
op_Explicit
System.Runtime.InteropServices
Marshal
DllImportAttribute
kernel32
lpStartAddr
flAllocationType
flProtect
lpThreadAttributes
dwStackSize
lpStartAddress
dwCreationFlags
lpThreadId
handle
hHandle
dwMilliseconds
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
LegalCopyright
OriginalFilename
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Marte.4!c
Elastic Windows.Trojan.Metasploit
ClamAV Win.Malware.Swrort-9872015-0
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Generic.ShellCode.Marte.3.6F249793
Cylance Unsafe
Zillya Trojan.Purswapper.Win32.20
Sangfor HackTool.Win32.Reverse_Bin_v2_5_through_v4_x.uwccg
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/CobaltStrike.5c89
K7GW Clean
K7AntiVirus Clean
huorong Backdoor/Meterpreter.ak
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Trojan Horse
tehtris Clean
ESET-NOD32 a variant of MSIL/Rozena.W
APEX Malicious
Avast Win32:Meterpreter-C [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.ShellCode.Marte.3.6F249793
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Generic.ShellCode.Marte.3.6F249793
Tencent Trojan.Win32.Metasploit_heur.16000690
Sophos ATK/TurtleLd-N
F-Secure Trojan.TR/Rozena.Gen
DrWeb Trojan.PackedNET.2209
VIPRE Generic.ShellCode.Marte.3.6F249793
TrendMicro Backdoor.Win32.COBEACON.SMJMAB
McAfeeD Real Protect-LS!E24E7B0B9FD2
Trapmine malicious.moderate.ml.score
CTX exe.trojan.rozena
Emsisoft Generic.ShellCode.Marte.3.6F249793 (B)
Ikarus Trojan.MSIL.Rozena
FireEye Generic.mg.e24e7b0b9fd29358
Jiangmin Clean
Webroot Clean
Varist W32/ABTrojan.EAMK-1495
Avira TR/Rozena.Gen
Fortinet MSIL/Rozena.FW!tr
Antiy-AVL Clean
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Packed.sa
Xcitium Clean
Arcabit Generic.ShellCode.Marte.3.6F249793
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft VirTool:MSIL/Meterpreter.G!MTB
Google Detected
AhnLab-V3 Trojan/Win32.RL_Generic.C4234163
Acronis Clean
McAfee Artemis!E24E7B0B9FD2
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising HackTool.Swrort!1.6477 (CLASSIC)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData MSIL.Backdoor.Rozena.QFG773
AVG Win32:Meterpreter-C [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.