Static | ZeroBOX

PE Compile Time

2023-10-17 06:40:53

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000b084 0x0000b200 5.61853975267
.rsrc 0x0000e000 0x000007ff 0x00000800 4.88506844918
.reloc 0x00010000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000e0a0 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000e36c 0x00000493 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
RoyUrhzitCLVdA
UfWINWdiZyrA
KnVydkgdcyhDvA
WByOjcPrQNBKvKDB
bzaDYhEUiffsFB
pfBRPItVymRoIB
leGhWWIhlB
oCfgdJZxoB
QyuAiAlesB
BBnuqnYEfCvB
QEFbHCoWLmCC
saxDVsVIWQfNC
CEypVAhsBRrxaQC
DpqgzgwAbC
JadvCqBuRmcXhC
VESTaqDJOVEJAiC
bxWPHIeykAwzsC
BYHvxzEmHQyBD
poHxbnyxHsODD
XDhsfSjodAgEID
MapNameToOID
fKNKoJCRLFcID
get_FormatID
uObAIvLbyhkDIcvMD
OeYsWKiVqeYUXOD
XqAEnwdhcsIhdD
XMpovdJRbgD
kQZgtVdLJwpcZPlD
jLNaXhpuNFKoD
bVJNYZRkUkYHTqD
bOvaLWuRwgxJE
xWMaAHLoeRE
aAhkJVyGXpSE
lVcMArfwkxaOQWE
MEIudmIMoaE
PLurUDJmVtvzSOfE
vKBBUPdOelE
mYXSeNDnUmGuE
JHaHgoepbjQbHZF
PzdCWDkheivrlgF
KEeeyjqeqflnF
dZvjTrBdFBbtF
VOyRHncJOVOntF
IEiittlEaKWdvF
IFTHhXBpAG
CVBgKJnauOSbQG
BVGKzvhEOeFQYG
jmjpWbJZwoAsIkG
XyJNDBbLRWkG
uEbbvuAHQtG
UwdgmlhKGMVtG
RENdHbbpRvG
wuBRFHRvnADH
BtiUMjSPmBhGH
TNKZBSaNsavADSHQH
NSVoNIxsGPASH
tGdSIVZYhH
xRdCrFxmYvSwiH
XbDcFtuPSXomH
kkaZWLYvVqH
GvgZUJkbRQrH
dBIROksvnMOyH
GoNzzsGnyiGEI
get_ASCII
CjRdpOHigOI
CVbnzmMVUzQI
GvXBQNtZtjXI
cMoPFYUcROkHGZYI
uVqwwoJoTzrYI
zYifKzfCdlI
KRXhkbkBpI
xdZWNbGUoACJ
LwxtbwkMxwEJ
jDyEBltvMWTJ
sukdNGCOOKDfzTJ
UVeYKWFDNaQhMYJ
sqEylfMUCZlJ
xsophGYzmQRwJ
oIpeegnVIxJ
NTEtUzctUGWBK
QgGGPzAgiGK
MLjWwQZwBbrZLK
uusNCaGVDiMK
uuWlEfJqqaIBsQK
SUdYTugCnEmgK
BEpabZoLCOcwjTpK
KyviJYSaoliatK
HNhtClaqGMzK
IOIkOfnBML
tVRLrZdjUL
xguNShenJaL
ZTGxEUYEdL
XfEnCvYJrerL
WAyLAFJBlxzL
FYtKhKjkDzwRM
yTaGPRmPsZIeM
MPPXCJFBnuxhM
SRsDhlJxpINMTmM
XEMRpuIwxCrM
hqUYhkdkTirM
ChkCIyMkyuM
ZFctIWGMmNXjjxM
osGOQKXyTqN
mCBHpxSzvN
QWEdDEDtXrhGO
System.IO
FtsbeWsCpvRLVIO
YCSKgbcnDXHOZRO
xqQZNAsNosvUO
UZyfXSPhxZO
jhgZrYRDcfO
CIQheCkqZWRoO
bZiQPotlmVMRdGP
LxnRaMVbnsJHP
aNYWVnWRpSP
GxTHLVigUiVVAQ
vfhxdHMULQ
GFNQRdfpuOQ
crHBrKtFUIPQ
lLULELWmDyAECwbQ
ZJxcweWSRHpFyufQ
qOKzrfDJWgQ
AoIcOQBHPkQ
BlFMHaBNaQlQ
qrRygOsblDVLYoQ
WkFeYeLzkfoQ
CGptFBHTJQoDtQ
ZorSXsjTMuQ
LZovSsmLGsvQ
CplDcLPsUAR
vHieKWGbCZzuLR
DbHDgQWWLVtOR
mDZnHzlUFpR
TXxAIdItJdgnWoS
qsVrChaGEasS
hdsrMSfnoBT
SBEdSyFMqET
lHABuYsdPT
OdXmRQrVVT
tvkYZOyuVSMLGaT
otpdXCRqnUgBSbT
qliMQOZQcGXpT
ztFkUtFMGU
wALylTBuljJU
TdrqkXIvBXnKU
PkIJIiRzOXGSU
AuzkypJaZgU
NBnCiPOwpriYoU
CaiUqgBajtIwU
get_IV
set_IV
GenerateIV
AMCTCHHELKV
PWpihGGIpdHBWhV
SYvMsUtecfkxLoV
iLPIBZRvvphHW
FGnBvFuNYPW
xvPOVeaNfPW
RPnPSpQixAFSW
hQlropheSW
NSgLfSCaxOmsW
pVSbdLMqDX
hctntTdOVdqgsNFX
TDrSlUaYOnktFX
PdeRIQwVrubQIX
UZVcSzZmEJX
HzMePrRtkLlCOJX
rrIKdNFbSX
ScizvRYoUrKtX
nPSWpoUxGGY
yVbgahnrMDJY
ppMsDMwkJgxNY
xdJqmWitKIaY
pZaLVOCMcY
CLXuHaRndY
JIQRAQSwzHckY
rAwLOLnENHEgDnY
RnVghzuGSoTYqY
RYZndxzzvY
QleHpaRcDKZ
eVbuzLimFjmGRZ
zlIdqkXKZsUZ
ABzjCYeneGoZ
RgvWWXPTcyZ
value__
ytFgbuitDhfa
TavIDDrVsja
iaElSUSZJTAMtta
tqqiFlAPnmBb
wxgbPWcWKVDqUb
CkyOzkWxhb
mscorlib
ThIYmHZUIvHob
bmsakZBjEPtpnvb
DbHgrjtsbbFc
nMBRvfamqKJc
gEyUzsXYllgec
System.Collections.Generic
Microsoft.VisualBasic
rSEQtKIXRUjc
get_SendSync
SRpszvjKBXLoc
zgnfKgraibhczc
sFwgileXSCYCd
ZerlEVSoSrNd
hKMBZgfsdZozRd
jSPjxubOMRad
EndRead
BeginRead
Thread
QopCIYVgTed
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
QZJLWmrDxSDfd
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
EbwIiNzffWnnud
vOIxKGwLRJe
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
UxHmKrjosfWTxofe
get_Message
Invoke
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
khIaKTLaMqhUmle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
Dispose
StrReverse
NMZBDMzoUEte
rOloFqIKLqkBLMte
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
VQqVXSqGlIMf
AlfXxFTolZKWf
AuCXXCmtcHOcf
WwyRTHDggf
iZhMYFZYLXHSg
neeIPoefpLTg
dxzfIcWrjihXg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
KcoTuUweWYpg
sPjefnTNuQCug
FlaekxhPyKh
oyhVlePDHBTh
COROPmMsCauLgXh
jyviYtprih
pikchdtOjh
VyPLfowCMowPnOnh
QipYpUujJzzrh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
kOFLxFmouh
BxRUklQzywwh
tDzaVfUfoySzh
mhpKUFLGyJGi
HCMhoSdGgWTgSi
OnGrtrUmyqgi
ZrHsfnrLhchi
OOiLxaCjEcLki
oSPrwVCVgAlzki
msvlsGGsoi
wXSrPptiwAcWlkfDj
JdxBtZfJVJj
WLOGYhHYNj
CCJTEARfsmRj
dHKmsRkzpvZj
FBHOdsvTygj
MvyjNkYPaaHnj
hrrfLnuMxvj
bkaDxTlrwj
svUwRTpWSoPFk
fssqUsPxQbAMk
UjcgfjaCRAtMQk
LVhoWDYoYqDcvVk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
zTMWpuJkdWeek
NmvXAVsaYyepGUFTBl
bWDPNyTSOYPgpTl
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
UetXFXSlpRPPFMdl
kernel32.dll
user32.dll
ntdll.dll
oleWMQKhcNEOrl
eYPSMVAEYigyAm
FKZBoGjbIiEm
NnnimEWINkGm
rktTSuvwJUm
MhxluRvuKJBYm
wQwGfCmgIHmGQam
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
wpsXnCqdpdm
get_Item
get_Is64BitOperatingSystem
WRJuecxkQqPAhm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
fCEFsEIRXmm
Random
cLpNsYooTqqm
ICryptoTransform
ZoGGPCCZareysm
HnpaNFTmOzm
WbBmjaYbtUBn
OtvSvRrbXSn
snUrIxnfUkSn
BGJZyogkZUn
ToBoolean
CzvzjGJulSWYseen
DYmeNaSOnbHgn
gRMBqsNBjrhn
X509Chain
AppDomain
get_CurrentDomain
EJfMpgSPqiin
gsKJUSInAjn
EPsAcMQjaUlJjAln
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
dKGsMLOQusn
xtmDYsylHo
BJXVcwxhJfo
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
YfyGvkXmitVlho
lPJoNKwfuRro
pusknDTLPxo
fXOgjYHqbp
CChkeLvahrRdp
TyVFbONnirbItop
rjnatOPlzqp
Microsoft.CSharp
qRFbkqPVCibvp
ZrHXgOicHlbzp
XEoIgtqrVMYAq
rNiKvgSMBq
OjhJrBNfPFq
nDQTlWfEYRJq
LjAkLYwclwnkMcZq
HjYfGBXGJfq
System.Linq
EFMYEWaZtq
fJSTAbHBBQFFvq
BAdovhsIfNdHr
xxwyxjjAThqSqOr
SSbPVsEbBYr
pcecfOeVpdr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
ZaiDYuhNzDAbqr
IntPtr
lYqXrctmXaNzr
DLBatgKwJYSIs
EXyBBDsaJs
kbtASlQkFMrQs
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
sTsFtmzbOBIzs
opeAMhyzSKBt
nzUBoarqrtoyIt
zuNfmUntPUwKt
XvhYoqbFGFPSt
JXHYXwXaYYXaFRWt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
ChRxAfEvft
IAsyncResult
ToUpperInvariant
WebClient
AsyncClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
yiuERLOyprNst
FailFast
ToList
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
NurwRRkGzMjEu
kGBZEzEKouqFu
EIZBVsWqABSiXu
LDNBfrbXKCnJHiu
EUaDDZaqMyu
HcXYVbWwxlVJv
SNoLIQmiNMYv
PnlVkOuYhUSPhv
mnegwqhfujUcfkv
gSlxXJpHOdDw
LgYbRNFCZMstGw
OWbgkXDfSQbXw
GetForegroundWindow
set_CreateNoWindow
ypZqrvPCPtw
QITxceZJFOEyBkvw
eoDUPIOdPhwqxw
WEkHxNceFYzuIiYx
GVwYQLLoFNax
KKSSiyMwdvbhIlx
KyKMGtXWBhNVLpx
VoxzqgxPrpx
JHPiTHWHQy
InitializeArray
ToArray
get_AsArray
xUqXiAgdby
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
pHiFglLNHly
Assembly
AddressFamily
rwLWFqCoyKoy
BlockCopy
EDJIHueIsoQmvejFqy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
EIFPEMxkKJyLz
ZXlJMlqcUz
YSHcoIROWKSCSYz
oWxpPiOsvGZmUcz
QAdDDYzNEIfuz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName.NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
Lp+t9jqQg8mxA+ujUfJQzmSlL8I1jsvbdNwJ/rCoYKHziWLKo2xZDCl0nydlBzBgpgbdAEwAyDsWC4vyT2CfgO17v0zf3UjC9UPVTPpOurk=
AgRNa9GLyjusF23OB/dYAuFpR2aFdopvupRiq781J/raPkeA6aBtp8ECWU0ncYP9A7xE1j0UVwiCB3Z3dPBLAA==
/KDz9CuD0eYRTmHG7wbZCuuxt1VSz5KiKBCq+pHt1mToQhstBl4OuDid9tZDc5GqmiuKHJBqmvHiKPqZjHaCmA==
8sNYz5W+YJ0Evo6dpjzte5iGShA47xYfesYah0GCBdFCZn4tpF8x7TGlrT/+E2zPu/2mL7KhtHEHfVReeZ5cFQ==
%AppData%
Discord.exe
ZXd6VndvMUVDRmV4bHgzcHJMcWR6UWdUeUtUNWtuMEQ=
n1B1O4T5EIoi2fONT81CNRqEgjeSK/loNkUerSmphve1czVwWFZ7TG1jdwD88mg1ate1MO4DwWtIpvKmsOvbxg==
D+zGg/HlKN1q+pSMIQ9z3Zg026LCGzVy2OutRwPo7+qHdKfwNR5PxvxLthCI0B4WgckgzWv0jAsMLvzEXcGie/sx2DZ9CkrIWQdpjwpJ/Dy1FqdNvWbt8LRJEGZhoURhgFHfDId+tI0GroUNg9x5PDE7Ww+ID+EVyrMSZqM6Ffpz89kUpXY3lrmZ8VIp5KtkSPKow6QVVZZTUu+Oy+MGL/F6yakTXLyvQsz34H6Jn1hCl6eHtSZI+WmHjciFNK9VqoltXiQtx/gp+bL4SKfs1eKucUrr6RaqH9na7NuRXz8grHrtuCzRYT1JeT2ZSbJdL1rQEQv3Cc5uixKCyPUTueZWevoD+6ihba1Y1fugHr7NFE1cSZyjttYksKTqOAPiW/YdsHh5DMlHoc2kgqSLvjkWKYMQJx2eDjrMeE4uBwDFJJEiBR58F7N3LcyClls8sBXXTQfoomN3P6T9z8RNFHoZUi6VcAxqgfjRYNKGYElPVzCV6N6nm6kn+db+IE9OZcBkvLbZc1gcmRW7Y4I5EFTqvNRI1Jc+AN8i/JT+V4gODzulFiwLOvNhL/qD963/hA2dGUXt06HCxLlICyVJE6ZqvYVI8b3sJ70cQCMkH9ym9C3tduKiz3EaOl/Arp18c+XqpPhV0FGqSPwBVB239SU97uU7oIIZnuUhgDUzq4zPZReHfqyRu5oBrEFJN3MexHQP+5WdXdpqvcKRWz6P89gT5wfjRDThUd8WGrmYJujuCs3EtRDBY9WEEkTvywduY+fmbXIP1ArIn/arcMWulyR4cHNzeUh0fC/Xo7n4+CI8bjKVxpHPAOylhDjBrwOO6KsqzllfqyCoNqRl4RMiZZuASQxN3ZE5cOXjwsxWB9zDrieETX2U3q9GlvmWrdIBA9UTbO8CVZIO3cDCC3uQIgGrATHKyEpNyQ+d9Rkd33F3p3NMEsXr/th1NBGuuMnin6r54UQKsDwCHftkgff00r+h1TMU+uw2uRpoVoEkKxFrilNcGhW63nzqOr0/fBfg
Ubo3dvRvcXm5CuVO1HFYzm8YQwKCLf4836rdxMLOVvntv9XO4F3XZL15daoVcuNBgqZIIIUUgqvSbfb9UtE7FyxPDFdthUErhb08x2uwD10dYeelqEzzguTYO6n5QH4TyDyJyVnBrG5pqkEaM9/25U0h3ZRVoT5Pw+z83yA7GkbVhLtK9CR+7lv+XQMGHr6WsXyGXTpnApuUlNC0HHKzEkZ7pNIHAWtfZFMd7lWLX7dzmDiNVl+6fK83oxI5rrLJvL8wN9oESiBeprodBNiTkPTxGy63KNOlUulFqvCS95gv5ZBFXBEy5hyjwYM/nr9q4lT7ELBmAd5XUcM9nvgeYzc1B24ExC+ALIh5sEuFet2kLk6qw/Z5cmXx/izQM4gAAhMbnU3Kcc/4oDSA1XDNganq6pE6RxznIuKlT7u5lbF9wbLhf66xiOqUTVYsJWBTOpwWk9hCqjdYJ6ZwTwjd3FPjjblfUiwtCHchzhdonOgLGhiRTSa78UAjttNywa+YRa6pRc0NroxqYtQ8A8kX7VaNUsaLFoi3gSGQNBVZbbMp7yLIgxgKghlU0GS9+osy+DmNzleuYK/YbHuKB3jdpWFO3flMVDBsbGgRedxelUlbBvP2rCxwosbyulp7Fmcjsd2cabdS8UpXTcRHS1ygfJj7diVQE7CptlJ8a/RAch86mxUI1YqJVZhAuvX7yk/uPRxYCgIBoz79B9ddrEdCc954IwoQnzZFPD2n564ESX/RZIVjvCBFmEbkYv/4UpcBXpfkPOraYaHPqMmyJk7RNkAvhs0MBgbY0vLk5AKvWt6hE2LZU7r7txBii5VHUKt5ZwEWJ4WQzBExeftXiBTx0l4GMO5eNnfiqWT/iIRwzJ6gnTC5pfrqCAY0aotFo8pAhYYvKM1+8tx1906gcMD0Z9h5JrDpOq41T1tcy7yJH/MGM3uzOkqingDrS91YEMMGyUJGRlIACy/OH8VrOnMvjw==
wA8UwiSQ/QHiX6VMjSXmTNm4iFOTehARjhZoG+L2FEdRWyJKISXKuI3S0sbwlCnEm1t38uMbT/aT6YuE9WTJhA==
oDgKNvr3p8PjVOQnL3sm89ZVmlAqpaonSJB8D4bSzJx2ogSw9pwbW/6UM4tIXyYAHKp9y1UUXWTt0AtspnV1TQ==
dB3zoQjF1eU/1nUYlgR003oyBf+ZqVZWfjdjB9/iqodrV0aePgqnDrCTCvCZp3X6DMULuVaU2HT41vPTSs7s4g==
Lekp8q7V/ka1XVoKg8AfFG24tc77xD28ALOtNFjWYZSHG4gDnnUCghS6xTXJCH+O0KjDQcR7uCitkrOFMm4N6A==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.AsyncRat.m!c
Elastic Windows.Trojan.Asyncrat
ClamAV Win.Packed.Razy-9625918-0
CMC Clean
CAT-QuickHeal Trojan.IgenericFC.S14890850
Skyhigh BehavesLike.Win32.Fareit.pm
ALYac Gen:Trojan.Mardom.MN.14
Cylance Unsafe
Zillya Trojan.Agent.Win32.1339727
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:MSIL/AsyncRat.843bd317
K7GW Trojan ( 005678321 )
K7AntiVirus Trojan ( 005678321 )
huorong Backdoor/Crysan.a
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/AsyncRAT.A
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender Gen:Trojan.Mardom.MN.14
NANO-Antivirus Trojan.Win32.Crysan.kuboyz
ViRobot Trojan.Win.Z.Mardom.48640.UY
MicroWorld-eScan Gen:Trojan.Mardom.MN.14
Tencent Trojan.Msil.Agent.zap
Sophos Troj/AsyncRat-B
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.Siggen9.56514
VIPRE Gen:Trojan.Mardom.MN.14
TrendMicro Backdoor.MSIL.ASYNCRAT.SMXSR
McAfeeD ti!1B9E97BA99AE
Trapmine suspicious.low.ml.score
CTX exe.trojan.asyncrat
Emsisoft Gen:Trojan.Mardom.MN.14 (B)
Ikarus Backdoor.AsyncRat
FireEye Generic.mg.17bbb12504a20c0c
Jiangmin Backdoor.MSIL.gguk
Webroot Clean
Varist W32/Samas.B.gen!Eldorado
Avira TR/Dropper.Gen
Fortinet MSIL/Agent.CFQ!tr
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.AsyncRAT.tr
Xcitium Clean
Arcabit Trojan.Mardom.MN.14
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.C3558490
Acronis Clean
McAfee Fareit-FZT!17BBB12504A2
TACHYON Clean
VBA32 OScope.Backdoor.MSIL.Crysan
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Yandex Trojan.AsyncRAT!cXovvFofFWY
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData MSIL.Trojan.PSE.1BITXMO
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Rat:Win/AsyncRAT.Stub
No IRMA results available.