Static | ZeroBOX

PE Compile Time

2024-07-24 21:55:42

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00006714 0x00006800 5.88734647999
.rsrc 0x0000a000 0x000004e0 0x00000600 3.73276589278
.reloc 0x0000c000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000a0a0 0x0000024c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0000a2f0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
# Check for admin rights
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Start-Process powershell -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
exit
# Variable(s)
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}"
# Function to retrieve current MAC address
function Get-MAC {
$macAddress = (Get-CimInstance -Class Win32_NetworkAdapter | Where-Object { $_.NetConnectionId -eq "$NetworkAdapter" }).MacAddress
return $macAddress
# Function to retrieve NIC index
function Get-NICIndex {
$nicCaption = (Get-CimInstance -Class Win32_NetworkAdapter | Where-Object { $_.NetConnectionId -eq "$NetworkAdapter" }).Caption
$nicIndex = $nicCaption -replace ".*\[", "" -replace "\].*"
$nicIndex = $nicIndex.Substring($nicIndex.Length - 4)
return $nicIndex
# Function to generate random MAC address
function Generate-MAC {
$randomMac = ('{0:X}' -f (Get-Random 0xFFFFFFFFFFFF)).PadLeft(12, "0")
$replacementChar = Get-Random -InputObject @('A', 'E', '2', '6')
$randomMac = $randomMac.Substring(0, 1) + $replacementChar + $randomMac.Substring(2)
return $randomMac
# Function to change MAC address for all NICs
function Change-MAC {
$nics = Get-CimInstance Win32_NetworkAdapter | Where-Object {$_.NetConnectionID -ne $null}
foreach ($nic in $nics) {
$NetworkAdapter = $nic.NetConnectionID
$originalMAC = Get-MAC
$randomMac = Generate-MAC
$nicIndex = Get-NICIndex
Clear-Host
# Write-Host "`n
[91m> Selected NIC:
[0m $NetworkAdapter"
# Write-Host "`n
[91m> Previous MAC:
[0m $originalMAC"
# Write-Host "`n
[91m> Modified MAC:
[0m $randomMac"
# Disable NIC, delete OriginalNetworkAddress registry entry, add NetworkAddress registry entry, enable NIC
# Write-Host "`n
[93m[~] Disabling the network adapter...
Disable-NetAdapter -InterfaceAlias "$NetworkAdapter" -Confirm:$false
Start-Sleep -Seconds 2
$registryPath = "$regPath\$nicIndex"
if (Test-Path $registryPath) {
Remove-ItemProperty -Path "$registryPath" -Name "OriginalNetworkAddress" -ErrorAction SilentlyContinue
try {
# Write-Host "`n
[93m[~] Setting new MAC address in registry...
Set-ItemProperty -Path "$registryPath" -Name "NetworkAddress" -Value "$randomMac" -Force
Start-Sleep -Seconds 2
# Write-Host "`n
[93m[~] Restarting WMI service...
Restart-Service -Force -Name "winmgmt"
Start-Sleep -Seconds 2
} catch {
# Write-Host "`n
[101;97m[!]
[0m Error setting registry property: $_"
}
} else {
# Write-Host "`n
[101;97m[!]
[0m Registry path not found: $registryPath"
}
# Write-Host "`n
[93m[~] Enabling the network adapter...
Enable-NetAdapter -InterfaceAlias "$NetworkAdapter" -Confirm:$false
# Pause to ensure changes take effect
Start-Sleep -Seconds 5
# Check if the MAC address was changed successfully
$newMAC = Get-MAC
# Write-Host "`n
[91m> New MAC after enabling adapter:
[0m $newMAC"
if ($newMAC -ne $randomMac) {
# Write-Host "`n
[101;97m[!]
[0m Failed to change MAC address for $NetworkAdapter. Current MAC: $newMAC"
} else {
# Write-Host "`n
[0m Successfully changed MAC address for $NetworkAdapter to $newMAC"
}
# Additional pause to observe results
Start-Sleep -Seconds 3
# Main execution
Change-MAC
v4.0.30319
#Strings
<Module>
ChangeMAC.exe
MainModuleRawUI
ModuleNameSpace
CHAR_INFO
SMALL_RECT
Console_Info
FileType
STDHandle
MainModuleUI
MainModule
ConsoleColorProxy
MainAppInterface
MainApp
System.Management.Automation
System.Management.Automation.Host
PSHostRawUserInterface
mscorlib
System
ValueType
Object
PSHostUserInterface
PSHost
STD_OUTPUT_HANDLE
ReadConsoleOutput
WriteConsoleOutput
ScrollConsoleScreenBuffer
GetStdHandle
ConsoleColor
get_BackgroundColor
set_BackgroundColor
get_BufferSize
set_BufferSize
Coordinates
get_CursorPosition
set_CursorPosition
get_CursorSize
set_CursorSize
FlushInputBuffer
get_ForegroundColor
set_ForegroundColor
BufferCell
Rectangle
GetBufferContents
get_KeyAvailable
get_MaxPhysicalWindowSize
get_MaxWindowSize
KeyInfo
ReadKeyOptions
ReadKey
ScrollBufferContents
SetBufferContents
get_WindowPosition
set_WindowPosition
get_WindowSize
set_WindowSize
get_WindowTitle
set_WindowTitle
BackgroundColor
BufferSize
CursorPosition
CursorSize
ForegroundColor
KeyAvailable
MaxPhysicalWindowSize
MaxWindowSize
WindowPosition
WindowSize
WindowTitle
UnicodeChar
AsciiChar
Attributes
Bottom
GetFileType
IsInputRedirected
IsOutputRedirected
IsErrorRedirected
value__
FILE_TYPE_UNKNOWN
FILE_TYPE_DISK
FILE_TYPE_CHAR
FILE_TYPE_PIPE
FILE_TYPE_REMOTE
STD_INPUT_HANDLE
STD_ERROR_HANDLE
ErrorForegroundColor
ErrorBackgroundColor
WarningForegroundColor
WarningBackgroundColor
DebugForegroundColor
DebugBackgroundColor
VerboseForegroundColor
VerboseBackgroundColor
ProgressForegroundColor
ProgressBackgroundColor
System.Collections.Generic
Dictionary`2
PSObject
System.Collections.ObjectModel
Collection`1
FieldDescription
Prompt
ChoiceDescription
PromptForChoice
PSCredential
PSCredentialTypes
PSCredentialUIOptions
PromptForCredential
get_RawUI
ReadLine
System.Security
SecureString
getPassword
ReadLineAsSecureString
WriteDebugLine
WriteErrorLine
WriteLine
WriteLineInternal
ProgressRecord
WriteProgress
WriteVerboseLine
WriteWarningLine
parent
System.Globalization
CultureInfo
originalCultureInfo
originalUICultureInfo
get_PrivateData
_consoleColorProxy
get_CurrentCulture
get_CurrentUICulture
get_InstanceId
get_Name
get_UI
Version
get_Version
EnterNestedPrompt
ExitNestedPrompt
NotifyBeginApplication
NotifyEndApplication
SetShouldExit
PrivateData
CurrentCulture
CurrentUICulture
InstanceId
get_ErrorForegroundColor
set_ErrorForegroundColor
get_ErrorBackgroundColor
set_ErrorBackgroundColor
get_WarningForegroundColor
set_WarningForegroundColor
get_WarningBackgroundColor
set_WarningBackgroundColor
get_DebugForegroundColor
set_DebugForegroundColor
get_DebugBackgroundColor
set_DebugBackgroundColor
get_VerboseForegroundColor
set_VerboseForegroundColor
get_VerboseBackgroundColor
set_VerboseBackgroundColor
get_ProgressForegroundColor
set_ProgressForegroundColor
get_ProgressBackgroundColor
set_ProgressBackgroundColor
get_ShouldExit
set_ShouldExit
get_ExitCode
set_ExitCode
ShouldExit
ExitCode
shouldExit
exitCode
UnhandledExceptionEventArgs
CurrentDomain_UnhandledException
hConsoleOutput
lpBuffer
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
OutAttribute
dwBufferSize
dwBufferCoord
lpReadRegion
InAttribute
lpWriteRegion
lpScrollRectangle
lpClipRectangle
dwDestinationOrigin
lpFill
nStdHandle
rectangle
options
source
destination
origin
contents
stdHandle
caption
message
descriptions
choices
defaultChoice
userName
targetName
allowedCredentialTypes
foregroundColor
backgroundColor
sourceId
record
sender
System.Reflection
AssemblyTitleAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
ChangeMAC
DllImportAttribute
kernel32.dll
ReadConsoleOutputW
WriteConsoleOutputW
Console
get_BufferWidth
get_BufferHeight
get_Width
set_BufferWidth
get_Height
set_BufferHeight
get_CursorLeft
get_CursorTop
set_CursorTop
set_CursorLeft
ConsoleKeyInfo
get_Bottom
get_Top
get_Right
get_Left
Address
BufferCellType
get_LargestWindowWidth
get_LargestWindowHeight
ConsoleModifiers
get_Modifiers
get_CapsLock
get_NumberLock
ConsoleKey
get_Key
get_KeyChar
ControlKeyStates
get_WindowWidth
get_WindowHeight
get_Character
MoveBufferArea
GetLength
get_WindowLeft
get_WindowTop
set_WindowLeft
set_WindowTop
set_Height
set_Width
set_WindowWidth
set_WindowHeight
get_Title
set_Title
StructLayoutAttribute
LayoutKind
FieldOffsetAttribute
Kernel32.dll
String
IsNullOrEmpty
IEnumerator`1
GetEnumerator
get_Current
get_ParameterAssemblyFullName
RuntimeTypeHandle
GetTypeFromHandle
GetType
get_IsArray
GetElementType
ToString
Concat
MakeGenericType
EmptyTypes
ConstructorInfo
BindingFlags
Binder
ParameterModifier
GetConstructor
Invoke
Format
Convert
ChangeType
InvokeMember
op_Inequality
get_HelpMessage
op_Equality
get_DefaultValue
System.Collections
IEnumerator
MoveNext
IDisposable
Dispose
Exception
SortedList`2
get_Label
Substring
IndexOf
ToUpper
ToLower
ContainsKey
get_Item
get_Length
RemoveAt
AppendChar
System.IO
TextWriter
get_Error
System.Threading
Thread
get_CurrentThread
NewGuid
AsPSObject
ArgumentNullException
STAThreadAttribute
<>c__DisplayClass8
ManualResetEvent
DataAddedEventArgs
<Main>b__2
<Main>b__3
IAsyncResult
<Main>b__4
<>c__DisplayClassb
<>c__DisplayClasse
CS$<>8__locals9
PowerShell
ConsoleCancelEventArgs
<Main>b__0
CS$<>8__localsc
<Main>b__1
EventWaitHandle
set_Cancel
AsyncCallback
BeginStop
PSDataCollection`1
ErrorRecord
get_Index
get_Exception
get_Message
get_IsCompleted
AppDomain
get_CurrentDomain
UnhandledExceptionEventHandler
add_UnhandledException
System.Management.Automation.Runspaces
RunspaceFactory
Runspace
CreateRunspace
ApartmentState
set_ApartmentState
Create
ConsoleCancelEventHandler
add_CancelKeyPress
set_Runspace
PSDataStreams
get_Streams
EventHandler`1
add_DataAdded
Complete
Compare
StringComparison
StartsWith
StringSplitOptions
System.Diagnostics
Debugger
Launch
Assembly
GetExecutingAssembly
Stream
GetManifestResourceStream
System.Text
Encoding
get_UTF8
StreamReader
TextReader
ReadToEnd
WriteAllText
AddScript
System.Text.RegularExpressions
get_Success
GroupCollection
get_Groups
get_Count
Double
TryParse
AddParameter
Capture
get_Value
Boolean
AddArgument
AddCommand
PSInvocationSettings
BeginInvoke
WaitHandle
WaitOne
PSInvocationStateInfo
get_InvocationStateInfo
PSInvocationState
get_State
get_Reason
get_FriendlyName
CompilerGeneratedAttribute
mac.ps1
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
System.Collections.Generic.List
{0}[{1}]:
ToArray
(Type !? for help.)
Wrong format, please repeat input:
[{0}] {1}
[?] Help (default is "{0}"):
{0} - {1}
User name:
Password:
<NOUSER>
DEBUG: {0}
ERROR: {0}
VERBOSE: {0}
WARNING: {0}
PSRunspace-Host
-extract
If you specify the -extract option you need to add a file for extraction in this way
-extract:"<filename>"
-debug
mac.ps1
^-([^: ]+)[ :]?([^:]*)$
$FALSE
Out-String
Stream
An exception occured:
Hit any key to exit...
Unhandled exception in
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
ChangeMAC.exe
LegalCopyright
OriginalFilename
ChangeMAC.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Generic.mm
ALYac Clean
Cylance Clean
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_60% (W)
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Clean
tehtris Clean
ESET-NOD32 Clean
APEX Malicious
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD ti!A7E4B2FD9CDB
Trapmine malicious.high.ml.score
CTX Clean
Emsisoft Clean
Ikarus Trojan.Msil
FireEye Clean
Jiangmin Clean
Webroot Clean
Varist W32/Trojan.CHU.gen!Eldorado
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData Win32.Trojan.Agent.A02DFY
AVG Clean
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.