popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2025-02-19 21:31:25

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003354 0x00003400 5.84152233451
.rsrc 0x00006000 0x00000580 0x00000600 4.03801423535
.reloc 0x00008000 0x0000000c 0x00000200 0.0776331623432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000060a0 0x000002f2 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00006394 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
D-bsX
K/8a}a
b HE{qa}
bf ':A=a}c
D-bsX
8|X "
q|f C]
6GoYa
be cm>:a}e
,eX4f R
:\za}f
ef XeX
.IVa N
Ye 54jaa}d
b }A.Za}7
Y Lj1Ka}+
nY ^k=2X {*n
v4.0.30319
#Strings
AA.exe
<Module>
GlobalList
AA.Collections
Object
System
mscorlib
<Module>{a791bf70-9a96-40a9-b071-fba2c96b2c3e}
m8DD50FA7AAD8A2B
.cctor
PauseCompiler
AddMonoList
AddExternalList
HttpClient
System.Net.Http
TimeSpan
FromMinutes
Double
set_Timeout
System.IO
GetTempFileName
String
Concat
WriteAllBytes
Process
System.Diagnostics
GetByteArrayAsync
Task`1
System.Threading.Tasks
get_Result
IDisposable
Dispose
FormatCompiler
Boolean
CompileExpandableCompiler
m_5c3061b0b4f44eab811d83bd9675591c
m_3f40956313964b999d8c882cec7235a4
m_8c6c6c394cd04e528c6b05b9a8a9acd0
m_fbe013e0b84646e9b4c387f602bcece3
m_1f455476995c460194d7c9596e2251c1
m_a9cbcdb6aa924f5c8025d77808225300
m_0d821978c80b4653b13327702a119dda
m_ee7af7e260814334904025d8b05fb5e2
m_8a6bfcf951f64929b45d50510bfc0c52
m_ec094efaf22d406b90be0906fa10ed32
m_3d5fc73114a442888b8b0a99e90ff4c9
m_018ddf4bf05441639989bec802d45c57
m_4e4f573c38c04ea692f0f867fa83b718
m_838bbff4f6204c4c8c03b17a5d97a126
m_dc02c8ea54f44009b1e58f9a362228fa
m_783bd582bc3240cba64e29e827ba7b0e
m_83dd4b1c29ee41ec9d1ab1d175f4091d
m_e1c821da0ba34a9cb8b50f92141057e0
m_a1e9c04fd5714622a849c3ff106c04ce
m_622cc70a0e234bf3bc6f1d472b33589a
m_76dde49757b24d16b18403f2593620d8
m_2611b1f6c4a9450ca2e1b840cdd82903
m_ae2354ba487b4db8b21e125f59915afe
m_fd3607eed4f14182b31f8bb199a9a827
m_50bf782b13fd4709a64fce8b44f9b76c
m_8506b595699844ef886914a3c6b7dc7e
m_cc9be7d2447b486db8d61b879381a3bc
m_e3f255f003554bffa0e7fa1baf7311f3
m_26375a92bc164bf38fa236c8bc54e743
m_e2d5517db63c4863979b4334543fa2b1
m_e1d861988ead4fb78709809df70cc182
m_8bfccae22a1c4519916995651f7f8c75
m_f1ed5fe56846410a8528aa10ef26cc6c
m_4d873649c3e5465594dff5e0fa41265b
m_03f7ef990cbf45839cfc44012a0731d9
m_91432073b4574c44ad94344712ed14ec
m_2ec001d3edce4a7bb78611454f49a6e7
m_251d9ffbe13c470d95e4bee9a37a8847
m_d90cc0612c7646979bb69f1cc7574be8
m_f06e3bccb5b14cd98400bc6add6ef9bd
m_6c0d36eb5e89496a888f3c6d756a58c8
m_db097c37c3764df6b2a6d0db4ff7e767
m_0c3aff10e8384838ba9b310af0bf00fe
m_307150343e974f608c45055d5731dc60
m_540ff05f25fe48d2987de7b4d467b54b
m_dd2ec7820ac54bf992aeaf0971899c00
m_51ba0dcf493843528554a4ab138e8563
m_6b800ced32524529b2b0e06426d64798
m_916d860820614445bf07b21cc0a1aa7a
m_f6e1b727d7954ad083afe5daeb67db63
m_c566579d527c4fcb9370c031bcabf647
m_9e41a90507e34ba8ba4b1048884890f8
m_ab42862f08a54854b54003b62a57c63a
m_03e34fe3879d42e9a1ff46d44eb6aa3f
m_d1f399f395e54eb09c45d33774c65a70
m_c197c0810c2248f48102fe58b2e01e3a
m_bc6e2a3f1ea94c20b5f871442348c753
m_0d96a95a449d4503979309954b636200
m_98774bc0a499416b802d73d9295e5353
m_e67933f6c89b47c588cd05f16a7f4359
m_d1f1312cc98d46bdb42c5718260e43fa
m_50d3a02d2fd94bf5a4eb947b325b6c0b
m_604a0d45fb354c9daac05c1845c5c947
m_8d5ec37463f14e80b4046a1568cb3686
m_38334f0f057a4c4da3738b44b5fe1ba2
m_ff21f04fa44247fca962ebb83aade731
m_62dcfef5641549268ba1f05e3609b7a8
m_d1a84c53d3734c5989dacc1adb221108
m_536f9018d8dd4b17a17f6bcecae961d8
m_cb616452dedd420aa94ac071a8c543eb
m_14b06585cf23428ebee5f9306c4d7de4
m_966c61c5cc2f4e99936df86699c657ad
m_e6d12f677e834351b98062d9b5e0b737
m_0ad98e1624ee45649bb0545d98c40346
m_b4ec0279560f4a9790996c779a866341
m_7d8222a530fc46b8ac7e0c3ec7ac7a65
m_5075f75cbbab4ca0a445b6c22cc95eef
m_9be13f988ddf4bf2914dc18f5e806ef2
m_f570f7dd78d244ec9d20528e94c1cf57
m_136157b54c6647d48a8cae223a03590b
m_8bfe183a891e4e9cac618ff2deac9c93
m_5da603b17ab6442482445aab0ec85689
m_3eaf8e13a1c746ce8a98b8322acbf82b
m_4e09749f53e04f97a17a1d5f571af28f
m_a5eb43db55d54e4287e11d77ca3100a7
m_3760c6de95be4a929e0dc4e0a71f9b46
m_5d6ce12d35204e1cac63c2f400aa8ddb
m_4b0949fa7b0a4891a2772b52a3021794
m_b1f23860b94c44c69d87a74dccf4056e
m_23c3662ed9314b879e261b40d772f8c0
m_8c3b215cf1a84805824faa9d37b49164
m_06b1357d328b44b9b3b9f494bbb58ae7
m_e5257e86bed94819940dd4f21de9a4bc
m_e038277d88414865bc071e8b2a956654
m_03c06766148445abbb49343c6d6d26d6
m_e6da9998eea247818b3d900579b51155
m_dfafaedfda2a4d0fb676ba122d80c2d7
m_0e5cbabd3d0f4dea8ef3f83636941e50
m_0db812044bcc44b2a694a30aa5e3e7fa
m_d6b381e3ff2d4b59a0006ec3502d4941
m_1082f52492334829bad02ee0955780cb
m_68659caf27354ab981d7f4dc4ba62ac7
m_3a32538692574c57870f7be0e80e8802
m_8f75c36f8d0641ee9ddabb860beec224
m_aa786aa6e1f64fef83d554e2e63ae554
m_211a065c8ec94cae90f29c6df250333b
m_13ad39826aeb4930aa4ff89ee0bc13c0
m_dbddb10641944fd5bbf9616bdf464bee
m_878dbb745c544d19ad0432791345655d
m_bd7f98154bfc4eaca7ceffda95c5d7ea
m_cb57190847f3492ea3725dc8a39814fe
m_46025d3ecfc34c6985c69ce955ea87e3
m_90cce0a26fb7456a9780d3c16f6eee2e
HandleCompiler
a912a2be027f640b796581ac6a03dee56
SetupCompiler
CallCompiler
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
WrapNonExceptionThrows
$c4f2d18c-2afc-4795-b1cf-63ce8ac5c57d
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
http://162.230.48.189/uploads/A.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.9181.27942
InternalName
AA.exe
LegalCopyright
LegalTrademarks
OriginalFilename
AA.exe
ProductName
ProductVersion
1.0.9181.27942
Assembly Version
1.0.9181.27942
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Remcos.m!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Msilheracles
Skyhigh Artemis!Trojan
ALYac Gen:Variant.MSILHeracles.167331
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Trojan-Downloader ( 0059c9381 )
Alibaba Backdoor:MSIL/Remcos.cb682858
K7GW Trojan-Downloader ( 0059c9381 )
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Generik.HFWWYIW
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.Remcos.gen
BitDefender Gen:Variant.MSILHeracles.167331
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.MSILHeracles.167331
Tencent Malware.Win32.Gencirc.143dd8bc
Sophos Generic Reputation PUA (PUA)
F-Secure Trojan.TR/AVI.Remcos.hrjco
DrWeb Clean
VIPRE Gen:Variant.MSILHeracles.167331
TrendMicro Trojan.Win32.SMOKELOADER.YXFBSZ
McAfeeD Real Protect-LS!AFD7E0073666
Trapmine suspicious.low.ml.score
CTX exe.trojan.remcos
Emsisoft Gen:Variant.MSILHeracles.167331 (B)
Ikarus Trojan-Spy.Remcos
FireEye Generic.mg.afd7e00736668b6a
Jiangmin Clean
Webroot Clean
Varist W32/ABApplication.UNMZ-1359
Avira TR/AVI.Remcos.hrjco
Fortinet PossibleThreat
Antiy-AVL Clean
Kingsoft malware.kb.c.652
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.MSILHeracles.D28DA3
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Dropper/Win.Generic.C5732568
Acronis Clean
McAfee Artemis!AFD7E0073666
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.MCrypt.MSIL.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.SMOKELOADER.YXFBSZ
Rising Backdoor.Remcos!8.B89E (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.6894327.susgen
GData Gen:Variant.MSILHeracles.167331
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.