popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2099-07-03 09:08:05

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000445f4 0x00044600 4.04158178469
.rsrc 0x00048000 0x00009b10 0x00009c00 7.10130357233
.reloc 0x00052000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0004c600 0x00004f64 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0004c600 0x00004f64 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0004c600 0x00004f64 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0004c600 0x00004f64 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0004c600 0x00004f64 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x00051574 0x0000004c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000515d0 0x00000340 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00051920 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
BaB2Kmnk41
BitVector32
ConsoleApp192
get_UTF8
<Module>
eNwTNy71CD
iROSVVbvfb
mscorlib
System.Collections.Specialized
GetMethod
CompileAssemblyFromSource
Invoke
GetType
MethodBase
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
WhereBs.exe
Encoding
System.Runtime.Versioning
FromBase64String
GetString
Program
System
System.Reflection
StringCollection
SMxA0QJo1o
MethodInfo
Microsoft.CSharp
CSharpCodeProvider
CodeDomProvider
System.CodeDom.Compiler
.cctor
n5Dh00mp5s
WhereBs
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
get_ReferencedAssemblies
GetBytes
CompilerParameters
CompilerResults
vTPjF7i5Pt
Object
Convert
System.Text
get_CompiledAssembly
set_GenerateInMemory
WrapNonExceptionThrows
WhereBs
Copyright
WhereBs 1945
$FB9236DA-2BAE-43F3-9B6B-E7659B8DF9A6
1.5.7.9
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
_CorExeMain
mscoree.dll
O+IDATx
mHCC(j
k3;>BI
Bf\R:t,
+|0baP
47HZzz
i~1]a-
U8o^17
!"ej'f
zOTcp8AY
HFCiZL
iJ/E6'G
e-Dfad
aHt#Uv
*n[WCc
JUL'[_O
|;[w$Ad(NY
g6gaR9
1L!0aLF
4bN%d4
H@AKDd"
hq9W.+g
gtW^]J>
o*AJiz
2HG6GZ
r6-,c^
NOXcGw
,|M7h,
K||cs3
M.?g|i
_7$UA/
GKd"vD
ZTz%e7
+QTDE=
[Tg*q2
2Q^WIQ
:,{Z[d_
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
wxglsR1RM9CHzX9oHmkVgPtLGbq+PjeatXIO2IvmfGIMeAmSxEYT9dwONpMDlimBldtWaEIYBK7xV+isyTo/Wvt3Hdb5120rp2oHg81WIcysjpKPH4M48IeRRQO5aQX2DFAGXLE0yLoR6jrLmsYmGL9g5VXT/miTfmHEhxiCJvCYxhIbvWkB6sWpB5fDXwxTNPIvwIXCIgO2bgnjjLIWVLJWFldL/zDboC8aD6l/COfZ5k3wmJXYS/7lNuSmPkoMbHUN49WoP1+rkRKKPfUM0pklETa/j+CHrLc3RKZ8E4Ui4kjzTC4+NJB+Mp+JtwKrklcs6zrTUZig9Qo8rknzhOywKUGOQgDn95A9sejt9vOsVynZqYUrs5pOaPRF2kic7CdJJpSF88Sw6SJFl058kknbTJC4EQLQlE4kwL7Bf32CeWjdAsVs5bEiPutIVi7PZ/piapVnZOg2OTFWjYPm40yJwM2xl19/i7Fw5F7OZ4BIFuIth1jY+5OKJl6NSDqPYtVegEERCdKKrdXPnP1fa4NlSdka6naXdH0El4SlyiyNkYZfi5d08mOFd7K+eSvLiOK3kKLRjlM+cXLgVDpovIwFF8P9oMU3gdVMZn2RAO5jIYyvYgIfx8e0yjOd8VJHb3lZy383TIBKberz+u34K27iQws21UHNasCdb1sAHP/pgfzkow7YQy7RFDdoMnagaHbCy+258RqV+XdHc49cg4A2frNtdhoo6IX7Gk3BYhBWhqg8jOm9WXAB/uWYhf0VaPlvQyKOqidOJpRbemrh5pD56RF0MWI8YIxQP07ZpVF4KeaU0IKoy33DdndKm6MfgxCMDLvKkLuEwagXcsJ0KEK2fCufHaFWdU3/p8qQ7we8NHQ0PrJdKIMUllQkVtbsyJbqx1HPahM6j3QXiAirTA9Ivq/J54A7dsZtIGu5jBGTcJ87QFPXhzHIrTdy3pQlQ7dw35sPoDsGvuiRNeureFbSxh8wooLblwOkPwpG2pzP1I50VCWLJQf4af1qOXwz
5QIrmx+e5tfo5Q==
5QIrmx+e5irrz38pRBEQ
9TwpsQ6DHTvt4H0=
8TYovwWaJic=
SVJbLD1tfX02cjZuSk41SjJRRFI=
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
WhereBs
CompanyName
WhereBs
FileDescription
WhereBs
FileVersion
1.5.7.9
InternalName
WhereBs.exe
LegalCopyright
Copyright
WhereBs 1945
LegalTrademarks
WhereBs
OriginalFilename
WhereBs.exe
ProductName
WhereBs
ProductVersion
1.5.7.9
Assembly Version
1.5.7.9
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Lazy.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojandropper.Convagent
Skyhigh Clean
ALYac Gen:Variant.Lazy.657419
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:MSIL/DropperX.0935f839
K7GW Trojan-Downloader ( 005c0e101 )
K7AntiVirus Trojan-Downloader ( 005c0e101 )
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Trojan Horse
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.RSL
APEX Malicious
Avast Win32:BackdoorX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.XWorm.gen
BitDefender Gen:Variant.Lazy.657419
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Lazy.657419
Tencent Msil.Trojan-Downloader.Ader.Timw
Sophos Mal/Generic-S
F-Secure Trojan.TR/AVI.XWorm.sogzl
DrWeb Clean
VIPRE Gen:Variant.Lazy.657419
TrendMicro Clean
McAfeeD ti!D382AF87B777
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Lazy.657419 (B)
Ikarus Trojan-Downloader.MSIL.Agent
FireEye Generic.mg.a74be32e719fb0fc
Jiangmin Clean
Webroot Win.Trojan.Gen
Varist W32/ABRisk.CNMB-3358
Avira TR/AVI.XWorm.sogzl
Fortinet MSIL/Agent.RSL!tr.dldr
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Malware.Win32.XWorm.tr
Xcitium Clean
Arcabit Trojan.Lazy.DA080B
SUPERAntiSpyware Clean
Microsoft Backdoor:MSIL/XWormRAT!rfn
Google Detected
AhnLab-V3 Trojan/Win.BackdoorX-gen.C5734745
Acronis Clean
McAfee Artemis!A74BE32E719F
TACHYON Clean
VBA32 Clean
Malwarebytes Backdoor.XWorm
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:rhByXVaecjT/oG+Q+bcDGg)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.331301307.susgen
GData Gen:Variant.Lazy.657419
AVG Win32:BackdoorX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.