popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2054-08-24 04:42:35

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00044cb8 0x00044e00 3.80561813239
.rsrc 0x00048000 0x00009b1c 0x00009c00 3.28515531172
.reloc 0x00052000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00048100 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000515b8 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000515dc 0x00000340 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0005192c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
BitVector32
ConsoleApp192
get_UTF8
<Module>
mscorlib
Thread
GetStarted
System.Collections.Specialized
GetMethod
CompileAssemblyFromSource
PoolStrike
Invoke
GetType
MethodBase
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ResVolk.exe
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
GetString
ResVolk
GetPool
Program
System
System.Reflection
StringCollection
MethodInfo
Microsoft.CSharp
CSharpCodeProvider
CodeDomProvider
System.CodeDom.Compiler
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
get_ReferencedAssemblies
GetBytes
CompilerParameters
CompilerResults
Refact
Object
Convert
System.Text
get_CompiledAssembly
set_GenerateInMemory
WrapNonExceptionThrows
ResVolk
Copyright
ResVolk 2025
$7C746995-2C1A-4BDA-BEE7-7F9D5BEAD55F
5.5.7.3
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
RwZbKx5sG1gQIRw5F0tVU0JFQxYSJks2DSklDyc8GDNCKSxSWE9eSj9/RzYQIi8BMCwKIEkrcXREQlkYXxAcDBc4LVMMJSoxXjA2RVRfFnw4eDg1DC4kSAB1CiBNMjZFEU9BEEEGEgkWLSxgEzw3NUEjUixKISd8OFUSZVlvOkQEPBY6DAcPbxFISB1XElMxHEFCAUN1WSReLylHRUkNFVcZVyIYOC0BCjsNdH4jLFNcSXkZQBBTIT0pJEQENA0xBA8xUmFYX1FaFFwhFSlhGm5fWXQMZi9UWFpMBVdVViAVKS9AFzBZNkMpMwZiSVkmXQIEcS0kOkQCMTo7QjI6XkVoSB1XElMxHGQBTxcFDSYMMjdUVE1JXRIcXDEiEWhCDDsNMVQydh08Jg1RElVCNxA6KVUGdR0xQCM4R0VJDRNdGl5lKik8dQsnHDVIBTBIRUlVBXYQXiAeLTxESxwXIHwyLQZFRF8UUxEeZRAiPHo+dRo7QjI6XkUFFnw4VRJlWTw6SBU0DTEMIjpKVEtMBVdVUCoWIGhmBiEuO1twa3JZXkgQVjZdKw0pMFUnMBUxSycrQxllQwViAUBlDSQ6RAIxVXRFKCt9bAxOHlwBVz0NZXMsaXVZdAw2LU9HTVkUEhFXKRwrKVUGdRs7Qyp/YVRYeRlAEFMhOiMmVQYtDRBJKjpBUFhIWXsbRhUNPmhVCyccNUhqf09fWHYsEhZdKw0pMFVKbnReDGZ/BkFeRAdTAVdlHSkkRAQ0DTEMLzFSEXpEA0YAUyk4ICROABABEEkqOkFQWEhZextGFQ0+aEkCOx04SWp/T19YDRBWEUAgCj9kAQo7DXRAIzFBRUQBUVsbRmUNNThET3UQOlhmL1ReWEgSRlwJSHNsaAFDJQs9WicrQxFISB1XElMxHGwqTgw5WQNeLytDfElAHkAMdiAVKS9AFzBRHUIyD1JDDF0DXRZXNgpgaEgNIVk2TTU6Z1VIXxRBBh5lGzU8RDgIWTZZIDlDQwANGFwBEicMKi5E
YQxBMRwhZkUPOQ==
YQxBMRwhZmIMJxx6SCoz
fhpTITg8IW8COBw=
YBBeKhgoGEgAPg==
89^39193049.9E => M.execute()
312^391U => j.execute(12)
31^333 => gqddxxx.execute(*./)
MnUyRXlMSCFjVXlULEZfJjEsLXE=
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
ResVolk
CompanyName
ResVolk
FileDescription
ResVolk
FileVersion
5.5.7.3
InternalName
ResVolk.exe
LegalCopyright
Copyright
ResVolk 2025
LegalTrademarks
ResVolk
OriginalFilename
ResVolk.exe
ProductName
ResVolk
ProductVersion
5.5.7.3
Assembly Version
5.5.7.3
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.XWorm.m!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Artemis!Trojan
ALYac Gen:Variant.Barys.46154
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:MSIL/Generic.dabeb85e
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.RSL
APEX Malicious
Avast Win32:RATX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.XWorm.gen
BitDefender Gen:Variant.Barys.46154
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Barys.46154
Tencent Msil.Trojan-Downloader.Ader.Ydkl
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Barys.46154
TrendMicro Clean
McAfeeD ti!8F8830B812C8
Trapmine Clean
CTX exe.trojan.msil
Emsisoft Gen:Variant.Barys.46154 (B)
Ikarus Clean
FireEye Generic.mg.918f83cd6d935bd7
Jiangmin Clean
Webroot Win.Trojan.Xworm
Varist W32/ABRisk.UGRP-3001
Avira Clean
Fortinet MSIL/Agent.RSL!tr.dldr
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Clean
Arcabit Trojan.Barys.DB44A
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5737785
Acronis Clean
McAfee Artemis!918F83CD6D93
TACHYON Clean
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Obfus/MSIL@AI.94 (RDM.MSIL2:YcTMqXXRUFzJjHosCAK3sA)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData Gen:Variant.Barys.46154
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:MSIL/Phonzy.B9nj
No IRMA results available.