popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2057-09-12 04:12:51

PDB Path

XZCADEEW22.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
p@QH,\x16\x1f 0x00002000 0x00005ed0 0x00006000 7.99342389101
.text 0x00008000 0x0000a9d0 0x0000aa00 5.02827951401
.rsrc 0x00014000 0x000005b6 0x00000600 4.15097732296
0x00016000 0x00000010 0x00000200 0.122275881259
.reloc 0x00018000 0x0000000c 0x00000200 0.0980041756627

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000140a0 0x0000032c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000143cc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x416000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
`.reloc
#XX7zV[
$_;-l2%
/:niIz
aRD|3p
o9TY?r
p!*[u(
eWI$?A
m{ZXWr
[uEg:5
P3<:"!
TkOr$v
P/t >LL
f"zO.4
q{Ssx_a$E
L"yZ8#
|~Q2sE
nG{{*2
qUkh|A
F;\"Kb
pE2^_;
6W'M!*
n);8uZ.
<<,ORn_
LNFP[E
2I=l{
a!<}l1
|l-Q<n
/k|E\%
_+_01K
]o`,l~
XF9(zYKV
4gyTr(
3mg5J'P
'H,(V7
n(hOP-
)XPh&t
P0`U[[
I &p%8
5?.nAhu
QbIZ z
AZ h)x
c;PZ vKvka8
knZ DZsea8^
XPp|Z `
OZ 4_n
510m8!
ZmZ ~\y
D;`Z a
XZCADEEW22.pdb
_CorExeMain
mscoree.dll
v4.0.30319
#Strings
#Strings
#Schema
umbWT8Zl-3rbHe@I{J?RcW\l#
"/fG_O3)X+8=MPd0T@uzJ466%
jJ=^7"QiM4&IFbm+=Dk1/Fmm'
f$V#Y:tMI-|$5u($E<iO6+dq-
Z(@I_!J-V=voO9(BKC^ae,bo/
<>9__6_0
Task`1
AsyncTaskMethodBuilder`1
TaskAwaiter`1
XZCADEEW22
UInt32
ToInt32
ToInt16
get_UTF8
<Module>
LBdysGolCWDyneDErCxszBNrmzYeA
CreateProcessA
GetHINSTANCE
get_ASCII
System.IO
TripleDES
set_IV
mscorlib
DownloadStringTaskAsync
ResumeThread
get_CurrentThread
thread
get_IsAttached
AwaitUnsafeOnCompleted
get_IsCompleted
Synchronized
set_IsBackground
GetMethod
distance
CreateInstance
set_Mode
PaddingMode
CryptoStreamMode
CipherMode
get_Message
Invoke
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Console
get_Module
get_Name
get_FullyQualifiedName
get_FullName
DateTime
WriteLine
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
SecurityProtocolType
GetElementType
MethodBase
ApplicationSettingsBase
Dispose
Reverse
Create
EditorBrowsableState
posState
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
matchByte
prevByte
get_IsAlive
add_AssemblyResolve
XZCADEEW22.exe
inSize
outSize
dwSize
windowSize
dictionarySize
SizeOf
System.Threading
set_Padding
Encoding
IsLogging
System.Runtime.Versioning
FromBase64String
ToBase64String
GetString
get_Length
FlushFinalBlock
get_Task
Marshal
System.ComponentModel
kernel32.dll
ntdll.dll
set_SecurityProtocol
inStream
CryptoStream
outStream
MemoryStream
stream
System
SymmetricAlgorithm
ICryptoTransform
IsLittleEndian
AppDomain
get_CurrentDomain
System.Configuration
System.Globalization
Action
ZwUnmapViewOfSection
System.Reflection
SetException
Intern
MethodInfo
CultureInfo
AsyncTaskMethodBuilder
sender
rangeDecoder
Buffer
ResourceManager
ServicePointManager
Debugger
ResolveEventHandler
System.CodeDom.Compiler
TaskAwaiter
GetAwaiter
BitConverter
.cctor
CreateDecryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
jJ=^7"QiM4\&IFbm\+=Dk1/Fmm'.resources
DebuggingModes
XZCADEEW22.Properties
properties
numPosStates
GetBytes
Settings
ResolveEventArgs
get_Ticks
System.Threading.Tasks
Equals
Models
NumBitLevels
numBitLevels
get_Chars
RuntimeHelpers
lpAddress
numTotalBits
numPosBits
numPrevBits
Format
Object
lpflOldProtect
VirtualProtect
flNewProtect
System.Net
op_Explicit
Default
GetResult
SetResult
WebClient
RuntimeEnvironment
get_TickCount
ParameterizedThreadStart
Convert
FailFast
MoveNext
System.Text
GetThreadContext
SetThreadContext
get_Now
VirtualAllocEx
startIndex
InitializeArray
ToArray
set_Key
System.Security.Cryptography
get_Assembly
GetCallingAssembly
GetExecutingAssembly
BlockCopy
ReadProcessMemory
WriteProcessMemory
GetRuntimeDirectory
op_Equality
Confuser.Core 1.6.0+447341964f
WrapNonExceptionThrows
XZCADEEW22
Copyright
2025
$dd21d4ec-4819-4995-bff8-8ce16a8fcccd
1.0.0.0
.NETFramework,Version=v4.5.2
FrameworkDisplayName
.NET Framework 4.5.2
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
5Z(@I_!J-V=voO9(BKC^ae\,bo/+umbWT8Zl-3rbHe@I{J?RcW\\l#
5"/fG_O3)X\+8=MPd0T@uzJ466%+f$V#Y:tMI-|$5u($E<iO6\+dq-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
XZCADEEW22
FileVersion
1.0.0.0
InternalName
XZCADEEW22.exe
LegalCopyright
Copyright
2025
LegalTrademarks
OriginalFilename
XZCADEEW22.exe
ProductName
XZCADEEW22
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.AgentTesla.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Generic
Skyhigh BehavesLike.Win32.Generic.lh
ALYac Trojan.GenericKD.76307251
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:MSIL/MalwareX.bc225940
K7GW Trojan-Downloader ( 005c66171 )
K7AntiVirus Trojan-Downloader ( 005c66171 )
huorong Clean
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.RZB
APEX Malicious
Avast Win32:MalwareX-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.GenericKD.76307251
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.76307251
Tencent Msil.Trojan-Downloader.Ader.Rwhl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Agent.vmumb
DrWeb Clean
VIPRE Clean
TrendMicro TrojanSpy.Win32.NEGASTEAL.YXFD3Z
McAfeeD Real Protect-LS!C2A63D95746F
Trapmine malicious.moderate.ml.score
CTX exe.trojan.msil
Emsisoft Trojan.GenericKD.76307251 (B)
Ikarus Packed.Win32.Crypt
GData Trojan.GenericKD.76307251
Jiangmin Clean
Webroot Clean
Varist W32/MSIL_Troj.C.gen!Eldorado
Avira TR/Dldr.Agent.vmumb
Antiy-AVL Trojan/Win32.Agent
Kingsoft malware.kb.c.994
Gridinsoft Trojan.Win32.AgentTesla.tr
Xcitium Clean
Arcabit Trojan.Generic.D48C5B33
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!C2A63D95746F
TACHYON Clean
VBA32 CIL.HeapOverride.Heur
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9Z
Rising Downloader.Agent!8.B23 (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Agent.RZB!tr.dldr
AVG Win32:MalwareX-gen [Drp]
DeepInstinct MALICIOUS
alibabacloud Trojan[dropper]:MSIL/Wacatac.B9nj
No IRMA results available.