Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x0000458c	0x00004600	5.64215703261
.rsrc	0x00008000	0x000005e0	0x00000600	4.20269001389
.reloc	0x0000a000	0x0000000c	0x00000200	0.0815394123432

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x00008090	0x0000034e	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000083f0	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

v4.0.30319

#Strings

<>c__DisplayClass2_0

<SystemIORenamedEventHandlerg>b__0

<>o__0

<>p__0

<>c__DisplayClass2_1

<SystemIORenamedEventHandlerg>b__1

<>p__1

Func`1

IEnumerable`1

CallSite`1

kernel32

ToUInt32

ToInt32

85DB5EA0B4AA299B62FA66D9F45EFA29876848C2

<SystemIORenamedEventHandlerg>b__2

cbReserved2

lpReserved2

Func`3

ToInt64

isWow64

<>o__4

Func`4

__StaticArrayInitTypeSize=128

get_UTF8

SystemConfigurationSpecialSettingA

SystemDataCommonUnsafeNativeMethodsIErrorRecordsA

SystemNetTriStateB

SystemCollectionsSpecializedNameObjectCollectionBaseNameObjectEntryB

SystemDataCommonUnsafeNativeMethodsIDBInitializeInitializeD

get_NewtonsoftJsonJsonTextWriterDoWriteValueAsyncdH

SystemNetNetworkInformationIcmpVTypeH

get_NewtonsoftJsonBsonBsonObjectH

set_NewtonsoftJsonBsonBsonObjectH

SystemComponentModelUIntConverterL

System.IO

SystemSecurityAuthenticationSslProtocolsO

SystemNetHttpListenerRequestContextO

SystemNetWebSocketsWebSocketBaseReceiveStateP

SystemComponentModelIDataErrorInfoP

SystemIOCompressionIFileFormatWriterP

lSystemTextRegularExpressionsRegexPrefixP

NewtonsoftJsonJsonTextReaderParseUnquotedPropertyAsyncdQ

SystemComponentModelInstanceCreationEditorQ

SystemNetHttpRequestCreatorR

get_SystemMediaSystemSoundSafeNativeMethodsR

set_SystemMediaSystemSoundSafeNativeMethodsR

SystemNetSecurityTlsAlertMessageS

SystemSecurityCryptographyCAPIBaseCMSGCMSSIGNERINFOW

SystemComponentModelImmutableObjectAttributeW

SystemNetChainParametersW

SystemDiagnosticsBooleanSwitchX

SystemDataOleDbOleDbConnectionStringUDLY

MicrosoftCSharpCSharpMemberAttributeConverterZ

SystemDataCommonUnsafeNativeMethodsIErrorRecordsAa

SystemDataOleDbIDBInfoWrappera

SizeOfRawData

PointerToRawData

mscorlib

e_magic

System.Collections.Generic

SystemSecurityAuthenticationExtendedProtectionConfigurationExtendedProtectionPolicyElementc

dwThreadId

dwProcessId

hThread

SystemSecurityCryptographyAsnEncodedDatad

lpReserved

<NewtonsoftJsonBsonBsonObjectH>k__BackingField

Append

SystemNetDnsPermissiond

GetMethod

method

Replace

CreateInstance

exitCode

SizeOfImage

EndInvoke

BeginInvoke

RuntimeFieldHandle

RuntimeTypeHandle

GetTypeFromHandle

handle

lpTitle

hModule

procName

fileName

SystemNetHttpListenerRequestContextOtionName

lpApplicationName

lpCommandLine

ValueType

SecurityProtocolType

ExpressionType

flAllocationType

GetType

System.Core

Signature

MethodBase

ImageBase

Dispose

Create

MulticastDelegate

CallSite

DynamicAttribute

CompilerGeneratedAttribute

UnverifiableCodeAttribute

DebuggableAttribute

ComVisibleAttribute

AssemblyTitleAttribute

AssemblyTrademarkAttribute

TargetFrameworkAttribute

dwFillAttribute

AssemblyFileVersionAttribute

SecurityPermissionAttribute

AssemblyDescriptionAttribute

CompilationRelaxationsAttribute

ReliabilityContractAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

ParamArrayAttribute

AssemblyCompanyAttribute

RuntimeCompatibilityAttribute

SetValue

Fritterer.exe

dwXSize

dwYSize

dwSize

SizeOf

PrivateImplementationDetailsStaticArrayInitTypeSizef

SystemNetUnsafeNclNativeMethodsHttpApiHTTPKNOWNHEADERg

Encoding

System.Runtime.Versioning

FromBase64String

ToString

GetString

SystemDataDataExceptiong

SystemIORenamedEventHandlerg

SystemNetRtcStateh

SystemRuntimeInteropServicesWindowsRuntimeINotifyCollectionChangedEventArgsh

get_Length

SystemCollectionsGenericSortedSeti

SystemDiagnosticsPerformanceCounterCategoryi

SystemNetUnsafeNclNativeMethodsHttpApiTOKENBINDINGIDENTIFIERVk

AsyncCallback

callback

SystemXmlDataPointerk

AllocHGlobal

FreeHGlobal

Marshal

kernel32.dll

System

SystemComponentModelEventDescriptorm

Boolean

hToken

hNewToken

lpNumberOfBytesWritten

lpProcesNewtonsoftJsonSerializationSerializationErrorCallbackn

BinaryOperation

SecurityAction

action

System.Reflection

DllNotFoundException

EndOfStreamException

System.Runtime.ConstrainedExecution

MethodInfo

lpStartupInfo

CSharpArgumentInfo

PropertyInfo

BunifuFrameworkUIBunifuGaugep

lpDesktop

Microsoft.CSharp

SystemTextRegularExpressionsRegexInterpreterp

MicrosoftWinIInternetSecurityManagerq

MicrosoftSqlServerServerSmiTypedGetterSetterq

FileHeader

OptionalHeader

StringBuilder

Microsoft.CSharp.RuntimeBinder

CallSiteBinder

InstallManager

ServicePointManager

Fritterer

GetDelegateForFunctionPointer

hStdError

Activator

.cctor

IntPtr

System.Diagnostics

System.Runtime.InteropServices

System.Runtime.CompilerServices

DebuggingModes

bInheritHandles

lpThreadAttributes

lpProcessAttributes

dwCreationFlags

CSharpArgumentInfoFlags

CSharpBinderFlags

ContextFlags

dwFlags

System.Linq.Expressions

System.Security.Permissions

NumberOfSections

get_Chars

dwXCountChars

dwYCountChars

SizeOfHeaders

RuntimeHelpers

hProcess

GetProcAddress

lpBaseAddress

VirtualAddress

lpAddress

arguments

Object

object

flProtect

System.Net

SystemTextRegularExpressionsExclusiveReferencet

Target

op_Explicit

IAsyncResult

result

lpEnvironment

RemoveCurrent

AddressOfEntryPoint

SystemComponentModelNullableConvertert

Convert

get_Host

set_Host

hStdInput

hStdOutput

System.Text

pContext

NewtonsoftJsonJsonContainerAttributeu

e_lfanew

wShowWindow

InitializeArray

Consistency

LoadLibrary

FreeLibrary

lpCurrentDirectory

op_Equality

op_Inequality

System.Security

GetProperty

SystemDiagnosticsXmlWriterTraceListenerz

System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

SkipVerification

WrapNonExceptionThrows

Windows Cmd

Windows Command Line

Windows Corp.

5.14.22.1

.NETFramework,Version=v4.0

FrameworkDisplayName

.NET Framework 4

_CorExeMain

mscoree.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

SystemComponentModelBackgroundWorkerH

Expect100Continue

SecurityProtocol

UriFormatExceptionk

System.Net.WebClient, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

DownloadString

EUriFormatExceptionkzkWSi0vPVw/LW5DEAwsfz4jXwowBEs+HiIqVxJYRi41QCt0KSApBggfAmcTJjwKKiAcBhBlHR4rKQIiPkM4AzZlRycgPSIUE1g9ETYqPzMYCSFFO0EsPxFCCis=

rqDzNgpjsTW

EUriFormatExceptionk0MSAywKJhk+Lh4HKwMCPQ==

EUriFormatExceptionkB8WESwgBx8pEy8B

IUriFormatExceptionk0IOFhc/IgYmHB0EKHYsNARABgYwECQIJhcIFCYdTmk=

JUriFormatExceptionkDYSAywwHB8qDAUeJAwwOD5CPAk3IE9M

IUriFormatExceptionk0M8DC1VJiMqA2IZEwMvcw==

IUriFormatExceptionkSkKIixUE1g9EhULE3Y0IgRDJ04=

JUriFormatExceptionkBwoAyovJgIREREBEwNDJDUoDU4=

JUriFormatExceptionkEIOCiogJjsQOW4YKxw0NDMnPAc2ZDhE

JUriFormatExceptionkEN9SQANIiIpDAUnEAwwIj4nODc2ZUdBHiImVw==

IUriFormatExceptionkEMSShggGBMpAxEZIHZDOwM3PEcwFk9M

JUriFormatExceptionkEN9SQANIj4pDAUnEAwwIj4nODc2ZUdBHiImVw==

JUriFormatExceptionk0MSShggGBMpAxEZIHZDOwM3PEcwFk9M

JUriFormatExceptionkxwSACowQQYlEz8LKxM8JQ==

JUriFormatExceptionkh8WLCwKQQIQEg0CKxweHj0cJB8NZCABJkh6Wg==

@C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

Windows Command Line

CompanyName

FileDescription

Windows Cmd

FileVersion

5.14.22.1

InternalName

Fritterer.exe

LegalCopyright

Windows Corp.

LegalTrademarks

OriginalFilename

Fritterer.exe

ProductName

Windows Cmd

ProductVersion

5.14.22.1

Assembly Version

12.3.5.3

Antivirus	Signature
Bkav	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.45758996
FireEye	Generic.mg.f9193808726bf166
CAT-QuickHeal	TrojanDownloader.MSIL
McAfee	GenericRXNR-RC!F9193808726B
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.MSIL.Seraph.a!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 005781551 )
BitDefender	Trojan.GenericKD.45758996
K7GW	Trojan-Downloader ( 005781551 )
CrowdStrike	win/malicious_confidence_100% (W)
Baidu	Clean
Cyren	W32/Trojan.IXTR-1398
Symantec	ML.Attribute.HighConfidence
TotalDefense	Clean
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Wacatac-9835373-0
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba	TrojanDownloader:MSIL/Redline.eb27c4fe
NANO-Antivirus	Trojan.Win32.Seraph.imktgp
ViRobot	Clean
Tencent	Msil.Trojan-downloader.Seraph.Ecab
Ad-Aware	Trojan.GenericKD.45758996
Emsisoft	Trojan.GenericKD.45758996 (B)
Comodo	Clean
F-Secure	Trojan.TR/Dldr.Small.dcuyp
DrWeb	Trojan.DownloaderNET.121
Zillya	Downloader.Small.Win32.137452
TrendMicro	TROJ_GEN.R002C0DBK21
McAfee-GW-Edition	RDN/Generic Downloader.x
CMC	Clean
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.45758996
Jiangmin	Clean
MaxSecure	Trojan.Malware.74570710.susgen
Avira	TR/Dldr.Small.dcuyp
MAX	malware (ai score=83)
Antiy-AVL	Trojan[Downloader]/MSIL.Small
Kingsoft	Clean
Gridinsoft	Trojan.Win32.Downloader.sa
Arcabit	Trojan.Generic.D2BA3A14
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Microsoft	Trojan:MSIL/Redline.GC!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.C4342796
Acronis	Clean
BitDefenderTheta	Gen:NN.ZemsilF.34608.cm2@aeAT6bp
ALYac	Trojan.GenericKD.45758996
TACHYON	Clean
VBA32	Clean
Malwarebytes	Spyware.RedLineStealer
Panda	Trj/GdSda.A
Zoner	Clean
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.CKP
TrendMicro-HouseCall	TROJ_GEN.R002C0DBK21
Rising	Downloader.Small!8.B41 (CLOUD)
Yandex	Trojan.DL.Small!JM1SFpc2wts
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	MSIL/Small.CKP!tr.dldr
Webroot	Clean
AVG	Win32:RATX-gen [Trj]
Avast	Win32:RATX-gen [Trj]
Qihoo-360	Win32/TrojanSpy.Azorult.HgIASPYA

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports