Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00004800	0x00004800	5.64910520956
.rsrc	0x00008000	0x000005bc	0x00000600	4.13637110997
.reloc	0x0000a000	0x0000000c	0x00000200	0.0815394123432

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x00008090	0x0000032a	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000083cc	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

v4.0.30319

#Strings

<>c__DisplayClass2_0

<SystemUnescapeModer>b__0

<>o__0

<>p__0

<>c__DisplayClass2_1

<SystemUnescapeModer>b__1

<>p__1

Func`1

IEnumerable`1

CallSite`1

kernel32

ToUInt32

ToInt32

<>p__2

cbReserved2

lpReserved2

Func`3

ToInt64

isWow64

Func`4

__StaticArrayInitTypeSize=226

FE11E3722805C72BC0137B3817E9B4977419FA88

get_UTF8

SystemNetNetworkInformationPingCompletedEventArgsA

SystemNetSocketsDisconnectExDelegateC

SystemCodeDomCodeSnippetCompileUnitC

SystemComponentModelDesignIDictionaryServiceE

SystemDiagnosticsThreadInfoE

SystemCollectionsGenericISetG

NewtonsoftJsonLinqJRawG

SystemNetFtpWebRequestCreatorL

System.IO

SystemCodeDomCompilerCompilerParametersS

SystemTextRegularExpressionsRegexCodeT

SystemSecurityCryptographyCAPIBaseCMSGCTRLVERIFYSIGNATUREEXPARAU

get_PrivateImplementationDetailsStaticArrayInitTypeSizeV

SystemComponentModelDesignIMenuCommandServiceW

SystemDataSqlClientSqlReturnValueX

SystemNetHttpProtocolUtilsX

SystemDataSqlClientSqlCachedStreamY

lpProcesNewtonsoftJsonSerializationJsonDictionaryContractY

SystemTextRegularExpressionsRegexCodeTa

SystemNetSafeCloseIcmpHandlea

SystemDataSqlTypesTypeFloatSchemaImporterExtensiona

SizeOfRawData

PointerToRawData

mscorlib

SystemIOCompressionCompressionLevelb

SystemDataSqlTypesINullablec

SystemRuntimeInteropServicesDefaultParameterValueAttributec

e_magic

System.Collections.Generic

SystemNetHttpRequestHeaderc

SystemUriTypeConverterc

dwThreadId

dwProcessId

hThread

lpReserved

Eunuchoid

<SystemNetNetworkInformationTcpTableClassn>k__BackingField

Append

GetMethod

method

SystemDiagnosticsPerformanceMonitorvasd

SystemNetHttpProcessingResultd

Replace

CreateInstance

exitCode

SizeOfImage

EndInvoke

BeginInvoke

RuntimeFieldHandle

RuntimeTypeHandle

GetTypeFromHandle

handle

lpTitle

hModule

procName

fileName

lpApplicationName

SystemDataSqlClientXmlDataFeedytionName

lpCommandLine

ValueType

SecurityProtocolType

ExpressionType

flAllocationType

GetType

System.Core

Signature

MethodBase

ImageBase

Dispose

Create

MulticastDelegate

DebuggerBrowsableState

CallSite

CompilerGeneratedAttribute

UnverifiableCodeAttribute

DebuggableAttribute

DebuggerBrowsableAttribute

ComVisibleAttribute

AssemblyTitleAttribute

AssemblyTrademarkAttribute

TargetFrameworkAttribute

dwFillAttribute

AssemblyFileVersionAttribute

SecurityPermissionAttribute

AssemblyDescriptionAttribute

CompilationRelaxationsAttribute

ReliabilityContractAttribute

AssemblyProductAttribute

AssemblyCopyrightAttribute

ParamArrayAttribute

AssemblyCompanyAttribute

RuntimeCompatibilityAttribute

SetValue

Eunuchoid.exe

dwXSize

dwYSize

dwSize

SizeOf

SystemNetUnsafeNclNativeMethodsWinHttpErrorCodesf

SystemNetNetworkInformationSystemIPInterfacePropertiesf

Encoding

System.Runtime.Versioning

FromBase64String

ToString

GetString

SystemComponentModelPropertyChangingEventHandlerh

get_Length

SystemNetUnsafeNclNativeMethodsHttpApiHeapAllocHandlei

SystemConfigurationSettingsProvideri

AsyncCallback

callback

AllocHGlobal

FreeHGlobal

Marshal

kernel32.dll

System

SystemComponentModelListBindableAttributem

SystemDiagnosticsAlphabeticalEnumConverterm

Boolean

hToken

hNewToken

lpNumberOfBytesWritten

BinaryOperation

SecurityAction

action

System.Reflection

DllNotFoundException

EndOfStreamException

System.Runtime.ConstrainedExecution

get_SystemNetNetworkInformationTcpTableClassn

set_SystemNetNetworkInformationTcpTableClassn

MethodInfo

lpStartupInfo

CSharpArgumentInfo

PropertyInfo

lpDesktop

Microsoft.CSharp

MicrosoftWinSystemEventsp

SystemCollectionsSpecializedNotifyCollectionChangedEventArgsq

FileHeader

OptionalHeader

StringBuilder

Microsoft.CSharp.RuntimeBinder

CallSiteBinder

SystemUnescapeModer

SystemSecurityCryptographyCAPIUnsafer

ServicePointManager

GetDelegateForFunctionPointer

hStdError

Activator

.cctor

IntPtr

System.Diagnostics

System.Runtime.InteropServices

System.Runtime.CompilerServices

DebuggingModes

bInheritHandles

lpThreadAttributes

lpProcessAttributes

dwCreationFlags

CSharpArgumentInfoFlags

CSharpBinderFlags

ContextFlags

dwFlags

System.Linq.Expressions

System.Security.Permissions

SystemNetWebPermissions

NumberOfSections

get_Chars

dwXCountChars

dwYCountChars

SizeOfHeaders

SystemNetAuthenticationManagers

get_MicrosoftWinSessionEndedEventHandlers

set_MicrosoftWinSessionEndedEventHandlers

RuntimeHelpers

hProcess

GetProcAddress

lpBaseAddress

VirtualAddress

lpAddress

SystemNetAuthenticationManagercDisplayClasss

arguments

Object

object

flProtect

System.Net

Target

op_Explicit

IAsyncResult

result

lpEnvironment

AddressOfEntryPoint

Convert

get_Host

set_Host

hStdInput

hStdOutput

System.Text

pContext

SystemDiagnosticsCodeAnalysisExcludeFromCodeCoverageAttributeu

SystemNetUnsafeNclNativeMethodsWinHttpWINHTTPAUTOPROXYOPTIONSv

SystemIOCompressionDeflateInputInputStatev

SystemDiagnosticsPerformanceMonitorv

e_lfanew

wShowWindow

InitializeArray

Consistency

SystemDataMappingTypey

LoadLibrary

FreeLibrary

lpCurrentDirectory

op_Equality

op_Inequality

System.Security

GetProperty

lSystemNetWebResponsez

SystemNetSecurityLocalCertificateSelectionCallbackz

System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

SkipVerification

WrapNonExceptionThrows

Ss Cmd

Ss Command Line

Ss Corp.

5.14.22.1

.NETFramework,Version=v4.0

FrameworkDisplayName

.NET Framework 4

_CorExeMain

mscoree.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

PrivateImplementationDetailsStaticArrayInitTypeSizeO

Expect100Continue

SecurityProtocol

NetSafeLoadLibraryc

PNetSafeLoadLibrarycXgOKAUDPwMoHmYYDAhXCjsTIzMGMj8YCiUzISgCJ0IHRgEYChgVNTcpPw4HRz8CCiFSYi0uKAIpNmcDJAggFgUTEUcALRkYOBxXPgUcOw49IiQHIQ0gYzgpEQc9RScYDR0wJAB2PwI0IhpHJnknYzg+PEUpITgOJgw3JS4AAko=

ONetSafeLoadLibrarycgxbYQMpEQE9IgEgDAMoIgMpCko=

CNetSafeLoadLibrarycQMwYgIMJEEoDGtFJQxWJS0qOwEGMjccCiY4JAItXA4AJmogDRMsYjsTWDg+LQE9DAMwJTUDBQ0AMgUBMhMoFAQDJxsHPQEECnlXBA==

hKbRaDiwduSt

CNetSafeLoadLibrarycXk0KwMpPwQpDxoBMgwaIQ==

CNetSafeLoadLibraryciUwOQMDHgI+MisH

ONetSafeLoadLibrarycXgoPjgcOxsxPRkCMXk0KAJ0BQIAMgUNCiYkITczVEo=

PROTECT

PNetSafeLoadLibrarycgw0KwMTBQI9LQEYPQMoJDh2Pw0HAm5J

ONetSafeLoadLibrarycXkaJAJ2Pz49ImYfCgw3bw==

ONetSafeLoadLibrarycxMsCgN3CkUqMxENCnksPgJ3JEo=

PNetSafeLoadLibraryciYOKwUMPx8GMBUHCgxbODMcDko=

PNetSafeLoadLibrarycngoIgUDPyYHGGoeMhMsKDUTPwMGRhlB

PNetSafeLoadLibrarycnlbYS8uOz8+LQEhCQMoPjgTOzMGR2ZEMhMKYg==

ONetSafeLoadLibrarycnk0YjcDAQ4+IhUfOXlbJwUDP0MANG5J

PNetSafeLoadLibrarycnlbYS8uOyM+LQEhCQMoPjgTOzMGR2ZEMhMKYg==

PNetSafeLoadLibrarycXk0YjcDAQ4+IhUfOXlbJwUDP0MANG5J

PNetSafeLoadLibrarycSY0KAUTWBsyMjsNMhwkOQ==

PNetSafeLoadLibrarycCUwBAMpWB8HMwkEMhMGAjsoJxs9RgEECnlWbw==

@C:\WindPROTECTows\MicrPROTECTosoft.NPROTECTET\FramPROTECTework\v4.0.30PROTECT319\AddInPPROTECTrocess32.exePROTECT

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

000004b0

Comments

Ss Command Line

CompanyName

FileDescription

Ss Cmd

FileVersion

5.14.22.1

InternalName

Eunuchoid.exe

LegalCopyright

Ss Corp.

LegalTrademarks

OriginalFilename

Eunuchoid.exe

ProductName

Ss Cmd

ProductVersion

5.14.22.1

Assembly Version

12.3.5.3

Antivirus	Signature
Bkav	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.839017
FireEye	Generic.mg.0e9b44989a362797
CAT-QuickHeal	Clean
McAfee	Artemis!0E9B44989A36
Cylance	Unsafe
Zillya	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 005781551 )
BitDefender	Gen:Variant.Razy.839017
K7GW	Trojan-Downloader ( 005781551 )
CrowdStrike	win/malicious_confidence_100% (W)
Baidu	Clean
Cyren	W32/MSIL_Troj.AIO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TotalDefense	Clean
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Clean
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba	Trojan:MSIL/Generic.96104047
NANO-Antivirus	Clean
ViRobot	Trojan.Win32.Z.Razy.32768.AJS
AegisLab	Trojan.MSIL.Stealer.l!c
Rising	Spyware.Stealer!8.3090 (CLOUD)
Ad-Aware	Gen:Variant.Razy.839017
Emsisoft	Gen:Variant.Razy.839017 (B)
Comodo	Clean
F-Secure	Heuristic.HEUR/AGEN.1141272
DrWeb	Trojan.PWS.Siggen2.62510
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Clean
McAfee-GW-Edition	Artemis!Trojan
CMC	Clean
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.MSIL.Small
GData	Gen:Variant.Razy.839017
MaxSecure	Clean
Avira	HEUR/AGEN.1141272
MAX	malware (ai score=85)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Trojan.Win32.Downloader.sa
Arcabit	Trojan.Razy.DCCD69
SUPERAntiSpyware	Clean
AhnLab-V3	Malware/Win32.RL_Generic.C4365930
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft	Trojan:Win32/Ymacco.AA5F
Cynet	Malicious (score: 100)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.CKP
Acronis	Clean
BitDefenderTheta	Gen:NN.ZemsilF.34608.cm2@ae8YMWe
ALYac	Gen:Variant.Razy.839017
TACHYON	Clean
VBA32	Clean
Malwarebytes	Spyware.RedLineStealer
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H0CC921
Tencent	Win32.Trojan.Inject.Auto
Yandex	Clean
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_86%
Fortinet	MSIL/Small.CKP!tr.dldr
Webroot	Clean
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.89a362
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Rat.HgIASQcA

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports