popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-02-07 20:57:02

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x001ec134 0x001ec200 2.5700385985
.rsrc 0x001f0000 0x0000bca8 0x0000be00 3.43170441533
.reloc 0x001fc000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x001fb420 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x001fb888 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x001fb8f0 0x000003b4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
ToInt32
<Module>
System.IO
mscorlib
Microsoft.VisualBasic
TrimEnd
CompareMethod
Replace
set_WindowStyle
ProcessWindowStyle
set_FileName
set_UseShellExecute
WriteByte
ToByte
GetObjectValue
LateBinding
ToString
get_Length
MemoryStream
System
FormCollection
get_StartInfo
ProcessStartInfo
.cctor
System.Diagnostics
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Strings
System.Windows.Forms
Conversions
get_Chars
RuntimeHelpers
Process
set_Arguments
Format
Object
LateGet
WaitForExit
TrimStart
Convert
set_CreateNoWindow
ToArray
_CorExeMain
mscoree.dll
DIDATx^
_G/ ]LNG
CN"c-~
D`LT$-
ChLT$+
3bXBkLRX
{itV !X
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
180105000000Z
191231120000Z0d1
Virginia1
Fairfax1
Invincea, Inc.1
Invincea, Inc.0
(http://crl3.digicert.com/ha-cs-2011a.crl0.
(http://crl4.digicert.com/ha-cs-2011a.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0P
Dhttp://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415194533Z
210415195533Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
141022000000Z
241022000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iW!]4/q
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
110211120000Z
260210120000Z0s1
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
}@f&3/DU
z2 >l&
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
191217003542Z0#
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA0
171220000000Z
210313120000Z0d1
Virginia1
Fairfax1
Invincea, Inc.1
Invincea, Inc.0
*http://crl3.digicert.com/sha2-ha-cs-g1.crl00
*http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0R
Fhttp://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
$e7O7>j
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415194533Z
210415195533Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
131022120000Z
281022120000Z0v1
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA0
232dus(&
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA
20191217003553Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
191001000000Z
301017000000Z0L1
DigiCert, Inc.1$0"
TIMESTAMP-SHA256-2019-10-150
gz8wT@
https://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
J/nz<cn7
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
191217003553Z0+
1e"b R
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
180105000000Z
191231120000Z0d1
Virginia1
Fairfax1
Invincea, Inc.1
Invincea, Inc.0
(http://crl3.digicert.com/ha-cs-2011a.crl0.
(http://crl4.digicert.com/ha-cs-2011a.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0P
Dhttp://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415194533Z
210415195533Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
141022000000Z
241022000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iW!]4/q
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
110211120000Z
260210120000Z0s1
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
}@f&3/DU
z2 >l&
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
191217003542Z0#
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA0
171220000000Z
210313120000Z0d1
Virginia1
Fairfax1
Invincea, Inc.1
Invincea, Inc.0
*http://crl3.digicert.com/sha2-ha-cs-g1.crl00
*http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
https://www.digicert.com/CPS0
http://ocsp.digicert.com0R
Fhttp://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
$e7O7>j
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415194533Z
210415195533Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
131022120000Z
281022120000Z0v1
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA0
232dus(&
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com1503
,DigiCert SHA2 High Assurance Code Signing CA
20191217003553Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
191001000000Z
301017000000Z0L1
DigiCert, Inc.1$0"
TIMESTAMP-SHA256-2019-10-150
gz8wT@
https://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
J/nz<cn7
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
191217003553Z0+
1e"b R
0123456789
/-NYBeo,GR
,,xR/x-BBx/xYx/x/x/xBx/x/x/xNeexNeex/x/x-GBx/x/x/x/x/x/x/xoBx/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x-NGx/x/x/x-BxY-x-Gox-Bx/x-G/xRxN/exYYx-GBx-x,oxN/exYYxGBx-/Bx-/ex--exYNx--Nx--Bx---x-/Yx--BxR,x-/RxYNxRRxR,x--/x--/x---x--oxYNxRGx-/-xYNx--Bx--,x--/xYNx-/ex--/xYNxoGx,RxGYxYNx-/Rx---x-//x-/-xBox-Yx-Yx-/xYox/x/x/x/x/x/x/xG/xoRx/x/x,ox-xYx/x-B-xN-YxY-xRox/x/x/x/x/x/x/x/xNNBx/xYBx/x--x-xG/x/x/xRBxBx/x/xox/x/x/x/x/x/x,Gx-NexBx/x/xYNx/x/x/x-NGxBx/x/x/x/x-ox/xYNx/x/x/xNx/x/xBx/x/x/x/x/x/x/xBx/x/x/x/x/x/x/x/x-RNxBx/x/xNx/x/x/x/x/x/xNx/xoBx-YYx/x/x-ox/x/x-ox/x/x/x/x-ox/x/x-ox/x/x/x/x/x/x-ox/x/x/x/x/x/x/x/x/x/x/xNBBx-NBxBx/xG,x/x/x/x/x-NGxBx/xGBxYx/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x-o/xBx/x-Nx/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/xYNx/x/xGx/x/x/x/x/x/x/x/x/x/x/xGxYNx/x/x,Nx/x/x/x/x/x/x/x/x/x/x/xBox--ox-/-x-N/x--ox/x/x/xGBxRYxBx/x/xYNx/x/x/xRBxBx/x/xNx/x/x/x/x/x/x/x/x/x/x/x/x/x/xYNx/x/xRoxBox--Bx--ex--BxRRx/x/x/xGBxYx/x/x/x
cmd.exe
1000
/c timeout {0}
GetType
A^^embly
555555555555555555555555555555555555555555555555555555555555555555555555555555555555Load
En^ryP-int
^nv-ke
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Visual Studio Web Protocol Handler
FileVersion
16.0.30107.105 built by: D16.6
InternalName
VSWebHandler.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
VSWebHandler.exe
ProductName
Microsoft
Visual Studio
ProductVersion
16.0.30107.105
VarFileInfo
Translation
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.36316157
FireEye Generic.mg.602c4fc857abdc65
CAT-QuickHeal Trojanpws.Msil
McAfee PWS-FCWL!602C4FC857AB
Cylance Unsafe
Zillya Trojan.Tepfer.Win32.94538
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Trojan.GenericKD.36316157
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren W32/Trojan.KQRJ-5403
Symantec ML.Attribute.HighConfidence
TotalDefense Clean
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Tepfer.gen
Alibaba TrojanPSW:MSIL/Tepfer.b5dcdd7f
NANO-Antivirus Trojan.Win32.Tepfer.ilofam
ViRobot Clean
AegisLab Trojan.MSIL.Tepfer.i!c
Rising Clean
Ad-Aware Trojan.GenericKD.36316157
Emsisoft Trojan.GenericKD.36316157 (B)
Comodo Clean
F-Secure Trojan.TR/AD.PredatorThief.YI
DrWeb Trojan.Carberp.2692
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0WBA21
McAfee-GW-Edition PWS-FCWL!602C4FC857AB
CMC Clean
Sophos Mal/Generic-S
Ikarus Trojan.SuspectCRC
GData Trojan.GenericKD.36316157
Jiangmin Clean
MaxSecure Trojan.Malware.73710626.susgen
Avira TR/AD.PredatorThief.YI
MAX malware (ai score=80)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D22A23FD
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Tepfer.gen
Microsoft Trojan:MSIL/FormBook.PA!MTB
Cynet Malicious (score: 85)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34608.ao3@aW1MByai
ALYac Trojan.GenericKD.36316157
TACHYON Clean
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/CI.A
Zoner Clean
ESET-NOD32 a variant of Generik.DEFRWNK
TrendMicro-HouseCall TROJ_GEN.R002C0WBA21
Tencent Win32.Trojan.Falsesign.Wklw
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Fortinet PossibleThreat
Webroot Clean
AVG Win32:PWSX-gen [Trj]
Paloalto generic.ml
Qihoo-360 Win32/Backdoor.Predator.HgIASOkA
No IRMA results available.