popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-16 02:42:48

PDB Path

c:\Users\Admin\Desktop\Hacking\디스코드 토큰 추출\Machos Stealer 2021\bin_copy\obj\Debug\TOKEN STEALER CREATOR.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001d54 0x00001e00 5.05186321464
.rsrc 0x00004000 0x00000510 0x00000600 3.86412401872
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000027c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00004320 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
<Module>
TOKEN STEALER CREATOR.exe
download
Resources
TOKEN_STEALER_CREATOR.Properties
Settings
mscorlib
System
Object
System.Configuration
ApplicationSettingsBase
RemoveEXE
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
Culture
defaultInstance
get_Default
Default
System.Runtime.Versioning
TargetFrameworkAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
TOKEN STEALER CREATOR
System.IO
Directory
DirectoryInfo
CreateDirectory
System.Net
WebClient
DownloadFile
IDisposable
Dispose
Exists
Process
set_EnableRaisingEvents
ProcessStartInfo
get_StartInfo
set_FileName
System.Threading
Thread
System.Windows.Forms
MessageBox
DialogResult
Application
get_ExecutablePath
String
Concat
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
ReferenceEquals
RuntimeTypeHandle
GetTypeFromHandle
Assembly
get_Assembly
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
.cctor
SettingsBase
Synchronized
System.Security
UnverifiableCodeAttribute
TOKEN_STEALER_CREATOR.Properties.Resources.resources
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.6.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
$340becfa-1688-4c32-aa49-30fdb4005e4b
1.0.0.0
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
c:\Users\Admin\Desktop\Hacking\
\Machos Stealer 2021\bin_copy\obj\Debug\TOKEN STEALER CREATOR.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
C:/temp
https://cdn.discordapp.com/attachments/790590543397781576/821075940146282537/Token_Stealer.bat
C:/temp/finalres.bat
https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer.vbs
C:/temp/finalres.vbs
https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer2.vbs
C:/temp/finalres2.vbs
https://github.com/Itroublve/Token-Browser-Password-Stealer-Creator/blob/master/AVOID%20ME/WebBrowserPassView.exe?raw=true
C:/temp/WebBrowserPassView.exe
https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/curl-ca-bundle.crt
C:/temp/curl-ca-bundle.crt
https://github.com/Itroublve/Token-Browser-Password-Stealer-Creator/blob/master/AVOID%20ME/curl.exe?raw=true
C:/temp/curl.exe
https://cdn.discordapp.com/attachments/790590543397781576/821075935608045620/sendhookfile.exe
C:/temp/filed.exe
An error occured while syncing to our servers. Please try again later!
/C choice /C Y /N /D Y /T 3 & Del "
cmd.exe
TOKEN_STEALER_CREATOR.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
TOKEN STEALER CREATOR.exe
LegalCopyright
OriginalFilename
TOKEN STEALER CREATOR.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Trojan.DownloaderNET.81
MicroWorld-eScan Gen:Variant.Agentus.62
FireEye Generic.mg.460c76892a939c1b
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
ALYac Gen:Variant.Agentus.62
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 0056ce1e1 )
BitDefender Gen:Variant.Agentus.62
K7GW Trojan-Downloader ( 0056ce1e1 )
Cybereason malicious.92a939
BitDefenderTheta Gen:NN.ZemsilF.34628.am0@amuO5vb
Cyren W32/Trojan.FRR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TotalDefense Clean
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Win.Packed.Razy-9634380-0
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanPSW:MSIL/Dcstl.c86daf85
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Downloader.Tiny!8.245 (CLOUD)
Ad-Aware Gen:Variant.Agentus.62
TACHYON Clean
Sophos Mal/Generic-R + Mal/Dloadr-CD
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Trojan.Stealer.Win32.7837
TrendMicro Trojan.MSIL.TOKENSTEALER.SMSNQ
McAfee-GW-Edition PWS-FCPR!460C76892A93
CMC Clean
Emsisoft Gen:Variant.Agentus.62 (B)
Ikarus Trojan-Downloader.MSIL.Tiny
GData MSIL.Trojan.TokenStealer.A
Jiangmin Clean
MaxSecure Trojan.Malware.121218.susgen
Avira HEUR/AGEN.1139324
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Agentus.62
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft PWS:MSIL/Dcstl.GD!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Tiny.C4199475
Acronis Clean
McAfee PWS-FCPR!460C76892A93
MAX malware (ai score=86)
VBA32 Trojan.MSIL.gen.11
Malwarebytes Discord.Spyware.Stealer.DDS
Panda Trj/CI.A
Zoner Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Tiny.ALU
TrendMicro-HouseCall Trojan.MSIL.TOKENSTEALER.SMSNQ
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Tiny.AQK!tr
Webroot Clean
AVG Win32:MalwareX-gen [Trj]
Paloalto Clean
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/TrojanSpy.Generic.HwMABWkA
No IRMA results available.