popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-20 03:17:17

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001904 0x00001a00 5.08863731946
.rsrc 0x00004000 0x00000520 0x00000600 3.88732058317
.reloc 0x00006000 0x0000000c 0x00000200 0.0611628522412

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000028c LANG_NEUTRAL SUBLANG_NEUTRAL PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x00004330 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
cVI5v4hgahjKJBO4qaFks3SD.exe
BundleV2
Bundle_V2
Payload
mscorlib
System
Object
System.Collections.Generic
List`1
payloads
runcount
fnGetFriendlyName
RegisterInStartup
Random
random
RandomString
length
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
cVI5v4hgahjKJBO4qaFks3SD
<>c__DisplayClass5
fileurl
<Main>b__1
<>c__DisplayClass8
payload
<Main>b__2
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate3
CompilerGeneratedAttribute
Environment
SpecialFolder
GetFolderPath
String
Concat
System.Net
WebClient
DownloadString
DownloadData
System.IO
WriteAllBytes
System.Diagnostics
Process
WebHeaderCollection
get_Headers
get_UserName
get_MachineName
System.Collections.Specialized
NameValueCollection
Thread
Contains
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
System.Management
ManagementObject
<fnGetFriendlyName>b__a
Func`2
CS$<>9__CachedAnonymousMethodDelegateb
ManagementBaseObject
GetPropertyValue
ManagementObjectSearcher
ManagementObjectCollection
System.Core
System.Linq
Enumerable
IEnumerable`1
System.Collections
IEnumerable
OfType
Select
FirstOrDefault
ToString
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
<RandomString>b__c
CS$<>9__CachedAnonymousMethodDelegated
get_Length
get_Chars
Repeat
ToArray
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/mH2EJxkv
user-agent
referer
https://iplogger.org/1ixtu7
https://iplogger.org/1iPtu7
Caption
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://103.124.106.203/cof4/inst.exe,http://aretywer.xyz/Corepad092.exe,http://jg3.3uag.pw/download.exe,https://msiamericas.com/wp-cache-data/msiamericas.exe,http://188.93.233.223/proxy1.exe,http://d0wnl0ads.online/chashepro2.exe,http://www.yzxjgr.com/askhelp28/askinstall28.exe,https://www.investinae.com/include/HWWKFile.exe,http://mytoolsprivacy.site/downloads/privacytools3.exe,http://file.ekkggr3.com/iuww/jvppp.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
cVI5v4hgahjKJBO4qaFks3SD.exe
LegalCopyright
OriginalFilename
cVI5v4hgahjKJBO4qaFks3SD.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36540713
FireEye Generic.mg.2151c4b970eff007
CAT-QuickHeal Clean
Qihoo-360 Win32/TrojanSpy.Generic.HgIASRIA
McAfee Artemis!2151C4B970EF
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.36540713
K7GW Riskware ( 0040eff71 )
Cybereason malicious.fbee47
BitDefenderTheta Gen:NN.ZemsilF.34628.am0@aC18vXm
Cyren Clean
Symantec ML.Attribute.HighConfidence
TotalDefense Clean
Baidu Clean
APEX Malicious
Avast Win32:DropperX-gen [Drp]
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanSpy:MSIL/Stealer.23094ff5
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Trojan.IPLogger!1.B69D (CLOUD)
Ad-Aware Trojan.GenericKD.36540713
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.Siggen12.46475
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Trojan.GenericKD.36540713 (B)
Ikarus Trojan-Downloader.MSIL.Small
GData Trojan.GenericKD.36540713
Jiangmin Clean
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1137614
MAX malware (ai score=82)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D22D9129
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Backdoor:Win32/Bladabindi!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Trojan.GenericKD.36540713
TACHYON Clean
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.CLF
TrendMicro-HouseCall Clean
Tencent Msil.Trojan-spy.Stealer.Hoej
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_58%
Fortinet MSIL/Small.CLF!tr.dldr
AVG Win32:DropperX-gen [Drp]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Clean
No IRMA results available.