popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-20 05:32:50

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001914 0x00001a00 5.09651701268
.rsrc 0x00004000 0x00000520 0x00000600 3.89782996385
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000028c LANG_NEUTRAL SUBLANG_NEUTRAL PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x00004330 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
a8ojAHyWHoBa8hMZ3OIGGUW1.exe
BundleV2
Bundle_V2
Payload
mscorlib
System
Object
System.Collections.Generic
List`1
payloads
runcount
fnGetFriendlyName
RegisterInStartup
Random
random
RandomString
length
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
a8ojAHyWHoBa8hMZ3OIGGUW1
<>c__DisplayClass5
fileurl
<Main>b__1
<>c__DisplayClass8
payload
<Main>b__2
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate3
CompilerGeneratedAttribute
Environment
SpecialFolder
GetFolderPath
String
Concat
System.Net
WebClient
DownloadString
DownloadData
System.IO
WriteAllBytes
System.Diagnostics
Process
WebHeaderCollection
get_Headers
get_UserName
get_MachineName
System.Collections.Specialized
NameValueCollection
Thread
Contains
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
System.Management
ManagementObject
<fnGetFriendlyName>b__a
Func`2
CS$<>9__CachedAnonymousMethodDelegateb
ManagementBaseObject
GetPropertyValue
ManagementObjectSearcher
ManagementObjectCollection
System.Core
System.Linq
Enumerable
IEnumerable`1
System.Collections
IEnumerable
OfType
Select
FirstOrDefault
ToString
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
<RandomString>b__c
CS$<>9__CachedAnonymousMethodDelegated
get_Length
get_Chars
Repeat
ToArray
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/mH2EJxkv
user-agent
referer
https://iplogger.org/1ixtu7
https://iplogger.org/1lp5k
Caption
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://103.124.106.203/cof4/inst.exe,http://aretywer.xyz/Corepad092.exe,http://jg3.3uag.pw/download.exe,https://msiamericas.com/wp-cache-data/msiamericas.exe,http://188.93.233.223/proxy1.exe,http://d0wnl0ads.online/chashepro2.exe,www.yzxjgr.com/askhelp28/askinstall28.exe,https://www.investinae.com/include/HWWKFile.exe,http://mytoolsprivacy.site/downloads/privacytools3.exe,http://file.ekkggr3.com/iuww/jvppp.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
a8ojAHyWHoBa8hMZ3OIGGUW1.exe
LegalCopyright
OriginalFilename
a8ojAHyWHoBa8hMZ3OIGGUW1.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Trojan.Siggen12.47234
MicroWorld-eScan Trojan.GenericKD.36541837
FireEye Generic.mg.4f062d156ec2be43
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.36541837
Cylance Unsafe
Zillya Clean
SUPERAntiSpyware Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
Alibaba TrojanSpy:MSIL/Stealer.7dd40801
K7GW Trojan-Downloader ( 005796b91 )
Cybereason malicious.369223
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34628.am0@aKCURqp
Cyren Clean
Symantec ML.Attribute.HighConfidence
TotalDefense Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.GenericKD.36541837
NANO-Antivirus Clean
ViRobot Clean
Avast Win32:DropperX-gen [Drp]
Rising Trojan.IPLogger!1.B69D (CLOUD)
Ad-Aware Trojan.GenericKD.36541837
TACHYON Clean
Emsisoft Trojan.GenericKD.36541837 (B)
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition RDN/Generic PWS.y
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Clean
MaxSecure Clean
Avira TR/Dldr.Small.qtras
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Backdoor:Win32/Bladabindi!ml
AegisLab Trojan.MSIL.Stealer.l!c
ZoneAlarm Clean
GData Trojan.GenericKD.36541837
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic PWS.y
MAX malware (ai score=88)
VBA32 Clean
Malwarebytes Trojan.Downloader
Zoner Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.CLF
TrendMicro-HouseCall Clean
Tencent Msil.Trojan-spy.Stealer.Pdmk
Yandex Clean
Ikarus Trojan-Downloader.MSIL.Small
eGambit Clean
Fortinet MSIL/Small.CLF!tr.dldr
Webroot Clean
AVG Win32:DropperX-gen [Drp]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/TrojanDownloader.Small.HgIASRIA
No IRMA results available.