popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-20 05:35:09

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001914 0x00001a00 5.09646860604
.rsrc 0x00004000 0x00000520 0x00000600 3.8869951547
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000028c LANG_NEUTRAL SUBLANG_NEUTRAL PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x00004330 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
KG5pc5F7jZu3r0hr7kiig97u.exe
BundleV2
Bundle_V2
Payload
mscorlib
System
Object
System.Collections.Generic
List`1
payloads
runcount
fnGetFriendlyName
RegisterInStartup
Random
random
RandomString
length
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
KG5pc5F7jZu3r0hr7kiig97u
<>c__DisplayClass5
fileurl
<Main>b__1
<>c__DisplayClass8
payload
<Main>b__2
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate3
CompilerGeneratedAttribute
Environment
SpecialFolder
GetFolderPath
String
Concat
System.Net
WebClient
DownloadString
DownloadData
System.IO
WriteAllBytes
System.Diagnostics
Process
WebHeaderCollection
get_Headers
get_UserName
get_MachineName
System.Collections.Specialized
NameValueCollection
Thread
Contains
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
System.Management
ManagementObject
<fnGetFriendlyName>b__a
Func`2
CS$<>9__CachedAnonymousMethodDelegateb
ManagementBaseObject
GetPropertyValue
ManagementObjectSearcher
ManagementObjectCollection
System.Core
System.Linq
Enumerable
IEnumerable`1
System.Collections
IEnumerable
OfType
Select
FirstOrDefault
ToString
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
<RandomString>b__c
CS$<>9__CachedAnonymousMethodDelegated
get_Length
get_Chars
Repeat
ToArray
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/mH2EJxkv
user-agent
referer
https://iplogger.org/1ixtu7
https://iplogger.org/1lx5k
Caption
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://103.124.106.203/cof4/inst.exe,http://aretywer.xyz/Corepad092.exe,http://jg3.3uag.pw/download.exe,https://msiamericas.com/wp-cache-data/msiamericas.exe,http://188.93.233.223/proxy1.exe,http://d0wnl0ads.online/chashepro2.exe,www.yzxjgr.com/askhelp28/askinstall28.exe,https://www.investinae.com/include/HWWKFile.exe,http://mytoolsprivacy.site/downloads/privacytools3.exe,http://file.ekkggr3.com/iuww/jvppp.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
KG5pc5F7jZu3r0hr7kiig97u.exe
LegalCopyright
OriginalFilename
KG5pc5F7jZu3r0hr7kiig97u.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Trojan.Siggen12.47234
MicroWorld-eScan Trojan.GenericKD.36541954
FireEye Generic.mg.4c5c17827dee5404
CAT-QuickHeal Clean
Qihoo-360 Win32/TrojanSpy.Generic.HgIASRIA
ALYac Trojan.GenericKD.36541954
Cylance Unsafe
VIPRE Clean
AegisLab Trojan.MSIL.Stealer.l!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Trojan.GenericKD.36541954
K7GW Trojan-Downloader ( 005796b91 )
Cybereason malicious.fc73e6
BitDefenderTheta Gen:NN.ZemsilF.34628.am0@a0rZ!Hp
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.CLF
APEX Malicious
TotalDefense Clean
Avast Win32:DropperX-gen [Drp]
ClamAV Clean
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanSpy:MSIL/Stealer.972d11b7
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.IPLogger!1.B69D (CLOUD)
Ad-Aware Trojan.GenericKD.36541954
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition RDN/Generic PWS.y
CMC Clean
Emsisoft Trojan.GenericKD.36541954 (B)
Ikarus Trojan-Downloader.MSIL.Small
GData Trojan.GenericKD.36541954
Jiangmin Clean
Webroot Clean
Avira TR/Dldr.Small.zmiqq
MAX malware (ai score=88)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D22D9602
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Backdoor:Win32/Bladabindi!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic PWS.y
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Downloader
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_65%
Fortinet W32/Stealer.CLF!tr
AVG Win32:DropperX-gen [Drp]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Clean
No IRMA results available.