popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-03-20 05:38:29

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00001914 0x00001a00 5.09628564217
.rsrc 0x00004000 0x00000520 0x00000600 3.8902269965
.reloc 0x00006000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x0000028c LANG_NEUTRAL SUBLANG_NEUTRAL PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x00004330 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
DIqMUyT98Untp5QhexOCjQdS.exe
BundleV2
Bundle_V2
Payload
mscorlib
System
Object
System.Collections.Generic
List`1
payloads
runcount
fnGetFriendlyName
RegisterInStartup
Random
random
RandomString
length
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DIqMUyT98Untp5QhexOCjQdS
<>c__DisplayClass5
fileurl
<Main>b__1
<>c__DisplayClass8
payload
<Main>b__2
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate3
CompilerGeneratedAttribute
Environment
SpecialFolder
GetFolderPath
String
Concat
System.Net
WebClient
DownloadString
DownloadData
System.IO
WriteAllBytes
System.Diagnostics
Process
WebHeaderCollection
get_Headers
get_UserName
get_MachineName
System.Collections.Specialized
NameValueCollection
Thread
Contains
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
System.Management
ManagementObject
<fnGetFriendlyName>b__a
Func`2
CS$<>9__CachedAnonymousMethodDelegateb
ManagementBaseObject
GetPropertyValue
ManagementObjectSearcher
ManagementObjectCollection
System.Core
System.Linq
Enumerable
IEnumerable`1
System.Collections
IEnumerable
OfType
Select
FirstOrDefault
ToString
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
<RandomString>b__c
CS$<>9__CachedAnonymousMethodDelegated
get_Length
get_Chars
Repeat
ToArray
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/mH2EJxkv
user-agent
referer
https://iplogger.org/1ixtu7
https://iplogger.org/1lA5k
Caption
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://103.124.106.203/cof4/inst.exe,http://aretywer.xyz/Corepad092.exe,http://jg3.3uag.pw/download.exe,https://msiamericas.com/wp-cache-data/msiamericas.exe,http://188.93.233.223/proxy1.exe,http://d0wnl0ads.online/chashepro2.exe,www.yzxjgr.com/askhelp28/askinstall28.exe,https://www.investinae.com/include/HWWKFile.exe,http://mytoolsprivacy.site/downloads/privacytools3.exe,http://file.ekkggr3.com/iuww/jvppp.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
DIqMUyT98Untp5QhexOCjQdS.exe
LegalCopyright
OriginalFilename
DIqMUyT98Untp5QhexOCjQdS.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
DrWeb Clean
ClamAV Clean
FireEye Generic.mg.e038387f7b4b7880
CAT-QuickHeal Clean
McAfee RDN/Generic PWS.y
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZemsilF.34628.am0@a8m3ncb
Cyren Clean
TotalDefense Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba Trojan:MSIL/Generic.395b5dc9
NANO-Antivirus Clean
ViRobot Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Trojan.IPLogger!1.B69D (CLOUD)
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
CMC Clean
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
GData Win32.Trojan.Ilgergop.0K2YXQ
Jiangmin Clean
MaxSecure Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
AegisLab Trojan.MSIL.Stealer.l!c
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Trojan.Downloader
Panda Clean
Zoner Clean
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.CLF
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Unsafe.AI_Score_64%
Fortinet Clean
Webroot Clean
AVG FileRepMalware
Cybereason malicious.705fe0
Avast FileRepMalware
Qihoo-360 Clean
No IRMA results available.