Static Analysis

PE Compile Time

2010-12-09 20:58:13

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00000e64 0x00001000 5.25026153992
.rsrc 0x00004000 0x000004c8 0x00000600 3.67411370624
.reloc 0x00006000 0x0000000c 0x00000200 6.61741341799

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000040a0 0x00000234 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000042d8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!It's .NET EXE$@
`.rsrc
@.reloc
v2.19@.
v4.0.30319
#Strings
<Module>
win.exe
mpress
mscorlib
System
Object
System.Reflection
Assembly
System.Runtime.InteropServices
OutAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.IO
FileStream
FileMode
FileAccess
FileShare
Stream
get_Length
SeekOrigin
BinaryReader
ReadInt32
ReadUInt32
ReadUInt16
STAThreadAttribute
System.Windows.Forms
Application
get_ExecutablePath
MessageBox
DialogResult
MethodInfo
get_EntryPoint
MethodBase
ParameterInfo
GetParameters
Invoke
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
(aReader,
mscorli
b, Versi
on=4.0
u=@{~q
uFF[XF
a=wRC0\
.PwRQ$
A"fR@\
$'K?*+
@SiLXug
;`~Q7v
~7WT8u0
Tk?v|.
XyGu-V
4Q2MKN
3_-PsS3C0
]zR]S-
`/]Qlo
n+QwsV
2<1^Z#~Wi
c*$$j<
~?KB][&<uQ
Z:wpF>E
>}N^ i
w"RMw"
.Z~B(9
f)./)<'
lX/"+.fS
>d{\D)]
FCKH,g
B,C!=#!
z(e+eu
1J=Q_)k
Ue#RY2PR
3orklW)
Mg7TrtK
38wZ8w
mXcp~`
@{2[=~e
sa\0XyA
4%*PQM
5eMrOW
{v<O9]
rX&J&ORV
C \B!'\
hn|X|4
u~4|s3I
+2NZe*ye
.6b>^%v
@YLJdw
@Y|Hz/
3@Y<,}
J/'Hc=&
<:[0F2w
&K%fn7
bp{1?S
O"InKHM
phCQV
0V/\Bhc
2KeZg^&
$?Y.C&
Xq,?6=f`L
ES :JF
+3MCO1
npNZw7'1B
Q@bo1#
iZV^RAN
tN(v7#x
W(k8#F
JW"&3R
k\E%a*H
If-z0g
4j?Fyk
4k:W-9
WdMnv5x<
SliKY`u
KrTv4b7cJ\
m2K-8x
75J^;_
+Cr$y`
gukn}q
5z~6k=
E([7M$
'W67WF&
STAThr
A%`q%g
s/!s31s99s/Is]i
File is invalid.
MPRESS
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
win.exe
LegalCopyright
OriginalFilename
win.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:UnwantedX-gen [PUP]
C4S ClamAV (Linux) Clean
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Clean
Bitdefender Antivirus (Linux) IL:Trojan.MSILZilla.5023
G Data Antivirus (Windows) Virus: IL:Trojan.MSILZilla.5023 (Engine A)
WithSecure (Linux) Trojan.TR/Dropper.Gen
ESET Security (Windows) a variant of MSIL/Injector.VVX trojan
DrWeb Antivirus (Linux) Trojan.PWS.Stealer.32288
ClamAV (Linux) Clean
eScan Antivirus (Linux) IL:Trojan.MSILZilla.5023(DB)
Kaspersky Standard (Windows) Trojan-PSW.MSIL.Reline.ldt
Emsisoft Commandline Scanner (Windows) IL:Trojan.MSILZilla.5023 (B)
Cuckoo

We're processing your submission... This could take a few seconds.