Cuckoo Sandbox

PE Compile Time

2024-12-11 11:16:17

PDB Path

c:\Users\Administrator\AppData\Local\Temp\otkuihel.pdb

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x000054a4	0x00005600	5.49471756797
.rsrc	0x00008000	0x000004e0	0x00000600	3.70869128996
.reloc	0x0000a000	0x0000000c	0x00000200	0.0815394123432

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x000080a0	0x0000024c	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x000082f0	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
W_F3#Sij
W_F3#Sij
v4.0.30319
#Strings
<Module>
otkuihel.dll
fbaofhgF
NQfInzukpmlq
OtXkWyVa
ATYPZYpb
jfOFSCEF
JcnGeguy
cvuWHDPu
oVkpnAZJ
UikJefya
Program
pgGEjJbm
XPafXzVk
opAKMuTk
VvGMwgdt
wWMSbubE
zHxztSZd
krJWCnod
qctuHvbB
mscorlib
System
Object
iRqtXyUY
pAIRtofN
BHpKuVUT
EMiVzqDh
mfgFANJV
jGZuLpCm
OPyRbIZM
hxfKyGNs
PItHaOqU
pwDJVCdu
COwLuHCQ
IhldPJeb
HrNSHjLC
tpGMhGjk
rpcgiRwD
daJtVFip
VHYYqWcX
NSSxvMwt
DwOScTTw
oQwfKSrj
BLkMqsED
aBbbgfuE
SLkFkASm
jbeLBEDG
BxydSvxa
drQRbpqC
HUojViEh
POvuTgfk
lBRKViyp
sfzfRvCc
fZcdOtuB
ckyHLIox
rLZtQQkA
kkyfRxrC
dwxXuEty
LhkCMnFy
QOYWGgnJ
lxQVdNKR
iHLhtfgg
WfHNipLs
DNZfJsUE
XSGYOiAd
NKZcjVRv
AWzbfxTn
TXYbJqdk
jwqRVcCr
jQupIclu
oDhkBrcD
xfKhhUvo
MGQxpDFD
kftMfxqB
KUeXXjZB
LPchBsdd
tSLxCZcV
RfccwQHn
gOTdXirV
rRupPJoT
fPLasLfH
HwUjOKtw
kmKhGLFT
oScLRwsI
RuGeVEej
RDdaufCB
QxLAmIkz
GgmLfjVFZseod
oMjZvBh
System.Drawing
Bitmap
ConvertFromBmp
fePSXTTEJJHclyls
FindResource
SizeofResource
LoadResource
LockResource
Byte2Image
iHshgGlq
xejhxWeZ
AqSaKlYK
WryLadbC
WsWgywbO
CWsBeqrk
DtHNHdCT
XtTErJka
kWtLldOj
PnXMCPFi
IIoAEITh
FhWMcmnd
vWVMqzKV
lxSJFcHk
kuALqOSr
juRSnmwe
PTSTMvgK
eqUHCOGR
bGCVenLR
kYvlSOrD
sHhnrVoI
VPgGtafK
vphbIgmz
gScTVzCe
pdtPZIAe
bTvDXPFL
kwivWvVF
hhgQpFuW
FjHorEoZ
xqwJPeUG
DQBVPKFI
SkxIXdCa
RpybXvYf
nZLWpypN
YgWcARnH
eHkoxdVs
QlOwhNKI
EdlJeDyk
cplvQFHi
hvruzdWO
xsvtTLFj
bSkDaGKY
solgmhiK
vSQhZyFS
xuQNxsOG
kZyTATWV
izqabInL
fUuLfhzF
ZXkGrebN
PvajlKUj
NTOWyDQD
pVJBVLhB
nKviAMMw
FDDCCtor
nzTeVeDS
YyGRSEgK
LPKeqYQX
vOhApLmW
QuwPIuiN
bKzJVLMB
trxjSEKg
vqTwobsk
lhQSQLDK
bcanlvPW
hModule
lpName
lpType
hResInfo
hResData
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
otkuihel
Console
WriteLine
Ceiling
Random
ReadLine
IEEERemainder
Double
ToString
Exception
get_Message
Environment
System.IO
ReadAllBytes
MidpointRounding
ConsoleKeyInfo
ReadKey
Nullable`1
get_HasValue
GetValueOrDefault
Truncate
System.Text
Encoding
get_Unicode
GetBytes
get_Width
GetPixel
ToArgb
BitConverter
Buffer
BlockCopy
ToInt32
System.Reflection
Assembly
MethodInfo
get_EntryPoint
String
MethodBase
Invoke
System.Runtime.InteropServices
DllImportAttribute
kernel32.dll
MemoryStream
Stream
IDisposable
Dispose
IntPtr
Convert
Marshal
System.Threading
ThreadStart
Thread
.cctor
WrapNonExceptionThrows
c:\Users\Administrator\AppData\Local\Temp\otkuihel.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
FSTzeSlM
DbsGQHuo
QRvkYrZk
qhVBvPXY
zyUFeBRT
JtQzMhFn
iIPFDwBk
vVlCHhso
vACjyAha
hevsJFjA
WqXjsjps
kXHEIUPS
mTdslNnk
gTzDRqXG
KIbuvRDT
iJQHfuGR
rCKQbOOv
lQheBGPa
nosavQbv
tWnxEqVr
mRvzSlGy
xVYrRJMs
AjFMOWSb
eydOwVgp
IAUfOOLA
jKPSliFF
zgIPhSyI
djogDaNa
uBIjWpOo
gUmRVPfV
ammOMnsT
DFPaYvHe
UFCLvflg
UcgLyIEj
kUcBWHmX
UJUXzkmm
zlAHZvBa
bApgDrdT
OdupEvny
BOTOUurE
jUgzfiXi
fFUJkscJ
kPyCqzcF
pgQjiKEw
ktonjrHe
dwMHLEHK
QorJsrSn
MCiuQtPl
wDLmMxIc
tgvJgyTK
zQOyLMhc
CiRrLOwz
vRcsBauT
gNhstQLu
upXBvIHd
nxKPXhFs
cHpIFSEh
pXKQHVMw
VIIgdQvx
uaCCbgif
WTsMkVnp
qfFATBwU
dOMmzgke
nvGBpzND
pGxyPaGs
PlQLdVsm
HyjVSqjg
KVXjWVkO
jdvgPQzX
bebgfPlI
pkJETkok
ilGVSDDw
FKLLnPLq
ElLcIoYf
GuwKILdY
ocEYYcRI
kRcHoTkE
rQTqQsAp
CqmqEZVC
YSbHmmLL
oCtZQowg
pvtFMlicEmdJ
METTlVcZ
FkcMXxRO
BdxSfpgk
wyfwrELU
SgMCZoSP
rOxqhfkT
BtREojdc
pGNLPfXn
LugnDKLf
UBNgfnst
VzKFXiRr
XRzPJoEE
nasyvPFc
zpNwFkFK
gJzPoSAs
HtCEHTNp
RpvAQoVu
pryxhCOb
HZnUpCqD
LqBiCwlU
MwMxWUNY
uQrksfBj
apLPyPLm
ZAjOhBTC
khdpMHTE
SsEZHrSR
KudOSuGf
GwhyMYov
VecQdwwU
xSLkJKAf
VnoPSTVy
JBKyXpNs
zuxWsAwx
UXBddLiM
NVylFtHY
ybESSMAW
HPKdRoAA
XXjImfxA
gZlIAojh
pmIItAik
xKxFkSOs
GJQbSeae
KTNcnQSe
PqfhmCdI
NjNDRtCa
IcLKtSER
GbXHBXMu
fVyfefrF
mJjTlNHp
kASNWIal
uttfeRIB
BdQYZUhS
zWjyPcbo
ckqjPrVy
ZjmhGVkP
wYHzKDNN
FnKlmknV
srPfblaZ
HPPnplZh
CCXBMITK
ARHjtAKk
BixpNruc
RMTqItda
vQyKMECi
eerlLYDG
zEMOtAMY
dVaONkbx
iAlQRRoW
QdNtGENN
irtPAXDx
VlImGXmd
MOKiGiAH
cIgrxitJ
cttOtXAS
xMdsMCrN
kgFBcVDQ
LDolXVbd
oDNQxufJ
uOfQNXSc
APeegyed
RbfFlIXH
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
otkuihel.dll
LegalCopyright
OriginalFilename
otkuihel.dll
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0

No antivirus signatures available.

IRMA	Signature
ESET Security (Windows)	a variant of MSIL/Kryptik.NLA trojan
Avast Core Security (Linux)	Win32:HacktoolX-gen [Trj]
C4S ClamAV (Linux)	Clean
F-Secure Antivirus (Linux)	Trojan.TR/Dropper.MSIL.Gen [Aquarius]
Windows Defender (Windows)	Trojan:MSIL/AgentTesla.VN!MTB
McAfee CLI scanner (Linux)	Packed-FIA
Forticlient (Linux)	Clean
Bitdefender Antivirus (Linux)	IL:Trojan.MSILZilla.8805
G Data Antivirus (Windows)	Virus: IL:Trojan.MSILZilla.8805 (Engine A)
Sophos Anti-Virus (Linux)	Troj/Reflekt-J
DrWeb Antivirus (Linux)	Trojan.PackedNET.11
Trend Micro SProtect (Linux)	Clean
ClamAV (Linux)	Clean
eScan Antivirus (Linux)	IL:Trojan.MSILZilla.8805(DB)
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	IL:Trojan.MSILZilla.8805 (B)

Browser recommendation

Static Analysis

PE Compile Time

PDB Path

PE Imphash

Sections

Resources

Imports

Browser recommendation

PE Compile Time

PDB Path

PE Imphash

Sections

Resources

Imports

Feedback