Suspicious
Suspect

0116a60a83868d6d59c4c4c524f1acac

PE Executable
|
MD5: 0116a60a83868d6d59c4c4c524f1acac
|
Size: 894.98 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
0116a60a83868d6d59c4c4c524f1acac
Sha1
93c606d956f725995dbbaa959950ca61f75a4e12
Sha256
bde95bf84e2dd49468976cc4aacb13769539f3a414cde2ebece71743cd70bdeb
Sha384
78cb5c3577eff96a6be23e994ea02fcee0b45012fbdf5a4d194d98c26fa24644f864b863463ccabf6629563f737a0d06
Sha512
104d39349fa79067f91d54dc96db916936e810f76186cf354235c96acb532ebd18c46358c195893eaf6b337cabca981898f0f0b02d991f126242e6672c241b33
SSDeep
24576:v6ledcFCZ9FkYX0eBGWn5qq0BtjvZZgXjRZCHui9F8Pgbb:bCFqTke8Wn5qLbZKXjRkHu28P0b
TLSH
871533B3D3D525E8DB6087FA85BF890227A9B3400BC1D56FBE1A990E84F437C1A565C3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
0116a60a83868d6d59c4c4c524f1acac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Fuwsfniw.Properties.Resources.resources
Srbpcgmpo
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Rjaxsckdob.exe
Full Name

Rjaxsckdob.exe
EntryPoint

System.Void Fuwsfniw.Cryptography.EncryptorDefinition::EncodeRandomEncryptor()
Scope Name

Rjaxsckdob.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rjaxsckdob
Assembly Version

1.0.7434.14576
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Fuwsfniw.Cryptography.EncryptorDefinition::EncodeRandomEncryptor()
Main IL Instruction Count

33
Main IL

ldc.i4 1 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_006E: newobj System.Void Fuwsfniw.Structures.ResponsiveRecord::.ctor() newobj System.Void Rjaxsckdob.Conversion.ConverterMember::.ctor() ldloc.s V_1 call System.Void Rjaxsckdob.Conversion.ConverterMember::SetConverter(System.Byte[]) ldc.i4 3 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) newobj System.Void Fuwsfniw.IO.SelectorSynchronizer::.ctor() call System.Byte[] Fuwsfniw.IO.SelectorSynchronizer::LogPassiveWriter() stloc.s V_0 ldc.i4 0 ldsfld <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e} <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_2d408330e6964bb7a76f21b3d2966334 ldfld System.Int32 <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_849be85460314647a981eadd11079a8c brtrue IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) pop <null> ldc.i4 0 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) ret <null> newobj System.Void Fuwsfniw.Structures.ResponsiveRecord::.ctor() ldloc.s V_0 call System.Byte[] Fuwsfniw.Structures.ResponsiveRecord::RecordAutomatableRecord(System.Byte[]) stloc.s V_1 ldc.i4 2 ldsfld <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e} <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_2d408330e6964bb7a76f21b3d2966334 ldfld System.Int32 <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_447b184527f747ec9af3392543fc6c54 brfalse IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) pop <null> ldc.i4 1 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D)
Module Name

Rjaxsckdob.exe
Full Name

Rjaxsckdob.exe
EntryPoint

System.Void Fuwsfniw.Cryptography.EncryptorDefinition::EncodeRandomEncryptor()
Scope Name

Rjaxsckdob.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rjaxsckdob
Assembly Version

1.0.7434.14576
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Fuwsfniw.Cryptography.EncryptorDefinition::EncodeRandomEncryptor()
Main IL Instruction Count

33
Main IL

ldc.i4 1 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_006E: newobj System.Void Fuwsfniw.Structures.ResponsiveRecord::.ctor() newobj System.Void Rjaxsckdob.Conversion.ConverterMember::.ctor() ldloc.s V_1 call System.Void Rjaxsckdob.Conversion.ConverterMember::SetConverter(System.Byte[]) ldc.i4 3 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) newobj System.Void Fuwsfniw.IO.SelectorSynchronizer::.ctor() call System.Byte[] Fuwsfniw.IO.SelectorSynchronizer::LogPassiveWriter() stloc.s V_0 ldc.i4 0 ldsfld <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e} <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_2d408330e6964bb7a76f21b3d2966334 ldfld System.Int32 <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_849be85460314647a981eadd11079a8c brtrue IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) pop <null> ldc.i4 0 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) ret <null> newobj System.Void Fuwsfniw.Structures.ResponsiveRecord::.ctor() ldloc.s V_0 call System.Byte[] Fuwsfniw.Structures.ResponsiveRecord::RecordAutomatableRecord(System.Byte[]) stloc.s V_1 ldc.i4 2 ldsfld <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e} <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_2d408330e6964bb7a76f21b3d2966334 ldfld System.Int32 <Module>{7f6180a7-5ed9-4087-a0bb-677759e2d40e}::m_447b184527f747ec9af3392543fc6c54 brfalse IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D) pop <null> ldc.i4 1 br IL_0012: switch(IL_006E,IL_0042,IL_002C,IL_006D)
0116a60a83868d6d59c4c4c524f1acac (894.98 KB)
File Structure
0116a60a83868d6d59c4c4c524f1acac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Fuwsfniw.Properties.Resources.resources
Srbpcgmpo
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙