Suspicious
Suspect

03c152e5f7f29695652df6cbefbcbe06

PE Executable
|
MD5: 03c152e5f7f29695652df6cbefbcbe06
|
Size: 1.05 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
03c152e5f7f29695652df6cbefbcbe06
Sha1
0eaa9ccf44b8412475905746ac4593c11afb8eeb
Sha256
2a59b5935e01dd4cd79ae401fdb666cf096ea8e793b6fea73c7602471e961f04
Sha384
fb326c1c415f75d6fe982bf6afbb40a1943833fa335259036b680fa5e269ad8b2ddb87657feb09f763bc35f44db6c071
Sha512
51880618b370e816520b2e0a62de889ce2b87d1c99761a2a367bd76058871c52dcaa6d25df283fe789033c4ccce5ba9d98d759dd48c1edc6efb247ca2c87065f
SSDeep
24576:O8M/hHb9mc2em5JJ5vyZVyDwrxVVLOa3cRzdM:3EhHbZ2em5P5aZVyDowa3Od
TLSH
EF253365B20C1884F54FAA78E67F90CB07ADD23499C98E0156D27B1AAC1630FCD17F6B

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
03c152e5f7f29695652df6cbefbcbe06
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Jtlnuzydwz.Properties.Resources.resources
Yyoemg
Informations
Name
 Value
Module Name

Pago Slip.exe
Full Name

Pago Slip.exe
EntryPoint

System.Void Jtlnuzydwz.Configuration.ConfigTemplate::ConfigureEditableConfig()
Scope Name

Pago Slip.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pago Slip
Assembly Version

1.0.2983.771
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

6
Main Method

System.Void Jtlnuzydwz.Configuration.ConfigTemplate::ConfigureEditableConfig()
Main IL Instruction Count

31
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0054: ldsfld Jtlnuzydwz.Configuration.ConfigTemplate/<>c Jtlnuzydwz.Configuration.ConfigTemplate/<>c::_SimpleResponder ldsfld System.Action`1<System.IO.MemoryStream> Jtlnuzydwz.Configuration.ConfigTemplate/<>c::m_FactoryConfig dup <null> brtrue IL_006A: call System.Void Jtlnuzydwz.Configuration.ConfigTemplate::ConfigureHiddenConfig(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 0 ldsfld <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379} <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379}::m_acd9189d281a486680da17949e0ca96b ldfld System.Int32 <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379}::m_66236432e0c54764b7482a9f9b87314f brtrue IL_0012: switch(IL_0054,IL_0028,IL_0053) pop <null> ldc.i4 0 br IL_0012: switch(IL_0054,IL_0028,IL_0053) ret <null> ldsfld Jtlnuzydwz.Configuration.ConfigTemplate/<>c Jtlnuzydwz.Configuration.ConfigTemplate/<>c::_SimpleResponder ldftn System.Void Jtlnuzydwz.Configuration.ConfigTemplate/<>c::ConfigureVirtualConfig(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Jtlnuzydwz.Configuration.ConfigTemplate/<>c::m_FactoryConfig call System.Void Jtlnuzydwz.Configuration.ConfigTemplate::ConfigureHiddenConfig(System.Action`1<System.IO.MemoryStream>) ldc.i4 1 ldsfld <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379} <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379}::m_acd9189d281a486680da17949e0ca96b ldfld System.Int32 <Module>{b6991a05-02d9-4d2f-88ba-195681e2f379}::m_92b05e17473e44bea23a0f6cdba34053 brtrue IL_0012: switch(IL_0054,IL_0028,IL_0053) pop <null> ldc.i4 2 br IL_0012: switch(IL_0054,IL_0028,IL_0053)
03c152e5f7f29695652df6cbefbcbe06 (1.05 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙