Suspicious
Suspect

058872f2250e2887d8386cbe902f7ef6

PE Executable
|
MD5: 058872f2250e2887d8386cbe902f7ef6
|
Size: 52.22 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
058872f2250e2887d8386cbe902f7ef6
Sha1
6d2706bc67cc1e4e3dbc7ad245effe4e324554d2
Sha256
9d4db0662294db86e04201bffc2f83227240e22b5605cce78949203f43b4ef76
Sha384
f793904e9f9ed113d9a578bee381f274807bfb8fa1b3d9b39a7e5c5777a630c57ec466feb0987c3fd1a0a89b3e76901f
Sha512
d31c10d4ab30c702e6c6053af8d15a4d97609c17f387549a49146b5164208811f7d60e740eb449e9b54d781fa8b3a2e6b49494538e6b21fb4658014eb83978aa
SSDeep
768:Ya7O2+k96M7YizYBFHirxHiSDe82agQ0ltq6+i/77udy6SeGChV/EZsC+XhbwkZI:/Of25zFgq3YLMi/O3G+/EZsZ5FrS
TLSH
7F33090BB68B89B1C354C77ACC9B51204FA4E7D2F6DFC74A398E235618137E9C90526B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
058872f2250e2887d8386cbe902f7ef6
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
             
Informations
Name
 Value
Module Name

Ulsfapzlq.exe
Full Name

Ulsfapzlq.exe
EntryPoint

System.Void Ulsfapzlq.Collectors.ModularReceiver::CollectRemoteReceiver()
Scope Name

Ulsfapzlq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ulsfapzlq
Assembly Version

1.0.2538.532
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Ulsfapzlq.Collectors.ModularReceiver::CollectRemoteReceiver()
Main IL Instruction Count

31
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0053: ret ldsfld System.Action`1<System.IO.MemoryStream> Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::m_SeparatedRecommender dup <null> brtrue IL_006A: call System.Void Ulsfapzlq.Collectors.ModularReceiver::PeekReceiver(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f} <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_83012cc0a080467fbc6f6ad373bc2648 ldfld System.Int32 <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_4fba651f990f49918f86df1c9315ac1e brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028) ret <null> ldsfld System.Object Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::_RegSender ldftn System.Void Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::StoreOperationalReg(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::m_SeparatedRecommender call System.Void Ulsfapzlq.Collectors.ModularReceiver::PeekReceiver(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f} <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_83012cc0a080467fbc6f6ad373bc2648 ldfld System.Int32 <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_c9273a4fec6e4b77b8e6243559a7db14 brfalse IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028)
Module Name

Ulsfapzlq.exe
Full Name

Ulsfapzlq.exe
EntryPoint

System.Void Ulsfapzlq.Collectors.ModularReceiver::CollectRemoteReceiver()
Scope Name

Ulsfapzlq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ulsfapzlq
Assembly Version

1.0.2538.532
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Ulsfapzlq.Collectors.ModularReceiver::CollectRemoteReceiver()
Main IL Instruction Count

31
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0053: ret ldsfld System.Action`1<System.IO.MemoryStream> Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::m_SeparatedRecommender dup <null> brtrue IL_006A: call System.Void Ulsfapzlq.Collectors.ModularReceiver::PeekReceiver(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f} <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_83012cc0a080467fbc6f6ad373bc2648 ldfld System.Int32 <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_4fba651f990f49918f86df1c9315ac1e brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028) ret <null> ldsfld System.Object Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::_RegSender ldftn System.Void Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::StoreOperationalReg(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Ulsfapzlq.Collectors.ModularReceiver/InterruptibleReg::m_SeparatedRecommender call System.Void Ulsfapzlq.Collectors.ModularReceiver::PeekReceiver(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f} <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_83012cc0a080467fbc6f6ad373bc2648 ldfld System.Int32 <Module>{36384bd1-6643-4dfd-8116-e184a3e6324f}::m_c9273a4fec6e4b77b8e6243559a7db14 brfalse IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028)
058872f2250e2887d8386cbe902f7ef6 (52.22 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙