Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 07110451ff56ab2eeb714ad37419da2b
|
| Sha1 | fb28528d0170ef32b796ac8763f528ef5c9f7843
|
| Sha256 | 4741946cb35138101e98fae2656734341f7d112f6a790b23cb94b61a6f322067
|
| Sha384 | bbd9c74d3555dc9989b480394e4774d5f491949015410e2561009d978e12c66c03c3d18d697cf5b410aa89c1a01efa9d
|
| Sha512 | db086f410253a2b280b46ad3e3600c13fbdff07fa1c534a23f4f4d2e00674752b527fb2f7d086b4df94ac6a07bf62e03617b22b839da16ae995d7dd7e4ce14f0
|
| SSDeep | 768:clFcGaQMlhhZHX1C8cum9Tj61QRS8Na8YyF2zJS+ST6nkh:WcZvTVcuoTLyQiJ/mH
|
| TLSH | 9FD3D7E97556C321F521F974F08A8CB87E2EADC7F451B4ED342672199A703E0438AE27
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Authenticode present at 0x1F400 size 11896 bytes |
| Module Name | Re-Booking20.exe |
| Full Name | Re-Booking20.exe |
| EntryPoint | System.Void Wmedx.EventManagement.PortableListener::ListenGeneralListener() |
| Scope Name | Re-Booking20.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Re-Booking20 |
| Assembly Version | 5.5.3.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 5 |
| Main Method | System.Void Wmedx.EventManagement.PortableListener::ListenGeneralListener() |
| Main IL Instruction Count | 44 |
| Main IL | ldc.i4 1 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0024: ret ret <null> nop <null> newobj System.Void Wmedx.Reflection.AttributeMember::.ctor() ldstr PPL2nPeKxXgG/9dw/beaQQ== ldstr OPLPwAHTy6g= ldstr ghOsStKPMNnXGimPhT.f0LWlv1E7pa2HIGag8 ldstr zeSCTuGaW callvirt System.Void Wmedx.Reflection.AttributeMember::TestMember(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_19d74e962e5c44b98ef747afd7f7064f brtrue IL_0067: switch(IL_0075) pop <null> ldc.i4 0 br IL_0067: switch(IL_0075) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0075: leave IL_0024 leave IL_0024: ret pop <null> ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_eb0e9752e21d4f6e87a4de0725a9dac6 brtrue IL_009E: switch(IL_00AC) pop <null> ldc.i4 0 br IL_009E: switch(IL_00AC) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00AC: leave IL_0024 leave IL_0024: ret ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_105b1512cc1642beba4e1d9f31edcb2e brfalse IL_0012: switch(IL_0024,IL_0025) pop <null> ldc.i4 0 br IL_0012: switch(IL_0024,IL_0025) |
| Module Name | Re-Booking20.exe |
| Full Name | Re-Booking20.exe |
| EntryPoint | System.Void Wmedx.EventManagement.PortableListener::ListenGeneralListener() |
| Scope Name | Re-Booking20.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Re-Booking20 |
| Assembly Version | 5.5.3.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 5 |
| Main Method | System.Void Wmedx.EventManagement.PortableListener::ListenGeneralListener() |
| Main IL Instruction Count | 44 |
| Main IL | ldc.i4 1 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0024: ret ret <null> nop <null> newobj System.Void Wmedx.Reflection.AttributeMember::.ctor() ldstr PPL2nPeKxXgG/9dw/beaQQ== ldstr OPLPwAHTy6g= ldstr ghOsStKPMNnXGimPhT.f0LWlv1E7pa2HIGag8 ldstr zeSCTuGaW callvirt System.Void Wmedx.Reflection.AttributeMember::TestMember(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_19d74e962e5c44b98ef747afd7f7064f brtrue IL_0067: switch(IL_0075) pop <null> ldc.i4 0 br IL_0067: switch(IL_0075) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0075: leave IL_0024 leave IL_0024: ret pop <null> ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_eb0e9752e21d4f6e87a4de0725a9dac6 brtrue IL_009E: switch(IL_00AC) pop <null> ldc.i4 0 br IL_009E: switch(IL_00AC) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00AC: leave IL_0024 leave IL_0024: ret ldc.i4 0 ldsfld <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b} <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_36b8589480954b8fba12cde333361601 ldfld System.Int32 <Module>{afe4023d-2468-4bea-bf0f-0db620473c1b}::m_105b1512cc1642beba4e1d9f31edcb2e brfalse IL_0012: switch(IL_0024,IL_0025) pop <null> ldc.i4 0 br IL_0012: switch(IL_0024,IL_0025) |