Suspicious
Suspect

0be8f0b62a7ede9474cb09588488c1e9

PE Executable
|
MD5: 0be8f0b62a7ede9474cb09588488c1e9
|
Size: 261.12 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
0be8f0b62a7ede9474cb09588488c1e9
Sha1
719681c521dbfd4b54bb4b6ef9839798811fcd21
Sha256
ce9ffdd4c4aae628610a18c000844f4963d763f6c3c13181c243f351b26572c4
Sha384
cb41424a442b4a4b0818177def8067eb693166e35f5079165162da44d86db44490890f3cbf73b7c49891ceb29ddf5207
Sha512
3e63e674c0e2356d148ded6beda57a605bd887fd88074d035b5bfabff15f78b64f658ec933675aec22e0db244d4cee28e32d95deab793640a72f8b8854a31d4e
SSDeep
3072:NbuAUTZeQ4NM1nNeN3w/jhlhE1Z8Nig9D8B/FGbvw+ldb:Nf8X4Qe6VlWT8b9IBYbY
TLSH
AA44D60CFF91E805DE5A3C37CFE610108B7121C22E22964276596FFD8B9937A58E65BC

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0be8f0b62a7ede9474cb09588488c1e9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ndwkwzsjsmgb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void wjzHfhhF.sfbgYTdRQaWD::iAaQJufR(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

595
Main Method

System.Void wjzHfhhF.sfbgYTdRQaWD::iAaQJufR(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 2805 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 2816 ceq <null> brfalse IL_0024: nop call System.Void wjzHfhhF.sfbgYTdRQaWD::BngCoOFtetLpp() ldc.i4 2822 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2822 ceq <null> brfalse IL_0083: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 3999.6325404508993 ldc.r8 2000 call System.Double System.Math::Cos(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 3000 ldc.r8 3000 call System.Double System.Math::Truncate(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 2828 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2828 ceq <null> brfalse IL_009C: nop call System.Void wjzHfhhF.fhvAMJctn::THHffuknVLi() ldc.i4 2833 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2805 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 2816 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2833 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void wjzHfhhF.sfbgYTdRQaWD::iAaQJufR(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

595
Main Method

System.Void wjzHfhhF.sfbgYTdRQaWD::iAaQJufR(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 2805 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 2816 ceq <null> brfalse IL_0024: nop call System.Void wjzHfhhF.sfbgYTdRQaWD::BngCoOFtetLpp() ldc.i4 2822 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2822 ceq <null> brfalse IL_0083: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 3999.6325404508993 ldc.r8 2000 call System.Double System.Math::Cos(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 3000 ldc.r8 3000 call System.Double System.Math::Truncate(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 2828 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2828 ceq <null> brfalse IL_009C: nop call System.Void wjzHfhhF.fhvAMJctn::THHffuknVLi() ldc.i4 2833 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2805 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 2816 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 2833 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
0be8f0b62a7ede9474cb09588488c1e9 (261.12 KB)
File Structure
0be8f0b62a7ede9474cb09588488c1e9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ndwkwzsjsmgb
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙