Suspicious
Suspect

10be6d6448a4ce7a25c92e694535d98b

PE Executable
|
MD5: 10be6d6448a4ce7a25c92e694535d98b
|
Size: 956.06 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
10be6d6448a4ce7a25c92e694535d98b
Sha1
928c058a4824af83906fc71c8ea06408919f2aa5
Sha256
ead3cd3ddf7138948dcbdcdef2ba5759b87d2693c726ce16af3d673a651a28b4
Sha384
128979c2d785c403ce3b08749381e4624a487e474685ac2fcea274ddf9d99cdbf8d94aad938ee632cbbea27810e5935e
Sha512
852be193962a4bbaeb724e0fcdc78a4a5cfb64907e1fd200d88b0d053942f787322409c28ed625da96d30c45b5a0675f0d9f167efe783ad8460875b7adcee006
SSDeep
24576:J1HSrr27CqYVj3WNb2zXFbabFqR2e6gk+4M2Jr:DnCq8y2Jgwu+L2l
TLSH
431523089F4D340AFAEB393B99FA660455A9EDD2B472F35B98F0F16806703C50D74AC6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
10be6d6448a4ce7a25c92e694535d98b
[Authenticode]_e6906059.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
nJyId
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xE6E00 size 10392 bytes
Module Name

RMB_IMG_PRESENTATION_02.exe
Full Name

RMB_IMG_PRESENTATION_02.exe
EntryPoint

System.Void  ::()
Scope Name

RMB_IMG_PRESENTATION_02.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RMB_IMG_PRESENTATION_02
Assembly Version

142.0.7416.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

156
Main IL

ldnull <null> stloc.0 <null> br.s IL_0010: br.s IL_0004 nop <null> call System.Byte[]  ::d() stloc.0 <null> leave.s IL_0012: ldloc.0 pop <null> leave.s IL_0010: br.s IL_0004 br.s IL_0004: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.s V_4 br IL_015E: ldc.i4.s 52 ldloc.s V_4 brfalse.s IL_0029: ldc.i4.1 br IL_0169: ldc.i4.s -17 ldc.i4.0 <null> br.s IL_002C: brtrue IL_019E ldc.i4.1 <null> br.s IL_002C: brtrue IL_019E brtrue IL_019E: ret br IL_00C1: ldc.i4.6 ldloc.s V_8 ldc.i4.5 <null> xor <null> stloc.s V_8 br.s IL_0074: ldc.i4.s 23 ldloc.s V_9 ldc.i4.s 15 xor <null> stloc.s V_9 br.s IL_0069: ldc.i4.s 20 ldloc.s V_10 ldc.i4.s 16 xor <null> stloc.s V_10 br IL_0174: ldc.i4.s -21 ldloc.s V_10 ldc.i4.s 22 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 20 call System.Int32 o/b::a(System.Int32) stloc.s V_10 br.s IL_0047: ldloc.s V_10 ldc.i4.s 23 call System.Int32 o/b::a(System.Int32) stloc.s V_9 ldc.i4.8 <null> stloc.s V_10 br.s IL_0047: ldloc.s V_10 ldloc.s V_9 ldc.i4.s 19 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.6 <null> stloc.s V_10 br.s IL_0047: ldloc.s V_10 br.s IL_003E: ldloc.s V_9 ldloc.s V_8 ldc.i4.8 <null> add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 27 stloc.s V_9 br IL_003E: ldloc.s V_9 ldc.i4.6 <null> call System.Int32 o/c::b(System.Int32) stloc.s V_8 ldc.i4.s 26 stloc.s V_9 br IL_003E: ldloc.s V_9 br IL_0036: ldloc.s V_8 ldloc.0 <null> call System.Byte[]  ::a(System.Byte[]) stloc.1 <null> ldc.i4.s -4 stloc.s V_8 br IL_0036: ldloc.s V_8 ldloc.1 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_5 ldc.i4.s 12 call System.Int32 o/c::b(System.Int32) stloc.s V_8 br IL_0036: ldloc.s V_8 ldloc.s V_5 brfalse.s IL_010C: ldc.i4.1 ldc.i4.s -2 stloc.s V_8 br IL_0036: ldloc.s V_8 ldc.i4.0 <null> br.s IL_010F: brtrue IL_019E ldc.i4.1 <null> br.s IL_010F: brtrue IL_019E brtrue IL_019E: ret ldloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.2 <null> ldloc.2 <null> callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0132: ldc.i4.1 ldc.i4.0 <null> br.s IL_0135: brtrue.s IL_019E ldc.i4.1 <null> br.s IL_0135: brtrue.s IL_019E brtrue.s IL_019E: ret ldloc.2 <null> ldc.i4 -1042904339 call System.String d::a(System.Int32) callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.3 <null> ldloc.3 <null> callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0180: ldc.i4.1 br.s IL_017D: ldc.i4.0 ldc.i4.s 52 ldc.i4.s -7 bgt IL_001D: ldloc.s V_4 br.s IL_017D: ldc.i4.0 ldc.i4.s -17 ldc.i4.s -120 bgt IL_0026: ldc.i4.0 br.s IL_017D: ldc.i4.0 ldc.i4.s -21 ldc.i4.s 67 blt IL_0053: ldloc.s V_10 ldc.i4.0 <null> br.s IL_0183: brtrue.s IL_019E ldc.i4.1 <null> br.s IL_0183: brtrue.s IL_019E brtrue.s IL_019E: ret ldloc.3 <null> ldc.i4 -1042904367 call System.String d::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ret <null>
Module Name

RMB_IMG_PRESENTATION_02.exe
Full Name

RMB_IMG_PRESENTATION_02.exe
EntryPoint

System.Void  ::()
Scope Name

RMB_IMG_PRESENTATION_02.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RMB_IMG_PRESENTATION_02
Assembly Version

142.0.7416.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

156
Main IL

ldnull <null> stloc.0 <null> br.s IL_0010: br.s IL_0004 nop <null> call System.Byte[]  ::d() stloc.0 <null> leave.s IL_0012: ldloc.0 pop <null> leave.s IL_0010: br.s IL_0004 br.s IL_0004: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.s V_4 br IL_015E: ldc.i4.s 52 ldloc.s V_4 brfalse.s IL_0029: ldc.i4.1 br IL_0169: ldc.i4.s -17 ldc.i4.0 <null> br.s IL_002C: brtrue IL_019E ldc.i4.1 <null> br.s IL_002C: brtrue IL_019E brtrue IL_019E: ret br IL_00C1: ldc.i4.6 ldloc.s V_8 ldc.i4.5 <null> xor <null> stloc.s V_8 br.s IL_0074: ldc.i4.s 23 ldloc.s V_9 ldc.i4.s 15 xor <null> stloc.s V_9 br.s IL_0069: ldc.i4.s 20 ldloc.s V_10 ldc.i4.s 16 xor <null> stloc.s V_10 br IL_0174: ldc.i4.s -21 ldloc.s V_10 ldc.i4.s 22 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 20 call System.Int32 o/b::a(System.Int32) stloc.s V_10 br.s IL_0047: ldloc.s V_10 ldc.i4.s 23 call System.Int32 o/b::a(System.Int32) stloc.s V_9 ldc.i4.8 <null> stloc.s V_10 br.s IL_0047: ldloc.s V_10 ldloc.s V_9 ldc.i4.s 19 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.6 <null> stloc.s V_10 br.s IL_0047: ldloc.s V_10 br.s IL_003E: ldloc.s V_9 ldloc.s V_8 ldc.i4.8 <null> add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 27 stloc.s V_9 br IL_003E: ldloc.s V_9 ldc.i4.6 <null> call System.Int32 o/c::b(System.Int32) stloc.s V_8 ldc.i4.s 26 stloc.s V_9 br IL_003E: ldloc.s V_9 br IL_0036: ldloc.s V_8 ldloc.0 <null> call System.Byte[]  ::a(System.Byte[]) stloc.1 <null> ldc.i4.s -4 stloc.s V_8 br IL_0036: ldloc.s V_8 ldloc.1 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_5 ldc.i4.s 12 call System.Int32 o/c::b(System.Int32) stloc.s V_8 br IL_0036: ldloc.s V_8 ldloc.s V_5 brfalse.s IL_010C: ldc.i4.1 ldc.i4.s -2 stloc.s V_8 br IL_0036: ldloc.s V_8 ldc.i4.0 <null> br.s IL_010F: brtrue IL_019E ldc.i4.1 <null> br.s IL_010F: brtrue IL_019E brtrue IL_019E: ret ldloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.2 <null> ldloc.2 <null> callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0132: ldc.i4.1 ldc.i4.0 <null> br.s IL_0135: brtrue.s IL_019E ldc.i4.1 <null> br.s IL_0135: brtrue.s IL_019E brtrue.s IL_019E: ret ldloc.2 <null> ldc.i4 -1042904339 call System.String d::a(System.Int32) callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.3 <null> ldloc.3 <null> callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0180: ldc.i4.1 br.s IL_017D: ldc.i4.0 ldc.i4.s 52 ldc.i4.s -7 bgt IL_001D: ldloc.s V_4 br.s IL_017D: ldc.i4.0 ldc.i4.s -17 ldc.i4.s -120 bgt IL_0026: ldc.i4.0 br.s IL_017D: ldc.i4.0 ldc.i4.s -21 ldc.i4.s 67 blt IL_0053: ldloc.s V_10 ldc.i4.0 <null> br.s IL_0183: brtrue.s IL_019E ldc.i4.1 <null> br.s IL_0183: brtrue.s IL_019E brtrue.s IL_019E: ret ldloc.3 <null> ldc.i4 -1042904367 call System.String d::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ret <null>
10be6d6448a4ce7a25c92e694535d98b (956.06 KB)
File Structure
10be6d6448a4ce7a25c92e694535d98b
[Authenticode]_e6906059.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
nJyId
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙