Suspicious
Suspect

1209f3c172b031317813d40c877b8b99

PE Executable
|
MD5: 1209f3c172b031317813d40c877b8b99
|
Size: 439.3 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
1209f3c172b031317813d40c877b8b99
Sha1
cccf16cc4850d3eb6729e7baf10b526eccbb8bbe
Sha256
48cb351586972d880f7b8316ad4c0872cb88a7411943465f565eb526dbd7dc10
Sha384
80b2a348cfce171ff3328da70512f96077be00e1dc6e4ecf7a954286d9614046b439bce078ace85113e72df98bf36777
Sha512
7ce866876e45cd0084f210268abd7cebebd9a6cf1c2f28358c6fac9dce73e8c8937ba7ae32971c3f2f0e858e6baf8e574d76a1ec48482c1817da0327ac8b0ca3
SSDeep
6144:guc5okwTXNPemOo2nVjoWVe6VlWT8b9tXhCwCXN7ToPf1b4lsCFN:fcm5NeBPVle8vXhsFT4VCFN
TLSH
BC94A30CFE92E805DD1E3DB7CBE614004B7129C12E21929631696FFC8B663B758E65BC

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1209f3c172b031317813d40c877b8b99
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
xssmrcepcvbf
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

hyudynjwiqmd.exe
Full Name

hyudynjwiqmd.exe
EntryPoint

System.Void khbfDrimoAfWuqv.rwPEDnFo::YjNjkVvyG(System.String[])
Scope Name

hyudynjwiqmd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

hyudynjwiqmd
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1167
Main Method

System.Void khbfDrimoAfWuqv.rwPEDnFo::YjNjkVvyG(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 5532 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 5552 ceq <null> brfalse IL_0024: nop call System.Void khbfDrimoAfWuqv.ESRRlTHm::MKNoiwdjU() ldc.i4 5553 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5541 ceq <null> brfalse IL_003D: nop call System.Void khbfDrimoAfWuqv.rwPEDnFo::RMzrBGBnm() ldc.i4 5547 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5547 ceq <null> brfalse IL_009C: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 5996.522878745281 ldc.r8 3000 call System.Double System.Math::Log10(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 5552 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5532 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 5541 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5553 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
Module Name

hyudynjwiqmd.exe
Full Name

hyudynjwiqmd.exe
EntryPoint

System.Void khbfDrimoAfWuqv.rwPEDnFo::YjNjkVvyG(System.String[])
Scope Name

hyudynjwiqmd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

hyudynjwiqmd
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1167
Main Method

System.Void khbfDrimoAfWuqv.rwPEDnFo::YjNjkVvyG(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 5532 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 5552 ceq <null> brfalse IL_0024: nop call System.Void khbfDrimoAfWuqv.ESRRlTHm::MKNoiwdjU() ldc.i4 5553 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5541 ceq <null> brfalse IL_003D: nop call System.Void khbfDrimoAfWuqv.rwPEDnFo::RMzrBGBnm() ldc.i4 5547 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5547 ceq <null> brfalse IL_009C: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 5996.522878745281 ldc.r8 3000 call System.Double System.Math::Log10(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 5552 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5532 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 5541 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5553 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
1209f3c172b031317813d40c877b8b99 (439.3 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙