Suspicious
Suspect

171541064bc97b93f346504e7a2ff7a2

PE Executable
|
MD5: 171541064bc97b93f346504e7a2ff7a2
|
Size: 17.13 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
171541064bc97b93f346504e7a2ff7a2
Sha1
b3bda77616f0319f356bc225e435d57ca4c92196
Sha256
79dfa99cd001588c4be3821d77f316e88ceedba8aecc8f8dd5dc6f32bd3103e2
Sha384
051267cab5e04f49373b1eabf628df65c07282050e2af43218dbad80b9e9c03a60ac997202df3c8c16f5128a8a10f17c
Sha512
5c03c20035941986fe02446b0a37a4852eb0b7ed4315845b67ed1b24371956e20e30dbc8ea343e23bf95313d10f879d76dc539f90177d9a73b1530c33cf5b629
SSDeep
196608:y6aTuNKIR+EKgLd4JNiojfO5sWEsXyx1sB7mNPHqKPJsBxyuQPI6ylwdTpvn3jaq:FLYIkqyDibGDsHBi8B8fvylwdpAxgLpJ
TLSH
2F07334429465840DFED41F861C8CB2C5BA8F5D6A62BFAE3B08A53377855CE40F836B7

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
File Structure
171541064bc97b93f346504e7a2ff7a2
[Authenticode]_0d3175e9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
tWnB
Lkpdzqwj.png
Lkpdzqwj.png-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x1054000 size 9768 bytes
Module Name

installer.exe
Full Name

installer.exe
EntryPoint

System.Void  ::()
Scope Name

installer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

installer
Assembly Version

1.0.12.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

89
Main IL

newobj System.Void  /a::.ctor() stloc.0 <null> br.s IL_0035: ldc.i4.s -44 ldc.i4 -1515215435 call System.String d::a(System.Int32) stloc.1 <null> br.s IL_003D: ldc.i4.s 52 ldc.i4 -1515215402 call System.String d::a(System.Int32) stloc.2 <null> br.s IL_0045: ldc.i4.s -29 ldsfld System.Func`1<System.Byte[]>  /:: dup <null> brfalse.s IL_002D: ldc.i4.0 ldc.i4.1 <null> br.s IL_0030: brtrue.s IL_0061 ldc.i4.0 <null> br.s IL_0030: brtrue.s IL_0061 brtrue.s IL_0061: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) pop <null> br.s IL_004B: ldsfld  /  /:: ldc.i4.s -44 ldc.i4.s -93 bgt.s IL_0008: ldc.i4 -1515215435 br.s IL_004B: ldsfld  /  /:: ldc.i4.s 52 ldc.i4.s -11 bgt.s IL_0015: ldc.i4 -1515215402 br.s IL_004B: ldsfld  /  /:: ldc.i4.s -29 ldc.i4.s -23 blt.s IL_0022: ldsfld System.Func`1<System.Byte[]>  /:: ldsfld  /  /:: ldftn System.Byte[]  /::a() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]>  /:: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void  ::.ctor(System.String,System.String) stfld    /a::a ldloc.0 <null> newobj System.Void  ::.ctor() stfld    /a::b ldloc.0 <null> ldc.i4 -1515215365 call System.String d::a(System.Int32) ldc.i4 -1515215849 call System.String d::a(System.Int32) newobj System.Void  ::.ctor(System.String,System.String) stfld    /a::c dup <null> ldloc.0 <null> ldftn System.Void  /a::a(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /a::a ldloc.0 <null> ldftn System.Void  /a::b(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /a::b ldloc.0 <null> ldftn System.Void  /a::c(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld    /a::c ldsfld System.Action  /:: dup <null> brfalse.s IL_00EE: ldc.i4.0 ldc.i4.1 <null> br.s IL_00F1: brtrue.s IL_010A ldc.i4.0 <null> br.s IL_00F1: brtrue.s IL_010A brtrue.s IL_010A: callvirt System.Void  ::(System.Action) pop <null> ldsfld  /  /:: ldftn System.Void  /::b() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action  /:: callvirt System.Void  ::(System.Action) callvirt System.Void  ::() ret <null>
171541064bc97b93f346504e7a2ff7a2 (17.13 MB)
File Structure
171541064bc97b93f346504e7a2ff7a2
[Authenticode]_0d3175e9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
tWnB
Lkpdzqwj.png
Lkpdzqwj.png-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙