Suspicious
Suspect

1b7be3e24bef996b5e313aedf478815a

PE Executable
|
MD5: 1b7be3e24bef996b5e313aedf478815a
|
Size: 736.77 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
1b7be3e24bef996b5e313aedf478815a
Sha1
ba4da717a43001f1bc14b204608749dd84d81e3c
Sha256
897221ef7bedd400fc45ef4ebdb769c7993836942e77be5c5c34687eaf345bfc
Sha384
dba9f3701d4d185c649a254373cbfef0e7d98680588a77c33fc97a0af9082bf23cc52974d53fb5f014010f93af6be957
Sha512
6cbb591ed6c04327b496d042e1c16190a9e45a0fccb7d32e21ad5139f63fbc559febb9760a9fbca49c3ab5a1534f101b55c522fc358b1185332936e74be0ca04
SSDeep
12288:8vH4DGHYYNRHYLa9qMhHauEbJ4E4n2uXIIYzcdhaHJOfG:iHyGHYYNRHYm9Ph6WE4n54IwcdhCeG
TLSH
AAF4BD0223E69B24F8BF673986B1851087F9FD069236EB5E3B4B11F91F12B558952333

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1b7be3e24bef996b5e313aedf478815a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Cerkagofan.habadegar
A_s0b.Resources.resources
f6e061aea6afe6.Resources.resources
91ade1ff0
[NBF]root.Data
91ade1ff1
[NBF]root.Data
91ade1ff2
[NBF]root.Data
91ade1ff3
[NBF]root.Data
91ade1ff4
[NBF]root.Data
91ade1ff5
[NBF]root.Data
91ade1ff6
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

A_s0b
Full Name

A_s0b
EntryPoint

System.Void A_s0b.Jen9k/Ex4eo0SbCkn.Tkw5b7Bi9mfL::pj9Bw1Ezid6K()
Scope Name

A_s0b
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

A_s0b
Assembly Version

18.16.46.250
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void A_s0b.Jen9k/Ex4eo0SbCkn.Tkw5b7Bi9mfL::pj9Bw1Ezid6K()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void A_s0b.pd3H0Mjgc/z_9Bz6W.2qmXs3::mb5A7K(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
Module Name

A_s0b
Full Name

A_s0b
EntryPoint

System.Void A_s0b.Jen9k/Ex4eo0SbCkn.Tkw5b7Bi9mfL::pj9Bw1Ezid6K()
Scope Name

A_s0b
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

A_s0b
Assembly Version

18.16.46.250
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void A_s0b.Jen9k/Ex4eo0SbCkn.Tkw5b7Bi9mfL::pj9Bw1Ezid6K()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void A_s0b.pd3H0Mjgc/z_9Bz6W.2qmXs3::mb5A7K(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
1b7be3e24bef996b5e313aedf478815a (736.77 KB)
File Structure
1b7be3e24bef996b5e313aedf478815a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Cerkagofan.habadegar
A_s0b.Resources.resources
f6e061aea6afe6.Resources.resources
91ade1ff0
[NBF]root.Data
91ade1ff1
[NBF]root.Data
91ade1ff2
[NBF]root.Data
91ade1ff3
[NBF]root.Data
91ade1ff4
[NBF]root.Data
91ade1ff5
[NBF]root.Data
91ade1ff6
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙