2142114d88a1043a0567f3f5c4544a7e
PE Executable | MD5: 2142114d88a1043a0567f3f5c4544a7e | Size: 637.44 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 2142114d88a1043a0567f3f5c4544a7e
|
| Sha1 | 7e457375e107a6a563964e05e5b0c669612dabb0
|
| Sha256 | 7efe07ba2161d28093a9939ee5796b9bf1204233854e1afa66920fc25cf70d8e
|
| Sha384 | da69e0501696be9b9cd3bca022b1d1bbba5a8353db56be1d211b36c1fa301b69f89e8a58db4bc627be73d18bdbdbfc88
|
| Sha512 | c6c85fc8579d1b87d09e9ab81ea9671445d67287b782979c6831d8b228a3761684eb5a1334e190bb29a007403aa2d1eb82e8a19f0eef18de47f98b4e40eef727
|
| SSDeep | 12288:x+0KKelEamXMafkYyrjmluvqZfU3xi2pw:nKKelEadtFjmluSF
|
| TLSH | 49D4AF1B77488E21C5486237D1CB4511D3F1A5E6B673E70EBAC923560A073BEEE0A397
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Cushstei.exe |
| Full Name | Cushstei.exe |
| EntryPoint | System.Void EysY7XGeObpkkGdZ0H.BYH8ufOZsjxdbrKmDD::ovIL7Al4s() |
| Scope Name | Cushstei.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Cushstei |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void EysY7XGeObpkkGdZ0H.BYH8ufOZsjxdbrKmDD::ovIL7Al4s() |
| Main IL Instruction Count | 81 |
| Main IL | ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_016D: ret nop <null> call System.Boolean D6xtoinAmHMaWKc3BN.flSjArchVsQjsRtTMH::wFQ03CfV0() brtrue IL_00A6: leave IL_016D ldc.i4 0 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_fd583c873e0e49bc84c1a5df1e81c0ad brtrue IL_0069: switch(IL_0085) pop <null> ldc.i4 6 br IL_0069: switch(IL_0085) br IL_0065: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0065: ldloc V_2 br IL_0085: ldc.i4 1440465762 ldc.i4 1440465762 ldc.i4 696814607 xor <null> ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_fa82c24e8690425f8edba432a769dc7e xor <null> call System.String uPIIXfXjbL3HjIhg05.U1h6html9gZAyrmX3R::jnvAPePqBd(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_016D: ret stloc.s V_3 ldc.i4 1 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_85ab2e28a9bf43fab34c87b58038e9f2 brtrue IL_00DE: switch(IL_0149,IL_00FE) pop <null> ldc.i4 7 br IL_00DE: switch(IL_0149,IL_00FE) br IL_00DA: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_00DA: ldloc V_0 br IL_00FE: ldc.i4 -292489848 ldc.i4 -292489848 ldc.i4 -2023614371 xor <null> ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_1bdb9bf1c41a4d6a9068db209e1a32d6 xor <null> call System.String uPIIXfXjbL3HjIhg05.U1h6html9gZAyrmX3R::jnvAPePqBd(System.Int32) ldloc.s V_3 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 5 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_c7fcfa092e0d4b01bad9d801d6dfae55 brtrue IL_00DE: switch(IL_0149,IL_00FE) pop <null> ldc.i4 0 br IL_00DE: switch(IL_0149,IL_00FE) leave IL_016D: ret ldc.i4 0 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_483482d8f1074abca8013b2001eb432d brtrue IL_000D: switch(IL_016D,IL_002D) pop <null> ldc.i4 2 br IL_000D: switch(IL_016D,IL_002D) ret <null> |
| Module Name | Cushstei.exe |
| Full Name | Cushstei.exe |
| EntryPoint | System.Void EysY7XGeObpkkGdZ0H.BYH8ufOZsjxdbrKmDD::ovIL7Al4s() |
| Scope Name | Cushstei.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Cushstei |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void EysY7XGeObpkkGdZ0H.BYH8ufOZsjxdbrKmDD::ovIL7Al4s() |
| Main IL Instruction Count | 81 |
| Main IL | ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_016D: ret nop <null> call System.Boolean D6xtoinAmHMaWKc3BN.flSjArchVsQjsRtTMH::wFQ03CfV0() brtrue IL_00A6: leave IL_016D ldc.i4 0 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_fd583c873e0e49bc84c1a5df1e81c0ad brtrue IL_0069: switch(IL_0085) pop <null> ldc.i4 6 br IL_0069: switch(IL_0085) br IL_0065: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0065: ldloc V_2 br IL_0085: ldc.i4 1440465762 ldc.i4 1440465762 ldc.i4 696814607 xor <null> ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_fa82c24e8690425f8edba432a769dc7e xor <null> call System.String uPIIXfXjbL3HjIhg05.U1h6html9gZAyrmX3R::jnvAPePqBd(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_016D: ret stloc.s V_3 ldc.i4 1 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_85ab2e28a9bf43fab34c87b58038e9f2 brtrue IL_00DE: switch(IL_0149,IL_00FE) pop <null> ldc.i4 7 br IL_00DE: switch(IL_0149,IL_00FE) br IL_00DA: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_00DA: ldloc V_0 br IL_00FE: ldc.i4 -292489848 ldc.i4 -292489848 ldc.i4 -2023614371 xor <null> ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_1bdb9bf1c41a4d6a9068db209e1a32d6 xor <null> call System.String uPIIXfXjbL3HjIhg05.U1h6html9gZAyrmX3R::jnvAPePqBd(System.Int32) ldloc.s V_3 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 5 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_c7fcfa092e0d4b01bad9d801d6dfae55 brtrue IL_00DE: switch(IL_0149,IL_00FE) pop <null> ldc.i4 0 br IL_00DE: switch(IL_0149,IL_00FE) leave IL_016D: ret ldc.i4 0 ldsfld <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef} <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_6758b894b14f4baab8048a8e41a20f32 ldfld System.Int32 <Module>{ecaa04e4-43a5-4046-9390-d0cf334112ef}::m_483482d8f1074abca8013b2001eb432d brtrue IL_000D: switch(IL_016D,IL_002D) pop <null> ldc.i4 2 br IL_000D: switch(IL_016D,IL_002D) ret <null> |