Malicious
Malicious

2a4cd8f00244cf1a647cf9c1ae0f1e9f

PE Executable
|
MD5: 2a4cd8f00244cf1a647cf9c1ae0f1e9f
|
Size: 6.59 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
2a4cd8f00244cf1a647cf9c1ae0f1e9f
Sha1
80e7a2b4a47a7c0de30db916131df67ae145f143
Sha256
e93433169e2ec088a21ee58ae3e780f68215eb75dcd31b83d1fa31d6c16145e5
Sha384
952e47fdc6de1bda7091b80932dac6538cf29da0cd583b1f84e17004bd3a720fdb4de8ccccadbdff0908d536c196278b
Sha512
a590ee7c2ca9214674a10a7d0dabe86fcec76d33b3af1765344ecc9d55951ca9543af4a9baf8b5d47d5d260be875a886730bf98279635efd2720fba2ecac2fc7
SSDeep
196608:1a7fap/5OaZDlRMYhmFg7NOKaP30dlTps2BiJ:w7w/5FZBrCg78vPIlgJ
TLSH
1B660247F25A51E5C07AD238C28B6212FBB178614767E6CF569003622F267F4AF3E712

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
2a4cd8f00244cf1a647cf9c1ae0f1e9f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
T65g2nmSrrtvsv3EM1.dijnKecAhRMos1hVla
Roblox_Executor.Form1.resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
ZXw9f2DHrNbf4SVN3O.CaI6M5HBIlnw2CoXmj
costura.guna.ui2.dll.compressed
costura.guna.ui2.dll
Malicious
[Authenticode]_28203e69.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
G22190F0D5B1120504B3E00280003060D0F0F4F38724F222206070B01020F0F27012B0C.resources
icon.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna.UI2.Properties.Resources.resources
CheckedCheckbox_20px
[NBF]root.Data
[NBF]root.Data-preview.png
CheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
FullImage_64px
[NBF]root.Data
[NBF]root.Data-preview.png
ImageCalendar
[NBF]root.Data
[NBF]root.Data-preview.png
UncheckedCheckbox_20px
UncheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
ce_48px
[NBF]root.Data
[NBF]root.Data-preview.png
curv3
[NBF]root.Data
[NBF]root.Data-preview.png
curv3_w
[NBF]root.Data
[NBF]root.Data-preview.png
error
[NBF]root.Data
[NBF]root.Data-preview.png
info
[NBF]root.Data
[NBF]root.Data-preview.png
logo
[NBF]root.Data
[NBF]root.Data-preview.png
logo_w
[NBF]root.Data
[NBF]root.Data-preview.png
miring
[NBF]root.Data
[NBF]root.Data-preview.png
question
[NBF]root.Data
[NBF]root.Data-preview.png
warning
[NBF]root.Data
[NBF]root.Data-preview.png
G22190F0D5B1120504B250025230207091246250F300029390C06331B0E163B151735041C232100000E0B.resources
btDown.Image
btUp.Image
imageList1.ImageStream
[NBF]root.Data
costura.metadata
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Roblox_Executor.Properties.Resources.resources
icons8-trash-can-64
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-play-64
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-connect-96
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-opened-folder-50
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-save-50
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-close-64
[NBF]root.Data
[NBF]root.Data-preview.png
ChatGPT Image Oct 18, 2025, 05_25_13 PM
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: Roblox Executor.pdb
Module Name

Roblox Executor.exe
Full Name

Roblox Executor.exe
EntryPoint

System.Void pdmgOkDjGiEOGlpYsCZ.bdgDUeDGkgwMU8jLMfh::iwWDoOL6iF()
Scope Name

Roblox Executor.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Roblox Executor
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

46
Main Method

System.Void pdmgOkDjGiEOGlpYsCZ.bdgDUeDGkgwMU8jLMfh::iwWDoOL6iF()
Main IL Instruction Count

36
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0031: call System.Void rGHnRqC3cRnVilUlCnE.G4lRN4CoBYpPHm2EEA0::gaBEjdyVqQ() ret <null> call System.Void rGHnRqC3cRnVilUlCnE.G4lRN4CoBYpPHm2EEA0::gaBEjdyVqQ() ldc.i4 1 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_6e0151d43a0f4928a7ff0aaa43193ec7 brfalse IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 1 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 3 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e33216ac862341d5bc06ef19e5ca5ba3 brtrue IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 1 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) newobj System.Void Roblox_Executor.Form2::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 2 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 0 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e33216ac862341d5bc06ef19e5ca5ba3 brtrue IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 0 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055)
Module Name

Roblox Executor.exe
Full Name

Roblox Executor.exe
EntryPoint

System.Void pdmgOkDjGiEOGlpYsCZ.bdgDUeDGkgwMU8jLMfh::iwWDoOL6iF()
Scope Name

Roblox Executor.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Roblox Executor
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

46
Main Method

System.Void pdmgOkDjGiEOGlpYsCZ.bdgDUeDGkgwMU8jLMfh::iwWDoOL6iF()
Main IL Instruction Count

36
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0031: call System.Void rGHnRqC3cRnVilUlCnE.G4lRN4CoBYpPHm2EEA0::gaBEjdyVqQ() ret <null> call System.Void rGHnRqC3cRnVilUlCnE.G4lRN4CoBYpPHm2EEA0::gaBEjdyVqQ() ldc.i4 1 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_6e0151d43a0f4928a7ff0aaa43193ec7 brfalse IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 1 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 3 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e33216ac862341d5bc06ef19e5ca5ba3 brtrue IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 1 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) newobj System.Void Roblox_Executor.Form2::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 2 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 0 ldsfld <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36} <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e401a3527b0d4cef8f8bd6b5a54c10d2 ldfld System.Int32 <Module>{7cf385e3-9120-4f94-86b3-ed249de58d36}::m_e33216ac862341d5bc06ef19e5ca5ba3 brtrue IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055) pop <null> ldc.i4 0 br IL_0012: switch(IL_0031,IL_0079,IL_0030,IL_008D,IL_0055)
2a4cd8f00244cf1a647cf9c1ae0f1e9f (6.59 MB)
File Structure
2a4cd8f00244cf1a647cf9c1ae0f1e9f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
T65g2nmSrrtvsv3EM1.dijnKecAhRMos1hVla
Roblox_Executor.Form1.resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
ZXw9f2DHrNbf4SVN3O.CaI6M5HBIlnw2CoXmj
costura.guna.ui2.dll.compressed
costura.guna.ui2.dll
Malicious
[Authenticode]_28203e69.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
G22190F0D5B1120504B3E00280003060D0F0F4F38724F222206070B01020F0F27012B0C.resources
icon.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna.UI2.Properties.Resources.resources
CheckedCheckbox_20px
[NBF]root.Data
[NBF]root.Data-preview.png
CheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
FullImage_64px
[NBF]root.Data
[NBF]root.Data-preview.png
ImageCalendar
[NBF]root.Data
[NBF]root.Data-preview.png
UncheckedCheckbox_20px
UncheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
ce_48px
[NBF]root.Data
[NBF]root.Data-preview.png
curv3
[NBF]root.Data
[NBF]root.Data-preview.png
curv3_w
[NBF]root.Data
[NBF]root.Data-preview.png
error
[NBF]root.Data
[NBF]root.Data-preview.png
info
[NBF]root.Data
[NBF]root.Data-preview.png
logo
[NBF]root.Data
[NBF]root.Data-preview.png
logo_w
[NBF]root.Data
[NBF]root.Data-preview.png
miring
[NBF]root.Data
[NBF]root.Data-preview.png
question
[NBF]root.Data
[NBF]root.Data-preview.png
warning
[NBF]root.Data
[NBF]root.Data-preview.png
G22190F0D5B1120504B250025230207091246250F300029390C06331B0E163B151735041C232100000E0B.resources
btDown.Image
btUp.Image
imageList1.ImageStream
[NBF]root.Data
costura.metadata
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Roblox_Executor.Properties.Resources.resources
icons8-trash-can-64
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-play-64
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-connect-96
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-opened-folder-50
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-save-50
[NBF]root.Data
[NBF]root.Data-preview.png
icons8-close-64
[NBF]root.Data
[NBF]root.Data-preview.png
ChatGPT Image Oct 18, 2025, 05_25_13 PM
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙