Suspicious
Suspect

2b8c62f5f65e1008b26eb711b83dfd97

PE Executable
|
MD5: 2b8c62f5f65e1008b26eb711b83dfd97
|
Size: 300.03 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
2b8c62f5f65e1008b26eb711b83dfd97
Sha1
f175f54b0d7f73bd79970580a74fbcd899cafce9
Sha256
27f003fba464668766ce9608f36ba7b2ff7593521db0869b7165bb536f9df299
Sha384
ded5b61d49aa3d970a1d4d3221140610f9de132817f6366aa29ff0ed491d4d2892f92e2117709991d90e7153eff93df3
Sha512
466d9fc573e4c810c3fccdc158964b5c08d42a29c2b787027eae1026ba926e665d96a54473b55ed9b4cb37a018dee875f775e6e753e00dde3c5b37fbf57d3692
SSDeep
6144:WkhfuHALbOXdZCYZuVZhNQTB2duGAPyQp3FE3vJqJ4KAEyKF:W6lbONZCYZsQTAaPygdAEf
TLSH
8E5408DB4B980A5BE9BE02BAE0110D1087B1D3576687B35A26D5A5B11C0FF6C8CCD39F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2b8c62f5f65e1008b26eb711b83dfd97
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
         ​ ​  
Informations
Name
 Value
Module Name

Qlwjntzyoj.exe
Full Name

Qlwjntzyoj.exe
EntryPoint

System.Void  ::()
Scope Name

Qlwjntzyoj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Qlwjntzyoj
Assembly Version

1.0.1630.23006
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>  /:: dup <null> brtrue.s IL_001F: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>  /:: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) ret <null>
Module Name

Qlwjntzyoj.exe
Full Name

Qlwjntzyoj.exe
EntryPoint

System.Void  ::()
Scope Name

Qlwjntzyoj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Qlwjntzyoj
Assembly Version

1.0.1630.23006
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>  /:: dup <null> brtrue.s IL_001F: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>  /:: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) ret <null>
2b8c62f5f65e1008b26eb711b83dfd97 (300.03 KB)
File Structure
2b8c62f5f65e1008b26eb711b83dfd97
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
         ​ ​  
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙