Suspicious
Suspect

2cc372097f710c7a6cbb8b4d7f99636e

PE Executable
|
MD5: 2cc372097f710c7a6cbb8b4d7f99636e
|
Size: 28.16 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
2cc372097f710c7a6cbb8b4d7f99636e
Sha1
f277abb67529f37f2486bbf4fab7ef107575b755
Sha256
0a0f1e0ef771046285f78b7af20aac3384b521dbbf6bc69ca6d559cc15d9f97e
Sha384
a6a915655a09662aada5d8aee09497d28950bf67e2395d0d381829ec53dd64d6368bf3c8b378ba72451668bf6ea32634
Sha512
0f7e7a9b395d6f8ba864b90a4c830ea6a617b83cb8f85d6035bb9cac0869c7917bafc7a2b725a16ab6909b8e5c827b77bd0289e89b9ff93d9fc6cda1d9f4fc91
SSDeep
384:PftWZPzzxAm1vp5ZRoDCFKW6pAnAQ56VlTOy5o91TJpu82vtJS:PW7zxAmpfyCz6pVQ5sho9fY82VJS
TLSH
40C2B548B7FA4A36F6FF6F7869F251014736B952EC29D74E088D50890C32B8C8D60B67

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2cc372097f710c7a6cbb8b4d7f99636e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

mymusic.exe
Full Name

mymusic.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

mymusic.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

mymusic
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

371
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

65
Main IL

call System.Boolean ConsoleApplication7.Program::forbiddenCountry() brfalse.s IL_0013: call System.Boolean ConsoleApplication7.Program::RegistryValue() ldstr Forbidden Country call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> ret <null> call System.Boolean ConsoleApplication7.Program::RegistryValue() brfalse.s IL_0041: call System.Boolean ConsoleApplication7.Program::isOver() ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0032: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.Boolean ConsoleApplication7.Program::isOver() brfalse.s IL_0049: call System.Boolean ConsoleApplication7.Program::AlreadyRunning() ret <null> call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_0056: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0062: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0075: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0092: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::registryStartup() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_00A5: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_00B1: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_00BD: ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager brfalse.s IL_00C9: ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices call System.Void ConsoleApplication7.Program::DisableTaskManager() ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::stopBackupServices() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_00EB: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ret <null>
Module Name

mymusic.exe
Full Name

mymusic.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

mymusic.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

mymusic
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

371
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

65
Main IL

call System.Boolean ConsoleApplication7.Program::forbiddenCountry() brfalse.s IL_0013: call System.Boolean ConsoleApplication7.Program::RegistryValue() ldstr Forbidden Country call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> ret <null> call System.Boolean ConsoleApplication7.Program::RegistryValue() brfalse.s IL_0041: call System.Boolean ConsoleApplication7.Program::isOver() ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0032: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.Boolean ConsoleApplication7.Program::isOver() brfalse.s IL_0049: call System.Boolean ConsoleApplication7.Program::AlreadyRunning() ret <null> call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_0056: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0062: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0075: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_0086: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0092: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::registryStartup() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_00A5: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_00B1: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_00BD: ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::disableTaskManager brfalse.s IL_00C9: ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices call System.Void ConsoleApplication7.Program::DisableTaskManager() ldsfld System.Boolean ConsoleApplication7.Program::checkStopBackupServices brfalse.s IL_00D5: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::stopBackupServices() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_00EB: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ret <null>
2cc372097f710c7a6cbb8b4d7f99636e (28.16 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙