Suspicious
Suspect

2d010ab2f8128f274e19bb4e4911ad66

PE Executable
|
MD5: 2d010ab2f8128f274e19bb4e4911ad66
|
Size: 1.28 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
2d010ab2f8128f274e19bb4e4911ad66
Sha1
643720949db0692da0a7c734aec1224205c153da
Sha256
6d6efba611038aff9b70a8948e19e815c358e67d382178c19e18d369119fd8a0
Sha384
bdb84228ef3cef694bd9acdd019c81b89716fcda4761933c0be30d9353d666ff3d5e066745c1890df949e8ee071fa07e
Sha512
c080ced69b4d0276e85e816c0391936611d6b36b56a2bf6ea62d41c4b85b2e029dc43c64cd86e4b5998859053eb5010c5772afb0aff0da8e84c23e3acb727e19
SSDeep
24576:dwieF8aTH3Fps07kawIp4MNj0D0w0GkYc+5e6YQt2bO/XbLJfZ1oXkp:GiDcXX8uQ0G35M2mMbJD
TLSH
2255232F3FEA48ABC3014B33C869641243A0A7D6FA47D92F346E036D15AB77FDA41645

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2d010ab2f8128f274e19bb4e4911ad66
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Sslebsirue.Properties.Resources.resources
Bmgfpi
ILRepack.List
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Order documents _ 30771
Full Name

Order documents _ 30771
EntryPoint

System.Void CryptSharp.Profiling.OperationalProfile::CloseProfile()
Scope Name

Order documents _ 30771
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Order documents _ 30771
Assembly Version

1.0.6342.23415
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

48
Main Method

System.Void CryptSharp.Profiling.OperationalProfile::CloseProfile()
Main IL Instruction Count

88
Main IL

ldc.i4 2 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_007C: ret ldstr xKX07kXLtu3ZFjaZxOxlpQ== stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ldstr IEeOkFtUU9M= stloc.s V_2 ldc.i4 5 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) newobj System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94} <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_3f30a0f8671d49d1ad9d10b747f73e3a ldfld System.Int32 <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_7523c4f091944bccad1e85b832706336 brtrue IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) pop <null> ldc.i4 1 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ret <null> ldsfld System.Func`1<System.Byte[]> CryptSharp.Profiling.OperationalProfile/<>c::automatableProfile dup <null> brfalse IL_008D: pop br IL_00AE: newobj System.Void CryptSharp.Networking.LiteralRequest::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 4 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ldsfld CryptSharp.Profiling.OperationalProfile/<>c CryptSharp.Profiling.OperationalProfile/<>c::_MonitorLocator ldftn System.Byte[] CryptSharp.Profiling.OperationalProfile/<>c::ProfileDetachedProfile() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> CryptSharp.Profiling.OperationalProfile/<>c::automatableProfile newobj System.Void CryptSharp.Networking.LiteralRequest::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_2 newobj System.Void Orderdocuments_30771.Validation.GeneralValidator::.ctor(System.String,System.String) stfld Orderdocuments_30771.Validation.GeneralValidator CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::profileReceiver ldloc.s V_0 newobj System.Void CryptSharp.Diagnostics.SortedInspector::.ctor() stfld CryptSharp.Diagnostics.SortedInspector CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_VirtualProfile ldloc.s V_0 ldstr PZ9daPVPUFpeleiG48.dofRWbDP7GOBUCrcNT ldstr NUsEptqRU newobj System.Void Orderdocuments_30771.Mapping.CalcMapper::.ctor(System.String,System.String) stfld Orderdocuments_30771.Mapping.CalcMapper CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_PortableProfile dup <null> ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::AnalyzeSegmentedProfile(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Networking.LiteralRequest::ReceiveExpandableRequest(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld Orderdocuments_30771.Validation.GeneralValidator CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::profileReceiver ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::PlayProfile(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Orderdocuments_30771.Validation.GeneralValidator::AwakeValidator(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Diagnostics.SortedInspector CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_VirtualProfile ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::AnalyzeInterruptibleProfile(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Diagnostics.SortedInspector::FinishConcreteInspector(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld Orderdocuments_30771.Mapping.CalcMapper CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_PortableProfile ldsfld System.Action CryptSharp.Profiling.OperationalProfile/<>c::_VisualProfile dup <null> brfalse IL_0141: pop br IL_0158: callvirt System.Void Orderdocuments_30771.Mapping.CalcMapper::ConvertScopeMapper(System.Action) pop <null> ldsfld CryptSharp.Profiling.OperationalProfile/<>c CryptSharp.Profiling.OperationalProfile/<>c::_MonitorLocator ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c::ProfileDividedProfile() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action CryptSharp.Profiling.OperationalProfile/<>c::_VisualProfile callvirt System.Void Orderdocuments_30771.Mapping.CalcMapper::ConvertScopeMapper(System.Action) callvirt System.Void CryptSharp.Networking.LiteralRequest::ReceiveScheduledRequest() ldc.i4 0 ldsfld <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94} <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_3f30a0f8671d49d1ad9d10b747f73e3a ldfld System.Int32 <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_c4218a3108c34845a6f84c8fbbfb0fe7 brfalse IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) pop <null> ldc.i4 0 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D)
Module Name

Order documents _ 30771
Full Name

Order documents _ 30771
EntryPoint

System.Void CryptSharp.Profiling.OperationalProfile::CloseProfile()
Scope Name

Order documents _ 30771
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Order documents _ 30771
Assembly Version

1.0.6342.23415
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

48
Main Method

System.Void CryptSharp.Profiling.OperationalProfile::CloseProfile()
Main IL Instruction Count

88
Main IL

ldc.i4 2 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_007C: ret ldstr xKX07kXLtu3ZFjaZxOxlpQ== stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ldstr IEeOkFtUU9M= stloc.s V_2 ldc.i4 5 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) newobj System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94} <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_3f30a0f8671d49d1ad9d10b747f73e3a ldfld System.Int32 <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_7523c4f091944bccad1e85b832706336 brtrue IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) pop <null> ldc.i4 1 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ret <null> ldsfld System.Func`1<System.Byte[]> CryptSharp.Profiling.OperationalProfile/<>c::automatableProfile dup <null> brfalse IL_008D: pop br IL_00AE: newobj System.Void CryptSharp.Networking.LiteralRequest::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 4 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) ldsfld CryptSharp.Profiling.OperationalProfile/<>c CryptSharp.Profiling.OperationalProfile/<>c::_MonitorLocator ldftn System.Byte[] CryptSharp.Profiling.OperationalProfile/<>c::ProfileDetachedProfile() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> CryptSharp.Profiling.OperationalProfile/<>c::automatableProfile newobj System.Void CryptSharp.Networking.LiteralRequest::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_2 newobj System.Void Orderdocuments_30771.Validation.GeneralValidator::.ctor(System.String,System.String) stfld Orderdocuments_30771.Validation.GeneralValidator CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::profileReceiver ldloc.s V_0 newobj System.Void CryptSharp.Diagnostics.SortedInspector::.ctor() stfld CryptSharp.Diagnostics.SortedInspector CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_VirtualProfile ldloc.s V_0 ldstr PZ9daPVPUFpeleiG48.dofRWbDP7GOBUCrcNT ldstr NUsEptqRU newobj System.Void Orderdocuments_30771.Mapping.CalcMapper::.ctor(System.String,System.String) stfld Orderdocuments_30771.Mapping.CalcMapper CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_PortableProfile dup <null> ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::AnalyzeSegmentedProfile(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Networking.LiteralRequest::ReceiveExpandableRequest(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld Orderdocuments_30771.Validation.GeneralValidator CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::profileReceiver ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::PlayProfile(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Orderdocuments_30771.Validation.GeneralValidator::AwakeValidator(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Diagnostics.SortedInspector CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_VirtualProfile ldloc.s V_0 ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::AnalyzeInterruptibleProfile(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Diagnostics.SortedInspector::FinishConcreteInspector(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld Orderdocuments_30771.Mapping.CalcMapper CryptSharp.Profiling.OperationalProfile/<>c__DisplayClass0_0::_PortableProfile ldsfld System.Action CryptSharp.Profiling.OperationalProfile/<>c::_VisualProfile dup <null> brfalse IL_0141: pop br IL_0158: callvirt System.Void Orderdocuments_30771.Mapping.CalcMapper::ConvertScopeMapper(System.Action) pop <null> ldsfld CryptSharp.Profiling.OperationalProfile/<>c CryptSharp.Profiling.OperationalProfile/<>c::_MonitorLocator ldftn System.Void CryptSharp.Profiling.OperationalProfile/<>c::ProfileDividedProfile() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action CryptSharp.Profiling.OperationalProfile/<>c::_VisualProfile callvirt System.Void Orderdocuments_30771.Mapping.CalcMapper::ConvertScopeMapper(System.Action) callvirt System.Void CryptSharp.Networking.LiteralRequest::ReceiveScheduledRequest() ldc.i4 0 ldsfld <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94} <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_3f30a0f8671d49d1ad9d10b747f73e3a ldfld System.Int32 <Module>{3dc7a234-ac08-4508-8470-73d778fc4a94}::m_c4218a3108c34845a6f84c8fbbfb0fe7 brfalse IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D) pop <null> ldc.i4 0 br IL_0012: switch(IL_007C,IL_0034,IL_0056,IL_0045,IL_0098,IL_007D)
2d010ab2f8128f274e19bb4e4911ad66 (1.28 MB)
File Structure
2d010ab2f8128f274e19bb4e4911ad66
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Sslebsirue.Properties.Resources.resources
Bmgfpi
ILRepack.List
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙