Suspicious
Suspect

2e30bf1cb66cb7cf5c57d0b28e43dfe9

PE Executable
|
MD5: 2e30bf1cb66cb7cf5c57d0b28e43dfe9
|
Size: 142.34 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
2e30bf1cb66cb7cf5c57d0b28e43dfe9
Sha1
a4023682070e8483b20274357affcc2d1a5fe626
Sha256
5e0db768aa6abea005a483cce1189b8f9ffe2c96569008ead0b296fea15cf7bb
Sha384
0d6e4dd065d6b0cc210f38bbcf1960fe7aa9d24ad4183e3342812f4b841b37bd82b0663de04e103d8e82d5f9f4a55bc6
Sha512
ac5115681ef277a71bf8bdfce75774ce1b21464a90d7e2ab10eefc720a435f8bc0dae8cf3a222b1713c8ba081abbdbf07727095c3d3778f9830fcd38f5d33c42
SSDeep
3072:z0HnfXKngJWWKR7zx+rH68ZvDlOYbGKEC8Qz:oHfXkdWKNN+r3ZvxGDQ
TLSH
9FD3192563B419A2E1BF96B066E2021343F4A04B6B39EB4B3DCC53DD1F82F918953797

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
2e30bf1cb66cb7cf5c57d0b28e43dfe9
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
2e30bf1cb66cb7cf5c57d0b28e43dfe9
0x0001D30B.svg
0x0001D30B.svg-preview.jpg
0x0001D793.svg
0x0001D793.svg-preview.jpg
0x0001DA31.svg
0x0001DA31.svg-preview.jpg
.Net Resources
Aimbot.Properties.main.html
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: ?
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Void Aimbot.Program::Main(System.String[])
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

10.0.19041.5795
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

557
Main Method

System.Void Aimbot.Program::Main(System.String[])
Main IL Instruction Count

27
Main IL

call System.IntPtr Aimbot.Program::GetConsoleWindow() stloc.0 <null> ldloc.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_001B: nop ldloc.0 <null> ldc.i4.5 <null> call System.Boolean Aimbot.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> nop <null> call System.Void Aimbot.dllmain::EntryPoint() ldc.i4.m1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) leave.s IL_0051: ret stloc.1 <null> ldstr [+] Fatal error: ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldstr [+] Press any key to exit... call System.Void System.Console::WriteLine(System.String) call System.ConsoleKeyInfo System.Console::ReadKey() pop <null> leave.s IL_0051: ret ret <null>
2e30bf1cb66cb7cf5c57d0b28e43dfe9 (142.34 KB)
File Structure
2e30bf1cb66cb7cf5c57d0b28e43dfe9
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
2e30bf1cb66cb7cf5c57d0b28e43dfe9
0x0001D30B.svg
0x0001D30B.svg-preview.jpg
0x0001D793.svg
0x0001D793.svg-preview.jpg
0x0001DA31.svg
0x0001DA31.svg-preview.jpg
.Net Resources
Aimbot.Properties.main.html
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙