Suspicious
Suspect

2fa1c8558303b87118a43f000240e817

PE Executable
|
MD5: 2fa1c8558303b87118a43f000240e817
|
Size: 1.82 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
2fa1c8558303b87118a43f000240e817
Sha1
4585a1b23eb51277056ec26926ac316788c23b45
Sha256
9cbffe3435e4218fbfebedbbc72a2e587098bdd9eb4a4b3014a38d1d9869817b
Sha384
21d96b256b5bd85e136e74248f04cff4e49588b21c0652bb04d9e4cbe2021a78b21d4f103d0fde75b260ac3143583499
Sha512
0dcb29c6f8440171b0b25a92bde017f5fc7235d3dc32ed76d7c008595ff9d73b27e4292754fedf1163d1e4f6826453cf219e474a6d9f911b0f61c850d8adc61d
SSDeep
24576:laYY1OiddVoCLrMfwTo3//eu9BrV7qIt5ERqWLmboBhRyH:dY1OKvrMeov/VVmICF4H
TLSH
A585011453E49A18F9BF9B38983955A753F1FCC7EA76DB0D664870EE0D21B81CA90323

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2fa1c8558303b87118a43f000240e817
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
8Wdiqq.g.resources
8Wdiqq.Resources.resources
03caf88d0458d2.Resources.resources
94a787b70
[NBF]root.Data
94a787b71
[NBF]root.Data
94a787b710
[NBF]root.Data
94a787b711
[NBF]root.Data
94a787b712
[NBF]root.Data
94a787b713
[NBF]root.Data
94a787b714
[NBF]root.Data
94a787b715
[NBF]root.Data
94a787b716
[NBF]root.Data
94a787b717
[NBF]root.Data
94a787b718
[NBF]root.Data
94a787b719
[NBF]root.Data
94a787b72
[NBF]root.Data
94a787b720
[NBF]root.Data
94a787b721
[NBF]root.Data
94a787b722
[NBF]root.Data
94a787b723
[NBF]root.Data
94a787b724
[NBF]root.Data
94a787b725
[NBF]root.Data
94a787b726
[NBF]root.Data
94a787b727
[NBF]root.Data
94a787b728
[NBF]root.Data
94a787b729
[NBF]root.Data
94a787b73
[NBF]root.Data
94a787b730
[NBF]root.Data
94a787b731
[NBF]root.Data
94a787b732
[NBF]root.Data
94a787b733
[NBF]root.Data
94a787b734
[NBF]root.Data
94a787b735
[NBF]root.Data
94a787b736
[NBF]root.Data
94a787b737
[NBF]root.Data
94a787b738
[NBF]root.Data
94a787b739
[NBF]root.Data
94a787b74
[NBF]root.Data
94a787b740
[NBF]root.Data
94a787b741
[NBF]root.Data
94a787b742
[NBF]root.Data
94a787b743
[NBF]root.Data
94a787b744
[NBF]root.Data
94a787b745
[NBF]root.Data
94a787b746
[NBF]root.Data
94a787b747
[NBF]root.Data
94a787b748
[NBF]root.Data
94a787b749
[NBF]root.Data
94a787b75
[NBF]root.Data
94a787b750
[NBF]root.Data
94a787b751
[NBF]root.Data
94a787b752
[NBF]root.Data
94a787b753
[NBF]root.Data
94a787b754
[NBF]root.Data
94a787b755
[NBF]root.Data
94a787b756
[NBF]root.Data
94a787b757
[NBF]root.Data
94a787b758
[NBF]root.Data
94a787b759
[NBF]root.Data
94a787b76
[NBF]root.Data
94a787b760
[NBF]root.Data
94a787b761
[NBF]root.Data
94a787b762
[NBF]root.Data
94a787b763
[NBF]root.Data
94a787b764
[NBF]root.Data
94a787b765
[NBF]root.Data
94a787b77
[NBF]root.Data
94a787b78
[NBF]root.Data
94a787b79
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

8Wdiqq
Full Name

8Wdiqq
EntryPoint

System.Void 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o::Fdc6k8mWDie40()
Scope Name

8Wdiqq
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8Wdiqq
Assembly Version

20.18.48.267
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1150
Main Method

System.Void 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o::Fdc6k8mWDie40()
Main IL Instruction Count

87
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> ldstr DynamicLoader call System.Boolean 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o/Lkx05jMq.8yyYP1dejR7bx::w_4J6iKeCm(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0020: ldc.r8 25 leave IL_00DD: ret ldc.r8 25 call System.Double System.Math::Abs(System.Double) call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> stloc.1 <null> ldtoken System.Object call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) ldloc.1 <null> call System.Array System.Array::CreateInstance(System.Type,System.Int32) castclass System.Object[] stloc.2 <null> ldstr / ldc.i4.2 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr resources stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr festivadt stelem.ref <null> call System.String System.String::Join(System.String,System.String[]) stloc.3 <null> ldloc.2 <null> ldc.i4.0 <null> ldloc.3 <null> stelem.ref <null> ldloc.3 <null> call System.Byte[] 8Wdiqq.8Ddej2Bj4bg/8FcpHs.oTp69dJq::8fcFWp2j(System.String) stloc.s V_4 ldloc.s V_4 ldnull <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0085: ldloc.s V_4 leave.s IL_00DD: ret ldloc.s V_4 call System.Void System.Array::Reverse(System.Array) nop <null> ldloc.2 <null> ldc.i4.2 <null> ldloc.s V_4 stelem.ref <null> ldloc.2 <null> ldc.i4.3 <null> ldloc.s V_4 call System.Byte[] 8Wdiqq.jNk58tGrsq1X4/2PxoAq.gFy9pz::mMy4Nq0g1(System.Byte[]) stelem.ref <null> ldstr L o a d stloc.s V_5 ldloc.s V_5 ldloc.2 <null> ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 8Wdiqq.Yz2gc::5rzDpZ8eN2b(System.String,System.Object) pop <null> ldstr Loader ldstr Success call System.Void 8Wdiqq.5qiQF::9aeGj4(System.String,System.String) nop <null> leave.s IL_00DC: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00DC: nop nop <null> ret <null>
Module Name

8Wdiqq
Full Name

8Wdiqq
EntryPoint

System.Void 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o::Fdc6k8mWDie40()
Scope Name

8Wdiqq
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8Wdiqq
Assembly Version

20.18.48.267
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1150
Main Method

System.Void 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o::Fdc6k8mWDie40()
Main IL Instruction Count

87
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> ldstr DynamicLoader call System.Boolean 8Wdiqq.im1A2qWw/6ciGE.Dr4a5wiEyH8o/Lkx05jMq.8yyYP1dejR7bx::w_4J6iKeCm(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0020: ldc.r8 25 leave IL_00DD: ret ldc.r8 25 call System.Double System.Math::Abs(System.Double) call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> stloc.1 <null> ldtoken System.Object call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) ldloc.1 <null> call System.Array System.Array::CreateInstance(System.Type,System.Int32) castclass System.Object[] stloc.2 <null> ldstr / ldc.i4.2 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr resources stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr festivadt stelem.ref <null> call System.String System.String::Join(System.String,System.String[]) stloc.3 <null> ldloc.2 <null> ldc.i4.0 <null> ldloc.3 <null> stelem.ref <null> ldloc.3 <null> call System.Byte[] 8Wdiqq.8Ddej2Bj4bg/8FcpHs.oTp69dJq::8fcFWp2j(System.String) stloc.s V_4 ldloc.s V_4 ldnull <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0085: ldloc.s V_4 leave.s IL_00DD: ret ldloc.s V_4 call System.Void System.Array::Reverse(System.Array) nop <null> ldloc.2 <null> ldc.i4.2 <null> ldloc.s V_4 stelem.ref <null> ldloc.2 <null> ldc.i4.3 <null> ldloc.s V_4 call System.Byte[] 8Wdiqq.jNk58tGrsq1X4/2PxoAq.gFy9pz::mMy4Nq0g1(System.Byte[]) stelem.ref <null> ldstr L o a d stloc.s V_5 ldloc.s V_5 ldloc.2 <null> ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 8Wdiqq.Yz2gc::5rzDpZ8eN2b(System.String,System.Object) pop <null> ldstr Loader ldstr Success call System.Void 8Wdiqq.5qiQF::9aeGj4(System.String,System.String) nop <null> leave.s IL_00DC: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00DC: nop nop <null> ret <null>
2fa1c8558303b87118a43f000240e817 (1.82 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙