Suspicious
Suspect

3b1c10d10b05b1a5ecac045e9a33528d

PE Executable
|
MD5: 3b1c10d10b05b1a5ecac045e9a33528d
|
Size: 1.35 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
3b1c10d10b05b1a5ecac045e9a33528d
Sha1
35d399c97200bd5e9164ae609b833c8d57973e20
Sha256
8109a0528091c8be7fc71e941604672f1cfba50a020c9b4fce74be6e092764f4
Sha384
cca37e8867ecb1be8be61d5b07d3bfcebe9089673989e6af2d7bf008e7b39a81a421f7698f3d2730d2f221c5b68780db
Sha512
3cc55261ab1fc3bbc6ff06649b3235efa77aceeac590b99247b94cf2b2335561cec33dcd15d63effc4647c3b92e8e443b68b561686199218eeb3acd86a3375a9
SSDeep
24576:PHyGHYYNRHYm9Ph6WE4n54RCnRveYepqMKDmfC4KOSSn2j6EEma:a0dPh6WP5rRveYkqM3fC41p2Fy
TLSH
AE55D00722D69A64F4BF5B34D2B5452443F8BD0B8631E7AE3B4B02F99F1274A9912373

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3b1c10d10b05b1a5ecac045e9a33528d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Cerkagofan.habadegar
pz2Ww.Resources.resources
8e2efa0cba89eb.Resources.resources
ade0e6410
[NBF]root.Data
ade0e6411
[NBF]root.Data
ade0e64110
[NBF]root.Data
ade0e64111
[NBF]root.Data
ade0e64112
[NBF]root.Data
ade0e64113
[NBF]root.Data
ade0e64114
[NBF]root.Data
ade0e64115
[NBF]root.Data
ade0e64116
[NBF]root.Data
ade0e64117
[NBF]root.Data
ade0e64118
[NBF]root.Data
ade0e64119
[NBF]root.Data
ade0e6412
[NBF]root.Data
ade0e64120
[NBF]root.Data
ade0e64121
[NBF]root.Data
ade0e64122
[NBF]root.Data
ade0e64123
[NBF]root.Data
ade0e64124
[NBF]root.Data
ade0e64125
[NBF]root.Data
ade0e64126
[NBF]root.Data
ade0e64127
[NBF]root.Data
ade0e64128
[NBF]root.Data
ade0e64129
[NBF]root.Data
ade0e6413
[NBF]root.Data
ade0e64130
[NBF]root.Data
ade0e64131
[NBF]root.Data
ade0e64132
[NBF]root.Data
ade0e64133
[NBF]root.Data
ade0e64134
[NBF]root.Data
ade0e64135
[NBF]root.Data
ade0e64136
[NBF]root.Data
ade0e64137
[NBF]root.Data
ade0e64138
[NBF]root.Data
ade0e64139
[NBF]root.Data
ade0e6414
[NBF]root.Data
ade0e64140
[NBF]root.Data
ade0e64141
[NBF]root.Data
ade0e6415
[NBF]root.Data
ade0e6416
[NBF]root.Data
ade0e6417
[NBF]root.Data
ade0e6418
[NBF]root.Data
ade0e6419
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pz2Ww
Full Name

pz2Ww
EntryPoint

System.Void pz2Ww.oMk95/1xnEy.9AftZf4sjXg72::rGd64aoEedJ0()
Scope Name

pz2Ww
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pz2Ww
Assembly Version

1.13.17.218
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void pz2Ww.oMk95/1xnEy.9AftZf4sjXg72::rGd64aoEedJ0()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void pz2Ww.wKb2s3WpmXr/9Kicg1MfHn6d.Nn7_mnC2Xo::kEf0mf8QKqw6(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
Module Name

pz2Ww
Full Name

pz2Ww
EntryPoint

System.Void pz2Ww.oMk95/1xnEy.9AftZf4sjXg72::rGd64aoEedJ0()
Scope Name

pz2Ww
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pz2Ww
Assembly Version

1.13.17.218
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void pz2Ww.oMk95/1xnEy.9AftZf4sjXg72::rGd64aoEedJ0()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void pz2Ww.wKb2s3WpmXr/9Kicg1MfHn6d.Nn7_mnC2Xo::kEf0mf8QKqw6(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
3b1c10d10b05b1a5ecac045e9a33528d (1.35 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙