Suspicious
Suspect

3b3fa24bbbc8ebc444c8302651e233c6

PE Executable
|
MD5: 3b3fa24bbbc8ebc444c8302651e233c6
|
Size: 53.76 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
3b3fa24bbbc8ebc444c8302651e233c6
Sha1
ac93c28a5c744873fc078c8dd8e266c945c47179
Sha256
394c6af96939850f6ea52d6ccb5fc63e89476d50a1307dc842878e35923e8dfd
Sha384
8246d559b79b912100916cc7f809270e2e9a4bc8e53720dceecbdb01f99cb11c3a83aba949175b189d0b369edc3ea789
Sha512
3d40a2970453bcbe692f76e447a31bda4f25ea67cb9b1025d1629f96ec628aeca893891c83f28239b0c189ede0125c4780d7c33c4fdbd3879c0ef246308cacc6
SSDeep
1536:WK7DubgVK1KOxdSb+qs84z/J2L8yceOSFJCcl4OPp:WKebgVK1KOxdSin7zJ2LLjOTcl5
TLSH
9B334A0CBB9CA673EB7C897D48B2130093B9D7927203F32F5ED061A558977E85A10E97

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3b3fa24bbbc8ebc444c8302651e233c6
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wmGxZ
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ruchqh.exe
Full Name

Ruchqh.exe
EntryPoint

System.Void  ::()
Scope Name

Ruchqh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ruchqh
Assembly Version

1.0.1200.9614
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

99
Main IL

nop <null> newobj System.Void f::.ctor() stloc.1 <null> br.s IL_002E: ldc.i4.s 86 ldloc.s V_6 ldc.i4.s 89 xor <null> stloc.s V_6 br.s IL_006A: ldc.i4.s 83 ldloc.s V_6 ldc.i4.s 84 sub <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0072: ldc.i4.s -52 ldc.i4.s 86 call System.Int32 c::f(System.Int32) stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void q::.ctor() stloc.2 <null> ldc.i4.s 12 stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void c::.ctor() stloc.3 <null> ldc.i4.s 15 stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void o::.ctor() stloc.s V_4 ldc.i4.s 14 stloc.s V_6 br.s IL_0009: ldloc.s V_6 ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 newobj System.Void k::.ctor(q,c,o) stloc.0 <null> br.s IL_0078: ldloc.1 ldc.i4.s 83 ldc.i4.s -88 bgt.s IL_0012: ldloc.s V_6 br.s IL_0078: ldloc.1 ldc.i4.s -52 ldc.i4.s -6 blt.s IL_002E: ldc.i4.s 86 ldloc.1 <null> ldloc.0 <null> ldftn System.Void k::a(System.Object,g) newobj System.Void System.EventHandler`1<g>::.ctor(System.Object,System.IntPtr) callvirt System.Void f::a(System.EventHandler`1<g>) br.s IL_00B1: ldc.i4.s 81 ldloc.s V_5 ldc.i4.s 71 xor <null> stloc.s V_5 ldloc.s V_5 ldc.i4.s 84 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 81 call System.Int32 c::e(System.Int32) stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.2 <null> ldloc.0 <null> ldftn System.Void k::b(System.Object,s) newobj System.Void System.EventHandler`1<s>::.ctor(System.Object,System.IntPtr) callvirt System.Void q::a(System.EventHandler`1<s>) ldc.i4.s 17 stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.1 <null> callvirt System.Void f::c() ldc.i4.s 75 call System.Int32 c::e(System.Int32) stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.3 <null> ldloc.0 <null> ldftn System.Void k::c(System.Object,l) newobj System.Void System.EventHandler`1<l>::.ctor(System.Object,System.IntPtr) callvirt System.Void c::a(System.EventHandler`1<l>) ldc.i4.s 16 stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.s V_4 ldloc.0 <null> ldftn System.Void k::d(System.Object,i) newobj System.Void System.EventHandler`1<i>::.ctor(System.Object,System.IntPtr) callvirt System.Void o::a(System.EventHandler`1<i>) ldc.i4.s 18 stloc.s V_5 br IL_008C: ldloc.s V_5 leave.s IL_0122: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

Ruchqh.exe
Full Name

Ruchqh.exe
EntryPoint

System.Void  ::()
Scope Name

Ruchqh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ruchqh
Assembly Version

1.0.1200.9614
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

99
Main IL

nop <null> newobj System.Void f::.ctor() stloc.1 <null> br.s IL_002E: ldc.i4.s 86 ldloc.s V_6 ldc.i4.s 89 xor <null> stloc.s V_6 br.s IL_006A: ldc.i4.s 83 ldloc.s V_6 ldc.i4.s 84 sub <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0072: ldc.i4.s -52 ldc.i4.s 86 call System.Int32 c::f(System.Int32) stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void q::.ctor() stloc.2 <null> ldc.i4.s 12 stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void c::.ctor() stloc.3 <null> ldc.i4.s 15 stloc.s V_6 br.s IL_0009: ldloc.s V_6 newobj System.Void o::.ctor() stloc.s V_4 ldc.i4.s 14 stloc.s V_6 br.s IL_0009: ldloc.s V_6 ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 newobj System.Void k::.ctor(q,c,o) stloc.0 <null> br.s IL_0078: ldloc.1 ldc.i4.s 83 ldc.i4.s -88 bgt.s IL_0012: ldloc.s V_6 br.s IL_0078: ldloc.1 ldc.i4.s -52 ldc.i4.s -6 blt.s IL_002E: ldc.i4.s 86 ldloc.1 <null> ldloc.0 <null> ldftn System.Void k::a(System.Object,g) newobj System.Void System.EventHandler`1<g>::.ctor(System.Object,System.IntPtr) callvirt System.Void f::a(System.EventHandler`1<g>) br.s IL_00B1: ldc.i4.s 81 ldloc.s V_5 ldc.i4.s 71 xor <null> stloc.s V_5 ldloc.s V_5 ldc.i4.s 84 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 81 call System.Int32 c::e(System.Int32) stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.2 <null> ldloc.0 <null> ldftn System.Void k::b(System.Object,s) newobj System.Void System.EventHandler`1<s>::.ctor(System.Object,System.IntPtr) callvirt System.Void q::a(System.EventHandler`1<s>) ldc.i4.s 17 stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.1 <null> callvirt System.Void f::c() ldc.i4.s 75 call System.Int32 c::e(System.Int32) stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.3 <null> ldloc.0 <null> ldftn System.Void k::c(System.Object,l) newobj System.Void System.EventHandler`1<l>::.ctor(System.Object,System.IntPtr) callvirt System.Void c::a(System.EventHandler`1<l>) ldc.i4.s 16 stloc.s V_5 br.s IL_008C: ldloc.s V_5 ldloc.s V_4 ldloc.0 <null> ldftn System.Void k::d(System.Object,i) newobj System.Void System.EventHandler`1<i>::.ctor(System.Object,System.IntPtr) callvirt System.Void o::a(System.EventHandler`1<i>) ldc.i4.s 18 stloc.s V_5 br IL_008C: ldloc.s V_5 leave.s IL_0122: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
3b3fa24bbbc8ebc444c8302651e233c6 (53.76 KB)
File Structure
3b3fa24bbbc8ebc444c8302651e233c6
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wmGxZ
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙