Suspicious
Suspect

41056d5e211891780d2fbcff63d7a82f

PE Executable
|
MD5: 41056d5e211891780d2fbcff63d7a82f
|
Size: 1.73 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
41056d5e211891780d2fbcff63d7a82f
Sha1
1bbb63c8114dc03a914614f3c6c0c7c1e46be939
Sha256
1ae8f5d331a1c6138b60c0e9b7f3ddecda3868e6c408b97a061ed50916245b93
Sha384
9fcb08f5b2985e0fa71844bf0e37273edb530e91e39b16c64f5cf7161471861eecad3ee3bec055b659ff3b6651cd29b2
Sha512
1b666893f3648984a52d5203931c64749ffa967a6c71b4ac37a59f2ed7e5d3620c73096bc4b8a812d4e78369a557c5d8f7d82777d4677ecd93c5a0afce4745d1
SSDeep
24576:FD5sf/opbsxr/0bUaSVWRKc/KTjWKN1gwRbDwIwAFYDbboInt0FP7e+YoOnWGSmW:MoFsxToUFVOKc/KTnTHw1bs20qypcKT
TLSH
E0853305636F342BD9BC60BDAC6157EC07B2BB5474E1E78F792831014E83FD684CA696

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
41056d5e211891780d2fbcff63d7a82f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ogtpf.Properties.Resources.resources
Hyoamkc
TimeZoneConverter.Data.Aliases.csv.gz
file_0.bin
TimeZoneConverter.Data.Mapping.csv.gz
file_0.bin
TimeZoneConverter.Data.RailsMapping.csv.gz
file_0.bin
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

eft_9876.exe
Full Name

eft_9876.exe
EntryPoint

System.Void Ogtpf.Cqwhbk::Main()
Scope Name

eft_9876.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

eft_9876
Assembly Version

1.0.1738.15990
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

82
Main Method

System.Void Ogtpf.Cqwhbk::Main()
Main IL Instruction Count

59
Main IL

nop <null> ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) nop <null> ldstr 1.4.1 newobj System.Void System.Version::.ctor(System.String) stloc.0 <null> ldnull <null> ldloc.0 <null> newobj System.Void Ogtpf.Dbrku::.ctor(System.String,System.Version) stloc.1 <null> newobj System.Void Ogtpf.Zqxsl::.ctor() stloc.2 <null> newobj System.Void Ogtpf.Svytppg::.ctor() stloc.3 <null> newobj System.Void Ogtpf.Nrbsochrn::.ctor() stloc.s V_4 ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 newobj System.Void Ogtpf.Xxfkryvo::.ctor(Ogtpf.Zqxsl,Ogtpf.Svytppg,Ogtpf.Nrbsochrn) stloc.s V_5 nop <null> ldloc.1 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Kywnuhlrpr(System.Object,Ogtpf.Vkfcxolz) newobj System.Void System.EventHandler`1<Ogtpf.Vkfcxolz>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Dbrku::add_DownloadCompleted(System.EventHandler`1<Ogtpf.Vkfcxolz>) nop <null> ldloc.2 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Lyfpgd(System.Object,Ogtpf.Vjnpiysvlp) newobj System.Void System.EventHandler`1<Ogtpf.Vjnpiysvlp>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Zqxsl::add_DecryptionCompleted(System.EventHandler`1<Ogtpf.Vjnpiysvlp>) nop <null> ldloc.3 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Ylabadb(System.Object,Ogtpf.Wyyzsjgrueh) newobj System.Void System.EventHandler`1<Ogtpf.Wyyzsjgrueh>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Svytppg::add_LoadCompleted(System.EventHandler`1<Ogtpf.Wyyzsjgrueh>) nop <null> ldloc.s V_4 ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Wtnavnme(System.Object,Ogtpf.Tlzcdbqrxa) newobj System.Void System.EventHandler`1<Ogtpf.Tlzcdbqrxa>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Nrbsochrn::add_InvocationCompleted(System.EventHandler`1<Ogtpf.Tlzcdbqrxa>) nop <null> ldloc.1 <null> callvirt System.Void Ogtpf.Dbrku::Kfpynf() nop <null> nop <null> leave IL_00AC: ret ldloc.s V_5 brfalse IL_00AB: endfinally ldloc.s V_5 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ret <null>
Module Name

eft_9876.exe
Full Name

eft_9876.exe
EntryPoint

System.Void Ogtpf.Cqwhbk::Main()
Scope Name

eft_9876.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

eft_9876
Assembly Version

1.0.1738.15990
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

82
Main Method

System.Void Ogtpf.Cqwhbk::Main()
Main IL Instruction Count

59
Main IL

nop <null> ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) nop <null> ldstr 1.4.1 newobj System.Void System.Version::.ctor(System.String) stloc.0 <null> ldnull <null> ldloc.0 <null> newobj System.Void Ogtpf.Dbrku::.ctor(System.String,System.Version) stloc.1 <null> newobj System.Void Ogtpf.Zqxsl::.ctor() stloc.2 <null> newobj System.Void Ogtpf.Svytppg::.ctor() stloc.3 <null> newobj System.Void Ogtpf.Nrbsochrn::.ctor() stloc.s V_4 ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 newobj System.Void Ogtpf.Xxfkryvo::.ctor(Ogtpf.Zqxsl,Ogtpf.Svytppg,Ogtpf.Nrbsochrn) stloc.s V_5 nop <null> ldloc.1 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Kywnuhlrpr(System.Object,Ogtpf.Vkfcxolz) newobj System.Void System.EventHandler`1<Ogtpf.Vkfcxolz>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Dbrku::add_DownloadCompleted(System.EventHandler`1<Ogtpf.Vkfcxolz>) nop <null> ldloc.2 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Lyfpgd(System.Object,Ogtpf.Vjnpiysvlp) newobj System.Void System.EventHandler`1<Ogtpf.Vjnpiysvlp>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Zqxsl::add_DecryptionCompleted(System.EventHandler`1<Ogtpf.Vjnpiysvlp>) nop <null> ldloc.3 <null> ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Ylabadb(System.Object,Ogtpf.Wyyzsjgrueh) newobj System.Void System.EventHandler`1<Ogtpf.Wyyzsjgrueh>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Svytppg::add_LoadCompleted(System.EventHandler`1<Ogtpf.Wyyzsjgrueh>) nop <null> ldloc.s V_4 ldloc.s V_5 ldftn System.Void Ogtpf.Xxfkryvo::Wtnavnme(System.Object,Ogtpf.Tlzcdbqrxa) newobj System.Void System.EventHandler`1<Ogtpf.Tlzcdbqrxa>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ogtpf.Nrbsochrn::add_InvocationCompleted(System.EventHandler`1<Ogtpf.Tlzcdbqrxa>) nop <null> ldloc.1 <null> callvirt System.Void Ogtpf.Dbrku::Kfpynf() nop <null> nop <null> leave IL_00AC: ret ldloc.s V_5 brfalse IL_00AB: endfinally ldloc.s V_5 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ret <null>
41056d5e211891780d2fbcff63d7a82f (1.73 MB)
File Structure
41056d5e211891780d2fbcff63d7a82f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ogtpf.Properties.Resources.resources
Hyoamkc
TimeZoneConverter.Data.Aliases.csv.gz
file_0.bin
TimeZoneConverter.Data.Mapping.csv.gz
file_0.bin
TimeZoneConverter.Data.RailsMapping.csv.gz
file_0.bin
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙