Suspicious
Suspect

4164a1945d8373255a5cb7e42f05c259

PE Executable
|
MD5: 4164a1945d8373255a5cb7e42f05c259
|
Size: 15.87 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
4164a1945d8373255a5cb7e42f05c259
Sha1
7c624e0b11c817d516f9411972191c4627fd2e53
Sha256
f8e7e73bf2b26635800a042e7890a35f7376508f288a1ced3d3e12b173c5cb7e
Sha384
bc00eeddbe9f0315991d76f7bd448db9fa9966b60fcbd9a940c6c4bf025cc277f23b58c1e68213da20ef7f8ed7b91340
Sha512
164413533e6c09e42f3abad11bab2b44e53cd942bec2d8b2e4e332e971592952cb8c79d4c17c0d7e5fe52ed9d806f456ee4e6ad5552ccb35c2971d2119dd0722
SSDeep
384:XqSDzqfHGg/qayU4hpR9VZwFj3hNb4WK:XqSSfB/+hD9k0
TLSH
EC62070477E88368F17F8F39A8F342150A74F9669826EB9D2CC9125D1CA3789CE50F62

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4164a1945d8373255a5cb7e42f05c259
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

agent_xw2.exe
Full Name

agent_xw2.exe
EntryPoint

System.Void WindowsService.Program::Main(System.String[])
Scope Name

agent_xw2.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

agent_xw2
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

145
Main Method

System.Void WindowsService.Program::Main(System.String[])
Main IL Instruction Count

29
Main IL

call System.IntPtr WindowsService.Program::GetConsoleWindow() stloc.0 <null> ldloc.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_001B: leave.s IL_0020 ldloc.0 <null> ldc.i4.0 <null> call System.Boolean WindowsService.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() call System.String WindowsService.Program::GenId() stsfld System.String WindowsService.Program::_mid call System.String System.Environment::get_MachineName() stsfld System.String WindowsService.Program::_host br.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run call System.Void WindowsService.Program::Loop() leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run pop <null> leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run ldsfld System.Boolean WindowsService.Program::_run brfalse.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.Boolean WindowsService.Program::_run brtrue.s IL_0036: call System.Void WindowsService.Program::Loop() ret <null>
Module Name

agent_xw2.exe
Full Name

agent_xw2.exe
EntryPoint

System.Void WindowsService.Program::Main(System.String[])
Scope Name

agent_xw2.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

agent_xw2
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

145
Main Method

System.Void WindowsService.Program::Main(System.String[])
Main IL Instruction Count

29
Main IL

call System.IntPtr WindowsService.Program::GetConsoleWindow() stloc.0 <null> ldloc.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_001B: leave.s IL_0020 ldloc.0 <null> ldc.i4.0 <null> call System.Boolean WindowsService.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() call System.String WindowsService.Program::GenId() stsfld System.String WindowsService.Program::_mid call System.String System.Environment::get_MachineName() stsfld System.String WindowsService.Program::_host br.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run call System.Void WindowsService.Program::Loop() leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run pop <null> leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run ldsfld System.Boolean WindowsService.Program::_run brfalse.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.Boolean WindowsService.Program::_run brtrue.s IL_0036: call System.Void WindowsService.Program::Loop() ret <null>
4164a1945d8373255a5cb7e42f05c259 (15.87 KB)
File Structure
4164a1945d8373255a5cb7e42f05c259
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙