Suspicious
Suspect

43626499c9a56ae80c64a066c717767e

PE Executable
|
MD5: 43626499c9a56ae80c64a066c717767e
|
Size: 422.4 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
43626499c9a56ae80c64a066c717767e
Sha1
0519812f05f44a4951244d09876b80f59eac6b52
Sha256
214be0aae0079be975055752faa13143c003d70655b8c5917fb84ca8f7ad9837
Sha384
d004773a51f3d9595a0c8f535ce41f42c649d008df2688638b3ad87b8fc6bf99abbf3b29c5030e92393d25840f0203ee
Sha512
6cb343fcd0dce06b8fa9cc95b16548512086dd97fde0df067ad519fea6e961e40b61c0b8012177d18e4068751d5247a6b71681ae1a44faa43260e4a60824716d
SSDeep
6144:NWtgFKmx00rpfw9Z/MGStNh7+8tpBgGUv1bvuoHBSyz2c0MS:NzK+GUH/4GI2
TLSH
279429252BEC4704F2BF1B35E8B152448AFBF806A83AD75E0958549E1B73741CD21BBB
File Structure
43626499c9a56ae80c64a066c717767e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Rubeus.exe
Full Name

Rubeus.exe
EntryPoint

System.Void Rubeus.Program::Main(System.String[])
Scope Name

Rubeus.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rubeus
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2363
Main Method

System.Void Rubeus.Program::Main(System.String[])
Main IL Instruction Count

40
Main IL

ldarg.0 <null> call Rubeus.Domain.ArgumentParserResult Rubeus.Domain.ArgumentParser::Parse(System.Collections.Generic.IEnumerable`1<System.String>) stloc.0 <null> ldloc.0 <null> callvirt System.Boolean Rubeus.Domain.ArgumentParserResult::get_ParsedOk() brtrue.s IL_001A: ldarg.0 call System.Void Rubeus.Domain.Info::ShowLogo() call System.Void Rubeus.Domain.Info::ShowUsage() ret <null> ldarg.0 <null> ldlen <null> brtrue.s IL_0025: ldarg.0 ldstr br.s IL_0028: stloc.1 ldarg.0 <null> ldc.i4.0 <null> ldelem.ref <null> stloc.1 <null> ldloc.0 <null> callvirt System.Collections.Generic.Dictionary`2<System.String,System.String> Rubeus.Domain.ArgumentParserResult::get_Arguments() ldstr /nowrap callvirt System.Boolean System.Collections.Generic.Dictionary`2<System.String,System.String>::ContainsKey(System.String) brfalse.s IL_0041: ldloc.0 ldc.i4.0 <null> stsfld System.Boolean Rubeus.Program::wrapTickets ldloc.0 <null> callvirt System.Collections.Generic.Dictionary`2<System.String,System.String> Rubeus.Domain.ArgumentParserResult::get_Arguments() ldstr /consoleoutfile callvirt System.Boolean System.Collections.Generic.Dictionary`2<System.String,System.String>::ContainsKey(System.String) brfalse.s IL_0060: ldloc.1 ldloc.1 <null> ldloc.0 <null> callvirt System.Collections.Generic.Dictionary`2<System.String,System.String> Rubeus.Domain.ArgumentParserResult::get_Arguments() call System.Void Rubeus.Program::FileExecute(System.String,System.Collections.Generic.Dictionary`2<System.String,System.String>) ret <null> ldloc.1 <null> ldloc.0 <null> callvirt System.Collections.Generic.Dictionary`2<System.String,System.String> Rubeus.Domain.ArgumentParserResult::get_Arguments() call System.Void Rubeus.Program::MainExecute(System.String,System.Collections.Generic.Dictionary`2<System.String,System.String>) ret <null>
43626499c9a56ae80c64a066c717767e (422.4 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙