Suspicious
Suspect

4680107aadbfb7f77314cacdfe1f2694

PE Executable
|
MD5: 4680107aadbfb7f77314cacdfe1f2694
|
Size: 4.16 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
4680107aadbfb7f77314cacdfe1f2694
Sha1
c1b73b9560f7046ede4b583dc413401cbc302a73
Sha256
8a116e67de1378ff68529774ec5bb984c41de823080256ae4d679bf28c398c8d
Sha384
d395cf85a01b07dfdbf0505fb715e746c3d37ff569a2dae60ea6f1960ab1aae1ad0501271f57d855e7f79819ade0f2fb
Sha512
b71082bf892b3adb7bfb733d1bfb1f1a94a559c39e83c3cb8e74d4809a94c0e7a048c294d1fd4e4f3ee53214878af15a2d31d0eff31ab4fba6ab690abdcc2682
SSDeep
98304:iYMrRzF/w07QRxyRTJ+MAGM0nGwIk6C0FdJY:iY8lFYoQRMP20nGwIHRd
TLSH
EE162328B7A5317AD3768AF8C95C0541DD7DB4477F60D28B07818A8A3D1E3AD4E2BB31

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
4680107aadbfb7f77314cacdfe1f2694
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
conhost.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
svchost.svchost.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
svchost.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
UPX0
UPX1
UPX2
Telegram Fix.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Telegram Fix.g.resources
Telegram_Fix.Properties.Resources.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Telegram Fix by Sexsoldier.exe
Full Name

Telegram Fix by Sexsoldier.exe
EntryPoint

System.Void SilentExecuter.Program::Main(System.String[])
Scope Name

Telegram Fix by Sexsoldier.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Telegram Fix by Sexsoldier
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void SilentExecuter.Program::Main(System.String[])
Main IL Instruction Count

39
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.0 <null> ldloc.0 <null> callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.1 <null> ldloc.1 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 br.s IL_0049: ldloc.s V_4 ldloc.3 <null> ldloc.s V_4 ldelem.ref <null> stloc.2 <null> ldloc.2 <null> ldstr .exe callvirt System.Boolean System.String::Contains(System.String) brtrue.s IL_0033: ldloc.2 ldloc.2 <null> ldstr .EXE callvirt System.Boolean System.String::Contains(System.String) brfalse.s IL_0043: ldloc.s V_4 ldloc.2 <null> call System.Void SilentExecuter.Program::RunSilent(System.String) ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_4 ldc.i4.1 <null> add <null> stloc.s V_4 ldloc.s V_4 ldloc.3 <null> ldlen <null> conv.i4 <null> blt.s IL_0014: ldloc.3 leave.s IL_0055: ret pop <null> leave.s IL_0055: ret ret <null>
Module Name

Telegram Fix by Sexsoldier.exe
Full Name

Telegram Fix by Sexsoldier.exe
EntryPoint

System.Void SilentExecuter.Program::Main(System.String[])
Scope Name

Telegram Fix by Sexsoldier.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Telegram Fix by Sexsoldier
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void SilentExecuter.Program::Main(System.String[])
Main IL Instruction Count

39
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.0 <null> ldloc.0 <null> callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.1 <null> ldloc.1 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 br.s IL_0049: ldloc.s V_4 ldloc.3 <null> ldloc.s V_4 ldelem.ref <null> stloc.2 <null> ldloc.2 <null> ldstr .exe callvirt System.Boolean System.String::Contains(System.String) brtrue.s IL_0033: ldloc.2 ldloc.2 <null> ldstr .EXE callvirt System.Boolean System.String::Contains(System.String) brfalse.s IL_0043: ldloc.s V_4 ldloc.2 <null> call System.Void SilentExecuter.Program::RunSilent(System.String) ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_4 ldc.i4.1 <null> add <null> stloc.s V_4 ldloc.s V_4 ldloc.3 <null> ldlen <null> conv.i4 <null> blt.s IL_0014: ldloc.3 leave.s IL_0055: ret pop <null> leave.s IL_0055: ret ret <null>
4680107aadbfb7f77314cacdfe1f2694 (4.16 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙