Suspicious
Suspect

4d00eed69a01f762ae8c8c149f6b3f38

PE Executable
|
MD5: 4d00eed69a01f762ae8c8c149f6b3f38
|
Size: 3.03 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
4d00eed69a01f762ae8c8c149f6b3f38
Sha1
42bd3c9d29609df1ca7d70632cffe13c4e7b77d7
Sha256
fd6cffce948aff9c17134a6d29b5ba7722e65a7b385abef06fb357cd2b32b1e2
Sha384
043da55f6a20528c49f45c09ed45733b420cbb1a78014d602c0ea5ebca67ca869afcb58dc8532032687d6cdb1bfe248c
Sha512
b4b4f4f288340e35e6814961de0a2d314e2c09df2d0218cf76152cd090968796759a64040c31a151d389882532dde0b26dd7b3d859533a526431c1684d6ef339
SSDeep
49152:tp7q4d6tl2pMedWjIUmyC/2aGg4t8CPG36reVMBwNfRZQU8lCE/vDMoydg:t1q4wtl6IIVsgXCPG33+B6fxIvvD
TLSH
ABE58E092331EE16DD42A335BAB747092B53E13852C2921B931DFB35EBDA2C72F91593

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4d00eed69a01f762ae8c8c149f6b3f38
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

Hqshzpgjua.exe
Full Name

Hqshzpgjua.exe
EntryPoint

System.Void Fbmbmpfzpxc.Gtfluuqt::Main()
Scope Name

Hqshzpgjua.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hqshzpgjua
Assembly Version

1.0.4837.26654
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

16
Main Method

System.Void Fbmbmpfzpxc.Gtfluuqt::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Fbmbmpfzpxc.Smwqkvyq::Scvpan() stloc.0 <null> newobj System.Void Fbmbmpfzpxc.Srysusi::.ctor() ldloc.0 <null> call System.Reflection.Assembly Fbmbmpfzpxc.Srysusi::Ifvayidsiv(System.Byte[]) stloc.1 <null> newobj System.Void Fbmbmpfzpxc.Liweqnxvpsl::.ctor() ldloc.1 <null> call System.Type Fbmbmpfzpxc.Liweqnxvpsl::Ralxenhlb(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Fbmbmpfzpxc.Mjkzjrjll::.ctor() ldloc.2 <null> call System.Void Fbmbmpfzpxc.Mjkzjrjll::Dqkvydh(System.Type) ret <null>
Module Name

Hqshzpgjua.exe
Full Name

Hqshzpgjua.exe
EntryPoint

System.Void Fbmbmpfzpxc.Gtfluuqt::Main()
Scope Name

Hqshzpgjua.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hqshzpgjua
Assembly Version

1.0.4837.26654
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

16
Main Method

System.Void Fbmbmpfzpxc.Gtfluuqt::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Fbmbmpfzpxc.Smwqkvyq::Scvpan() stloc.0 <null> newobj System.Void Fbmbmpfzpxc.Srysusi::.ctor() ldloc.0 <null> call System.Reflection.Assembly Fbmbmpfzpxc.Srysusi::Ifvayidsiv(System.Byte[]) stloc.1 <null> newobj System.Void Fbmbmpfzpxc.Liweqnxvpsl::.ctor() ldloc.1 <null> call System.Type Fbmbmpfzpxc.Liweqnxvpsl::Ralxenhlb(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Fbmbmpfzpxc.Mjkzjrjll::.ctor() ldloc.2 <null> call System.Void Fbmbmpfzpxc.Mjkzjrjll::Dqkvydh(System.Type) ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
4d00eed69a01f762ae8c8c149f6b3f38 (3.03 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙