Suspicious
Suspect

4dc9fbd1790f19dfd397752f844dfd7e

PE Executable
|
MD5: 4dc9fbd1790f19dfd397752f844dfd7e
|
Size: 1.8 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
4dc9fbd1790f19dfd397752f844dfd7e
Sha1
78da4e99e4057b3a9cccbf469cf2f41cd80d7c54
Sha256
0cbb7f1b15b8cd50b8269b954738cbad9099994d60df5309ac5326c3886c3d10
Sha384
b7edd2840285241f7ee11c2d96d950f73394a2c13ae6baee574f938e1f5f31fa1a2ea83bbe3ce6737cf565f8ef305bcc
Sha512
8539376c59bfaf63a2f3fb17cfd55cf4fd541db355df10ff6dc5f3d6ad46b916e624c3fdb253bdd4ba5c064fa5c26989808cb11a0b540e5bd035213011a1bb49
SSDeep
24576:IFknRHGAWq6/p3ojZPwIeB/eG9B6VjqIkcSAi9Ra:t5GAmOdPwB/IV+I7AM
TLSH
4285121513E4076CF8BE477884796861A3F0F88BD635EB6FA98D90E81D31BA0DB45723

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4dc9fbd1790f19dfd397752f844dfd7e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
3ygAnGf1eo2M_H.g.resources
3ygAnGf1eo2M_H.Resources.resources
d1d8eec0191cd0.Resources.resources
cc3bf64e0
[NBF]root.Data
cc3bf64e1
[NBF]root.Data
cc3bf64e10
[NBF]root.Data
cc3bf64e11
[NBF]root.Data
cc3bf64e12
[NBF]root.Data
cc3bf64e13
[NBF]root.Data
cc3bf64e14
[NBF]root.Data
cc3bf64e15
[NBF]root.Data
cc3bf64e16
[NBF]root.Data
cc3bf64e17
[NBF]root.Data
cc3bf64e18
[NBF]root.Data
cc3bf64e19
[NBF]root.Data
cc3bf64e2
[NBF]root.Data
cc3bf64e20
[NBF]root.Data
cc3bf64e21
[NBF]root.Data
cc3bf64e22
[NBF]root.Data
cc3bf64e23
[NBF]root.Data
cc3bf64e24
[NBF]root.Data
cc3bf64e25
[NBF]root.Data
cc3bf64e26
[NBF]root.Data
cc3bf64e27
[NBF]root.Data
cc3bf64e28
[NBF]root.Data
cc3bf64e29
[NBF]root.Data
cc3bf64e3
[NBF]root.Data
cc3bf64e30
[NBF]root.Data
cc3bf64e31
[NBF]root.Data
cc3bf64e32
[NBF]root.Data
cc3bf64e33
[NBF]root.Data
cc3bf64e34
[NBF]root.Data
cc3bf64e35
[NBF]root.Data
cc3bf64e36
[NBF]root.Data
cc3bf64e37
[NBF]root.Data
cc3bf64e38
[NBF]root.Data
cc3bf64e39
[NBF]root.Data
cc3bf64e4
[NBF]root.Data
cc3bf64e40
[NBF]root.Data
cc3bf64e41
[NBF]root.Data
cc3bf64e42
[NBF]root.Data
cc3bf64e43
[NBF]root.Data
cc3bf64e44
[NBF]root.Data
cc3bf64e45
[NBF]root.Data
cc3bf64e46
[NBF]root.Data
cc3bf64e47
[NBF]root.Data
cc3bf64e48
[NBF]root.Data
cc3bf64e49
[NBF]root.Data
cc3bf64e5
[NBF]root.Data
cc3bf64e50
[NBF]root.Data
cc3bf64e51
[NBF]root.Data
cc3bf64e52
[NBF]root.Data
cc3bf64e53
[NBF]root.Data
cc3bf64e54
[NBF]root.Data
cc3bf64e55
[NBF]root.Data
cc3bf64e56
[NBF]root.Data
cc3bf64e57
[NBF]root.Data
cc3bf64e58
[NBF]root.Data
cc3bf64e59
[NBF]root.Data
cc3bf64e6
[NBF]root.Data
cc3bf64e60
[NBF]root.Data
cc3bf64e61
[NBF]root.Data
cc3bf64e62
[NBF]root.Data
cc3bf64e63
[NBF]root.Data
cc3bf64e64
[NBF]root.Data
cc3bf64e65
[NBF]root.Data
cc3bf64e7
[NBF]root.Data
cc3bf64e8
[NBF]root.Data
cc3bf64e9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

3ygAnGf1eo2M_H
Full Name

3ygAnGf1eo2M_H
EntryPoint

System.Void 3ygAnGf1eo2M_H.bJr1Ng3po::bDc5G7izmkX3()
Scope Name

3ygAnGf1eo2M_H
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

3ygAnGf1eo2M_H
Assembly Version

16.14.42.225
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

719
Main Method

System.Void 3ygAnGf1eo2M_H.bJr1Ng3po::bDc5G7izmkX3()
Main IL Instruction Count

196
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> call System.String System.Environment::get_UserName() stloc.0 <null> call System.String System.Environment::get_MachineName() stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FocusFlow call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_004A: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldloc.3 <null> ldstr user.config call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldloc.s V_4 call System.Boolean System.IO.File::Exists(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_006F: nop ldloc.s V_4 call System.String System.IO.File::ReadAllText(System.String) stloc.s V_13 nop <null> nop <null> ldc.i4.s 26 call System.Int32 System.Math::Abs(System.Int32) stloc.s V_5 ldloca.s V_2 call System.Int64 System.DateTime::get_Ticks() conv.r8 <null> ldc.r8 1E-07 mul <null> call System.Double System.Math::Sin(System.Double) stloc.s V_6 ldloc.s V_5 call System.Object 3ygAnGf1eo2M_H.bJr1Ng3po/ci6Wm8Ew.Xa1nerA0B6mk::4osCGr5i(System.Int32) castclass System.Object[] stloc.s V_7 ldstr resources/softwarelogo.png ldc.i4.0 <null> newarr System.Object call System.String System.String::Format(System.String,System.Object[]) stloc.s V_8 ldloc.s V_7 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_6 ldc.r8 0.5 cgt <null> stloc.s V_14 ldloc.s V_14 brfalse.s IL_00D3: nop ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> nop <null> nop <null> ldloc.s V_7 ldc.i4.2 <null> ldloc.s V_7 ldc.i4.0 <null> ldelem.ref <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Byte[] 3ygAnGf1eo2M_H.5Wsspn4E/Xe0jd6DmHow27q.Hm1r7k::Ba2st0Mo(System.String) stelem.ref <null> call System.DateTime System.DateTime::get_UtcNow() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Day() ldc.i4.s 17 mul.ovf <null> ldloc.1 <null> callvirt System.Int32 System.String::get_Length() ldc.i4.3 <null> mul.ovf <null> add.ovf <null> stloc.s V_9 ldloc.s V_7 ldc.i4.3 <null> ldloc.s V_7 ldc.i4.2 <null> ldelem.ref <null> castclass System.Byte[] call System.Byte[] 3ygAnGf1eo2M_H.4czEXw9dr2/cGf56mKe.5cdYb::Ta4mj2Ytd(System.Byte[]) stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> isinst System.Byte[] brfalse.s IL_0130: ldc.i4.0 ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldlen <null> conv.i4 <null> ldc.i4.s 100 cgt <null> br.s IL_0131: stloc.s V_16 ldc.i4.0 <null> stloc.s V_16 ldloc.s V_16 brfalse.s IL_0151: nop ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.0 <null> ldelem.u1 <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.1 <null> ldelem.u1 <null> xor <null> stloc.s V_17 nop <null> nop <null> ldc.i4.1 <null> stloc.s V_10 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.6 <null> blt.s IL_017A: ldc.i4.1 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.s 22 cgt <null> br.s IL_017B: stloc.s V_18 ldc.i4.1 <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_0185: nop ldc.i4.1 <null> stloc.s V_10 nop <null> nop <null> ldloc.s V_10 stloc.s V_19 ldloc.s V_19 brfalse.s IL_01A3: nop ldstr L o a d ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 3ygAnGf1eo2M_H.4czEXw9dr2/Jq2b5Pfxg.dw9F3wMt::Ac6jy(System.String,System.Object) pop <null> nop <null> nop <null> ldnull <null> stloc.s V_7 call System.Void System.GC::Collect() nop <null> leave.s IL_01D0: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 nop <null> nop <null> leave.s IL_01C8: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01D0: nop nop <null> ret <null>
Module Name

3ygAnGf1eo2M_H
Full Name

3ygAnGf1eo2M_H
EntryPoint

System.Void 3ygAnGf1eo2M_H.bJr1Ng3po::bDc5G7izmkX3()
Scope Name

3ygAnGf1eo2M_H
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

3ygAnGf1eo2M_H
Assembly Version

16.14.42.225
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

719
Main Method

System.Void 3ygAnGf1eo2M_H.bJr1Ng3po::bDc5G7izmkX3()
Main IL Instruction Count

196
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> call System.String System.Environment::get_UserName() stloc.0 <null> call System.String System.Environment::get_MachineName() stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FocusFlow call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_004A: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldloc.3 <null> ldstr user.config call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldloc.s V_4 call System.Boolean System.IO.File::Exists(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_006F: nop ldloc.s V_4 call System.String System.IO.File::ReadAllText(System.String) stloc.s V_13 nop <null> nop <null> ldc.i4.s 26 call System.Int32 System.Math::Abs(System.Int32) stloc.s V_5 ldloca.s V_2 call System.Int64 System.DateTime::get_Ticks() conv.r8 <null> ldc.r8 1E-07 mul <null> call System.Double System.Math::Sin(System.Double) stloc.s V_6 ldloc.s V_5 call System.Object 3ygAnGf1eo2M_H.bJr1Ng3po/ci6Wm8Ew.Xa1nerA0B6mk::4osCGr5i(System.Int32) castclass System.Object[] stloc.s V_7 ldstr resources/softwarelogo.png ldc.i4.0 <null> newarr System.Object call System.String System.String::Format(System.String,System.Object[]) stloc.s V_8 ldloc.s V_7 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_6 ldc.r8 0.5 cgt <null> stloc.s V_14 ldloc.s V_14 brfalse.s IL_00D3: nop ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> nop <null> nop <null> ldloc.s V_7 ldc.i4.2 <null> ldloc.s V_7 ldc.i4.0 <null> ldelem.ref <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Byte[] 3ygAnGf1eo2M_H.5Wsspn4E/Xe0jd6DmHow27q.Hm1r7k::Ba2st0Mo(System.String) stelem.ref <null> call System.DateTime System.DateTime::get_UtcNow() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Day() ldc.i4.s 17 mul.ovf <null> ldloc.1 <null> callvirt System.Int32 System.String::get_Length() ldc.i4.3 <null> mul.ovf <null> add.ovf <null> stloc.s V_9 ldloc.s V_7 ldc.i4.3 <null> ldloc.s V_7 ldc.i4.2 <null> ldelem.ref <null> castclass System.Byte[] call System.Byte[] 3ygAnGf1eo2M_H.4czEXw9dr2/cGf56mKe.5cdYb::Ta4mj2Ytd(System.Byte[]) stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> isinst System.Byte[] brfalse.s IL_0130: ldc.i4.0 ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldlen <null> conv.i4 <null> ldc.i4.s 100 cgt <null> br.s IL_0131: stloc.s V_16 ldc.i4.0 <null> stloc.s V_16 ldloc.s V_16 brfalse.s IL_0151: nop ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.0 <null> ldelem.u1 <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.1 <null> ldelem.u1 <null> xor <null> stloc.s V_17 nop <null> nop <null> ldc.i4.1 <null> stloc.s V_10 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.6 <null> blt.s IL_017A: ldc.i4.1 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.s 22 cgt <null> br.s IL_017B: stloc.s V_18 ldc.i4.1 <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_0185: nop ldc.i4.1 <null> stloc.s V_10 nop <null> nop <null> ldloc.s V_10 stloc.s V_19 ldloc.s V_19 brfalse.s IL_01A3: nop ldstr L o a d ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 3ygAnGf1eo2M_H.4czEXw9dr2/Jq2b5Pfxg.dw9F3wMt::Ac6jy(System.String,System.Object) pop <null> nop <null> nop <null> ldnull <null> stloc.s V_7 call System.Void System.GC::Collect() nop <null> leave.s IL_01D0: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 nop <null> nop <null> leave.s IL_01C8: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01D0: nop nop <null> ret <null>
4dc9fbd1790f19dfd397752f844dfd7e (1.8 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙