Suspicious
Suspect

4e367424c547ea8e2335b6f3bcc60325

PE Executable
|
MD5: 4e367424c547ea8e2335b6f3bcc60325
|
Size: 27.14 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
4e367424c547ea8e2335b6f3bcc60325
Sha1
8ab5362fd55b905919689101ad027098e10d86f0
Sha256
9936dcddd1348320af7fa9c5446666d22888a28dc3788a532c60afb718cb75cb
Sha384
5127fe1143acb2610c24f117c2f8bed58d0f7ce228e8caef3eb2a36de3e16f8de581d197ad309f2264164293e0f6298a
Sha512
8103c9bd490e41228093a6dce1d771c00ad131f16472f460031533f483520f42d82f2bc00043208da53f70c7663aaf25c149a4468df39f2e35c65e0d60c8446e
SSDeep
768:EzdQ8JogqfV5jrkumLdtp6SD5/Aowra+tlh7sN+V/i:ETJyU7pLT
TLSH
9DC2B4EBFE4DCA60D91587FAC48F881403B4D782A767CF4AB44AA3461C1235DDEE91C9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4e367424c547ea8e2335b6f3bcc60325
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Donfkaxzcfa.exe
Full Name

Donfkaxzcfa.exe
EntryPoint

System.Void Donfkaxzcfa.Management.ExpandablePool::RemoveStaticPool()
Scope Name

Donfkaxzcfa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Donfkaxzcfa
Assembly Version

1.0.8909.15585
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

5
Main Method

System.Void Donfkaxzcfa.Management.ExpandablePool::RemoveStaticPool()
Main IL Instruction Count

44
Main IL

ldc.i4 1 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0024: ret ret <null> nop <null> newobj System.Void Donfkaxzcfa.Distribution.TransferableDistributor::.ctor() ldstr ZSBYbjsm4iN8CU0pycmzhw== ldstr TfQDgv8mi7o= ldstr PXyHsveawmbuI00H3C.pIWdRFF28dAvUktWvw ldstr C3mXdRKLo callvirt System.Void Donfkaxzcfa.Distribution.TransferableDistributor::DistributeTransformableDistributor(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_0e7a4af96f0c4f8ea7e3e05b2a066835 brtrue IL_0067: switch(IL_0075) pop <null> ldc.i4 0 br IL_0067: switch(IL_0075) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0075: leave IL_0024 leave IL_0024: ret pop <null> ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_dcf36755d9404fcdb9ba233cb66e7ce1 brtrue IL_009E: switch(IL_00AC) pop <null> ldc.i4 0 br IL_009E: switch(IL_00AC) ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_00AC: leave IL_0024 leave IL_0024: ret ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_bfdb23fc4a5940adbac229639cbca521 brfalse IL_0012: switch(IL_0024,IL_0025) pop <null> ldc.i4 0 br IL_0012: switch(IL_0024,IL_0025)
Module Name

Donfkaxzcfa.exe
Full Name

Donfkaxzcfa.exe
EntryPoint

System.Void Donfkaxzcfa.Management.ExpandablePool::RemoveStaticPool()
Scope Name

Donfkaxzcfa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Donfkaxzcfa
Assembly Version

1.0.8909.15585
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

5
Main Method

System.Void Donfkaxzcfa.Management.ExpandablePool::RemoveStaticPool()
Main IL Instruction Count

44
Main IL

ldc.i4 1 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0024: ret ret <null> nop <null> newobj System.Void Donfkaxzcfa.Distribution.TransferableDistributor::.ctor() ldstr ZSBYbjsm4iN8CU0pycmzhw== ldstr TfQDgv8mi7o= ldstr PXyHsveawmbuI00H3C.pIWdRFF28dAvUktWvw ldstr C3mXdRKLo callvirt System.Void Donfkaxzcfa.Distribution.TransferableDistributor::DistributeTransformableDistributor(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_0e7a4af96f0c4f8ea7e3e05b2a066835 brtrue IL_0067: switch(IL_0075) pop <null> ldc.i4 0 br IL_0067: switch(IL_0075) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0075: leave IL_0024 leave IL_0024: ret pop <null> ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_dcf36755d9404fcdb9ba233cb66e7ce1 brtrue IL_009E: switch(IL_00AC) pop <null> ldc.i4 0 br IL_009E: switch(IL_00AC) ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_00AC: leave IL_0024 leave IL_0024: ret ldc.i4 0 ldsfld <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc} <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_7d1fa15789934037851eb007d43d82cb ldfld System.Int32 <Module>{207e283c-8567-4f5d-a4bf-f766eaf2b1bc}::m_bfdb23fc4a5940adbac229639cbca521 brfalse IL_0012: switch(IL_0024,IL_0025) pop <null> ldc.i4 0 br IL_0012: switch(IL_0024,IL_0025)
4e367424c547ea8e2335b6f3bcc60325 (27.14 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙