Suspicious
Suspect

4e5d216040f47dab87635ffe7f652f80

PE Executable
|
MD5: 4e5d216040f47dab87635ffe7f652f80
|
Size: 2.13 MB
|
application/x-dosexec

Print
General
Structural Analysis
Config.0
Yara Rules47
Sync
Community
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
4e5d216040f47dab87635ffe7f652f80
Sha1
1d41bfa27f6dfdebfb114be531373b7761515557
Sha256
e681a8066c6644a7e8837c5fbeb732503a74a7962f060f9a2ea7d61549f5c414
Sha384
71fc860d640848fedb2fbf40dac04c7d7ab718cd5931c1f0c94800386e3f618eac992e73bbd88d4529f71716bb1e7ea1
Sha512
8fe22de1154c5e225d408a5ebfa0c0b9a486f87a58abc2542fcf6ecc28e3bc97c5f3fd140d19b2448a5f3d8cc45c738992259fe0a4cb12455be39821e472771d
SSDeep
49152:i/M0Eng9O0F1W5K8OzqmVerbwAcj/u4GIdjukXf6U:CEGOB5hFAAcrlfZ
TLSH
0BA533AB8BA49693F846A0F205988701F43EFE540CF4D69D802654E4EF79777F10BA72

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
4e5d216040f47dab87635ffe7f652f80
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

DownloaderApp.exe
Full Name

DownloaderApp.exe
EntryPoint

System.Int32 <Module>::Main(System.String[])
Scope Name

DownloaderApp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DownloaderApp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1
Main Method

System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count

96
Main IL

ldc.i4 528852 pop <null> ldc.i4 528852 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() dup <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.1 <null> ldloc.0 <null> ldc.i4 514081340 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.2 <null> ldloca.s V_2 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.3 <null> ldstr koi ldloc.3 <null> callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) ldloc.3 <null> ldc.i4.0 <null> ldloc.3 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_2 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.1 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) dup <null> callvirt System.Type[] System.Reflection.Module::GetTypes() pop <null> ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) dup <null> callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_4 ldloc.s V_4 ldlen <null> brfalse.s IL_00D9: ldnull ldloc.s V_4 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldnull <null> ldloc.s V_4 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_5 ldloc.s V_5 isinst System.Int32 brfalse.s IL_00F4: ldc.i4.0 ldloc.s V_5 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>
Module Name

DownloaderApp.exe
Full Name

DownloaderApp.exe
EntryPoint

System.Int32 <Module>::Main(System.String[])
Scope Name

DownloaderApp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DownloaderApp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1
Main Method

System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count

96
Main IL

ldc.i4 528852 pop <null> ldc.i4 528852 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() dup <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.1 <null> ldloc.0 <null> ldc.i4 514081340 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.2 <null> ldloca.s V_2 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.3 <null> ldstr koi ldloc.3 <null> callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) ldloc.3 <null> ldc.i4.0 <null> ldloc.3 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_2 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.1 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) dup <null> callvirt System.Type[] System.Reflection.Module::GetTypes() pop <null> ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) dup <null> callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_4 ldloc.s V_4 ldlen <null> brfalse.s IL_00D9: ldnull ldloc.s V_4 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldnull <null> ldloc.s V_4 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_5 ldloc.s V_5 isinst System.Int32 brfalse.s IL_00F4: ldc.i4.0 ldloc.s V_5 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>
4e5d216040f47dab87635ffe7f652f80 (2.13 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙