Malicious
Malicious

51568da455d95b7fb77213b68c337070

PE Executable
|
MD5: 51568da455d95b7fb77213b68c337070
|
Size: 1.44 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
51568da455d95b7fb77213b68c337070
Sha1
53aa21c8abb7f45e8ac8505b1afc69a54fc9349e
Sha256
4a310b9bdd70d9fc976b4824dd8941141772827ea3d2545819f9e27b0d89d62d
Sha384
1142d51c83b358c2090709ce3d6406ac00707c474cf2e85c49db46c63408f6766b53755d0c5577a10f8f78e12182de60
Sha512
76aad0b402fb9f19d03f9a377c61f202790508423c944cc13739ae7a8c9c0f1664fdc59134b7d9d05e34851d0b2668ed7d7888c606803a1bfbf0a637f5f35a31
SSDeep
24576:l8WQ+8Y4TlAyassO/UytjLaeemBGja5fJnnDvS0HTE1Xm:jsVXPHTEg
TLSH
66656307BE864BB2C1350776C9DB454CE3B5DAA9FB33CB0B7549235609C23F94A4229B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
51568da455d95b7fb77213b68c337070
Malicious
[Authenticode]_54209be0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x15C000 size 11896 bytes
Module Name

re5.exe
Full Name

re5.exe
EntryPoint

System.Void re5.Threading.ThreadFormatter::TestThread()
Scope Name

re5.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

re5
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

1209
Main Method

System.Void re5.Threading.ThreadFormatter::TestThread()
Main IL Instruction Count

105
Main IL

ldc.i4 2 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_004E: ret newobj System.Void BitMiracle.Monitoring.ScopeWatcher::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_9e5d5a0f0f834a0aa93b6a9d1d9fb13e brtrue IL_0012: switch(IL_004E,IL_004F,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004E,IL_004F,IL_0028) ret <null> nop <null> ldloc.s V_0 callvirt System.String BitMiracle.Monitoring.ScopeWatcher::MonitorControllableWatcher() brfalse IL_013B: leave IL_004E ldc.i4 4 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_00C1: ldloc.s V_4 ldloc.s V_4 call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldstr VIVLaJKJS ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_27caa812a2764f22b6002df137f074f8 brtrue IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) pop <null> ldc.i4 1 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc.s V_4 call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> bgt IL_0088: ldloc.s V_4 ldc.i4 2 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) br IL_013B: leave IL_004E ldc.i4 3 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc.s V_0 callvirt System.Type[] BitMiracle.Monitoring.ScopeWatcher::ControlWatcher() ldsfld System.Func`2<System.Type,System.Boolean> re5.Threading.ThreadFormatter/<>c::_CalcTree dup <null> brfalse IL_00FE: pop br IL_0115: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld re5.Threading.ThreadFormatter/<>c re5.Threading.ThreadFormatter/<>c::m_WrapperExecutor ldftn System.Boolean re5.Threading.ThreadFormatter/<>c::SolveDetachedService(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> re5.Threading.ThreadFormatter/<>c::_CalcTree call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.s V_4 ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_bebfb0cb43d54186bbbdd719ddcdbca9 brtrue IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) pop <null> ldc.i4 0 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) leave IL_004E: ret ldloc.s V_0 brtrue IL_0193: ldloc.s V_0 ldc.i4 2 stloc V_2 br IL_0155: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0193: ldloc.s V_0 br IL_01B9: endfinally ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_bebfb0cb43d54186bbbdd719ddcdbca9 brfalse IL_0159: switch(IL_0193,IL_01B9,IL_016F) pop <null> ldc.i4 0 br IL_0159: switch(IL_0193,IL_01B9,IL_016F) ldloc.s V_0 callvirt System.Void System.IDisposable::Dispose() ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_7a3ba6dd9ffc475e82b3676bd8167125 brfalse IL_0159: switch(IL_0193,IL_01B9,IL_016F) pop <null> ldc.i4 1 br IL_0159: switch(IL_0193,IL_01B9,IL_016F) endfinally <null> ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_c0ae74e86c25446cbcf95b133ca84ccc brtrue IL_0012: switch(IL_004E,IL_004F,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004E,IL_004F,IL_0028)
Module Name

re5.exe
Full Name

re5.exe
EntryPoint

System.Void re5.Threading.ThreadFormatter::TestThread()
Scope Name

re5.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

re5
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

1209
Main Method

System.Void re5.Threading.ThreadFormatter::TestThread()
Main IL Instruction Count

105
Main IL

ldc.i4 2 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_004E: ret newobj System.Void BitMiracle.Monitoring.ScopeWatcher::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_9e5d5a0f0f834a0aa93b6a9d1d9fb13e brtrue IL_0012: switch(IL_004E,IL_004F,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004E,IL_004F,IL_0028) ret <null> nop <null> ldloc.s V_0 callvirt System.String BitMiracle.Monitoring.ScopeWatcher::MonitorControllableWatcher() brfalse IL_013B: leave IL_004E ldc.i4 4 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_00C1: ldloc.s V_4 ldloc.s V_4 call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldstr VIVLaJKJS ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_27caa812a2764f22b6002df137f074f8 brtrue IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) pop <null> ldc.i4 1 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc.s V_4 call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> bgt IL_0088: ldloc.s V_4 ldc.i4 2 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) br IL_013B: leave IL_004E ldc.i4 3 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) ldloc.s V_0 callvirt System.Type[] BitMiracle.Monitoring.ScopeWatcher::ControlWatcher() ldsfld System.Func`2<System.Type,System.Boolean> re5.Threading.ThreadFormatter/<>c::_CalcTree dup <null> brfalse IL_00FE: pop br IL_0115: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld re5.Threading.ThreadFormatter/<>c re5.Threading.ThreadFormatter/<>c::m_WrapperExecutor ldftn System.Boolean re5.Threading.ThreadFormatter/<>c::SolveDetachedService(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> re5.Threading.ThreadFormatter/<>c::_CalcTree call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.s V_4 ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_bebfb0cb43d54186bbbdd719ddcdbca9 brtrue IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) pop <null> ldc.i4 0 br IL_006A: switch(IL_00C1,IL_013B,IL_00D8,IL_0088,IL_00E7) leave IL_004E: ret ldloc.s V_0 brtrue IL_0193: ldloc.s V_0 ldc.i4 2 stloc V_2 br IL_0155: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0193: ldloc.s V_0 br IL_01B9: endfinally ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_bebfb0cb43d54186bbbdd719ddcdbca9 brfalse IL_0159: switch(IL_0193,IL_01B9,IL_016F) pop <null> ldc.i4 0 br IL_0159: switch(IL_0193,IL_01B9,IL_016F) ldloc.s V_0 callvirt System.Void System.IDisposable::Dispose() ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_7a3ba6dd9ffc475e82b3676bd8167125 brfalse IL_0159: switch(IL_0193,IL_01B9,IL_016F) pop <null> ldc.i4 1 br IL_0159: switch(IL_0193,IL_01B9,IL_016F) endfinally <null> ldc.i4 0 ldsfld <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb} <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_09c26ee187324b93abbbdaf43c47bc24 ldfld System.Int32 <Module>{139ef701-91f5-4151-b995-f8f8af66b6cb}::m_c0ae74e86c25446cbcf95b133ca84ccc brtrue IL_0012: switch(IL_004E,IL_004F,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004E,IL_004F,IL_0028)
51568da455d95b7fb77213b68c337070 (1.44 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙