Suspicious
Suspect

536cd72ab724b566019126fc50d862eb

PE Executable
|
MD5: 536cd72ab724b566019126fc50d862eb
|
Size: 28.26 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
536cd72ab724b566019126fc50d862eb
Sha1
d051abe5ee783c812f763169b67fc9f97b6014bb
Sha256
b3a1923db049a29cf8f95979a9919a977a45f82a6736048d4eec34b1996c5c0d
Sha384
ffb6a59013b91c3fd1b58be35dfb8433f0dc22f231a486036b1abf936ba57cde1753d7d6ccff56030d0d11d4e0fdca90
Sha512
89c7076689e872f78357b0ef009265958ae73cf306b839422dbc98b674651571e674f7bd0792f0c995782cd8269baa60e7736ef338882922c72b11677680def4
SSDeep
786432:hsc51W0Y0//W/8Pfsg7rNH9NjLwm/NO4bu:hscfW0VOk3zx9NPwmd
TLSH
085733DA13C863DDD7C20588658A418A74C4F8BD48FE98197DCB1D06D638DEB90AEDB3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
536cd72ab724b566019126fc50d862eb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
956EAFE70CE3.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.p_K
.')Q
.=e{
.rsrc
Resources
RT_MANIFEST
ID:0001
ID:1033
svchost.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
UPX0
UPX1
UPX2
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

956EAFE70CE4.exe
Full Name

956EAFE70CE4.exe
EntryPoint

System.Void SilentExecuter.Program::Main(System.String[])
Scope Name

956EAFE70CE4.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

956EAFE70CE4
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void SilentExecuter.Program::Main(System.String[])
Main IL Instruction Count

39
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.0 <null> ldloc.0 <null> callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.1 <null> ldloc.1 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 br.s IL_0049: ldloc.s V_4 ldloc.3 <null> ldloc.s V_4 ldelem.ref <null> stloc.2 <null> ldloc.2 <null> ldstr .exe callvirt System.Boolean System.String::Contains(System.String) brtrue.s IL_0033: ldloc.2 ldloc.2 <null> ldstr .EXE callvirt System.Boolean System.String::Contains(System.String) brfalse.s IL_0043: ldloc.s V_4 ldloc.2 <null> call System.Void SilentExecuter.Program::RunSilent(System.String) ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_4 ldc.i4.1 <null> add <null> stloc.s V_4 ldloc.s V_4 ldloc.3 <null> ldlen <null> conv.i4 <null> blt.s IL_0014: ldloc.3 leave.s IL_0055: ret pop <null> leave.s IL_0055: ret ret <null>
Module Name

956EAFE70CE4.exe
Full Name

956EAFE70CE4.exe
EntryPoint

System.Void SilentExecuter.Program::Main(System.String[])
Scope Name

956EAFE70CE4.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

956EAFE70CE4
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void SilentExecuter.Program::Main(System.String[])
Main IL Instruction Count

39
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.0 <null> ldloc.0 <null> callvirt System.String[] System.Reflection.Assembly::GetManifestResourceNames() stloc.1 <null> ldloc.1 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 br.s IL_0049: ldloc.s V_4 ldloc.3 <null> ldloc.s V_4 ldelem.ref <null> stloc.2 <null> ldloc.2 <null> ldstr .exe callvirt System.Boolean System.String::Contains(System.String) brtrue.s IL_0033: ldloc.2 ldloc.2 <null> ldstr .EXE callvirt System.Boolean System.String::Contains(System.String) brfalse.s IL_0043: ldloc.s V_4 ldloc.2 <null> call System.Void SilentExecuter.Program::RunSilent(System.String) ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_4 ldc.i4.1 <null> add <null> stloc.s V_4 ldloc.s V_4 ldloc.3 <null> ldlen <null> conv.i4 <null> blt.s IL_0014: ldloc.3 leave.s IL_0055: ret pop <null> leave.s IL_0055: ret ret <null>
536cd72ab724b566019126fc50d862eb (28.26 MB)
File Structure
536cd72ab724b566019126fc50d862eb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
956EAFE70CE3.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.p_K
.')Q
.=e{
.rsrc
Resources
RT_MANIFEST
ID:0001
ID:1033
svchost.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
UPX0
UPX1
UPX2
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙