Suspicious
Suspect

59fb8fa961b52b1e2dc951ef642227fe

PE Executable
|
MD5: 59fb8fa961b52b1e2dc951ef642227fe
|
Size: 52.22 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
59fb8fa961b52b1e2dc951ef642227fe
Sha1
5ff9473c98e53730b542d1a31591c1a9074e5131
Sha256
c74a3e57eaffe14c36fe82c83887e8a1f7943ffffc73c073c616b61d90e43210
Sha384
0fbbe3f17155673ca351b4f1955cf66270bce3a33354d0246a29e54ddffc1cb8295c64eba3049312e1564646bc09db2f
Sha512
5f8b7b0e3111ae24adbc3d5d628fd534c930d1cfb23d8aea1628592336eaa2bc74a54ad8b0a9fb19822d2b3554593376a04b5e6cb06aa9b36b3e60cbb8840df2
SSDeep
768:nQnVZFvy3G14Tl3uUslyNtHgLhgDbuEms2/6uUgNRMEKKnV6wb:yq3G1gl3uUByqmIuLJV6A
TLSH
AD33171A77CD5B73D6EA8FFE94F266500336D0B6E34BE30B6884122518137EB8891E57

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
59fb8fa961b52b1e2dc951ef642227fe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
{fb987273-2576-4978-9b1c-50f585fc9ae3}
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ugmlgtzwfj
Full Name

Ugmlgtzwfj
EntryPoint

System.Void .::()
Scope Name

Ugmlgtzwfj
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ugmlgtzwfj
Assembly Version

1.0.5503.23968
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

69
Main Method

System.Void .::()
Main IL Instruction Count

82
Main IL

br IL_00F4: newobj System.Void ./::.ctor() br IL_00FE: stloc.0 ldstr sOTUGuiXYV2zhWyQx0KZtA== br IL_0104: stloc.1 ldc.i4.3 <null> brfalse.s IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: ldstr FQpMBT+4QQU= br IL_010A: stloc.2 ldsfld System.Func`1<System.Byte[]> ./:: dup <null> brtrue.s IL_0040: br IL_0110 pop <null> ldsfld ./ ./:: ldftn System.Byte[] ./::() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> ./:: br IL_0110: newobj System.Void .::.ctor(System.Func`1<System.Byte[]>) br IL_011A: ldloc.0 br IL_0120: ldloc.1 br IL_0126: ldloc.2 br IL_012C: newobj System.Void .::.ctor(System.String,System.String) stfld . ./:: ldloc.0 <null> newobj System.Void .::.ctor() stfld . ./:: ldloc.0 <null> ldstr FKjak33qKr09RHCp3K.Cwa29skSACMGXfpX7G ldstr V5tioTZdL newobj System.Void .::.ctor(System.String,System.String) stfld . ./:: dup <null> ldloc.0 <null> ldftn System.Void ./::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld . ./:: ldloc.0 <null> ldftn System.Void ./::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld . ./:: ldloc.0 <null> ldftn System.Void ./::(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld . ./:: ldsfld System.Action ./:: dup <null> brtrue.s IL_00E3: callvirt System.Void .::(System.Action) pop <null> ldsfld ./ ./:: ldftn System.Void ./::() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action ./:: callvirt System.Void .::(System.Action) call System.Void .::(.) ldc.i4.3 <null> brfalse IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: ret <null> newobj System.Void ./::.ctor() br IL_0005: br IL_00FE stloc.0 <null> br IL_000A: ldstr "sOTUGuiXYV2zhWyQx0KZtA==" stloc.1 <null> br IL_0014: ldc.i4.3 stloc.2 <null> br IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: newobj System.Void .::.ctor(System.Func`1<System.Byte[]>) br IL_0045: br IL_011A ldloc.0 <null> br IL_004A: br IL_0120 ldloc.1 <null> br IL_004F: br IL_0126 ldloc.2 <null> br IL_0054: br IL_012C newobj System.Void .::.ctor(System.String,System.String) br IL_0059: stfld . ./::
Module Name

Ugmlgtzwfj
Full Name

Ugmlgtzwfj
EntryPoint

System.Void .::()
Scope Name

Ugmlgtzwfj
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ugmlgtzwfj
Assembly Version

1.0.5503.23968
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

69
Main Method

System.Void .::()
Main IL Instruction Count

82
Main IL

br IL_00F4: newobj System.Void ./::.ctor() br IL_00FE: stloc.0 ldstr sOTUGuiXYV2zhWyQx0KZtA== br IL_0104: stloc.1 ldc.i4.3 <null> brfalse.s IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: ldstr FQpMBT+4QQU= br IL_010A: stloc.2 ldsfld System.Func`1<System.Byte[]> ./:: dup <null> brtrue.s IL_0040: br IL_0110 pop <null> ldsfld ./ ./:: ldftn System.Byte[] ./::() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> ./:: br IL_0110: newobj System.Void .::.ctor(System.Func`1<System.Byte[]>) br IL_011A: ldloc.0 br IL_0120: ldloc.1 br IL_0126: ldloc.2 br IL_012C: newobj System.Void .::.ctor(System.String,System.String) stfld . ./:: ldloc.0 <null> newobj System.Void .::.ctor() stfld . ./:: ldloc.0 <null> ldstr FKjak33qKr09RHCp3K.Cwa29skSACMGXfpX7G ldstr V5tioTZdL newobj System.Void .::.ctor(System.String,System.String) stfld . ./:: dup <null> ldloc.0 <null> ldftn System.Void ./::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld . ./:: ldloc.0 <null> ldftn System.Void ./::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld . ./:: ldloc.0 <null> ldftn System.Void ./::(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void .::(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld . ./:: ldsfld System.Action ./:: dup <null> brtrue.s IL_00E3: callvirt System.Void .::(System.Action) pop <null> ldsfld ./ ./:: ldftn System.Void ./::() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action ./:: callvirt System.Void .::(System.Action) call System.Void .::(.) ldc.i4.3 <null> brfalse IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: ret <null> newobj System.Void ./::.ctor() br IL_0005: br IL_00FE stloc.0 <null> br IL_000A: ldstr "sOTUGuiXYV2zhWyQx0KZtA==" stloc.1 <null> br IL_0014: ldc.i4.3 stloc.2 <null> br IL_0021: ldsfld System.Func`1<System.Byte[]> ./:: newobj System.Void .::.ctor(System.Func`1<System.Byte[]>) br IL_0045: br IL_011A ldloc.0 <null> br IL_004A: br IL_0120 ldloc.1 <null> br IL_004F: br IL_0126 ldloc.2 <null> br IL_0054: br IL_012C newobj System.Void .::.ctor(System.String,System.String) br IL_0059: stfld . ./::
59fb8fa961b52b1e2dc951ef642227fe (52.22 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙