Suspicious
Suspect

5e7cab4415b8d51caea456630ba40804

PE Executable
|
MD5: 5e7cab4415b8d51caea456630ba40804
|
Size: 1.68 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
5e7cab4415b8d51caea456630ba40804
Sha1
ddaf4df5c6df318293de2fe26a60289bb27f22a5
Sha256
689f12ea7f8d38e1db3a226e94a9d1956b0287942f2ebb2c98b08373d18c0ce4
Sha384
1524ab7c974989a4ce5714a8ce4417400f48e29d74104d8be0176ac3ee81555c030411759bb82e47cb3e7b3bb89be04c
Sha512
c85fcc776e3ab2808355f81541542f476569c4ea9bf7d8336e606bd511d361f9bd78cc8cfe987479b30a2b7065d5d6e5c36a638b000b8abf2541d37f350df160
SSDeep
49152:P5cxDKJGDtMh3owSvXmhkguhYhQuKhXtNDAz:RuDKgtPmhkhYhQDfE
TLSH
9675237BBE8B43E1D3459B7AC487102806A1C7A2F723DB0B7D4B1B714A42BD8599D24F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5e7cab4415b8d51caea456630ba40804
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
rfBR
Informations
Name
 Value
Module Name

crypted.exe
Full Name

crypted.exe
EntryPoint

System.Void Ltaqzfn.Diagnostics.TracerResponder::TraceFlexibleTracer()
Scope Name

crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

crypted
Assembly Version

1.0.5468.8474
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

20
Main Method

System.Void Ltaqzfn.Diagnostics.TracerResponder::TraceFlexibleTracer()
Main IL Instruction Count

62
Main IL

ldc.i4 6 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_005D: ldc.i4.0 ret <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 0 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_4d4fa3ec371846828116ead146e1f41c brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 4 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) newobj System.Void crypted.Values.ValueSchema::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 0 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_ec6f4562cf9c47469fc11fb1b00ff376 brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 1 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldsfld System.Threading.ThreadExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::_ReadableTracer dup <null> brfalse IL_00A6: pop br IL_00DC: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldc.i4 5 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_91af1bfafe654d9390664067c4661ba1 brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldsfld Ltaqzfn.Diagnostics.TracerResponder/<>c Ltaqzfn.Diagnostics.TracerResponder/<>c::_OperationalAttribute ldftn System.Void Ltaqzfn.Diagnostics.TracerResponder/<>c::TrackControllableTracer(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::_ReadableTracer call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) ldc.i4 3 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::alphabeticTracer dup <null> brtrue IL_0112: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld Ltaqzfn.Diagnostics.TracerResponder/<>c Ltaqzfn.Diagnostics.TracerResponder/<>c::_OperationalAttribute ldftn System.Void Ltaqzfn.Diagnostics.TracerResponder/<>c::TrackConvertibleTracer(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::alphabeticTracer callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0
Module Name

crypted.exe
Full Name

crypted.exe
EntryPoint

System.Void Ltaqzfn.Diagnostics.TracerResponder::TraceFlexibleTracer()
Scope Name

crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

crypted
Assembly Version

1.0.5468.8474
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

20
Main Method

System.Void Ltaqzfn.Diagnostics.TracerResponder::TraceFlexibleTracer()
Main IL Instruction Count

62
Main IL

ldc.i4 6 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_005D: ldc.i4.0 ret <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 0 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_4d4fa3ec371846828116ead146e1f41c brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 4 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) newobj System.Void crypted.Values.ValueSchema::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 0 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_ec6f4562cf9c47469fc11fb1b00ff376 brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 1 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldsfld System.Threading.ThreadExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::_ReadableTracer dup <null> brfalse IL_00A6: pop br IL_00DC: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldc.i4 5 ldsfld <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978} <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_885245e2bae844adbba12e3575a74b72 ldfld System.Int32 <Module>{4b19b0d9-c957-4dc0-8e69-c0965c988978}::m_91af1bfafe654d9390664067c4661ba1 brtrue IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) ldsfld Ltaqzfn.Diagnostics.TracerResponder/<>c Ltaqzfn.Diagnostics.TracerResponder/<>c::_OperationalAttribute ldftn System.Void Ltaqzfn.Diagnostics.TracerResponder/<>c::TrackControllableTracer(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::_ReadableTracer call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) ldc.i4 3 br IL_0012: switch(IL_005D,IL_0038,IL_0039,IL_00EB,IL_006D,IL_00C6,IL_0096) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::alphabeticTracer dup <null> brtrue IL_0112: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld Ltaqzfn.Diagnostics.TracerResponder/<>c Ltaqzfn.Diagnostics.TracerResponder/<>c::_OperationalAttribute ldftn System.Void Ltaqzfn.Diagnostics.TracerResponder/<>c::TrackConvertibleTracer(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler Ltaqzfn.Diagnostics.TracerResponder/<>c::alphabeticTracer callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0
5e7cab4415b8d51caea456630ba40804 (1.68 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙