Suspicious
Suspect

5eaf0abd7ada39f208121d7d3bd31969

PE Executable
|
MD5: 5eaf0abd7ada39f208121d7d3bd31969
|
Size: 335.36 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
5eaf0abd7ada39f208121d7d3bd31969
Sha1
725a8c839c8e78f5f611fe4532d4df45f117c530
Sha256
8dc5ce1b016bdaebc7d77a20cccf815a49840e239c33132d35504d03c5f6ac99
Sha384
47c109f94a7bfc3c6275f9458d7a7e8b16200c69e2578fddf4eb0f748779f1ffb7ca6f56d623a68ba5616bf82bb5a733
Sha512
acbab7cc2cfc74d19e4b6e43dc61585bf19024fc01f4526fd3f04ee4abc99027faac950779326408e5c205c79399579d155e891ae5e390476ddf1e1dbcaf0863
SSDeep
6144:vjpv21rpLZ8V8ZuqhmR23bX9x7uueBKrw4HrDo+jn1YC:vV+HeT8X9x7SHILj
TLSH
A264234E33BCC47CD229353C84EA61C60212C58778869F5A68E91BE54C673DB354FAFA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5eaf0abd7ada39f208121d7d3bd31969
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
EUROOOOO&&
Informations
Name
 Value
Module Name

EUROOOOO.exe
Full Name

EUROOOOO.exe
EntryPoint

System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd()
Scope Name

EUROOOOO.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EUROOOOO
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

4
Main Method

System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd()
Main IL Instruction Count

126
Main IL

br.s IL_000A: call System.Int32 System.Environment::get_TickCount() pop <null> ldc.i4.s 12 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) call System.Int32 System.Environment::get_TickCount() ldc.i4.s 16 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) rem <null> brfalse IL_015E: ldc.i4.s 120 ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_002F: ldc.i4.s 20 ldtoken System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd() pop <null> ldc.i4.s 20 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.0 <null> call System.String A.c259af5b7fd23c9c14c145e593af5f225::cf822239fc62ac8114c62f6cb75580a1b(System.Object) dup <null> pop <null> stloc.1 <null> ldc.i4.s 24 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_4 ldlen <null> conv.i4 <null> ldc.i4.s 28 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) ble IL_018E: leave.s IL_0193 ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 32 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.1 <null> call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.Byte[] System.Convert::FromBase64String(System.String) stloc.3 <null> br IL_0131: ldloc.1 ldc.i4.s 36 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) stloc.s V_6 ldloc.s V_6 switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 40 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_4 brfalse IL_018E: leave.s IL_0193 ldc.i4.6 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 44 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) call System.Void A.c259af5b7fd23c9c14c145e593af5f225::cb0755d9bc4f527d8761b513afcb5078a() ldc.i4.s 48 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() dup <null> pop <null> ldc.i4.s 50 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_5 ldc.i4.s 52 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.s 71 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.Byte[] System.Convert::FromBase64String(System.String) dup <null> pop <null> stloc.2 <null> ldc.i4.s 56 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> call System.Byte[] A.c259af5b7fd23c9c14c145e593af5f225::cc53a53454b6b4adbcdb6340a241057ef(System.Object,System.Object,System.Object) dup <null> pop <null> stloc.s V_4 br.s IL_00C9: ldloc.s V_4 pop <null> ldc.i4.s 60 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) ldc.i4.s 64 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) brtrue IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.2 <null> switch dnlib.DotNet.Emit.Instruction[] pop <null> ldc.i4.s 120 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> stloc.0 <null> call System.Boolean A.c259af5b7fd23c9c14c145e593af5f225::caf81dd6eafe06b0109e19e982d9f127c() dup <null> pop <null> call System.Boolean A.c259af5b7fd23c9c14c145e593af5f225::c36e03cd823ff69a2faadf78ed57e977f() dup <null> pop <null> brfalse.s IL_013F: pop pop <null> ldc.i4.s 68 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_5 ldloc.s V_4 call System.Void A.c259af5b7fd23c9c14c145e593af5f225::c2319b36210d6273515c6ff64cfba603c(System.Object,System.Object) leave.s IL_0193: ret pop <null> leave.s IL_0193: ret ret <null>
Module Name

EUROOOOO.exe
Full Name

EUROOOOO.exe
EntryPoint

System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd()
Scope Name

EUROOOOO.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EUROOOOO
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

4
Main Method

System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd()
Main IL Instruction Count

126
Main IL

br.s IL_000A: call System.Int32 System.Environment::get_TickCount() pop <null> ldc.i4.s 12 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) call System.Int32 System.Environment::get_TickCount() ldc.i4.s 16 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) rem <null> brfalse IL_015E: ldc.i4.s 120 ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_002F: ldc.i4.s 20 ldtoken System.Void A.c259af5b7fd23c9c14c145e593af5f225::c6890c6d85371ba79fd0ed0f85e7627fd() pop <null> ldc.i4.s 20 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.0 <null> call System.String A.c259af5b7fd23c9c14c145e593af5f225::cf822239fc62ac8114c62f6cb75580a1b(System.Object) dup <null> pop <null> stloc.1 <null> ldc.i4.s 24 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_4 ldlen <null> conv.i4 <null> ldc.i4.s 28 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) ble IL_018E: leave.s IL_0193 ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 32 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.1 <null> call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.Byte[] System.Convert::FromBase64String(System.String) stloc.3 <null> br IL_0131: ldloc.1 ldc.i4.s 36 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) stloc.s V_6 ldloc.s V_6 switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 40 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_4 brfalse IL_018E: leave.s IL_0193 ldc.i4.6 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 44 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) call System.Void A.c259af5b7fd23c9c14c145e593af5f225::cb0755d9bc4f527d8761b513afcb5078a() ldc.i4.s 48 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br.s IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() dup <null> pop <null> ldc.i4.s 50 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_5 ldc.i4.s 52 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.s 71 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> call System.Byte[] System.Convert::FromBase64String(System.String) dup <null> pop <null> stloc.2 <null> ldc.i4.s 56 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> call System.Byte[] A.c259af5b7fd23c9c14c145e593af5f225::cc53a53454b6b4adbcdb6340a241057ef(System.Object,System.Object,System.Object) dup <null> pop <null> stloc.s V_4 br.s IL_00C9: ldloc.s V_4 pop <null> ldc.i4.s 60 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) ldc.i4.s 64 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) brtrue IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldc.i4.2 <null> switch dnlib.DotNet.Emit.Instruction[] pop <null> ldc.i4.s 120 call System.String A.c94290fbd12ad05c041dabfe20b0f629b::c18f938a54b1d83e925483828fc13dd92(System.Int32) dup <null> pop <null> stloc.0 <null> call System.Boolean A.c259af5b7fd23c9c14c145e593af5f225::caf81dd6eafe06b0109e19e982d9f127c() dup <null> pop <null> call System.Boolean A.c259af5b7fd23c9c14c145e593af5f225::c36e03cd823ff69a2faadf78ed57e977f() dup <null> pop <null> brfalse.s IL_013F: pop pop <null> ldc.i4.s 68 call System.Int32 A.c5d77dcdd1f505e7fb1e4ebfa077f0ff7::cbc297a54348886940777efc52a24d310(System.Int32) br IL_008B: switch(IL_0131,IL_00F1,IL_0038,IL_0114,IL_015E,IL_00E3,IL_013D,IL_004A,IL_00C9,IL_0038,IL_006D,IL_0185) ldloc.s V_5 ldloc.s V_4 call System.Void A.c259af5b7fd23c9c14c145e593af5f225::c2319b36210d6273515c6ff64cfba603c(System.Object,System.Object) leave.s IL_0193: ret pop <null> leave.s IL_0193: ret ret <null>
5eaf0abd7ada39f208121d7d3bd31969 (335.36 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙