Suspicious
Suspect

67897fef32e5585c5d5d9bafe9108b72

PE Executable
|
MD5: 67897fef32e5585c5d5d9bafe9108b72
|
Size: 83.97 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
67897fef32e5585c5d5d9bafe9108b72
Sha1
783a780d0f0e868c394f74d6be8e5fed6a56ecc5
Sha256
cd66bad34ad05965bee433aa970e695c521193b943f734e60fa0e0da5314caab
Sha384
8fed933f18f5acf2330bb497d89a3afbf6c87625f17817f597a363729405bb6f61cb56623ccc5f2d5b8340894983941c
Sha512
de6ed9f8cc436fbdc0905f23e6fd36034c805ebed67a56e736bb17d925b5dd3bf77ea5bcdf6dbb2a71d1f9cf379b556054e4fd5f7718c59d21a409e110c55c74
SSDeep
1536:zHZzOoaoKLJWm4ZTwH68weMMb5yII5WCh5rahKGptQDXbImEw:lzchJWm+TjMbKW8qtQDXbIm5
TLSH
7F837D8EFB40CA85C50D8EB7C963904482B5D4A77937FB7B28DC5EE59C215A8C98FC44

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
67897fef32e5585c5d5d9bafe9108b72
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

CryTools.exe
Full Name

CryTools.exe
EntryPoint

System.Void Stub.Main::Main()
Scope Name

CryTools.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CryTools
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

0
Main Method

System.Void Stub.Main::Main()
Main IL Instruction Count

104
Main IL

ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> ldc.i4 340 ldc.i4 331 call System.Void My.MyComputer::Ⴃ(System.Int32,System.Int32,System.Int16) ldc.i4.3 <null> stloc.s V_4 ldloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 173 ldc.i4 149 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 393 ldc.i4 433 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Port ldc.i4.0 <null> stloc.s V_4 br.s IL_001D: ldloc.s V_4 ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 380 ldc.i4 324 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 972 ldc.i4 1012 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::SPL ldc.i4.5 <null> stloc.s V_4 br IL_001D: ldloc.s V_4 ldsfld System.String Settings::Groub call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 559 ldc.i4 535 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Groub ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 386 ldc.i4 442 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::USBNM leave.s IL_012B: ldc.i4.2 dup <null> ldc.i4 391 ldc.i4 463 call System.Void Stub.AlgorithmAES::Ⴄ<System.Exception>(System.Exception,System.Char,System.Char) stloc.2 <null> ldc.i4.0 <null> ldc.i4 170 ldc.i4 138 call System.Void My.MyComputer::Ⴃ(System.Int32,System.Int32,System.Int16) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012B: ldc.i4.2 ldc.i4.2 <null> stloc.s V_6 ldloc.s V_6 switch dnlib.DotNet.Emit.Instruction[] call System.Boolean Ⴈ.Ⴃ::Ⴓ() brtrue.s IL_0161: ldc.i4.4 ldc.i4.0 <null> stloc.s V_6 br.s IL_012E: ldloc.s V_6 ldc.i4.4 <null> br.s IL_015D: stloc.s V_6 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Ⴈ.Ⴃ::Ⴍ() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldc.i4.1 <null> stloc.s V_6 br.s IL_012E: ldloc.s V_6 ldloc.0 <null> isinst System.Threading.Thread callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> castclass System.Threading.Thread callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> castclass System.Threading.Thread callvirt System.Void System.Threading.Thread::Join() ret <null> ldtoken System.Void Stub.Main::Main() pop <null> ret <null>
Module Name

CryTools.exe
Full Name

CryTools.exe
EntryPoint

System.Void Stub.Main::Main()
Scope Name

CryTools.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CryTools
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

0
Main Method

System.Void Stub.Main::Main()
Main IL Instruction Count

104
Main IL

ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> ldc.i4 340 ldc.i4 331 call System.Void My.MyComputer::Ⴃ(System.Int32,System.Int32,System.Int16) ldc.i4.3 <null> stloc.s V_4 ldloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 173 ldc.i4 149 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 393 ldc.i4 433 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Port ldc.i4.0 <null> stloc.s V_4 br.s IL_001D: ldloc.s V_4 ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 380 ldc.i4 324 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 972 ldc.i4 1012 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::SPL ldc.i4.5 <null> stloc.s V_4 br IL_001D: ldloc.s V_4 ldsfld System.String Settings::Groub call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 559 ldc.i4 535 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::Groub ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) ldc.i4 386 ldc.i4 442 call System.String My.MyComputer::Ⴓ<System.Object>(System.Object,System.Int32,System.Int16) stsfld System.String Settings::USBNM leave.s IL_012B: ldc.i4.2 dup <null> ldc.i4 391 ldc.i4 463 call System.Void Stub.AlgorithmAES::Ⴄ<System.Exception>(System.Exception,System.Char,System.Char) stloc.2 <null> ldc.i4.0 <null> ldc.i4 170 ldc.i4 138 call System.Void My.MyComputer::Ⴃ(System.Int32,System.Int32,System.Int16) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012B: ldc.i4.2 ldc.i4.2 <null> stloc.s V_6 ldloc.s V_6 switch dnlib.DotNet.Emit.Instruction[] call System.Boolean Ⴈ.Ⴃ::Ⴓ() brtrue.s IL_0161: ldc.i4.4 ldc.i4.0 <null> stloc.s V_6 br.s IL_012E: ldloc.s V_6 ldc.i4.4 <null> br.s IL_015D: stloc.s V_6 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Ⴈ.Ⴃ::Ⴍ() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldc.i4.1 <null> stloc.s V_6 br.s IL_012E: ldloc.s V_6 ldloc.0 <null> isinst System.Threading.Thread callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> castclass System.Threading.Thread callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> castclass System.Threading.Thread callvirt System.Void System.Threading.Thread::Join() ret <null> ldtoken System.Void Stub.Main::Main() pop <null> ret <null>
67897fef32e5585c5d5d9bafe9108b72 (83.97 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙