Suspicious
Suspect

6f4151c124693d9dfd2092b7e01df0d4

PE Executable
|
MD5: 6f4151c124693d9dfd2092b7e01df0d4
|
Size: 1.36 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
6f4151c124693d9dfd2092b7e01df0d4
Sha1
11aad99764d62584e8252f0e2d05571be55f0a70
Sha256
c1fcdbc77e5ab2ebfbf3bd0adc2d81bd64ed2dfdacccfea9783003cf950ac36b
Sha384
56e0f4804ffc8664ff0ea014f03c1c798a1792cdc5b05597d2277334d0403eb243820511ae1e767e175962ca2680a0ab
Sha512
cd856507059fa07a9a9a393ed20136c35d00c444ad36eddf368705944af7d19c684b62d9dc49d71f18eb51a1f537d8d0adf7047f1077463410046f49963289da
SSDeep
24576:XB4V0DtDw8tCSAFc+sEmtFMB89wizc3gi4E5r1j7SJP6G:XaiB3CfFcmfewEcvn
TLSH
B6552323F54E74B0E144BB3EC5EB61181361CBC673E3F95AB58B13AE45A3BD9490284B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
6f4151c124693d9dfd2092b7e01df0d4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ldrywxj.Properties.Resources.resources
Gidwmi
ILRepack.List
           
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

amm
Full Name

amm
EntryPoint

System.Void amm.Mapping.IdentifiableMapper::VisitMapper()
Scope Name

amm
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

amm
Assembly Version

1.0.2925.3137
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void amm.Mapping.IdentifiableMapper::VisitMapper()
Main IL Instruction Count

96
Main IL

ldc.i4 4 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_009B: ldsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor newobj System.Void amm.Mapping.IdentifiableMapper/MonoMapper::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_4c1173c6235441f182a81e63a7d10cf1 brtrue IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 3 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldc.i4 -1581026140 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) stloc.s V_3 ldc.i4 5 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldc.i4 -1581026169 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) stloc.s V_2 ldc.i4 0 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_3716434cea1a4a299fddfc45ee8acd0d brfalse IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 0 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor dup <null> brtrue IL_00DD: newobj System.Void amm.Elements.JoinedElement::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 1 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_631824dfea694cb4810cbc47a8ddf4cb brtrue IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 1 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ret <null> ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_DividedMapper ldftn System.Byte[] amm.Mapping.IdentifiableMapper/DefinitionTokenizer::TranslateMixedMapper() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor newobj System.Void amm.Elements.JoinedElement::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_3 ldloc.s V_2 newobj System.Void amm.Collections.CollectionSharer::.ctor(System.String,System.String) stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_MapperTransformer ldloc.s V_0 newobj System.Void amm.Threading.ConsumerThread::.ctor() stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_ConcreteMapper ldloc.s V_0 ldc.i4 -1581025926 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) ldc.i4 -1581025978 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) newobj System.Void amm.Monitoring.WatcherTracer::.ctor(System.String,System.String) stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::m_StatelessChecker dup <null> ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ReplaceMapper(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Elements.JoinedElement::ModifyExternalElement(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_MapperTransformer ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ConvertScopeMapper(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Collections.CollectionSharer::RemoveConcreteCollection(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_ConcreteMapper ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ConvertPortableMapper(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Threading.ConsumerThread::StopIsolatedPredictor(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::m_StatelessChecker ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_MapperTransaction dup <null> brfalse IL_017A: pop br IL_0191: callvirt System.Void amm.Monitoring.WatcherTracer::SolveWatcher(System.Action) pop <null> ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_DividedMapper ldftn System.Void amm.Mapping.IdentifiableMapper/DefinitionTokenizer::ConvertSetMapper() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_MapperTransaction callvirt System.Void amm.Monitoring.WatcherTracer::SolveWatcher(System.Action) callvirt System.Void amm.Elements.JoinedElement::ManageTransferableElement() ldc.i4 2 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070)
Module Name

amm
Full Name

amm
EntryPoint

System.Void amm.Mapping.IdentifiableMapper::VisitMapper()
Scope Name

amm
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

amm
Assembly Version

1.0.2925.3137
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void amm.Mapping.IdentifiableMapper::VisitMapper()
Main IL Instruction Count

96
Main IL

ldc.i4 4 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_009B: ldsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor newobj System.Void amm.Mapping.IdentifiableMapper/MonoMapper::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_4c1173c6235441f182a81e63a7d10cf1 brtrue IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 3 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldc.i4 -1581026140 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) stloc.s V_3 ldc.i4 5 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldc.i4 -1581026169 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) stloc.s V_2 ldc.i4 0 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_3716434cea1a4a299fddfc45ee8acd0d brfalse IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 0 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ldsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor dup <null> brtrue IL_00DD: newobj System.Void amm.Elements.JoinedElement::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 1 ldsfld <Module>{2b33f309-4374-4da8-89c5-a426d834a533} <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_65ed6d148f044c239a7e8f766c23e3a9 ldfld System.Int32 <Module>{2b33f309-4374-4da8-89c5-a426d834a533}::m_631824dfea694cb4810cbc47a8ddf4cb brtrue IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) pop <null> ldc.i4 1 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070) ret <null> ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_DividedMapper ldftn System.Byte[] amm.Mapping.IdentifiableMapper/DefinitionTokenizer::TranslateMixedMapper() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> amm.Mapping.IdentifiableMapper/DefinitionTokenizer::m_GeneratorMonitor newobj System.Void amm.Elements.JoinedElement::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_3 ldloc.s V_2 newobj System.Void amm.Collections.CollectionSharer::.ctor(System.String,System.String) stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_MapperTransformer ldloc.s V_0 newobj System.Void amm.Threading.ConsumerThread::.ctor() stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_ConcreteMapper ldloc.s V_0 ldc.i4 -1581025926 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) ldc.i4 -1581025978 call System.String amm.Threading.ScalableThread::GetThread(System.Int32) newobj System.Void amm.Monitoring.WatcherTracer::.ctor(System.String,System.String) stfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::m_StatelessChecker dup <null> ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ReplaceMapper(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Elements.JoinedElement::ModifyExternalElement(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_MapperTransformer ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ConvertScopeMapper(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Collections.CollectionSharer::RemoveConcreteCollection(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::_ConcreteMapper ldloc.s V_0 ldftn System.Void amm.Mapping.IdentifiableMapper/MonoMapper::ConvertPortableMapper(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void amm.Threading.ConsumerThread::StopIsolatedPredictor(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld System.Object amm.Mapping.IdentifiableMapper/MonoMapper::m_StatelessChecker ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_MapperTransaction dup <null> brfalse IL_017A: pop br IL_0191: callvirt System.Void amm.Monitoring.WatcherTracer::SolveWatcher(System.Action) pop <null> ldsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_DividedMapper ldftn System.Void amm.Mapping.IdentifiableMapper/DefinitionTokenizer::ConvertSetMapper() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Object amm.Mapping.IdentifiableMapper/DefinitionTokenizer::_MapperTransaction callvirt System.Void amm.Monitoring.WatcherTracer::SolveWatcher(System.Action) callvirt System.Void amm.Elements.JoinedElement::ManageTransferableElement() ldc.i4 2 br IL_0012: switch(IL_009B,IL_00C7,IL_00C6,IL_005A,IL_0034,IL_0070)
6f4151c124693d9dfd2092b7e01df0d4 (1.36 MB)
File Structure
6f4151c124693d9dfd2092b7e01df0d4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ldrywxj.Properties.Resources.resources
Gidwmi
ILRepack.List
           
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙