Suspicious
Suspect

745dd9a4d7c17cca697edfb7d97bc094

PE Executable
|
MD5: 745dd9a4d7c17cca697edfb7d97bc094
|
Size: 288.26 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
745dd9a4d7c17cca697edfb7d97bc094
Sha1
79e06c65ff0d630b4b8bbba88f098c53eb73f1c4
Sha256
0c4131d4bc396e6ec1eb24322782ec08b90ab6aa42be8cd4caeb2cd5ef2190dd
Sha384
4ea67d77c921995511fadc6a7c240e5bc0804fe20f06895706af3a3715fbbfb0946ba3bcab41b587ba88dd260385231c
Sha512
b6f672084a81107bddc535041d548ffd68fb7da0068e230ba997cae3bc92f77f5f273729c3ba02efd90179eb01f9ffb70b2abe3c2288ac1a24319cbcea44c960
SSDeep
6144:O2AesOC8aEti4S4jee6VlWT8b9U4GRQfugbl7Ay:OTePXiIjePVle81um
TLSH
C554E70CFE91F805CD1E3E37CBE655104BB121C22E219642364AAFFD9B5937A58A71BC

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
745dd9a4d7c17cca697edfb7d97bc094
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
htkqnnmkuknp
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void hhPVDdbMftjdZb.WDgBOTyWs::KiWTvAaMZsJb(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

679
Main Method

System.Void hhPVDdbMftjdZb.WDgBOTyWs::KiWTvAaMZsJb(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 6138 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 6149 ceq <null> brfalse IL_0076: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 3992.399097540458 ldc.r8 2000 call System.Double System.Math::Log(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6008.00636756765 ldc.r8 3000 call System.Double System.Math::Log(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 6158 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6158 ceq <null> brfalse IL_0097: nop call System.Void PwHPzzpiHLJ.MkNnBiwSJtsZt::DIjeNQZSt() ldc.r8 6166 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6147 ceq <null> brfalse IL_00B8: nop call System.Void hhPVDdbMftjdZb.WDgBOTyWs::MAByEosfhfxWmJG() ldc.r8 6149 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6138 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 6147 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6166 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void hhPVDdbMftjdZb.WDgBOTyWs::KiWTvAaMZsJb(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

679
Main Method

System.Void hhPVDdbMftjdZb.WDgBOTyWs::KiWTvAaMZsJb(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 6138 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 6149 ceq <null> brfalse IL_0076: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 3992.399097540458 ldc.r8 2000 call System.Double System.Math::Log(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6008.00636756765 ldc.r8 3000 call System.Double System.Math::Log(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 6158 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6158 ceq <null> brfalse IL_0097: nop call System.Void PwHPzzpiHLJ.MkNnBiwSJtsZt::DIjeNQZSt() ldc.r8 6166 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6147 ceq <null> brfalse IL_00B8: nop call System.Void hhPVDdbMftjdZb.WDgBOTyWs::MAByEosfhfxWmJG() ldc.r8 6149 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6138 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 6147 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 6166 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
745dd9a4d7c17cca697edfb7d97bc094 (288.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙