Suspicious
Suspect

7a30f2d2bba350579d531068adb70360

PE Executable
|
MD5: 7a30f2d2bba350579d531068adb70360
|
Size: 890.88 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
7a30f2d2bba350579d531068adb70360
Sha1
444fc14b2df81d67dfc9594e63c9f02cdd17185f
Sha256
e22d400f19b72f31d712cf2f133813bf9f8b210ff4104f6440027e2aea8f28e6
Sha384
85390d82ce990fa9331f374b1c0005ab19265fc3d44448e43b5823e6ab2ad81d43a67ddbca2b95e8e07322627e701a5a
Sha512
2bb330a30f753e16527ff9475591b780da4bd2beb6470f98183bd80c45a4c6b616fc5953d03eec0517ebb57b9acc7ad5e5308f4e797b55f51cd6cc782b72a220
SSDeep
12288:MSYuV9/3qXCnfv9DkiJiKrPZtSaWhV/2D2AfDpfrgOWAVAf60jSXzYvJJ+MlSR:MStnCXCSicKrL4F2D2AfDpfrHd0jRhZ
TLSH
0C15234B3FF9C590C268E939A8694685233EE214765383F72FC8D51D2C567EB3C892C6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7a30f2d2bba350579d531068adb70360
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void A. :: ()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

15
Main Method

System.Void A. :: ()
Main IL Instruction Count

88
Main IL

call System.Void A.::() call System.Void A.::() call System.Reflection.Assembly A.::() dup <null> pop <null> ldc.i4.1 <null> call System.String A.::(System.Int32) dup <null> pop <null> ldc.i4.s 50 call System.String A.::(System.Int32) dup <null> pop <null> ldc.i4 139 call System.String A.::(System.Int32) dup <null> pop <null> call System.String A.:: (System.String,System.String,System.String) dup <null> pop <null> call System.IO.Stream A.::(System.Object,System.String) dup <null> pop <null> stloc.0 <null> call System.IO.MemoryStream A.::() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> call System.Int32 A.::(System.Int32) call System.IO.Compression.DeflateStream A.::(System.IO.Stream,System.IO.Compression.CompressionMode) dup <null> pop <null> stloc.2 <null> ldloc.2 <null> ldloc.1 <null> call System.Void A. ::(System.Object,System.IO.Stream) leave.s IL_0078: ldloc.1 ldloc.2 <null> brfalse.s IL_0077: endfinally ldc.i4.7 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_0071: ldloc.2 ldtoken System.Void A. :: () pop <null> ldloc.2 <null> call System.Void A.::(System.Object) endfinally <null> ldloc.1 <null> call System.Byte[] A.::(System.Object) dup <null> pop <null> call System.Reflection.Assembly A.::(System.Byte[]) dup <null> pop <null> call System.Reflection.MethodInfo A.::(System.Object) dup <null> pop <null> ldnull <null> ldc.i4.4 <null> call System.Int32 A.::(System.Int32) call System.Object[] A.:: (System.Int32) dup <null> pop <null> stloc.3 <null> ldloc.3 <null> ldc.i4.8 <null> call System.Int32 A.::(System.Int32) ldc.i4.s 12 call System.Int32 A.::(System.Int32) call System.String[] A.:: (System.Int32) dup <null> pop <null> stelem.ref <null> ldloc.3 <null> call System.Object A.::(System.Object,System.Object,System.Object[]) dup <null> pop <null> pop <null> leave.s IL_00D2: ret ldloc.0 <null> brfalse.s IL_00D1: endfinally ldc.i4.2 <null> switch dnlib.DotNet.Emit.Instruction[] ldloc.0 <null> call System.Void A.::(System.Object) endfinally <null> ret <null>
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void A. :: ()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

15
Main Method

System.Void A. :: ()
Main IL Instruction Count

88
Main IL

call System.Void A.::() call System.Void A.::() call System.Reflection.Assembly A.::() dup <null> pop <null> ldc.i4.1 <null> call System.String A.::(System.Int32) dup <null> pop <null> ldc.i4.s 50 call System.String A.::(System.Int32) dup <null> pop <null> ldc.i4 139 call System.String A.::(System.Int32) dup <null> pop <null> call System.String A.:: (System.String,System.String,System.String) dup <null> pop <null> call System.IO.Stream A.::(System.Object,System.String) dup <null> pop <null> stloc.0 <null> call System.IO.MemoryStream A.::() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> call System.Int32 A.::(System.Int32) call System.IO.Compression.DeflateStream A.::(System.IO.Stream,System.IO.Compression.CompressionMode) dup <null> pop <null> stloc.2 <null> ldloc.2 <null> ldloc.1 <null> call System.Void A. ::(System.Object,System.IO.Stream) leave.s IL_0078: ldloc.1 ldloc.2 <null> brfalse.s IL_0077: endfinally ldc.i4.7 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_0071: ldloc.2 ldtoken System.Void A. :: () pop <null> ldloc.2 <null> call System.Void A.::(System.Object) endfinally <null> ldloc.1 <null> call System.Byte[] A.::(System.Object) dup <null> pop <null> call System.Reflection.Assembly A.::(System.Byte[]) dup <null> pop <null> call System.Reflection.MethodInfo A.::(System.Object) dup <null> pop <null> ldnull <null> ldc.i4.4 <null> call System.Int32 A.::(System.Int32) call System.Object[] A.:: (System.Int32) dup <null> pop <null> stloc.3 <null> ldloc.3 <null> ldc.i4.8 <null> call System.Int32 A.::(System.Int32) ldc.i4.s 12 call System.Int32 A.::(System.Int32) call System.String[] A.:: (System.Int32) dup <null> pop <null> stelem.ref <null> ldloc.3 <null> call System.Object A.::(System.Object,System.Object,System.Object[]) dup <null> pop <null> pop <null> leave.s IL_00D2: ret ldloc.0 <null> brfalse.s IL_00D1: endfinally ldc.i4.2 <null> switch dnlib.DotNet.Emit.Instruction[] ldloc.0 <null> call System.Void A.::(System.Object) endfinally <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
7a30f2d2bba350579d531068adb70360 (890.88 KB)
File Structure
7a30f2d2bba350579d531068adb70360
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

1

7a30f2d2bba350579d531068adb70360
Suspicious Type Names (1-2 chars)

0

7a30f2d2bba350579d531068adb70360
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙