Suspicious
Suspect

7a4a157708cf8652b937f5eff59b0835

PE Executable
|
MD5: 7a4a157708cf8652b937f5eff59b0835
|
Size: 2.02 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
7a4a157708cf8652b937f5eff59b0835
Sha1
fbf95673d7d36114b9b62dc23f8273d051575eff
Sha256
f9f4d871539fb3e679c2d385217e6f24b6223827f32c4ab172e66d9a94b7af4e
Sha384
ae013b5dbe975b471252af726f9147d07faefea27dc3566b2aeb3ce892cd214b21de3c7417e3882429460824eea73e0e
Sha512
fd89029a7156edd193c17c1636591407bad33e668397c06f930191076a4ba2abda6c9311a310df95e4b736e4fb3c3d67eb5fbec055abbc4f06d73160c7b409bc
SSDeep
24576:BhCiRZYxxFaEqos1f3Y7ELYV3rFobCXsRNOFAjBGrixTqk8IXPJ8uoWRFd6jzTwj:WUfYIMVbFUiua4TqZCJ8uMHwuTc8s6i
TLSH
FB95BE049AD15B17D23E8375C9EB8A94B3B269C9FF4BD39B9A40B4610A013E257434FF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
7a4a157708cf8652b937f5eff59b0835
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Zxwhlc.Properties.Resources.resources
Ejrcvzkecgk
           
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Liwyc.exe
Full Name

Liwyc.exe
EntryPoint

System.Void   ::()
Scope Name

Liwyc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Liwyc
Assembly Version

1.0.8561.7518
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void   ::()
Main IL Instruction Count

37
Main IL

newobj System.Void   ::.ctor() stloc.0 <null> ldloc.0 <null> callvirt System.String   ::() brfalse.s IL_0060: leave IL_006C ldloc.0 <null> callvirt System.Type[]   ::() ldsfld System.Func`2<System.Type,System.Boolean>   /:: dup <null> brtrue.s IL_0033: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld   /   /:: ldftn System.Boolean   /::(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean>   /:: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.1 <null> ldloc.1 <null> call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> ble.s IL_0060: leave IL_006C ldloc.1 <null> call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4 778912590 call System.String ::(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> leave IL_006C: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

Liwyc.exe
Full Name

Liwyc.exe
EntryPoint

System.Void   ::()
Scope Name

Liwyc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Liwyc
Assembly Version

1.0.8561.7518
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void   ::()
Main IL Instruction Count

37
Main IL

newobj System.Void   ::.ctor() stloc.0 <null> ldloc.0 <null> callvirt System.String   ::() brfalse.s IL_0060: leave IL_006C ldloc.0 <null> callvirt System.Type[]   ::() ldsfld System.Func`2<System.Type,System.Boolean>   /:: dup <null> brtrue.s IL_0033: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld   /   /:: ldftn System.Boolean   /::(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean>   /:: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.1 <null> ldloc.1 <null> call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> ble.s IL_0060: leave IL_006C ldloc.1 <null> call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4 778912590 call System.String ::(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> leave IL_006C: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
7a4a157708cf8652b937f5eff59b0835 (2.02 MB)
File Structure
7a4a157708cf8652b937f5eff59b0835
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Zxwhlc.Properties.Resources.resources
Ejrcvzkecgk
           
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙