Suspicious
Suspect

7ba80e92cdf2f7e7d7caeea6500c043b

PE Executable
|
MD5: 7ba80e92cdf2f7e7d7caeea6500c043b
|
Size: 408.06 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
7ba80e92cdf2f7e7d7caeea6500c043b
Sha1
99ed0d832041b5586312f4b4ae8d5b5c22e2fd3e
Sha256
07ed16cf0a516f5c201b0651c6e6faaf855c02280db5c1dfb1c7ac4e8b660d29
Sha384
218d16f13cd7bbbfdde32f31cf8ef11208c6af06e29bc84f655754604f9d76941a093b4ef54a5be3a26c3ea05ead3225
Sha512
effbcf53810501a86852bcbc16a177fbe603cd73808b910e5647447c99884221bc9000f145a91a06d97cb605755fff186fc898b7b3d1b2bd869d29a69312c7a6
SSDeep
6144:xXSf3xRcVSdejsF30FH7Jqoee6VlWT8b991qppm066lbDp6iOXAGAH:l+B8jfLePVle84pjFo4GA
TLSH
2294C40CFE91F805DE1A3D77CBE614044B7125C22E229682329A6FFD8B5537758E26BC

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7ba80e92cdf2f7e7d7caeea6500c043b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ckalxteotjom
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

123.exe
Full Name

123.exe
EntryPoint

System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::vAJwxsiYJCdN(System.String[])
Scope Name

123.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

123
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1110
Main Method

System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::vAJwxsiYJCdN(System.String[])
Main IL Instruction Count

55
Main IL

ldc.i4 181 stloc.0 <null> br IL_00BA: br IL_000B nop <null> ldloc.0 <null> ldc.i4 201 ceq <null> brfalse IL_0060: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 210 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 210 ceq <null> brfalse IL_0079: nop call System.Void KIZjeyhxwxoMRLV.gduqOLPfLEIC::xHffmPHq() ldc.i4 219 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 193 ceq <null> brfalse IL_0092: nop call System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::jPGBQptIynR() ldc.i4 201 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 181 ceq <null> brfalse IL_00A7: nop nop <null> ldc.i4 193 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 219 ceq <null> brfalse IL_00BA: br IL_000B br IL_00BF: ret br IL_000B: nop ret <null>
Module Name

123.exe
Full Name

123.exe
EntryPoint

System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::vAJwxsiYJCdN(System.String[])
Scope Name

123.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

123
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1110
Main Method

System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::vAJwxsiYJCdN(System.String[])
Main IL Instruction Count

55
Main IL

ldc.i4 181 stloc.0 <null> br IL_00BA: br IL_000B nop <null> ldloc.0 <null> ldc.i4 201 ceq <null> brfalse IL_0060: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 210 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 210 ceq <null> brfalse IL_0079: nop call System.Void KIZjeyhxwxoMRLV.gduqOLPfLEIC::xHffmPHq() ldc.i4 219 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 193 ceq <null> brfalse IL_0092: nop call System.Void KIZjeyhxwxoMRLV.HuGSPmdLELAllUv::jPGBQptIynR() ldc.i4 201 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 181 ceq <null> brfalse IL_00A7: nop nop <null> ldc.i4 193 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 219 ceq <null> brfalse IL_00BA: br IL_000B br IL_00BF: ret br IL_000B: nop ret <null>
7ba80e92cdf2f7e7d7caeea6500c043b (408.06 KB)
File Structure
7ba80e92cdf2f7e7d7caeea6500c043b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ckalxteotjom
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙