Suspect
7c21316409eb2f5c4b1a99353021801e
PE Executable | MD5: 7c21316409eb2f5c4b1a99353021801e | Size: 2.16 MB | application/x-dosexec
PE Executable
MD5: 7c21316409eb2f5c4b1a99353021801e
Size: 2.16 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 7c21316409eb2f5c4b1a99353021801e
|
| Sha1 | 7d5c00ccd909b9ecee6d14f4784240916095499c
|
| Sha256 | d683196074738752029de9e8024f68d24c83dc785f0707eca2a6f5f94bd7cf9f
|
| Sha384 | 1e1a3a47ade508f46e198bf099c4a5abc65c59f7f35ad6615a6a2f9aa43b208476ecfb9d5ddded0943959eab3a5caaa0
|
| Sha512 | 5e113f8128e4c50574a8133761fa7b3f027b4f81a063f57013bf3b0fb5d5d7e099546db8bb997776dcb39f2a248de6097ae72979c76ec041305581e1a8863195
|
| SSDeep | 49152:zkqXfd+/9AqbXHeWD/2D0KhMZYnHreNR2lv6fOdSK9/IKYcZNHI8tPzcGBZ:zkqXf0FfbXHR8aFrIv6fOdS8/IK7lIMB
|
| TLSH | 79A53319571F01CEDEBF427A74B533052EB8DE198CA4D3CE1B5899AB065EB42028636E
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
7c21316409eb2f5c4b1a99353021801e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
[Authenticode]_220cad77.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_4fc668a7.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_02648583.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_daaa2853.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.runtime.interopservices.runtimeinformation.dll.compressed
costura.system.runtime.interopservices.runtimeinformation.dll
[Authenticode]_2cfabfa2.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Runtime.InteropServices.RuntimeInformation.SR.resources
costura.system.valuetuple.dll.compressed
costura.system.valuetuple.dll
[Authenticode]_b468f670.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.ValueTuple.SR.resources
costura.websocket-sharp.dll.compressed
costura.websocket-sharp.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.apollointerop.dll.compressed
costura.apollointerop.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.dinvokeresolver.dll.compressed
costura.dinvokeresolver.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.encryptedfilestore.dll.compressed
costura.encryptedfilestore.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.httpprofile.dll.compressed
costura.httpprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.injection.dll.compressed
costura.injection.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.kerberostickets.dll.compressed
costura.kerberostickets.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.namedpipeprofile.dll.compressed
costura.namedpipeprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.plaintextcryptography.dll.compressed
costura.plaintextcryptography.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.process.dll.compressed
costura.process.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pskcryptography.dll.compressed
costura.pskcryptography.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.simpleresolver.dll.compressed
costura.simpleresolver.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.tasks.dll.compressed
costura.tasks.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
costura.system.management.automation.dll.compressed
costura.system.management.automation.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
IBC
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Authenticode.resources
AutomationExceptions.resources
CommandBaseStrings.resources
Credential.resources
CredentialAttribute.resources
ConsoleInfoErrorStrings.resources
CoreMshSnapInResources.resources
CredUI.resources
DescriptionsStrings.resources
DiscoveryExceptions.resources
ErrorCategory.resources
ErrorPackage.resources
ErrorPackageRemoting.resources
EventingResources.resources
ExtendedTypeSystem.resources
FileSystemProviderStrings.resources
FormatAndOut.XmlLoading.resources
GetErrorText.resources
HostInterfaceExceptionsStrings.resources
History.resources
InternalHostStrings.resources
InternalHostUserInterfaceStrings.resources
Logging.resources
Metadata.resources
MshHostRawUserInterfaceStrings.resources
MshSignature.resources
NativeCP.resources
ParameterBinderStrings.resources
Parser.resources
PathUtils.resources
Pipeline.resources
PowerShellStrings.resources
ProgressRecordStrings.resources
ProviderBaseSecurity.resources
ProxyCommandStrings.resources
PSCommandStrings.resources
PSDataBufferStrings.resources
PSListModifier.resources
RegistryProviderStrings.resources
Runspace.resources
RunspaceInit.resources
RunspacePoolStrings.resources
AuthorizationManagerBase.resources
Serialization.resources
SessionStateProviderBaseStrings.resources
SessionStateStrings.resources
SuggestionStrings.resources
MshSnapInCmdletResources.resources
MshSnapinInfo.resources
TransactionStrings.resources
TypesXml.resources
WildcardPattern.resources
HelpErrors.resources
HelpDisplayStrings.resources
MiniShellErrors.resources
RemotingErrorIdStrings.resources
DebuggerStrings.resources
Modules.resources
costura.metadata
costura.tcpprofile.dll.compressed
costura.tcpprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.websocketprofile.dll.compressed
costura.websocketprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: ? |
| Module Name | Apollo.exe |
| Full Name | Apollo.exe |
| EntryPoint | System.Void Apollo.Program::Main(System.String[]) |
| Scope Name | Apollo.exe |
| Scope Type | ModuleDef |
| Kind | Console |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Apollo |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.1 |
| Total Strings | 179 |
| Main Method | System.Void Apollo.Program::Main(System.String[]) |
| Main IL Instruction Count | 6 |
| Main IL | ldsfld System.Int32 Apollo.Program::_security_init pop <null> ldsfld System.String Apollo.Config::PayloadUUID newobj System.Void Apollo.Agent.Apollo::.ctor(System.String) callvirt System.Void ApolloInterop.Classes.Agent::Start() ret <null> |
| Module Name | Apollo.exe |
| Full Name | Apollo.exe |
| EntryPoint | System.Void Apollo.Program::Main(System.String[]) |
| Scope Name | Apollo.exe |
| Scope Type | ModuleDef |
| Kind | Console |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Apollo |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.1 |
| Total Strings | 179 |
| Main Method | System.Void Apollo.Program::Main(System.String[]) |
| Main IL Instruction Count | 6 |
| Main IL | ldsfld System.Int32 Apollo.Program::_security_init pop <null> ldsfld System.String Apollo.Config::PayloadUUID newobj System.Void Apollo.Agent.Apollo::.ctor(System.String) callvirt System.Void ApolloInterop.Classes.Agent::Start() ret <null> |
7c21316409eb2f5c4b1a99353021801e (2.16 MB)
File Structure
7c21316409eb2f5c4b1a99353021801e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
[Authenticode]_220cad77.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_4fc668a7.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_02648583.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_daaa2853.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.runtime.interopservices.runtimeinformation.dll.compressed
costura.system.runtime.interopservices.runtimeinformation.dll
[Authenticode]_2cfabfa2.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Runtime.InteropServices.RuntimeInformation.SR.resources
costura.system.valuetuple.dll.compressed
costura.system.valuetuple.dll
[Authenticode]_b468f670.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.ValueTuple.SR.resources
costura.websocket-sharp.dll.compressed
costura.websocket-sharp.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.apollointerop.dll.compressed
costura.apollointerop.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.dinvokeresolver.dll.compressed
costura.dinvokeresolver.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.encryptedfilestore.dll.compressed
costura.encryptedfilestore.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.httpprofile.dll.compressed
costura.httpprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.injection.dll.compressed
costura.injection.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.kerberostickets.dll.compressed
costura.kerberostickets.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.namedpipeprofile.dll.compressed
costura.namedpipeprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.plaintextcryptography.dll.compressed
costura.plaintextcryptography.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.process.dll.compressed
costura.process.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pskcryptography.dll.compressed
costura.pskcryptography.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.simpleresolver.dll.compressed
costura.simpleresolver.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.tasks.dll.compressed
costura.tasks.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
costura.system.management.automation.dll.compressed
costura.system.management.automation.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
IBC
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Authenticode.resources
AutomationExceptions.resources
CommandBaseStrings.resources
Credential.resources
CredentialAttribute.resources
ConsoleInfoErrorStrings.resources
CoreMshSnapInResources.resources
CredUI.resources
DescriptionsStrings.resources
DiscoveryExceptions.resources
ErrorCategory.resources
ErrorPackage.resources
ErrorPackageRemoting.resources
EventingResources.resources
ExtendedTypeSystem.resources
FileSystemProviderStrings.resources
FormatAndOut.XmlLoading.resources
GetErrorText.resources
HostInterfaceExceptionsStrings.resources
History.resources
InternalHostStrings.resources
InternalHostUserInterfaceStrings.resources
Logging.resources
Metadata.resources
MshHostRawUserInterfaceStrings.resources
MshSignature.resources
NativeCP.resources
ParameterBinderStrings.resources
Parser.resources
PathUtils.resources
Pipeline.resources
PowerShellStrings.resources
ProgressRecordStrings.resources
ProviderBaseSecurity.resources
ProxyCommandStrings.resources
PSCommandStrings.resources
PSDataBufferStrings.resources
PSListModifier.resources
RegistryProviderStrings.resources
Runspace.resources
RunspaceInit.resources
RunspacePoolStrings.resources
AuthorizationManagerBase.resources
Serialization.resources
SessionStateProviderBaseStrings.resources
SessionStateStrings.resources
SuggestionStrings.resources
MshSnapInCmdletResources.resources
MshSnapinInfo.resources
TransactionStrings.resources
TypesXml.resources
WildcardPattern.resources
HelpErrors.resources
HelpDisplayStrings.resources
MiniShellErrors.resources
RemotingErrorIdStrings.resources
DebuggerStrings.resources
Modules.resources
costura.metadata
costura.tcpprofile.dll.compressed
costura.tcpprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.websocketprofile.dll.compressed
costura.websocketprofile.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.