Suspicious
Suspect

7f3f122bfd178ac14d59619324880f0e

PE Executable
|
MD5: 7f3f122bfd178ac14d59619324880f0e
|
Size: 3.5 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
7f3f122bfd178ac14d59619324880f0e
Sha1
08fe27a17b0b621795a620386bfae71686c227b1
Sha256
1595d92fb580ab1264b533c3504863062bf47d8ce61e838c64179b904f2a6d23
Sha384
405a566ee736451d8a77edb21ab8761af793aeba379ee44d2928ed53e1bdd59f41ac292671afa356d7ac2ba645c7d0b4
Sha512
e06e603b82c7ac56b3297786161f386c06d8eaa06bc3b50325d49f88968e3ea92788e14248160b6c2e28a582449b15acaff198c5dfb7a9832fa933c60b0df704
SSDeep
98304:vdMc2x3tmRxhYOlFWKIvJHyWd/XLcIPwEc:v0x3tmRxhFIRtvC
TLSH
60F52349ED40CB13C6622D33CA61236071B3A8670782F392EDD5F9A9D0B73952F49B93

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7f3f122bfd178ac14d59619324880f0e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

server1.exe
Full Name

server1.exe
EntryPoint

System.Void server.Module2::main()
Scope Name

server1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

server1
Assembly Version

4.3.8.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

31
Main Method

System.Void server.Module2::main()
Main IL Instruction Count

128
Main IL

nop <null> ldc.i4 719374190 stloc.s V_4 ldloc.s V_4 ldc.i4 -992386391 ldc.i4 1847427757 mul <null> ldc.i4 -1499913665 ldc.i4 -2144742052 mul <null> ldc.i4 -1985168198 ldc.i4 -317917166 add <null> xor <null> sub <null> sub <null> neg <null> ldc.i4 1895547555 mul <null> ldc.i4 823930906 xor <null> dup <null> stloc.3 <null> ldc.i4.s 10 rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br IL_01AF: ret ldloc.0 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_53196EF8216B425E_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 -1443336760 stloc.s V_8 ldloc.3 <null> ldc.i4 -422273 mul <null> ldloc.s V_8 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_2D550D71F3DF48E2_() stloc.0 <null> ldc.i4 -1016548978 stloc.s V_7 ldloc.3 <null> ldc.i4 -854355 mul <null> ldloc.s V_7 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_72DF6D2A64CF467C_() stloc.2 <null> ldc.i4 -574518585 stloc.s V_11 ldloc.3 <null> ldc.i4 -580147 mul <null> ldloc.s V_11 xor <null> br IL_0006: stloc.s V_4 ldloc.1 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_BDED50F342C14930_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 1370356184 stloc.s V_10 ldloc.3 <null> ldc.i4 -302747 mul <null> ldloc.s V_10 xor <null> br IL_0006: stloc.s V_4 call System.String server.Module2::_FFF1EDC2B8174E23_() ldc.i4 34028792 br.s IL_0118: call System.String <Module>::_F5601A4938EF456A_<System.String>(System.IntPtr) call System.String <Module>::_F5601A4938EF456A_<System.String>(System.IntPtr) call System.String server.Module2::_EA53610C3667484A_(System.String,System.String) stsfld System.String server.Module2::Hex ldc.i4 -451428091 stloc.s V_5 ldloc.3 <null> ldc.i4 -627744 mul <null> ldloc.s V_5 xor <null> br IL_0006: stloc.s V_4 ldloc.2 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_E7E9E08938ED468D_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 836523193 stloc.s V_12 ldloc.3 <null> ldc.i4 -621132 mul <null> ldloc.s V_12 xor <null> br IL_0006: stloc.s V_4 ldsfld System.String server.Module2::Hex call System.Byte[] server.Module2::_FC03658D8DB249BF_(System.String) stsfld System.Byte[] server.Module2::Bytes ldc.i4 -726185406 stloc.s V_6 ldloc.3 <null> ldc.i4 -932660 mul <null> ldloc.s V_6 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_EEF7DE6A1EE04BFA_() stloc.1 <null> ldc.i4 1897697572 stloc.s V_9 ldloc.3 <null> ldc.i4 -763442 mul <null> ldloc.s V_9 xor <null> br IL_0006: stloc.s V_4 ret <null>
Module Name

server1.exe
Full Name

server1.exe
EntryPoint

System.Void server.Module2::main()
Scope Name

server1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

server1
Assembly Version

4.3.8.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

31
Main Method

System.Void server.Module2::main()
Main IL Instruction Count

128
Main IL

nop <null> ldc.i4 719374190 stloc.s V_4 ldloc.s V_4 ldc.i4 -992386391 ldc.i4 1847427757 mul <null> ldc.i4 -1499913665 ldc.i4 -2144742052 mul <null> ldc.i4 -1985168198 ldc.i4 -317917166 add <null> xor <null> sub <null> sub <null> neg <null> ldc.i4 1895547555 mul <null> ldc.i4 823930906 xor <null> dup <null> stloc.3 <null> ldc.i4.s 10 rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br IL_01AF: ret ldloc.0 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_53196EF8216B425E_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 -1443336760 stloc.s V_8 ldloc.3 <null> ldc.i4 -422273 mul <null> ldloc.s V_8 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_2D550D71F3DF48E2_() stloc.0 <null> ldc.i4 -1016548978 stloc.s V_7 ldloc.3 <null> ldc.i4 -854355 mul <null> ldloc.s V_7 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_72DF6D2A64CF467C_() stloc.2 <null> ldc.i4 -574518585 stloc.s V_11 ldloc.3 <null> ldc.i4 -580147 mul <null> ldloc.s V_11 xor <null> br IL_0006: stloc.s V_4 ldloc.1 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_BDED50F342C14930_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 1370356184 stloc.s V_10 ldloc.3 <null> ldc.i4 -302747 mul <null> ldloc.s V_10 xor <null> br IL_0006: stloc.s V_4 call System.String server.Module2::_FFF1EDC2B8174E23_() ldc.i4 34028792 br.s IL_0118: call System.String <Module>::_F5601A4938EF456A_<System.String>(System.IntPtr) call System.String <Module>::_F5601A4938EF456A_<System.String>(System.IntPtr) call System.String server.Module2::_EA53610C3667484A_(System.String,System.String) stsfld System.String server.Module2::Hex ldc.i4 -451428091 stloc.s V_5 ldloc.3 <null> ldc.i4 -627744 mul <null> ldloc.s V_5 xor <null> br IL_0006: stloc.s V_4 ldloc.2 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Object server.Module2::_11F4DD521FD842FC_() call System.Object server.Module2::_3D7DF34A68E1487F_(System.Object) call System.String server.Module2::_642A87D122534284_(System.Object) call System.Boolean server.Module2::_E7E9E08938ED468D_(System.Object,System.Byte[],System.String) pop <null> ldc.i4 836523193 stloc.s V_12 ldloc.3 <null> ldc.i4 -621132 mul <null> ldloc.s V_12 xor <null> br IL_0006: stloc.s V_4 ldsfld System.String server.Module2::Hex call System.Byte[] server.Module2::_FC03658D8DB249BF_(System.String) stsfld System.Byte[] server.Module2::Bytes ldc.i4 -726185406 stloc.s V_6 ldloc.3 <null> ldc.i4 -932660 mul <null> ldloc.s V_6 xor <null> br IL_0006: stloc.s V_4 call System.Object server.Module2::_EEF7DE6A1EE04BFA_() stloc.1 <null> ldc.i4 1897697572 stloc.s V_9 ldloc.3 <null> ldc.i4 -763442 mul <null> ldloc.s V_9 xor <null> br IL_0006: stloc.s V_4 ret <null>
7f3f122bfd178ac14d59619324880f0e (3.5 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙