Suspicious
Suspect

81be32b31cd7f7beb7021e76fe318faa

PE Executable
|
MD5: 81be32b31cd7f7beb7021e76fe318faa
|
Size: 1.85 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
81be32b31cd7f7beb7021e76fe318faa
Sha1
4f81d9431c3f28f61cd992845167f0c08bef29c7
Sha256
6ce2462286dc687b1ccab7592a3a68c0504b2639e28cfb8a849e0cd12763fea0
Sha384
6f7b14a00e54471fb0c7a67cf8366eafd843271c6e695cd197814a1d7e44d593b0687c9c4a66ac07f5700c661b6bf359
Sha512
cfafc1b3515fe020e342b77c0e320024631abe8fc4903eb2b3bdbae5293b9c9657f466f5a5ba8623ebc6b01736490523e0ea62b7632dbba6a3709c117ac72cf6
SSDeep
49152:LFVne7/OaBQJgbu2yOUaZow653HhXda9emJL+N5G:LPnsPBQJMu2LUaZk3H1UBJyb
TLSH
5E8533B2E6A44D2DF7C7CDB39AA29EC29A0124C37E08E2A5D96F63C2D4425437D4F354

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
81be32b31cd7f7beb7021e76fe318faa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Informations
Name
 Value
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr SZEou/fPaXMU5AFcBE8Jcw== ldstr LY4FhFKb7rQ5QrjynBZR41vMh4hyIF6UEriL8gQPEps= ldstr jmRf6vDkorhJ75O85PN8gw== call System.String 蔉섵뫵趿➷㊈籟᪢::䂣䫩ⱅ㮋㸀㐍ઇᑴᒾ(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr SZEou/fPaXMU5AFcBE8Jcw== ldstr LY4FhFKb7rQ5QrjynBZR41vMh4hyIF6UEriL8gQPEps= ldstr jmRf6vDkorhJ75O85PN8gw== call System.String 蔉섵뫵趿➷㊈籟᪢::䂣䫩ⱅ㮋㸀㐍ઇᑴᒾ(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

1
81be32b31cd7f7beb7021e76fe318faa (1.85 MB)
File Structure
81be32b31cd7f7beb7021e76fe318faa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

1

81be32b31cd7f7beb7021e76fe318faa
Suspicious Type Names (1-2 chars)

1

81be32b31cd7f7beb7021e76fe318faa
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙