Suspicious
Suspect

81c614c6ea2290155180dedf56bf080f

PE Executable
|
MD5: 81c614c6ea2290155180dedf56bf080f
|
Size: 348.16 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
81c614c6ea2290155180dedf56bf080f
Sha1
1fc738b82e217b30a5779bb10fb56ff24e1fc232
Sha256
d27254c6dff8ec2d0262ec8a302d740770c02c2cb012d82cfb1c15dfb2572805
Sha384
7a49ef78aec7eb8f67f290141a1629e82c7089941346f93f3602a466dc4e3b95761dc1093d1d6f38dc71dc5a3644b78b
Sha512
fa72911d08ba16330b9866d09fe19d5dcb2459459a7ae42fc919f73e5b142b0555c13fba1a4b5289d2179d794816d983d5424029e566325feba825e89446ce0c
SSDeep
6144:KaheRwNuzCx520HW8CproBVmlkEgWVFCCJ6QW78sV0Qqwt74:fMe520PCaBVmlBJtg08
TLSH
9E746B15AB8C96EEC2DD0375D4620408DBF0D142D3A7FB4A0AA7A5B8AD8B753E5070F7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
81c614c6ea2290155180dedf56bf080f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Saca
Informations
Name
 Value
Module Name

Pxxsqtwg.exe
Full Name

Pxxsqtwg.exe
EntryPoint

System.Void Rwmrjwqyboy.Pnghieubwbo::Main()
Scope Name

Pxxsqtwg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pxxsqtwg
Assembly Version

1.0.8837.19577
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

50
Main Method

System.Void Rwmrjwqyboy.Pnghieubwbo::Main()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream> Rwmrjwqyboy.Pnghieubwbo/<>c::<>9__0_0 dup <null> brtrue IL_0022: call System.Void Rwmrjwqyboy.Pnghieubwbo::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld Rwmrjwqyboy.Pnghieubwbo/<>c Rwmrjwqyboy.Pnghieubwbo/<>c::<>9 ldftn System.Void Rwmrjwqyboy.Pnghieubwbo/<>c::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Rwmrjwqyboy.Pnghieubwbo/<>c::<>9__0_0 call System.Void Rwmrjwqyboy.Pnghieubwbo::(System.Action`1<System.IO.MemoryStream>) ret <null>
Module Name

Pxxsqtwg.exe
Full Name

Pxxsqtwg.exe
EntryPoint

System.Void Rwmrjwqyboy.Pnghieubwbo::Main()
Scope Name

Pxxsqtwg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pxxsqtwg
Assembly Version

1.0.8837.19577
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

50
Main Method

System.Void Rwmrjwqyboy.Pnghieubwbo::Main()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream> Rwmrjwqyboy.Pnghieubwbo/<>c::<>9__0_0 dup <null> brtrue IL_0022: call System.Void Rwmrjwqyboy.Pnghieubwbo::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld Rwmrjwqyboy.Pnghieubwbo/<>c Rwmrjwqyboy.Pnghieubwbo/<>c::<>9 ldftn System.Void Rwmrjwqyboy.Pnghieubwbo/<>c::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Rwmrjwqyboy.Pnghieubwbo/<>c::<>9__0_0 call System.Void Rwmrjwqyboy.Pnghieubwbo::(System.Action`1<System.IO.MemoryStream>) ret <null>
81c614c6ea2290155180dedf56bf080f (348.16 KB)
File Structure
81c614c6ea2290155180dedf56bf080f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Saca
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙