Suspicious
Suspect

84f78a617ffb7b3a2a4291b5eefcf408

PE Executable
|
MD5: 84f78a617ffb7b3a2a4291b5eefcf408
|
Size: 1.45 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
84f78a617ffb7b3a2a4291b5eefcf408
Sha1
eaf853877f71471c673bcf22a55cb8dd53c32c47
Sha256
288cbb7498f2c534d38c27b1f94cef2731ea2a5f3e3ef976c596a41c67ff2663
Sha384
ad951d99e74e1867c58714da0b7097bfe3fca28c782ff9960c0c14abd96e365823797f853e3bdd9fdd301eb0bfb3f786
Sha512
fc15f5875ff3a1cf6373b6edf3d31950cd3b69b1b11218e7fda470237b38c898950fb1adea36de3c87d57ff58ce22bf2d7abd84c64f90c39467a8f37a18f1158
SSDeep
24576:0VLTMwdGRbo3L+h2ZfzzS54+fOcmvbz2hSO/GcDGrZMWjom7ZebKIHBmOGI:M0wMNo3Fye+WDX2r/UrZMROIYOJ
TLSH
B865336DB7CA9713D0D1C4FC68297B85D299C8A17AC4FB2FD9DD370116492E1A2A824C

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
84f78a617ffb7b3a2a4291b5eefcf408
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
eLVt
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Aihvjll.exe
Full Name

Aihvjll.exe
EntryPoint

System.Void Eiwpnsepar.Oekzhfa::Main()
Scope Name

Aihvjll.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Aihvjll
Assembly Version

1.0.5714.6468
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

15
Main Method

System.Void Eiwpnsepar.Oekzhfa::Main()
Main IL Instruction Count

124
Main IL

nop <null> ldnull <null> stloc.0 <null> br.s IL_0015: ldc.i4.1 nop <null> nop <null> call System.Byte[] Eiwpnsepar.Properties.Phcnboaihfi::get_e() stloc.0 <null> leave.s IL_001A: ldloc.0 pop <null> nop <null> nop <null> leave.s IL_0014: nop nop <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> brtrue.s IL_0005: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.2 <null> ldloc.2 <null> brfalse.s IL_0025: ldc.i4.1 ldc.i4.0 <null> br.s IL_0028: brtrue IL_0114 ldc.i4.1 <null> br.s IL_0028: brtrue IL_0114 brtrue IL_0114: ret nop <null> ldloc.0 <null> call System.Byte[] Eiwpnsepar.Oekzhfa::a(System.Byte[]) stloc.3 <null> ldloc.3 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_4 ldloc.s V_4 brfalse.s IL_0043: ldc.i4.1 ldc.i4.0 <null> br.s IL_0046: brtrue IL_0113 ldc.i4.1 <null> br.s IL_0046: brtrue IL_0113 brtrue IL_0113: nop nop <null> ldloc.3 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_5 ldloc.s V_5 callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_006C: ldc.i4.1 ldc.i4.0 <null> br.s IL_006F: brtrue IL_0112 ldc.i4.1 <null> br.s IL_006F: brtrue IL_0112 brtrue IL_0112: nop nop <null> br.s IL_009C: ldc.i4.s 19 ldloc.s V_10 ldc.i4.s 18 xor <null> stloc.s V_10 ldloc.s V_10 ldc.i4.s 16 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 19 call System.Int32 j::ac(System.Int32) stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_9 brfalse.s IL_00F0: ldc.i4.1 ldc.i4.6 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_5 ldloc.s V_7 callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_8 ldc.i4.0 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_8 callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_9 ldc.i4.2 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldc.i4 4923 call System.String c::a(System.Int32) stloc.s V_7 ldc.i4.s 10 call System.Int32 j::ac(System.Int32) stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldc.i4.0 <null> br.s IL_00F3: brtrue.s IL_0111 ldc.i4.1 <null> br.s IL_00F3: brtrue.s IL_0111 brtrue.s IL_0111: nop nop <null> ldloc.s V_8 ldc.i4 4737 call System.String c::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> nop <null> nop <null> nop <null> nop <null> ret <null>
Module Name

Aihvjll.exe
Full Name

Aihvjll.exe
EntryPoint

System.Void Eiwpnsepar.Oekzhfa::Main()
Scope Name

Aihvjll.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Aihvjll
Assembly Version

1.0.5714.6468
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

15
Main Method

System.Void Eiwpnsepar.Oekzhfa::Main()
Main IL Instruction Count

124
Main IL

nop <null> ldnull <null> stloc.0 <null> br.s IL_0015: ldc.i4.1 nop <null> nop <null> call System.Byte[] Eiwpnsepar.Properties.Phcnboaihfi::get_e() stloc.0 <null> leave.s IL_001A: ldloc.0 pop <null> nop <null> nop <null> leave.s IL_0014: nop nop <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> brtrue.s IL_0005: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.2 <null> ldloc.2 <null> brfalse.s IL_0025: ldc.i4.1 ldc.i4.0 <null> br.s IL_0028: brtrue IL_0114 ldc.i4.1 <null> br.s IL_0028: brtrue IL_0114 brtrue IL_0114: ret nop <null> ldloc.0 <null> call System.Byte[] Eiwpnsepar.Oekzhfa::a(System.Byte[]) stloc.3 <null> ldloc.3 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_4 ldloc.s V_4 brfalse.s IL_0043: ldc.i4.1 ldc.i4.0 <null> br.s IL_0046: brtrue IL_0113 ldc.i4.1 <null> br.s IL_0046: brtrue IL_0113 brtrue IL_0113: nop nop <null> ldloc.3 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_5 ldloc.s V_5 callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_006C: ldc.i4.1 ldc.i4.0 <null> br.s IL_006F: brtrue IL_0112 ldc.i4.1 <null> br.s IL_006F: brtrue IL_0112 brtrue IL_0112: nop nop <null> br.s IL_009C: ldc.i4.s 19 ldloc.s V_10 ldc.i4.s 18 xor <null> stloc.s V_10 ldloc.s V_10 ldc.i4.s 16 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 19 call System.Int32 j::ac(System.Int32) stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_9 brfalse.s IL_00F0: ldc.i4.1 ldc.i4.6 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_5 ldloc.s V_7 callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_8 ldc.i4.0 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldloc.s V_8 callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_9 ldc.i4.2 <null> stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldc.i4 4923 call System.String c::a(System.Int32) stloc.s V_7 ldc.i4.s 10 call System.Int32 j::ac(System.Int32) stloc.s V_10 br.s IL_0077: ldloc.s V_10 ldc.i4.0 <null> br.s IL_00F3: brtrue.s IL_0111 ldc.i4.1 <null> br.s IL_00F3: brtrue.s IL_0111 brtrue.s IL_0111: nop nop <null> ldloc.s V_8 ldc.i4 4737 call System.String c::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> nop <null> nop <null> nop <null> nop <null> ret <null>
84f78a617ffb7b3a2a4291b5eefcf408 (1.45 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙