Suspicious
Suspect

86eaf6459bb8f3da5e0f8c20eb4fcd9d

PE Executable
|
MD5: 86eaf6459bb8f3da5e0f8c20eb4fcd9d
|
Size: 21.5 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
86eaf6459bb8f3da5e0f8c20eb4fcd9d
Sha1
6f39725318a0787ee1d2a7f56e6d7b534108ec44
Sha256
31e1948d4e15f5eebeeb8c43d57ae0398b39d0edea908df6bcd6e032bbdb93e5
Sha384
5ef69392b3adda345d35d28043e171724017682a3c6950467035f42e94a1232ca23988406cd7755d01392340b0e8090c
Sha512
3a1cc9aeecc17c7479e2d9131d823d07a0632b35552fb83cff9601d1536f90f0b2781eb256174694e0bf7db08f1663cdfb1928b5c88ef687074fe389a42149fc
SSDeep
384:X3MLWHn3kIEfu6TAMwBbpOBsBadkEJTr91CzYKeA:jn3kIYWbpZMTr9ixeA
TLSH
E3A20908B7FE9A39F6FE2F7C69B201504775B91BDD2ED74D2CCE40491C22B8C89506A5

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
86eaf6459bb8f3da5e0f8c20eb4fcd9d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

dont run.exe
Full Name

dont run.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

dont run.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dont run
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

298
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

48
Main IL

call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_000D: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0019: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_002C: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_003D: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_003D: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0049: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::addLinkToStartup() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0079: ldsfld System.Boolean ConsoleApplication7.Program::checkSpread ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_0061: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_006D: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_0079: ldsfld System.Boolean ConsoleApplication7.Program::checkSpread call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_008A: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_00B1: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() ret <null>
Module Name

dont run.exe
Full Name

dont run.exe
EntryPoint

System.Void ConsoleApplication7.Program::Main(System.String[])
Scope Name

dont run.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dont run
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

298
Main Method

System.Void ConsoleApplication7.Program::Main(System.String[])
Main IL Instruction Count

48
Main IL

call System.Boolean ConsoleApplication7.Program::AlreadyRunning() brfalse.s IL_000D: ldsfld System.Boolean ConsoleApplication7.Program::checkSleep ldc.i4.1 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.Boolean ConsoleApplication7.Program::checkSleep brfalse.s IL_0019: ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage call System.Void ConsoleApplication7.Program::sleepOutOfTempFolder() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_002C: ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyResistForAdmin(System.String) br.s IL_003D: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.Boolean ConsoleApplication7.Program::checkCopyRoaming brfalse.s IL_003D: ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder ldsfld System.String ConsoleApplication7.Program::processName call System.Void ConsoleApplication7.Program::copyRoaming(System.String) ldsfld System.Boolean ConsoleApplication7.Program::checkStartupFolder brfalse.s IL_0049: call System.Void ConsoleApplication7.Program::lookForDirectories() call System.Void ConsoleApplication7.Program::addLinkToStartup() call System.Void ConsoleApplication7.Program::lookForDirectories() ldsfld System.Boolean ConsoleApplication7.Program::checkAdminPrivilage brfalse.s IL_0079: ldsfld System.Boolean ConsoleApplication7.Program::checkSpread ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteShadowCopies brfalse.s IL_0061: ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode call System.Void ConsoleApplication7.Program::deleteShadowCopies() ldsfld System.Boolean ConsoleApplication7.Program::checkdisableRecoveryMode brfalse.s IL_006D: ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog call System.Void ConsoleApplication7.Program::disableRecoveryMode() ldsfld System.Boolean ConsoleApplication7.Program::checkdeleteBackupCatalog brfalse.s IL_0079: ldsfld System.Boolean ConsoleApplication7.Program::checkSpread call System.Void ConsoleApplication7.Program::deleteBackupCatalog() ldsfld System.Boolean ConsoleApplication7.Program::checkSpread brfalse.s IL_008A: call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::spreadName call System.Void ConsoleApplication7.Program::spreadIt(System.String) call System.Void ConsoleApplication7.Program::addAndOpenNote() ldsfld System.String ConsoleApplication7.Program::base64Image call System.Void ConsoleApplication7.Program::SetWallpaper(System.String) ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_00B1: ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void ConsoleApplication7.Program::<Main>b__0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) stsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Threading.ThreadStart ConsoleApplication7.Program::CS$<>9__CachedAnonymousMethodDelegate1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() ret <null>
86eaf6459bb8f3da5e0f8c20eb4fcd9d (21.5 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙