Malicious
Malicious

87bc17f56e744e74408e6ae8bb28b724

PE Executable
|
MD5: 87bc17f56e744e74408e6ae8bb28b724
|
Size: 3.67 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
87bc17f56e744e74408e6ae8bb28b724
Sha1
3aa572388083ff00a95405d34d1189c99c7ff5be
Sha256
ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
Sha384
2fe6bae55a4432542872f9201d701b3b2f1a40d15d5141a264cb8208f6a50100a96ec8f46195c338ba4aee6a7e74a615
Sha512
cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d
SSDeep
49152:cbvLSgf+VOdx3Vw5+mbSgwJKI0Qpvs3c2KTn4Xj9Bh:cTmgf+VOdc5vbSgwJKDP24Rf
TLSH
C306D6C3B54AC9B2C14B673AC7C7160443A2DD852323DB1A3ACA33653E73FBA4965587

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
87bc17f56e744e74408e6ae8bb28b724
Malicious
[Authenticode]_a6e0d8a0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0-preview.png
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Fiddler.AutoUpdate.DownloadUpdateForm.resources
Fiddler.Common.Application.Scripting.Helpers.CSharpScriptCodeSnippets.resources
Fiddler.Common.Application.Scripting.Helpers.JScriptNetCodeSnippets.resources
WebSocketView.WSView.resources
btnGenFauxResponse.Image
[NBF]root.Data
[NBF]root.Data-preview.png
imglWSM.ImageStream
[NBF]root.Data
Fiddler.frmAbout.resources
pbImage.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Fiddler.frmUpdate.resources
$this.Icon
[NBF]root.IconData
pbImage.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Fiddler.frmAlert.resources
pbImage.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Fiddler.frmPrompt.resources
pbImage.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Fiddler.frmSearch.resources
$this.Icon
[NBF]root.IconData
Fiddler.frmTextWizard.resources
$this.Icon
[NBF]root.IconData
btnSendOutput.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Writer.Stub
Fiddler.frmOptions.resources
btnActions.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Field.Producer
Fiddler.UIComposer.resources
imglComposer.ImageStream
[NBF]root.Data
Fiddler.SessionProperties.resources
$this.Icon
[NBF]root.IconData
Fiddler.SplashScreen.resources
$this.Icon
[NBF]root.IconData
$this.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
Fiddler.MiniSplashScreen.resources
$this.BackgroundImage
[NBF]root.Data
Fiddler.frmViewer.resources
$this.Icon
[NBF]root.IconData
imglToolbar.ImageStream
[NBF]root.Data
notifyIcon.Icon
[NBF]root.IconData
imglSessionIcons.ImageStream
[NBF]root.Data
sbpBreakpoints.Icon
[NBF]root.IconData
Fiddler.Common.Application.CustomMimeMappings.xml
Fiddler.Common.Application.password.png
Fiddler.Common.Application.password.png-preview.png
Fiddler.Common.Application.numbers.png
Fiddler.Common.Application.numbers.png-preview.png
Fiddler.Common.Application.unsecure.png
Fiddler.Common.Application.unsecure.png-preview.png
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
WelcomeScreen.Views.WinForms.Properties.Resources.resources
Articles
[NBF]root.Data
[NBF]root.Data-preview.png
Videos
[NBF]root.Data
[NBF]root.Data-preview.png
Blogs
[NBF]root.Data
[NBF]root.Data-preview.png
Docs
[NBF]root.Data
[NBF]root.Data-preview.png
Logo
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x37D600 size 9144 bytes
Info

PDB Path: Fiddler.pdb
Module Name

Fiddler.exe
Full Name

Fiddler.exe
EntryPoint

System.Void Fiddler.frmViewer::Main(System.String[])
Scope Name

Fiddler.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Fiddler
Assembly Version

5.0.20245.10105
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6.2
Total Strings

56
Main Method

System.Void Fiddler.frmViewer::Main(System.String[])
Main IL Instruction Count

28
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0082: ret call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void Fiddler.frmViewer::SetConfiguration(System.Object,System.Object) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldc.i4 1 ldsfld <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62} <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_291318e627eb4e5fb4b2ccb180b1a7b7 ldfld System.Int32 <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_ca4032db490943f786d4826d5620fc87 brfalse IL_0012: switch(IL_0082,IL_005D,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0082,IL_005D,IL_0028) ldarg.0 <null> call System.Void Fiddler.frmViewer::RegisterConfiguration(System.Object) ldc.i4 0 ldsfld <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62} <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_291318e627eb4e5fb4b2ccb180b1a7b7 ldfld System.Int32 <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_855e4420b8a145fe82fec11a0ee960ce brtrue IL_0012: switch(IL_0082,IL_005D,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0082,IL_005D,IL_0028) ret <null>
Module Name

Fiddler.exe
Full Name

Fiddler.exe
EntryPoint

System.Void Fiddler.frmViewer::Main(System.String[])
Scope Name

Fiddler.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Fiddler
Assembly Version

5.0.20245.10105
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6.2
Total Strings

56
Main Method

System.Void Fiddler.frmViewer::Main(System.String[])
Main IL Instruction Count

28
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0082: ret call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void Fiddler.frmViewer::SetConfiguration(System.Object,System.Object) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldc.i4 1 ldsfld <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62} <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_291318e627eb4e5fb4b2ccb180b1a7b7 ldfld System.Int32 <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_ca4032db490943f786d4826d5620fc87 brfalse IL_0012: switch(IL_0082,IL_005D,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0082,IL_005D,IL_0028) ldarg.0 <null> call System.Void Fiddler.frmViewer::RegisterConfiguration(System.Object) ldc.i4 0 ldsfld <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62} <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_291318e627eb4e5fb4b2ccb180b1a7b7 ldfld System.Int32 <Module>{0a1100fc-235a-4606-8878-28ebfa2d2e62}::m_855e4420b8a145fe82fec11a0ee960ce brtrue IL_0012: switch(IL_0082,IL_005D,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0082,IL_005D,IL_0028) ret <null>
87bc17f56e744e74408e6ae8bb28b724 (3.67 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙