Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 899f98ebbe2a0ea336d149eeffdb05e2
|
| Sha1 | 0e4f7b208a17c916265bedef00e3040726451593
|
| Sha256 | f28cf429577df40ee009456ceb258dab612fa00502236d4fd3aa5fe9343a1084
|
| Sha384 | 3c5889b6c1962552529279a52b8a93cde8ae0e38532c25f96811e3353eaa09bb0396b93a34adafedf581925fa465c0c3
|
| Sha512 | 3e660ddabed3a54450a5721d5ce5c327f753808d8c720ef50ddb5363d3920193b184e40cf784a96a8111972cbdc4b62bb140788c593402eb7458d21fbb5cb27b
|
| SSDeep | 6144:V91LcSwPutB/MkvJjTDJG5BaVdw9Sdyk0sqkV6e2GKu0BEO8b0I:V91LoqVMELJGHaVdw9Y0s9YeHKu0BEOo
|
| TLSH | 0044BE9D365075EFC867C9728EA82C64FA60B87B530BD303A44715ADAA0E5DBCF150F2
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | server1.exe |
| Full Name | server1.exe |
| EntryPoint | System.Void server.Module2::main() |
| Scope Name | server1.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | server1 |
| Assembly Version | 3.3.8.8 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 43 |
| Main Method | System.Void server.Module2::main() |
| Main IL Instruction Count | 66 |
| Main IL | nop <null> ldc.i4 -1072677569 ldc.i4 -206742262 xor <null> dup <null> stloc.2 <null> ldc.i4.7 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br IL_00EF: ret call System.String server.My.Resources.Resources::get_encrypted() ldstr ‡_^tU~VNWVW>mW`URnZ{K>PK?uV call System.String server.Module2::AES_Decrypt(System.String,System.String) stsfld System.String server.Module2::Hex ldloc.2 <null> ldc.i4 73827328 mul <null> ldc.i4 2073176040 xor <null> br.s IL_0006: ldc.i4 -206742262 newobj System.Void server.tnpHUoUfWgI::.ctor() stloc.1 <null> ldloc.2 <null> ldc.i4 -1157593301 mul <null> ldc.i4 2048850367 xor <null> br.s IL_0006: ldc.i4 -206742262 ldsfld System.String server.Module2::Hex call System.Byte[] server.Module2::XSYZhCuDal(System.String) stsfld System.Byte[] server.Module2::Bytes newobj System.Void server.cHWndDStKo::.ctor() stloc.0 <null> ldloc.2 <null> ldc.i4 -1152382360 mul <null> ldc.i4 156671371 xor <null> br IL_0006: ldc.i4 -206742262 ldloc.1 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Diagnostics.Process server.Module2::() call System.Diagnostics.ProcessModule server.Module2::(System.Diagnostics.Process) call System.String server.Module2::(System.Diagnostics.ProcessModule) callvirt System.Boolean server.tnpHUoUfWgI::MYuTHvSuKCG(System.Byte[],System.String) pop <null> ldloc.2 <null> ldc.i4 -848442895 mul <null> ldc.i4 -165175213 xor <null> br IL_0006: ldc.i4 -206742262 ldloc.0 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Diagnostics.Process server.Module2::() call System.Diagnostics.ProcessModule server.Module2::(System.Diagnostics.Process) call System.String server.Module2::(System.Diagnostics.ProcessModule) callvirt System.Boolean server.cHWndDStKo::utbzmlAhhgm(System.Byte[],System.String) pop <null> ldloc.2 <null> ldc.i4 239715337 mul <null> ldc.i4 1449181623 xor <null> br IL_0006: ldc.i4 -206742262 ret <null> |
| Module Name | server1.exe |
| Full Name | server1.exe |
| EntryPoint | System.Void server.Module2::main() |
| Scope Name | server1.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | server1 |
| Assembly Version | 3.3.8.8 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 43 |
| Main Method | System.Void server.Module2::main() |
| Main IL Instruction Count | 66 |
| Main IL | nop <null> ldc.i4 -1072677569 ldc.i4 -206742262 xor <null> dup <null> stloc.2 <null> ldc.i4.7 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br IL_00EF: ret call System.String server.My.Resources.Resources::get_encrypted() ldstr ‡_^tU~VNWVW>mW`URnZ{K>PK?uV call System.String server.Module2::AES_Decrypt(System.String,System.String) stsfld System.String server.Module2::Hex ldloc.2 <null> ldc.i4 73827328 mul <null> ldc.i4 2073176040 xor <null> br.s IL_0006: ldc.i4 -206742262 newobj System.Void server.tnpHUoUfWgI::.ctor() stloc.1 <null> ldloc.2 <null> ldc.i4 -1157593301 mul <null> ldc.i4 2048850367 xor <null> br.s IL_0006: ldc.i4 -206742262 ldsfld System.String server.Module2::Hex call System.Byte[] server.Module2::XSYZhCuDal(System.String) stsfld System.Byte[] server.Module2::Bytes newobj System.Void server.cHWndDStKo::.ctor() stloc.0 <null> ldloc.2 <null> ldc.i4 -1152382360 mul <null> ldc.i4 156671371 xor <null> br IL_0006: ldc.i4 -206742262 ldloc.1 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Diagnostics.Process server.Module2::() call System.Diagnostics.ProcessModule server.Module2::(System.Diagnostics.Process) call System.String server.Module2::(System.Diagnostics.ProcessModule) callvirt System.Boolean server.tnpHUoUfWgI::MYuTHvSuKCG(System.Byte[],System.String) pop <null> ldloc.2 <null> ldc.i4 -848442895 mul <null> ldc.i4 -165175213 xor <null> br IL_0006: ldc.i4 -206742262 ldloc.0 <null> ldsfld System.Byte[] server.Module2::Bytes call System.Diagnostics.Process server.Module2::() call System.Diagnostics.ProcessModule server.Module2::(System.Diagnostics.Process) call System.String server.Module2::(System.Diagnostics.ProcessModule) callvirt System.Boolean server.cHWndDStKo::utbzmlAhhgm(System.Byte[],System.String) pop <null> ldloc.2 <null> ldc.i4 239715337 mul <null> ldc.i4 1449181623 xor <null> br IL_0006: ldc.i4 -206742262 ret <null> |