Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 89b02a7d197802219b0f7f4962f520d1
|
| Sha1 | 6aac44ece8ab4c60bc075b8a6d33d25657edbcfd
|
| Sha256 | 0d822f4c3b6307fb12dbe1cd234a9d7457d30ff109c114529c96c43347f715d4
|
| Sha384 | 2c5195c985e463a95ebff445b2f8760ec50108206af2d70a2150a39d28b2307424f422ae88cdcba09b9ecd70e7375209
|
| Sha512 | ad728d6ae11a880588501172f12652a55687049f42cb1b102bd1eca07fa49b4f149398a6ef647875fd73516197fa2b049031cbbf10be5e78b6dc928aa1ea81a4
|
| SSDeep | 12288:MXV90MKNYq+ePPwANkozQl5/Q4UQzkOWZ/80Udo:MX1OJ3yX5o4UQEFSdo
|
| TLSH | 02D49E7732564E21E2855373E1CB494493B49782B6A7F70EB185339618073EFEE1A3A3
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Kzxuk.exe |
| Full Name | Kzxuk.exe |
| EntryPoint | System.Void ojFG7wGIt15exqvl2H.QPqCNDDlFVYCDPK9GS::QuXy20UKv() |
| Scope Name | Kzxuk.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Kzxuk |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void ojFG7wGIt15exqvl2H.QPqCNDDlFVYCDPK9GS::QuXy20UKv() |
| Main IL Instruction Count | 120 |
| Main IL | ldc.i4 1 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0009: ldloc V_2 br IL_002D: nop nop <null> newobj System.Void U8a0QWcL2UtfF81JCb.BVw3uIpBukTabksIeu::.ctor() stloc.s V_0 ldc.i4 10 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_1ac33c7ae17347b9872582ec449a2b2f brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 4 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) br IL_0062: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 12 beq IL_0121: newobj System.Void q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4::.ctor() ldloc V_3 ldc.i4 992 beq IL_0062: ldloc V_3 br IL_00A0: newobj System.Void fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m::.ctor() newobj System.Void fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m::.ctor() stloc.s V_1 ldc.i4 0 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_c79daf14d3fc488cbbdeef4e8d46047b brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 6 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void lE2eHr8opXWOBXHeBQ.EuxrdFUcMvgLZZnXld::.ctor() stloc.s V_5 ldc.i4 12 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_9c116749f929473eaba399bd606e7c8c brfalse IL_005E: stloc V_3 pop <null> ldc.i4 12 br IL_005E: stloc V_3 br IL_019D: leave IL_0214 ldc.i4 1 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_44758807c250429abd2ce1bfa8f0ab5e brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 6 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void HOyxaNQ44xis2I18Ty.LyUIxwZ7FGDnB20FbD::.ctor() stloc.s V_4 ldc.i4 3 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4::.ctor() dup <null> dup <null> ldsfld oZbHEj03G60eNwbxvjV oZbHEj03G60eNwbxvjV::s9h0J1LM7B call System.Void oZbHEj03G60eNwbxvjV::g1c0yyrBKG(System.Object,q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4,oZbHEj03G60eNwbxvjV) dup <null> ldloc.s V_5 ldsfld iWFRaI0j1HKqMHaxxy2 iWFRaI0j1HKqMHaxxy2::MpL065yYNr call System.Void iWFRaI0j1HKqMHaxxy2::g1c0yyrBKG(System.Object,lE2eHr8opXWOBXHeBQ.EuxrdFUcMvgLZZnXld,iWFRaI0j1HKqMHaxxy2) ldloc.s V_5 ldloc.s V_4 ldsfld DSPixs0KXiP0xhWHebr DSPixs0KXiP0xhWHebr::vva0dg0q0d call System.Void DSPixs0KXiP0xhWHebr::g1c0yyrBKG(System.Object,HOyxaNQ44xis2I18Ty.LyUIxwZ7FGDnB20FbD,DSPixs0KXiP0xhWHebr) ldloc.s V_4 ldloc.s V_1 ldsfld OM66fi0tZQgdbN88jCd OM66fi0tZQgdbN88jCd::Cg90OgFdsk call System.Void OM66fi0tZQgdbN88jCd::g1c0yyrBKG(System.Object,fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m,OM66fi0tZQgdbN88jCd) ldloc.s V_1 ldloc.s V_0 ldsfld o3Cj8m09JAY8IuYjjMN o3Cj8m09JAY8IuYjjMN::MQq0gFYxMR call System.Void o3Cj8m09JAY8IuYjjMN::g1c0yyrBKG(System.Object,U8a0QWcL2UtfF81JCb.BVw3uIpBukTabksIeu,o3Cj8m09JAY8IuYjjMN) ldsfld eL2MjP0iNacgca9MHsk eL2MjP0iNacgca9MHsk::x880E4GJpX call System.Boolean eL2MjP0iNacgca9MHsk::g1c0yyrBKG(System.Object,eL2MjP0iNacgca9MHsk) brfalse IL_0197: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 2 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_90d8cc717b1e44f693a825877dacc56c brfalse IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 8 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0214: ret pop <null> ldc.i4 0 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_30c22bb72f2747409c05669fe4e51392 brfalse IL_01D4: switch(IL_01F0) pop <null> ldc.i4 0 br IL_01D4: switch(IL_01F0) br IL_01D0: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 988 beq IL_01D0: ldloc V_6 br IL_01F0: leave IL_0214 leave IL_0214: ret ldc.i4 6 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_2919b1531d114148ab18de5941c7f08a brfalse IL_000D: switch(IL_0214,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0214,IL_002D) ret <null> |
| Module Name | Kzxuk.exe |
| Full Name | Kzxuk.exe |
| EntryPoint | System.Void ojFG7wGIt15exqvl2H.QPqCNDDlFVYCDPK9GS::QuXy20UKv() |
| Scope Name | Kzxuk.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Kzxuk |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void ojFG7wGIt15exqvl2H.QPqCNDDlFVYCDPK9GS::QuXy20UKv() |
| Main IL Instruction Count | 120 |
| Main IL | ldc.i4 1 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0009: ldloc V_2 br IL_002D: nop nop <null> newobj System.Void U8a0QWcL2UtfF81JCb.BVw3uIpBukTabksIeu::.ctor() stloc.s V_0 ldc.i4 10 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_1ac33c7ae17347b9872582ec449a2b2f brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 4 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) br IL_0062: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 12 beq IL_0121: newobj System.Void q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4::.ctor() ldloc V_3 ldc.i4 992 beq IL_0062: ldloc V_3 br IL_00A0: newobj System.Void fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m::.ctor() newobj System.Void fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m::.ctor() stloc.s V_1 ldc.i4 0 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_c79daf14d3fc488cbbdeef4e8d46047b brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 6 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void lE2eHr8opXWOBXHeBQ.EuxrdFUcMvgLZZnXld::.ctor() stloc.s V_5 ldc.i4 12 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_9c116749f929473eaba399bd606e7c8c brfalse IL_005E: stloc V_3 pop <null> ldc.i4 12 br IL_005E: stloc V_3 br IL_019D: leave IL_0214 ldc.i4 1 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_44758807c250429abd2ce1bfa8f0ab5e brtrue IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 6 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void HOyxaNQ44xis2I18Ty.LyUIxwZ7FGDnB20FbD::.ctor() stloc.s V_4 ldc.i4 3 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4::.ctor() dup <null> dup <null> ldsfld oZbHEj03G60eNwbxvjV oZbHEj03G60eNwbxvjV::s9h0J1LM7B call System.Void oZbHEj03G60eNwbxvjV::g1c0yyrBKG(System.Object,q8ZyHmP1orT5ts6SRs.lKQ4omopIU34xJefj4,oZbHEj03G60eNwbxvjV) dup <null> ldloc.s V_5 ldsfld iWFRaI0j1HKqMHaxxy2 iWFRaI0j1HKqMHaxxy2::MpL065yYNr call System.Void iWFRaI0j1HKqMHaxxy2::g1c0yyrBKG(System.Object,lE2eHr8opXWOBXHeBQ.EuxrdFUcMvgLZZnXld,iWFRaI0j1HKqMHaxxy2) ldloc.s V_5 ldloc.s V_4 ldsfld DSPixs0KXiP0xhWHebr DSPixs0KXiP0xhWHebr::vva0dg0q0d call System.Void DSPixs0KXiP0xhWHebr::g1c0yyrBKG(System.Object,HOyxaNQ44xis2I18Ty.LyUIxwZ7FGDnB20FbD,DSPixs0KXiP0xhWHebr) ldloc.s V_4 ldloc.s V_1 ldsfld OM66fi0tZQgdbN88jCd OM66fi0tZQgdbN88jCd::Cg90OgFdsk call System.Void OM66fi0tZQgdbN88jCd::g1c0yyrBKG(System.Object,fIIwG5O6DB9yiGR0rU.onJUmVtnwObur3Bg5m,OM66fi0tZQgdbN88jCd) ldloc.s V_1 ldloc.s V_0 ldsfld o3Cj8m09JAY8IuYjjMN o3Cj8m09JAY8IuYjjMN::MQq0gFYxMR call System.Void o3Cj8m09JAY8IuYjjMN::g1c0yyrBKG(System.Object,U8a0QWcL2UtfF81JCb.BVw3uIpBukTabksIeu,o3Cj8m09JAY8IuYjjMN) ldsfld eL2MjP0iNacgca9MHsk eL2MjP0iNacgca9MHsk::x880E4GJpX call System.Boolean eL2MjP0iNacgca9MHsk::g1c0yyrBKG(System.Object,eL2MjP0iNacgca9MHsk) brfalse IL_0197: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 2 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_90d8cc717b1e44f693a825877dacc56c brfalse IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) pop <null> ldc.i4 8 br IL_0066: switch(IL_0110,IL_0197,IL_00EC,IL_00C6,IL_00A0) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0214: ret pop <null> ldc.i4 0 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_30c22bb72f2747409c05669fe4e51392 brfalse IL_01D4: switch(IL_01F0) pop <null> ldc.i4 0 br IL_01D4: switch(IL_01F0) br IL_01D0: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 988 beq IL_01D0: ldloc V_6 br IL_01F0: leave IL_0214 leave IL_0214: ret ldc.i4 6 ldsfld <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40} <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_5415b462c8324edd8bb9706142c20e5a ldfld System.Int32 <Module>{18cfd527-36c0-4a55-8c3a-d9141d207e40}::m_2919b1531d114148ab18de5941c7f08a brfalse IL_000D: switch(IL_0214,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0214,IL_002D) ret <null> |