Suspicious
Suspect

96e8afea6475b8ef9d163ad5d06e1ee3

PE Executable
|
MD5: 96e8afea6475b8ef9d163ad5d06e1ee3
|
Size: 495.1 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
96e8afea6475b8ef9d163ad5d06e1ee3
Sha1
69427c02c15c89c27fac837c522fd4b9ef120ecb
Sha256
8fb53c7ce318eda23cdb8fc9b8f62c85c14c4e3f63ff28e9adf72518ba848d06
Sha384
11ba7bf4245f1f196d70f5013f061c1c546a38fca03b505a6738c1a029be1a493e99a42d186d5f9feaf52dbdedc9c9ae
Sha512
cab3319d6fabe64a9c4572598f6b02a42b7fdddec75d4d63e2e7a83223ccb057ae962f5f2b34560e97584db6403951596b0ad13f49db60cf672b1833c2bba315
SSDeep
6144:ufwfAhQ4XUeCUaP2Se6VlWT8b9G5uzV9H3V61lWsbwJ5ZQO:awfcYRPVle8A5QV9HJJ7t
TLSH
2AB4C30CFE91F806DE5A3DB7CBE610104B7125C22E22929631596FFD8BA537358E267C

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
96e8afea6475b8ef9d163ad5d06e1ee3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ckrmhfhwgsmk
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

loader.exe
Full Name

loader.exe
EntryPoint

System.Void CZTwiZeyeAgrx.cxGaOLtKE::qSzzgxosdIh(System.String[])
Scope Name

loader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

loader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1365
Main Method

System.Void CZTwiZeyeAgrx.cxGaOLtKE::qSzzgxosdIh(System.String[])
Main IL Instruction Count

56
Main IL

ldc.r8 2312 stloc.0 <null> br IL_00E7: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2326 ceq <null> brfalse IL_0071: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4003.301029995664 ldc.r8 2000 call System.Double System.Math::Log10(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 2 ldc.r8 3000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2329 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2318 ceq <null> brfalse IL_0092: nop call System.Void CZTwiZeyeAgrx.cxGaOLtKE::FyhZYCfYhUl() ldc.r8 2326 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2329 ceq <null> brfalse IL_00B3: nop call System.Void CZTwiZeyeAgrx.PbQGADornNH::SNOxJsLYfXhVQqS() ldc.r8 2338 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2312 ceq <null> brfalse IL_00D0: nop nop <null> ldc.r8 2318 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2338 ceq <null> brfalse IL_00E7: br IL_000F br IL_00EC: ret br IL_000F: nop ret <null>
Module Name

loader.exe
Full Name

loader.exe
EntryPoint

System.Void CZTwiZeyeAgrx.cxGaOLtKE::qSzzgxosdIh(System.String[])
Scope Name

loader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

loader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1365
Main Method

System.Void CZTwiZeyeAgrx.cxGaOLtKE::qSzzgxosdIh(System.String[])
Main IL Instruction Count

56
Main IL

ldc.r8 2312 stloc.0 <null> br IL_00E7: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2326 ceq <null> brfalse IL_0071: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4003.301029995664 ldc.r8 2000 call System.Double System.Math::Log10(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 2 ldc.r8 3000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2329 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2318 ceq <null> brfalse IL_0092: nop call System.Void CZTwiZeyeAgrx.cxGaOLtKE::FyhZYCfYhUl() ldc.r8 2326 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2329 ceq <null> brfalse IL_00B3: nop call System.Void CZTwiZeyeAgrx.PbQGADornNH::SNOxJsLYfXhVQqS() ldc.r8 2338 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2312 ceq <null> brfalse IL_00D0: nop nop <null> ldc.r8 2318 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2338 ceq <null> brfalse IL_00E7: br IL_000F br IL_00EC: ret br IL_000F: nop ret <null>
96e8afea6475b8ef9d163ad5d06e1ee3 (495.1 KB)
File Structure
96e8afea6475b8ef9d163ad5d06e1ee3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ckrmhfhwgsmk
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙