Suspicious
Suspect

974f416a063f738456a8425a57a6aae0

PE Executable
|
MD5: 974f416a063f738456a8425a57a6aae0
|
Size: 25.09 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
974f416a063f738456a8425a57a6aae0
Sha1
82d4f3b43016f8bb000a2b06a8b5e84fb6eff4e5
Sha256
3a38d17b1d22201efb25a0709d0217cc45658bd7680c0399b17bcc72736d9adc
Sha384
1b117f25d37c96049295256d507cbf6c1a364bcf358b3efedbb488f961617babe7880eed317b6bd0385d1097e597fc28
Sha512
8e758037c14f1d4be8517cd2e2bb40afc88e56f2aa94d54d22e14a5ea5aee6afc16f88a8dc3a9c560af77e66d1da157f46a734908ce224634fbe6396f3b579f7
SSDeep
384:m7PMM8FyhOmTLqDW/IAZ44oOEJ+APjlr2fLzqkelhXRsasN+V/dX:ks6qDhAZiWAPBG1elh7sN+V/t
TLSH
91B217D8DFD8D522C6741AFCE8BD02009370B6119B73EF2A9954D3A969033ACD5C27E6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
974f416a063f738456a8425a57a6aae0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ILRepack.List
Informations
Name
 Value
Module Name

INV-572-VDYBU-738TY29UBDN9EI2
Full Name

INV-572-VDYBU-738TY29UBDN9EI2
EntryPoint

System.Void Bofxabbl.Qigtxphrlla::Main()
Scope Name

INV-572-VDYBU-738TY29UBDN9EI2
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

INV-572-VDYBU-738TY29UBDN9EI2
Assembly Version

1.0.2622.8066
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

47
Main Method

System.Void Bofxabbl.Qigtxphrlla::Main()
Main IL Instruction Count

60
Main IL

newobj System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::.ctor() stloc.0 <null> ldstr dHpwL0zucKSVkChUE8PSUA== stloc.1 <null> ldstr 4AaWBXu0j+k= stloc.2 <null> ldsfld System.Func`1<System.Byte[]> Bofxabbl.Qigtxphrlla/<>c::<>9__0_0 dup <null> brtrue.s IL_0031: newobj System.Void Bofxabbl.Kbzgynjowwl::.ctor(System.Func`1<System.Byte[]>) pop <null> ldsfld Bofxabbl.Qigtxphrlla/<>c Bofxabbl.Qigtxphrlla/<>c::<>9 ldftn System.Byte[] Bofxabbl.Qigtxphrlla/<>c::<Main>b__0_0() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Bofxabbl.Qigtxphrlla/<>c::<>9__0_0 newobj System.Void Bofxabbl.Kbzgynjowwl::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Bofxabbl.Ymmafmejwux::.ctor(System.String,System.String) stfld Bofxabbl.Ymmafmejwux Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::decryptor ldloc.0 <null> newobj System.Void Bofxabbl.Otpqklgr::.ctor() stfld Bofxabbl.Otpqklgr Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::loader ldloc.0 <null> ldstr GWviZVNrfuP0FxcLRa.V5ORZS7TZWRQiMDVCc ldstr VtR0yqL7X newobj System.Void Bofxabbl.Dzexbn::.ctor(System.String,System.String) stfld Bofxabbl.Dzexbn Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::invoker dup <null> ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__1(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Kbzgynjowwl::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Bofxabbl.Ymmafmejwux Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::decryptor ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__2(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Ymmafmejwux::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Bofxabbl.Otpqklgr Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::loader ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__3(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Otpqklgr::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Bofxabbl.Dzexbn Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::invoker ldsfld System.Action Bofxabbl.Qigtxphrlla/<>c::<>9__0_4 dup <null> brtrue.s IL_00C8: callvirt System.Void Bofxabbl.Dzexbn::add_InvocationCompleted(System.Action) pop <null> ldsfld Bofxabbl.Qigtxphrlla/<>c Bofxabbl.Qigtxphrlla/<>c::<>9 ldftn System.Void Bofxabbl.Qigtxphrlla/<>c::<Main>b__0_4() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Bofxabbl.Qigtxphrlla/<>c::<>9__0_4 callvirt System.Void Bofxabbl.Dzexbn::add_InvocationCompleted(System.Action) callvirt System.Void Bofxabbl.Kbzgynjowwl::Vixsct() ret <null>
Module Name

INV-572-VDYBU-738TY29UBDN9EI2
Full Name

INV-572-VDYBU-738TY29UBDN9EI2
EntryPoint

System.Void Bofxabbl.Qigtxphrlla::Main()
Scope Name

INV-572-VDYBU-738TY29UBDN9EI2
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

INV-572-VDYBU-738TY29UBDN9EI2
Assembly Version

1.0.2622.8066
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

47
Main Method

System.Void Bofxabbl.Qigtxphrlla::Main()
Main IL Instruction Count

60
Main IL

newobj System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::.ctor() stloc.0 <null> ldstr dHpwL0zucKSVkChUE8PSUA== stloc.1 <null> ldstr 4AaWBXu0j+k= stloc.2 <null> ldsfld System.Func`1<System.Byte[]> Bofxabbl.Qigtxphrlla/<>c::<>9__0_0 dup <null> brtrue.s IL_0031: newobj System.Void Bofxabbl.Kbzgynjowwl::.ctor(System.Func`1<System.Byte[]>) pop <null> ldsfld Bofxabbl.Qigtxphrlla/<>c Bofxabbl.Qigtxphrlla/<>c::<>9 ldftn System.Byte[] Bofxabbl.Qigtxphrlla/<>c::<Main>b__0_0() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Bofxabbl.Qigtxphrlla/<>c::<>9__0_0 newobj System.Void Bofxabbl.Kbzgynjowwl::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Bofxabbl.Ymmafmejwux::.ctor(System.String,System.String) stfld Bofxabbl.Ymmafmejwux Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::decryptor ldloc.0 <null> newobj System.Void Bofxabbl.Otpqklgr::.ctor() stfld Bofxabbl.Otpqklgr Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::loader ldloc.0 <null> ldstr GWviZVNrfuP0FxcLRa.V5ORZS7TZWRQiMDVCc ldstr VtR0yqL7X newobj System.Void Bofxabbl.Dzexbn::.ctor(System.String,System.String) stfld Bofxabbl.Dzexbn Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::invoker dup <null> ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__1(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Kbzgynjowwl::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Bofxabbl.Ymmafmejwux Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::decryptor ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__2(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Ymmafmejwux::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Bofxabbl.Otpqklgr Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::loader ldloc.0 <null> ldftn System.Void Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::<Main>b__3(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Bofxabbl.Otpqklgr::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Bofxabbl.Dzexbn Bofxabbl.Qigtxphrlla/<>c__DisplayClass0_0::invoker ldsfld System.Action Bofxabbl.Qigtxphrlla/<>c::<>9__0_4 dup <null> brtrue.s IL_00C8: callvirt System.Void Bofxabbl.Dzexbn::add_InvocationCompleted(System.Action) pop <null> ldsfld Bofxabbl.Qigtxphrlla/<>c Bofxabbl.Qigtxphrlla/<>c::<>9 ldftn System.Void Bofxabbl.Qigtxphrlla/<>c::<Main>b__0_4() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Bofxabbl.Qigtxphrlla/<>c::<>9__0_4 callvirt System.Void Bofxabbl.Dzexbn::add_InvocationCompleted(System.Action) callvirt System.Void Bofxabbl.Kbzgynjowwl::Vixsct() ret <null>
974f416a063f738456a8425a57a6aae0 (25.09 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙