Suspicious
Suspect

98e3d1bf8ebdc6ac307152b167b0b3b9

PE Executable
|
MD5: 98e3d1bf8ebdc6ac307152b167b0b3b9
|
Size: 607.74 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
98e3d1bf8ebdc6ac307152b167b0b3b9
Sha1
3ecc240aa97db30c8870513bfb853d31e722f70b
Sha256
865396681bcb4359e6091a1ffc01ab89408284df78a6fe4879f5af887360e9be
Sha384
4b7b2332688f4645b6be7f81c1c15805a7b705c448fa9ddc0fa97b13fdf6217fee03ede53ee899e275b3c2a329f2f885
Sha512
d1abdc6760b845809f488bcae954522a5d237c1184184c5c94ac5190d315089fac558936bc042070a14cd91e7724309649b81e7923b5e9b37430660bd50c99b8
SSDeep
12288:TdvFRaw2mR+GvIrZEDbiDdQSH66vjZvW:TxFwikXlEXiBQm66x
TLSH
52D480046AD05F5BD63E8375C9E7999473B298A8FF4BE74BA900786228413E497031FF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
98e3d1bf8ebdc6ac307152b167b0b3b9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
           
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Bguvtyd.exe
Full Name

Bguvtyd.exe
EntryPoint

System.Void ​::()
Scope Name

Bguvtyd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Bguvtyd
Assembly Version

1.0.789.2427
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void ​::()
Main IL Instruction Count

37
Main IL

newobj System.Void ​::.ctor() stloc.0 <null> ldloc.0 <null> callvirt System.String ​::() brfalse.s IL_0060: leave IL_006C ldloc.0 <null> callvirt System.Type[] ​::() ldsfld System.Func`2<System.Type,System.Boolean> ​/:: dup <null> brtrue.s IL_0033: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld ​/ ​/:: ldftn System.Boolean ​/::(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> ​/:: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.1 <null> ldloc.1 <null> call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> ble.s IL_0060: leave IL_006C ldloc.1 <null> call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4 -1566032430 call System.String ::(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> leave IL_006C: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

Bguvtyd.exe
Full Name

Bguvtyd.exe
EntryPoint

System.Void ​::()
Scope Name

Bguvtyd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Bguvtyd
Assembly Version

1.0.789.2427
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void ​::()
Main IL Instruction Count

37
Main IL

newobj System.Void ​::.ctor() stloc.0 <null> ldloc.0 <null> callvirt System.String ​::() brfalse.s IL_0060: leave IL_006C ldloc.0 <null> callvirt System.Type[] ​::() ldsfld System.Func`2<System.Type,System.Boolean> ​/:: dup <null> brtrue.s IL_0033: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld ​/ ​/:: ldftn System.Boolean ​/::(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> ​/:: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.1 <null> ldloc.1 <null> call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> ble.s IL_0060: leave IL_006C ldloc.1 <null> call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4 -1566032430 call System.String ::(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> leave IL_006C: ret ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
98e3d1bf8ebdc6ac307152b167b0b3b9 (607.74 KB)
File Structure
98e3d1bf8ebdc6ac307152b167b0b3b9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
           
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙