Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 9ba2db757893d214285b06edee9e4388
|
| Sha1 | c6e4810a03f1cc956d977f47b3d337c36b430a37
|
| Sha256 | 9f60f244e5c10d02100884aa438b2d44ef7d81b4dc34e41df092af464f831bad
|
| Sha384 | 0dfa73f2c5d0748e52c4731fe0ef2b3746ffe3ceb48aa473aea992d20c44a53a10dfd9da821a9dc73d33265a97c01d41
|
| Sha512 | 383c92d300c3abe5a3d9e969778e93fc91734de8f979f94a4bf68d9ba837b66fd1413c416ba2d927c4334949bb981b402df586a0530f8d58a7254b156aa69057
|
| SSDeep | 6144:lPT5yVUN3PNkdKkNeLXmbO5gKxWl2tU8TppiYopfORhyGoYQpr565OChx8LMJZWP:ldySH4bsRDwYU8rgJ1dTL+RYs8
|
| TLSH | A2D49EA7F3678E21D1845777C1CB9A4093B49685B5A3F30FB18413E619423EEDE0B6A3
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Kybpmkd.exe |
| Full Name | Kybpmkd.exe |
| EntryPoint | System.Void LfYQrLa1jPIWn2QUTw.heyn9iU6cttpJnqKxd::SaMtPcFGx() |
| Scope Name | Kybpmkd.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Kybpmkd |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void LfYQrLa1jPIWn2QUTw.heyn9iU6cttpJnqKxd::SaMtPcFGx() |
| Main IL Instruction Count | 58 |
| Main IL | ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: nop nop <null> newobj System.Void J6j5SAmuYabuO9KrwW.UbGf4iZLRR7su4pBfA::.ctor() ldsfld kgLKljItPvyhFlJLVYI kgLKljItPvyhFlJLVYI::OJwIxCQXhI call System.Boolean kgLKljItPvyhFlJLVYI::BTuIIhEadu(System.Object,kgLKljItPvyhFlJLVYI) brtrue IL_0095: leave IL_010C ldc.i4 0 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_48780b46ea2f4e5eb14eef183fd6b6af brtrue IL_0073: switch(IL_008F) pop <null> ldc.i4 2 br IL_0073: switch(IL_008F) br IL_006F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_006F: ldloc V_1 br IL_008F: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_010C: ret pop <null> ldc.i4 6 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_345f1a014040463190dd9a8cf58257b2 brtrue IL_00CC: switch(IL_00E8) pop <null> ldc.i4 0 br IL_00CC: switch(IL_00E8) br IL_00C8: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C8: ldloc V_2 br IL_00E8: leave IL_010C leave IL_010C: ret ldc.i4 3 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_0a19e6bfdedf4dad8b881ed98e4d9e30 brtrue IL_000D: switch(IL_010C,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_010C,IL_002D) ret <null> |
| Module Name | Kybpmkd.exe |
| Full Name | Kybpmkd.exe |
| EntryPoint | System.Void LfYQrLa1jPIWn2QUTw.heyn9iU6cttpJnqKxd::SaMtPcFGx() |
| Scope Name | Kybpmkd.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Kybpmkd |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void LfYQrLa1jPIWn2QUTw.heyn9iU6cttpJnqKxd::SaMtPcFGx() |
| Main IL Instruction Count | 58 |
| Main IL | ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: nop nop <null> newobj System.Void J6j5SAmuYabuO9KrwW.UbGf4iZLRR7su4pBfA::.ctor() ldsfld kgLKljItPvyhFlJLVYI kgLKljItPvyhFlJLVYI::OJwIxCQXhI call System.Boolean kgLKljItPvyhFlJLVYI::BTuIIhEadu(System.Object,kgLKljItPvyhFlJLVYI) brtrue IL_0095: leave IL_010C ldc.i4 0 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_48780b46ea2f4e5eb14eef183fd6b6af brtrue IL_0073: switch(IL_008F) pop <null> ldc.i4 2 br IL_0073: switch(IL_008F) br IL_006F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_006F: ldloc V_1 br IL_008F: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_010C: ret pop <null> ldc.i4 6 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_345f1a014040463190dd9a8cf58257b2 brtrue IL_00CC: switch(IL_00E8) pop <null> ldc.i4 0 br IL_00CC: switch(IL_00E8) br IL_00C8: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C8: ldloc V_2 br IL_00E8: leave IL_010C leave IL_010C: ret ldc.i4 3 ldsfld <Module>{ea9095af-5188-4639-b063-ef67a4ba3108} <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_e962c62c8562454eb07532326fbdab6d ldfld System.Int32 <Module>{ea9095af-5188-4639-b063-ef67a4ba3108}::m_0a19e6bfdedf4dad8b881ed98e4d9e30 brtrue IL_000D: switch(IL_010C,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_010C,IL_002D) ret <null> |