Suspicious
Suspect

9d782ae04998ed3a4fc5ef28d821f1b2

PE Executable
|
MD5: 9d782ae04998ed3a4fc5ef28d821f1b2
|
Size: 440.83 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
9d782ae04998ed3a4fc5ef28d821f1b2
Sha1
ec579730423729eb50f5512fe4126449a8b1b695
Sha256
73a583bfa6362e599d5519acf4dcab793b126a697356d32861a6e7ffe5f9e0ab
Sha384
f9a25aede7e97994b3827a7a0e3cd682988692755b4864360ab06a6961f9a31590a13483ac4ea85adc09da1f89c4f506
Sha512
3705e7fdef143fbd6bdc5159074c797f05a66f6375f67e3bb73f5782b2864bbdf86abb9ed5c82ab573406f2334cf5dc1e784c2be031b6e5c1f8f6efcda1b9733
SSDeep
6144:Umx8YILbzHEB9MegbHs9e6VlWT8b98EW94IZGrLFbOlpJtXYP:9869Es9PVle83WXGrklGP
TLSH
7994A30CFE92E805DE1E3D77CBE610104B7129C12E1296923259BFFE8F6537658A267C

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9d782ae04998ed3a4fc5ef28d821f1b2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
iqtoglnqriii
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

rookqpshtgdi.exe
Full Name

rookqpshtgdi.exe
EntryPoint

System.Void KyFZZoHaavWOU.nerDBKCYB::QXhBxnUcKb(System.String[])
Scope Name

rookqpshtgdi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rookqpshtgdi
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1172
Main Method

System.Void KyFZZoHaavWOU.nerDBKCYB::QXhBxnUcKb(System.String[])
Main IL Instruction Count

56
Main IL

ldc.i4 5159 stloc.0 <null> br IL_00B3: br IL_000B nop <null> ldloc.0 <null> ldc.i4 5169 ceq <null> brfalse IL_0024: nop call System.Void KyFZZoHaavWOU.nerDBKCYB::GvGEzLFWE() ldc.i4 5177 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5177 ceq <null> brfalse IL_0072: nop newobj System.Void System.Random::.ctor() nop <null> ldc.i4 173067222 ldc.i4 173065334 xor <null> conv.i4 <null> nop <null> ldc.r8 6000.224653042054 ldc.r8 3000 call System.Double System.Math::Tan(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 5185 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5185 ceq <null> brfalse IL_008B: nop call System.Void KyFZZoHaavWOU.huTksPAKCuhtrm::ZgkDNCfRDYbcnrE() ldc.i4 5192 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5159 ceq <null> brfalse IL_00A0: nop nop <null> ldc.i4 5169 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5192 ceq <null> brfalse IL_00B3: br IL_000B br IL_00B8: ret br IL_000B: nop ret <null>
Module Name

rookqpshtgdi.exe
Full Name

rookqpshtgdi.exe
EntryPoint

System.Void KyFZZoHaavWOU.nerDBKCYB::QXhBxnUcKb(System.String[])
Scope Name

rookqpshtgdi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rookqpshtgdi
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1172
Main Method

System.Void KyFZZoHaavWOU.nerDBKCYB::QXhBxnUcKb(System.String[])
Main IL Instruction Count

56
Main IL

ldc.i4 5159 stloc.0 <null> br IL_00B3: br IL_000B nop <null> ldloc.0 <null> ldc.i4 5169 ceq <null> brfalse IL_0024: nop call System.Void KyFZZoHaavWOU.nerDBKCYB::GvGEzLFWE() ldc.i4 5177 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5177 ceq <null> brfalse IL_0072: nop newobj System.Void System.Random::.ctor() nop <null> ldc.i4 173067222 ldc.i4 173065334 xor <null> conv.i4 <null> nop <null> ldc.r8 6000.224653042054 ldc.r8 3000 call System.Double System.Math::Tan(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 5185 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5185 ceq <null> brfalse IL_008B: nop call System.Void KyFZZoHaavWOU.huTksPAKCuhtrm::ZgkDNCfRDYbcnrE() ldc.i4 5192 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5159 ceq <null> brfalse IL_00A0: nop nop <null> ldc.i4 5169 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 5192 ceq <null> brfalse IL_00B3: br IL_000B br IL_00B8: ret br IL_000B: nop ret <null>
9d782ae04998ed3a4fc5ef28d821f1b2 (440.83 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙