Suspicious
Suspect

9f2ed4ff8c2589bd63c1a5991750ea53

PE Executable
|
MD5: 9f2ed4ff8c2589bd63c1a5991750ea53
|
Size: 962.56 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
9f2ed4ff8c2589bd63c1a5991750ea53
Sha1
6e2e786a753201c81891469c68285bb51d613a67
Sha256
d2bbb4a1976cda4875e34682da19d64d1e54a5042cd79ddbf92e3da931d8ce28
Sha384
2e512fa750a1b86c2e9d96be32dbbae07ed5d34ad408d9f2608ad719fb9b302bbabbffa4f86abe7082f10d6d4378c387
Sha512
7ed7c00a027b9f3e37cf4ab42f1640ba7bd542ccfb8d48e03e893b32abb5d909b82eeecc26fce80c251f9637e3d1603b1ebb0b2f0e3768b4198250b2d9d0aa20
SSDeep
12288:inNf+Pj5ZxMXO+MriwQUaYeP4SQG/gbkNEQCvoGFvQGtYBPph/d:inxs1oHMm38ePPjHEQCvoGFZYBP1
TLSH
A825CF21AF476F99E4790B3DC1620468B3F0D8038366D65B7FF840FA5D96F89CA2B491
File Structure
9f2ed4ff8c2589bd63c1a5991750ea53
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Ⴐ.6xaFjCd0.resources
9An_xf6MQoy0iW.g.resources
80be1fe8fdc938.Resources.resources
f324118e0
[NBF]root.Data
f324118e1
[NBF]root.Data
f324118e10
[NBF]root.Data
f324118e11
[NBF]root.Data
f324118e12
[NBF]root.Data
f324118e13
[NBF]root.Data
f324118e14
[NBF]root.Data
f324118e15
[NBF]root.Data
f324118e16
[NBF]root.Data
f324118e17
[NBF]root.Data
f324118e18
[NBF]root.Data
f324118e19
[NBF]root.Data
f324118e2
[NBF]root.Data
f324118e20
[NBF]root.Data
f324118e3
[NBF]root.Data
f324118e4
[NBF]root.Data
f324118e5
[NBF]root.Data
f324118e6
[NBF]root.Data
f324118e7
[NBF]root.Data
f324118e8
[NBF]root.Data
f324118e9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

9An_xf6MQoy0iW
Full Name

9An_xf6MQoy0iW
EntryPoint

System.Void Qgn06Mepw3Wj.Wo8t5gpP::ae6YH1tygt8B()
Scope Name

9An_xf6MQoy0iW
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

9An_xf6MQoy0iW
Assembly Version

24.6.6.150
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Qgn06Mepw3Wj.Wo8t5gpP::ae6YH1tygt8B()
Main IL Instruction Count

262
Main IL

ldsfld System.Byte[] 5Wdskc.qf2Z4iPe::Rg8zd2bYc stloc.s V_25 nop <null> br.s IL_000A: ldc.i4.5 ldc.i4.5 <null> stloc.s V_24 ldloc.s V_24 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0036: nop nop <null> call System.Threading.Thread System.Threading.Thread::get_CurrentThread() callvirt System.Threading.ApartmentState System.Threading.Thread::GetApartmentState() ldc.i4.1 <null> ceq <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_004F: ldc.i4.3 ldc.i4.0 <null> stloc.s V_24 br.s IL_000D: ldloc.s V_24 ldc.i4.3 <null> br.s IL_004B: stloc.s V_24 call System.Threading.Thread System.Threading.Thread::get_CurrentThread() ldc.i4.0 <null> callvirt System.Void System.Threading.Thread::SetApartmentState(System.Threading.ApartmentState) nop <null> nop <null> ldc.i4.3 <null> stloc.s V_24 br.s IL_000D: ldloc.s V_24 nop <null> call System.Globalization.CultureInfo System.Globalization.CultureInfo::get_InvariantCulture() stloc.0 <null> ldloc.0 <null> call System.Void System.Globalization.CultureInfo::set_CurrentCulture(System.Globalization.CultureInfo) nop <null> ldloc.0 <null> call System.Void System.Globalization.CultureInfo::set_CurrentUICulture(System.Globalization.CultureInfo) nop <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.1 <null> ldloc.s V_25 ldc.i4 324 ldelem.u1 <null> ldc.i4 137 sub <null> stloc.s V_24 br IL_000D: ldloc.s V_24 nop <null> ldc.i4.s 74 ldnull <null> ldc.i4 1087725994 ldc.i4.1 <null> call System.String 5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6::4YdfAtc51j(System.Char,System.Reflection.Assembly,System.Int32,System.Int32) stloc.2 <null> br.s IL_00A6: br.s IL_00A8 br.s IL_00A8: ldc.i4.3 ldc.i4.3 <null> stloc.s V_27 ldloc.s V_27 switch dnlib.DotNet.Emit.Instruction[] br.s IL_00C8: nop nop <null> ldloc.1 <null> callvirt System.String System.Reflection.Assembly::get_Location() call System.Diagnostics.FileVersionInfo System.Diagnostics.FileVersionInfo::GetVersionInfo(System.String) stloc.s V_19 ldloc.s V_19 callvirt System.String System.Diagnostics.FileVersionInfo::get_FileVersion() stloc.2 <null> leave.s IL_00F1: br.s IL_00F3 br.s IL_00E2: br.s IL_00E4 br.s IL_00E4: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00F1: br.s IL_00F3 br.s IL_00F3: ldc.i4.3 ldc.i4.3 <null> stloc.s V_29 ldloc.s V_29 switch dnlib.DotNet.Emit.Instruction[] br.s IL_013B: nop nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) stloc.3 <null> ldloc.3 <null> nop <null> ldc.i4 397229266 ldnull <null> ldc.i4.0 <null> ldc.i4 201 call System.String 5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6/2LmdJx9ke.bn2Ps1Sq9J::Ggz18(System.Int32,5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6/2LmdJx9ke.bn2Ps1Sq9J,System.Int32,System.Char) nop <null> ldnull <null> ldc.i4 859606933 ldc.i4.6 <null> ldc.i4.7 <null> call System.String 5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6/2LmdJx9ke.bn2Ps1Sq9J/jGa1R0d.Yya34qTnB8qo7::pw2J6bGmkF1k(System.Reflection.Assembly,System.Int32,System.Int32,System.Char) call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_4 ldc.i4.s 10 stloc.s V_29 br.s IL_00F6: ldloc.s V_29 ldloc.s V_4 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_20 ldloc.s V_20 brfalse.s IL_018A: ldc.i4.7 ldc.i4.4 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 ldc.i4.7 <null> br.s IL_0183: stloc.s V_29 ldloc.s V_4 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> ldloc.s V_25 ldc.i4 221 ldelem.u1 <null> ldc.i4 214 sub <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 nop <null> ldc.i4.1 <null> stloc.s V_5 ldc.r8 25 call System.Double System.Math::Floor(System.Double) conv.ovf.i4 <null> stloc.s V_6 ldloc.s V_6 ldc.i4.1 <null> sub.ovf <null> ldc.i4.1 <null> add.ovf <null> newarr System.Object stloc.s V_7 ldc.i4.s 14 stloc.s V_29 br IL_00F6: ldloc.s V_29 call System.String Nn8iw4CjWf9n_M.6xaFjCd0/6Nemi5eY.tLo9Hj4ip0::Yb9kd5Kc() call System.Byte[] 0GykE.Rp1xb3tM::rw5JjWs48ps(System.String) stloc.s V_8 call System.Boolean System.Environment::get_UserInteractive() stloc.s V_9 ldc.i4 9250481 stloc.s V_10 call System.Drawing.Rectangle System.Windows.Forms.SystemInformation::get_VirtualScreen() stloc.s V_21 ldloca.s V_21 call System.Int32 System.Drawing.Rectangle::get_Width() stloc.s V_11 ldc.i4.1 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 ldloc.s V_8 castclass System.Byte[] ldloc.s V_10 call System.Byte[] Nn8iw4CjWf9n_M.6xaFjCd0::Xxc27dGp(System.Byte[],System.Int32) stloc.s V_12 ldloc.s V_7 ldloc.s V_6 ldc.i4.1 <null> sub.ovf <null> ldloc.s V_12 stelem.ref <null> ldc.i4.0 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 ldc.i4.0 <null> call System.Int64 System.GC::GetTotalMemory(System.Boolean) ldc.i4 104857600 conv.i8 <null> cgt <null> stloc.s V_13 call System.Drawing.Rectangle System.Windows.Forms.Cursor::get_Clip() stloc.s V_21 ldloca.s V_21 call System.Boolean System.Drawing.Rectangle::get_IsEmpty() stloc.s V_14 ldc.i4.6 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 ldtoken System.Reflection.Assembly call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) stloc.s V_15 ldloc.s V_15 nop <null> ldc.i4 397229238 ldnull <null> ldc.i4.1 <null> ldc.i4 223 call System.String 5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6/2LmdJx9ke.bn2Ps1Sq9J::Ggz18(System.Int32,5PabNep2.dd9PtJe8X1/5Ddbec3.1Awmat0S6/2LmdJx9ke.bn2Ps1Sq9J,System.Int32,System.Char) ldc.i4.1 <null> newarr System.Type dup <null> ldc.i4.0 <null> ldtoken System.Byte[] call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) stelem.ref <null> callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String,System.Type[]) stloc.s V_16 ldc.i4.2 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 ldloc.s V_16 ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldloc.s V_7 ldloc.s V_6 ldc.i4.1 <null> sub.ovf <null> ldelem.ref <null> stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_17 ldc.i4.s 9 stloc.s V_29 br IL_00F6: ldloc.s V_29 ldloc.s V_7 ldloc.s V_6 ldc.i4.6 <null> sub.ovf <null> ldloc.s V_17 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stelem.ref <null> ldloc.s V_7 ldloc.s V_6 call System.Void Nn8iw4CjWf9n_M.6xaFjCd0::tx0LXqa1(System.Object[],System.Int32) ldc.i4.5 <null> stloc.s V_29 br IL_00F6: ldloc.s V_29 nop <null> leave.s IL_02F1: br.s IL_02F3 br.s IL_02DF: br.s IL_02E1 br.s IL_02E1: dup dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_22 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02F1: br.s IL_02F3 br.s IL_02F3: ldc.i4.4 ldc.i4.4 <null> stloc.s V_31 ldloc.s V_31 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0313: nop nop <null> ret <null> ldtoken System.Void Qgn06Mepw3Wj.Wo8t5gpP::ae6YH1tygt8B() pop <null> ret <null>
9f2ed4ff8c2589bd63c1a5991750ea53 (962.56 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙