Suspicious
Suspect

a06af79760ce1677eb8549bfb6a2d190

PE Executable
|
MD5: a06af79760ce1677eb8549bfb6a2d190
|
Size: 478.72 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a06af79760ce1677eb8549bfb6a2d190
Sha1
bfb462f98e256e0532f97fcdefad18009427ca36
Sha256
c23029f315f2d0063ffaef0cb651cfcf8e39bd4f9d77aefb6a5866d73bf096db
Sha384
3ad15770cceb4a0bc7aecc5c207d9359f71dc0588e5b5743f3c2489de24de6ba270143f5df836427298b40103f8d570d
Sha512
c66ab1d94beb5e8c51b464f131d2e9caf7728f9f9af4db0d9c6fbcd2be14d6b61d8b3dc4d9f80d5d19e17bded64c7d54185c14f6ed74d235e902b779cebe1c70
SSDeep
6144:RmFJVUH/x2qize6VlWT8b9MkKmdIwQbe/j:QDWdKPVle8CEqwn
TLSH
5CA4830CBE41E404CDDA2F33BAE610348B715DC13E21B246E599BEF94B763665CA25BC

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a06af79760ce1677eb8549bfb6a2d190
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
nwcivfxtxtep
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Neverlose.exe
Full Name

Neverlose.exe
EntryPoint

System.Void lbPdYPWw.KKUviPJLmoyUOO::IXwAWIblxhacZ(System.String[])
Scope Name

Neverlose.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Neverlose
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

741
Main Method

System.Void lbPdYPWw.KKUviPJLmoyUOO::IXwAWIblxhacZ(System.String[])
Main IL Instruction Count

56
Main IL

ldc.r8 411 stloc.0 <null> br IL_00E7: br IL_000F nop <null> ldloc.0 <null> ldc.r8 432 ceq <null> brfalse IL_0071: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 3000 ldc.r8 3000 call System.Double System.Math::Truncate(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 435 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 426 ceq <null> brfalse IL_0092: nop call System.Void lbPdYPWw.KKUviPJLmoyUOO::SxcnTldnOyUW() ldc.r8 432 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 435 ceq <null> brfalse IL_00B3: nop call System.Void BclBfRZb.JPhCJQDEvkRA::RbsMyRVkcf() ldc.r8 442 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 411 ceq <null> brfalse IL_00D0: nop nop <null> ldc.r8 426 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 442 ceq <null> brfalse IL_00E7: br IL_000F br IL_00EC: ret br IL_000F: nop ret <null>
Module Name

Neverlose.exe
Full Name

Neverlose.exe
EntryPoint

System.Void lbPdYPWw.KKUviPJLmoyUOO::IXwAWIblxhacZ(System.String[])
Scope Name

Neverlose.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Neverlose
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

741
Main Method

System.Void lbPdYPWw.KKUviPJLmoyUOO::IXwAWIblxhacZ(System.String[])
Main IL Instruction Count

56
Main IL

ldc.r8 411 stloc.0 <null> br IL_00E7: br IL_000F nop <null> ldloc.0 <null> ldc.r8 432 ceq <null> brfalse IL_0071: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 3000 ldc.r8 3000 call System.Double System.Math::Truncate(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 435 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 426 ceq <null> brfalse IL_0092: nop call System.Void lbPdYPWw.KKUviPJLmoyUOO::SxcnTldnOyUW() ldc.r8 432 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 435 ceq <null> brfalse IL_00B3: nop call System.Void BclBfRZb.JPhCJQDEvkRA::RbsMyRVkcf() ldc.r8 442 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 411 ceq <null> brfalse IL_00D0: nop nop <null> ldc.r8 426 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 442 ceq <null> brfalse IL_00E7: br IL_000F br IL_00EC: ret br IL_000F: nop ret <null>
a06af79760ce1677eb8549bfb6a2d190 (478.72 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙