a1b6105739c58073918d3f559ff88a96
PE Executable | MD5: a1b6105739c58073918d3f559ff88a96 | Size: 585.22 KB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | a1b6105739c58073918d3f559ff88a96
|
| Sha1 | 04defa51c107053f482d3ba0b6fc9d73e5226537
|
| Sha256 | a39b7ded7c3df0fee89b50673407cafae85883839977b7fd2cf0ad1339afe2f7
|
| Sha384 | b4b853a995778ad944ae56295093bd1b305e7dc2cef40ab5fc927c5e82e7ef318e4fa9572ce9f1ba8241cf12368659b9
|
| Sha512 | 2af98395a4720a3b3b61f447d466bfd7909e0116e8e39515303d20dd6748afd826df564977b8cf35c31695c705196848b16a2332e7d1ec04a5c4468e804cb280
|
| SSDeep | 12288:uNs2fN4jAVC9K+v1/9JTaBT8EjJ5liIdfGAKBPwQ04QSU8Y:Cs2FyE+2BQQ+PwQWSfY
|
| TLSH | 6FC4230D76292725D1FF9A3B80DEA2420BB251F9A08E0B59741B174E3B92A57DF037D3
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Gdcsrlpz.exe |
| Full Name | Gdcsrlpz.exe |
| EntryPoint | System.Void Gdcsrlpz.Fqnacaltu::Main() |
| Scope Name | Gdcsrlpz.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Gdcsrlpz |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 5 |
| Main Method | System.Void Gdcsrlpz.Fqnacaltu::Main() |
| Main IL Instruction Count | 71 |
| Main IL | br IL_0006: nop ret <null> nop <null> call System.Byte[] Gdcsrlpz.Fqnacaltu::jQ7HPtt3q() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 br IL_0053: ldc.i4.0 br IL_002B: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_002B: ldloc V_3 br IL_00EA: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 ldc.i4 1 ldsfld <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342} <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_df602d444eda428f90fb58f3d143a1c8 ldfld System.Int32 <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_eb129cd6183a4684892e889d4c1d13cc brtrue IL_002F: switch(IL_0075,IL_00BA,IL_00EA) pop <null> ldc.i4 1 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) nop <null> ldloc.s V_2 ldstr GAaiaPVbB ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0090: leave IL_00EA leave IL_00EA: ldloc.s V_1 pop <null> br IL_009B: leave IL_00EA leave IL_00EA: ldloc.s V_1 ldc.i4 2 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_00C4: ldloc.s V_0 br IL_00F5: leave IL_0005 br IL_00AA: ldloc.s V_1 br IL_00C4: ldloc.s V_0 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 2 ldsfld <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342} <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_df602d444eda428f90fb58f3d143a1c8 ldfld System.Int32 <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_75dd7a05b000488ebf7c8d910c07381c brtrue IL_002F: switch(IL_0075,IL_00BA,IL_00EA) pop <null> ldc.i4 0 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00AA: ldloc.s V_1 leave IL_0005: ret pop <null> br IL_0100: leave IL_0005 leave IL_0005: ret br IL_0005: ret |
| Module Name | Gdcsrlpz.exe |
| Full Name | Gdcsrlpz.exe |
| EntryPoint | System.Void Gdcsrlpz.Fqnacaltu::Main() |
| Scope Name | Gdcsrlpz.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Gdcsrlpz |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 5 |
| Main Method | System.Void Gdcsrlpz.Fqnacaltu::Main() |
| Main IL Instruction Count | 71 |
| Main IL | br IL_0006: nop ret <null> nop <null> call System.Byte[] Gdcsrlpz.Fqnacaltu::jQ7HPtt3q() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 br IL_0053: ldc.i4.0 br IL_002B: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_002B: ldloc V_3 br IL_00EA: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 ldc.i4 1 ldsfld <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342} <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_df602d444eda428f90fb58f3d143a1c8 ldfld System.Int32 <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_eb129cd6183a4684892e889d4c1d13cc brtrue IL_002F: switch(IL_0075,IL_00BA,IL_00EA) pop <null> ldc.i4 1 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) nop <null> ldloc.s V_2 ldstr GAaiaPVbB ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0090: leave IL_00EA leave IL_00EA: ldloc.s V_1 pop <null> br IL_009B: leave IL_00EA leave IL_00EA: ldloc.s V_1 ldc.i4 2 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_00C4: ldloc.s V_0 br IL_00F5: leave IL_0005 br IL_00AA: ldloc.s V_1 br IL_00C4: ldloc.s V_0 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 2 ldsfld <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342} <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_df602d444eda428f90fb58f3d143a1c8 ldfld System.Int32 <Module>{a767db68-df9d-4172-9ce7-e4e3fec59342}::m_75dd7a05b000488ebf7c8d910c07381c brtrue IL_002F: switch(IL_0075,IL_00BA,IL_00EA) pop <null> ldc.i4 0 br IL_002F: switch(IL_0075,IL_00BA,IL_00EA) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00AA: ldloc.s V_1 leave IL_0005: ret pop <null> br IL_0100: leave IL_0005 leave IL_0005: ret br IL_0005: ret |