Suspicious
Suspect

a28e53f4c28d651275400342368bea7e

PE Executable
|
MD5: a28e53f4c28d651275400342368bea7e
|
Size: 1.85 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
a28e53f4c28d651275400342368bea7e
Sha1
edb263e94446397edd1c5450567a5d03405e1582
Sha256
4d2c089e16f83ff8b02cd60907278e5651b158595d6556d48847b4a184fded9c
Sha384
16a30950f788f702d2bb7b8c9f6fe7f9786a615866178cfe8d4f8127f0474eac4d55437e103431255829037ff5584450
Sha512
e0e827e888a347066b05da3106c6841a9a4177ea1775fa6c2536435d68011d2ef0985e6425195c314831e741adbf11eb0a3afe18d4ec9302002350647e8ce157
SSDeep
49152:d3do8dS3S2ZDrS71rE6gS1A2cOPrSTqS:dFAjZDr+1rE6F8OjSX
TLSH
188533A4B853D685C772AFBFABAB9CC7234007C30726D48BE31B21EF9892585C95D15C

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a28e53f4c28d651275400342368bea7e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Informations
Name
 Value
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr Px4Rw514Fqb1rXXh8oUthQ== ldstr KQYWH/CTT6t3Wl1W1xOJX4sYrYrBRqIndk3fLIDI7As= ldstr u3mGxubi9EdJXc3k9SMoLg== call System.String 讻஘뫃ྻﳻ栤騭땞旞䋁::萭Ⴞ퀺皍윕賄㧙볝颖(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr Px4Rw514Fqb1rXXh8oUthQ== ldstr KQYWH/CTT6t3Wl1W1xOJX4sYrYrBRqIndk3fLIDI7As= ldstr u3mGxubi9EdJXc3k9SMoLg== call System.String 讻஘뫃ྻﳻ栤騭땞旞䋁::萭Ⴞ퀺皍윕賄㧙볝颖(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
a28e53f4c28d651275400342368bea7e (1.85 MB)
File Structure
a28e53f4c28d651275400342368bea7e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙