Suspicious
Suspect

a2fba1097db19606fc951e281e24bdf5

PE Executable
|
MD5: a2fba1097db19606fc951e281e24bdf5
|
Size: 1.46 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a2fba1097db19606fc951e281e24bdf5
Sha1
9413c4c1bed17988f02c17100d955a1b5b20238c
Sha256
0f8052863203f2ca4e22cddbb5b6df34f24f4405d5e8ee2baacb0179dfa22b79
Sha384
2026804ea42ef09b77fea4b02c11bed87b6f60892c81c3268a31e7113beb1f9457c6316b79be57d3b888e46ba8729633
Sha512
5918dad90c94ef75002467aa4b2430af1f71c16b644752b0169b27e7953bf04a845bc749f1921d0c92f693e5656ab9c6bc432c31b77a4750be1e0f61aa63c0ff
SSDeep
24576:ygHT4qnaH0P2l/daes9S7udmzd3LXvlNnUjjr/EHWRCK/GbYj:9w5l/nss7udmZbX9NnUjjIHZRa
TLSH
6965F12D27C6A798E07EE7B8D7F4016847F0F61B86A1E31F795921FDEA12B425409323

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a2fba1097db19606fc951e281e24bdf5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
9KypAn6.g.resources
9KypAn6.Resources.resources
166625950e1c62.Resources.resources
547ea2ae0
[NBF]root.Data
547ea2ae1
[NBF]root.Data
547ea2ae10
[NBF]root.Data
547ea2ae11
[NBF]root.Data
547ea2ae12
[NBF]root.Data
547ea2ae13
[NBF]root.Data
547ea2ae14
[NBF]root.Data
547ea2ae15
[NBF]root.Data
547ea2ae16
[NBF]root.Data
547ea2ae17
[NBF]root.Data
547ea2ae18
[NBF]root.Data
547ea2ae19
[NBF]root.Data
547ea2ae2
[NBF]root.Data
547ea2ae20
[NBF]root.Data
547ea2ae21
[NBF]root.Data
547ea2ae22
[NBF]root.Data
547ea2ae23
[NBF]root.Data
547ea2ae24
[NBF]root.Data
547ea2ae25
[NBF]root.Data
547ea2ae26
[NBF]root.Data
547ea2ae27
[NBF]root.Data
547ea2ae28
[NBF]root.Data
547ea2ae29
[NBF]root.Data
547ea2ae3
[NBF]root.Data
547ea2ae30
[NBF]root.Data
547ea2ae31
[NBF]root.Data
547ea2ae32
[NBF]root.Data
547ea2ae33
[NBF]root.Data
547ea2ae34
[NBF]root.Data
547ea2ae35
[NBF]root.Data
547ea2ae36
[NBF]root.Data
547ea2ae37
[NBF]root.Data
547ea2ae38
[NBF]root.Data
547ea2ae39
[NBF]root.Data
547ea2ae4
[NBF]root.Data
547ea2ae40
[NBF]root.Data
547ea2ae41
[NBF]root.Data
547ea2ae42
[NBF]root.Data
547ea2ae5
[NBF]root.Data
547ea2ae6
[NBF]root.Data
547ea2ae7
[NBF]root.Data
547ea2ae8
[NBF]root.Data
547ea2ae9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

9KypAn6
Full Name

9KypAn6
EntryPoint

System.Void 9KypAn6.ro7Gg/3Qpen1Go7w.ar6C0Kdo::1crHZq0f()
Scope Name

9KypAn6
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

9KypAn6
Assembly Version

19.16.46.252
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1038
Main Method

System.Void 9KypAn6.ro7Gg/3Qpen1Go7w.ar6C0Kdo::1crHZq0f()
Main IL Instruction Count

97
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> ldc.r8 0 stloc.0 <null> ldc.i4.0 <null> stloc.s V_5 ldloc.0 <null> ldloc.s V_5 conv.r8 <null> ldc.r8 0.01 mul <null> call System.Double System.Math::Sin(System.Double) ldloc.s V_5 conv.r8 <null> ldc.r8 0.015 mul <null> call System.Double System.Math::Cos(System.Double) mul <null> add <null> stloc.0 <null> ldloc.s V_5 ldc.i4.1 <null> add.ovf <null> stloc.s V_5 ldloc.s V_5 ldc.i4 5000 ble.s IL_001C: ldloc.0 ldstr FacilityBook Pro stloc.1 <null> ldc.i4 214 stloc.2 <null> ldloc.2 <null> call System.Object 9KypAn6.Keb75jMi::Lf8t4wiGZn5pbW(System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.3 <null> ldloc.3 <null> castclass System.Byte[] call System.Void 9KypAn6.jRf2t6ZeXw3s/iPa3K7z.Kdx5zY7mjgP39::sGb3Rr6b(System.Byte[]) nop <null> ldloc.1 <null> call System.Boolean System.Diagnostics.EventLog::SourceExists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0093: nop ldloc.1 <null> ldstr Application call System.Void System.Diagnostics.EventLog::CreateEventSource(System.String,System.String) nop <null> nop <null> nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_4 ldloc.s V_4 ldloc.1 <null> callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) nop <null> ldloc.s V_4 ldstr Service started: initializing compliance module. ldc.i4.4 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_0101: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 nop <null> nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_8 ldloc.s V_8 ldstr FacilityBook Pro callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) nop <null> ldloc.s V_8 ldstr Compliance module error (non-critical). ldc.i4.2 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_00F9: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00F9: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0101: nop nop <null> ret <null>
Module Name

9KypAn6
Full Name

9KypAn6
EntryPoint

System.Void 9KypAn6.ro7Gg/3Qpen1Go7w.ar6C0Kdo::1crHZq0f()
Scope Name

9KypAn6
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

9KypAn6
Assembly Version

19.16.46.252
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1038
Main Method

System.Void 9KypAn6.ro7Gg/3Qpen1Go7w.ar6C0Kdo::1crHZq0f()
Main IL Instruction Count

97
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> ldc.r8 0 stloc.0 <null> ldc.i4.0 <null> stloc.s V_5 ldloc.0 <null> ldloc.s V_5 conv.r8 <null> ldc.r8 0.01 mul <null> call System.Double System.Math::Sin(System.Double) ldloc.s V_5 conv.r8 <null> ldc.r8 0.015 mul <null> call System.Double System.Math::Cos(System.Double) mul <null> add <null> stloc.0 <null> ldloc.s V_5 ldc.i4.1 <null> add.ovf <null> stloc.s V_5 ldloc.s V_5 ldc.i4 5000 ble.s IL_001C: ldloc.0 ldstr FacilityBook Pro stloc.1 <null> ldc.i4 214 stloc.2 <null> ldloc.2 <null> call System.Object 9KypAn6.Keb75jMi::Lf8t4wiGZn5pbW(System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.3 <null> ldloc.3 <null> castclass System.Byte[] call System.Void 9KypAn6.jRf2t6ZeXw3s/iPa3K7z.Kdx5zY7mjgP39::sGb3Rr6b(System.Byte[]) nop <null> ldloc.1 <null> call System.Boolean System.Diagnostics.EventLog::SourceExists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brfalse.s IL_0093: nop ldloc.1 <null> ldstr Application call System.Void System.Diagnostics.EventLog::CreateEventSource(System.String,System.String) nop <null> nop <null> nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_4 ldloc.s V_4 ldloc.1 <null> callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) nop <null> ldloc.s V_4 ldstr Service started: initializing compliance module. ldc.i4.4 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_0101: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 nop <null> nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_8 ldloc.s V_8 ldstr FacilityBook Pro callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) nop <null> ldloc.s V_8 ldstr Compliance module error (non-critical). ldc.i4.2 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_00F9: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00F9: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0101: nop nop <null> ret <null>
a2fba1097db19606fc951e281e24bdf5 (1.46 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙