Suspicious

a6b26f4078dfe29c19c59095532e4cce

PE Executable
|
MD5: a6b26f4078dfe29c19c59095532e4cce
|
Size: 746.5 KB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	a6b26f4078dfe29c19c59095532e4cce
Sha1	7305d2bd2bec50f9e793846ed81f805af943cb04
Sha256	1fa3c4e703405564123cb7d433d69566075ae20b4ba894c91681b0f55b14c14d
Sha384	6acad7910c1f0f87bc88dce22c113ce0b3b0e84eee61e874eeae8d2bb84a9ca2950aab7feac3341971c337d2724b5802
Sha512	93511f7796ecb6219296b579f12d51aaade37e9ab63eba859458ff19306ec429a65e1c51cc38e30a640cab17d30fb849d2b8adfa4b5ea77ac9e72c4fd7c7ad01
SSDeep	12288:jAvkZQZVXQ1zes5oHXAtsRyLNtgYrGycf6zNILxpFCBODZ0UtHE2SGF9RJ21h:RahQUUBrGlf6eVwOiUZwGF9RJ2
TLSH	CBF412447399ED11E89D6BB056F1D3B503B4AF88E422E3078FCEBCE7B9263A11858355

File Structure

Informations

Name0	Value
Module Name	jSok.exe
Full Name	jSok.exe
EntryPoint	System.Void ComplexApp.Program::Main()
Scope Name	jSok.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	jSok
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	169
Main Method	System.Void ComplexApp.Program::Main()
Main IL Instruction Count	91
Main IL	nop <null> ldc.i4.0 <null> stloc.0 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_0023: ldloc.2 nop <null> ldloc.0 <null> ldloc.2 <null> conv.r8 <null> ldc.r8 2 call System.Double System.Math::Pow(System.Double,System.Double) conv.i4 <null> ldc.i4.3 <null> rem <null> add <null> stloc.0 <null> nop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.s 10 clt <null> stloc.3 <null> ldloc.3 <null> brtrue.s IL_0007: nop ldloc.0 <null> ldc.i4.5 <null> cgt <null> stloc.s V_4 ldloc.s V_4 brfalse.s IL_0044: nop nop <null> ldloc.0 <null> ldc.i4.2 <null> mul <null> ldc.i4.7 <null> sub <null> ldloc.0 <null> ldc.i4.3 <null> div <null> add <null> stloc.0 <null> nop <null> br.s IL_004F: ldloca.s calculationResult nop <null> ldloc.0 <null> ldc.i4.s 42 add <null> ldloc.0 <null> ldc.i4.5 <null> rem <null> sub <null> stloc.0 <null> nop <null> ldloca.s calculationResult call System.String System.Int32::ToString() stloc.1 <null> ldloc.1 <null> callvirt System.Int32 System.String::get_Length() ldc.i4.1 <null> ble.s IL_006D: ldc.i4.0 ldloc.1 <null> ldc.i4.0 <null> callvirt System.Char System.String::get_Chars(System.Int32) ldc.i4.s 49 ceq <null> br.s IL_006E: stloc.s V_5 ldc.i4.0 <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0081: call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldloc.1 <null> ldc.i4.s 49 ldc.i4.s 57 callvirt System.String System.String::Replace(System.Char,System.Char) stloc.1 <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> ldloc.1 <null> newobj System.Void ComplexApp.Form1::.ctor(System.String) call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>

Artefacts

a6b26f4078dfe29c19c59095532e4cce (746.5 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
PDB Path	jSok.pdb	a6b26f4078dfe29c19c59095532e4cce

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙