Suspicious
Suspect

a761c9b7766d5de6a28ff8ea3c84479e

PE Executable
|
MD5: a761c9b7766d5de6a28ff8ea3c84479e
|
Size: 586.24 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a761c9b7766d5de6a28ff8ea3c84479e
Sha1
ac9a413b13d970d392d5b1d9e28b83d4c2367cbd
Sha256
2e01da6f0be5ed71ef108876758d6b5736e748c37fcc997126becb3349bb1092
Sha384
59665e99131a0e52b45eef15e2d8188594ae79bb48ae5ff34ed5da31228218aa55234ce7140d98611ec982ef67b83699
Sha512
578622ddae1528f5caace69900d1b86def48fdca554ab8d2875efa75a706cb8852be3da2af16b3283c78eb90c77edc19107432ef656d1b58e0ca314d7ff9e0b9
SSDeep
12288:IY/jQZcnDJTcCYb0U0UgoKUZQKvtk9j9D05/E8ualQzf7uQvRec:9/c+nD9U0vo92KWB9wZEDhSuRe
TLSH
A5C423D1FE2D8368DD89E27AEDD2E492579D8C4A43135BDCF8D102860FD239ADB72105

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a761c9b7766d5de6a28ff8ea3c84479e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Gnfynv.Properties.Resources.resources
Ltjwcxboyf
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Gnfynv.exe
Full Name

Gnfynv.exe
EntryPoint

System.Void Gnfynv.Wbhftjhpxa::Main()
Scope Name

Gnfynv.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gnfynv
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Gnfynv.Wbhftjhpxa::Main()
Main IL Instruction Count

76
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Gnfynv.Wbhftjhpxa::Bn9oEePJU() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 ldc.i4 2 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_ace8390e8c14413889fe4c7345347809 brtrue IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 3 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) br IL_0045: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 990 beq IL_0045: ldloc V_2 br IL_00A3: ldc.i4.0 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_3 ldc.i4 8 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_5ab9e55589954531878e7b6fdc05f5d8 brfalse IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 1 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_006D: ldloc.s V_0 br IL_010A: leave IL_0005 ldc.i4.0 <null> stloc.s V_1 br IL_00AB: br IL_0093 br IL_0093: ldloc.s V_1 ldc.i4 0 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_3add9ecc6c4e48d9a1bc6591c98d1353 brfalse IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 0 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0093: ldloc.s V_1 nop <null> ldloc.s V_3 ldstr W0gvt2mXC ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00F5: leave IL_00CF leave IL_00CF: ldloc.s V_1 pop <null> br IL_0100: leave IL_00CF leave IL_00CF: ldloc.s V_1 br IL_00CF: ldloc.s V_1 leave IL_0005: ret pop <null> br IL_0115: leave IL_0005 leave IL_0005: ret br IL_0005: ret
Module Name

Gnfynv.exe
Full Name

Gnfynv.exe
EntryPoint

System.Void Gnfynv.Wbhftjhpxa::Main()
Scope Name

Gnfynv.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gnfynv
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Gnfynv.Wbhftjhpxa::Main()
Main IL Instruction Count

76
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Gnfynv.Wbhftjhpxa::Bn9oEePJU() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 ldc.i4 2 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_ace8390e8c14413889fe4c7345347809 brtrue IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 3 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) br IL_0045: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 990 beq IL_0045: ldloc V_2 br IL_00A3: ldc.i4.0 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_3 ldc.i4 8 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_5ab9e55589954531878e7b6fdc05f5d8 brfalse IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 1 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_006D: ldloc.s V_0 br IL_010A: leave IL_0005 ldc.i4.0 <null> stloc.s V_1 br IL_00AB: br IL_0093 br IL_0093: ldloc.s V_1 ldc.i4 0 ldsfld <Module>{ba327917-c534-4a91-9190-c59f6c6fc607} <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_a15d47396271466daf006837f59f5f1d ldfld System.Int32 <Module>{ba327917-c534-4a91-9190-c59f6c6fc607}::m_3add9ecc6c4e48d9a1bc6591c98d1353 brfalse IL_0049: switch(IL_006D,IL_00DA,IL_00A3) pop <null> ldc.i4 0 br IL_0049: switch(IL_006D,IL_00DA,IL_00A3) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0093: ldloc.s V_1 nop <null> ldloc.s V_3 ldstr W0gvt2mXC ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00F5: leave IL_00CF leave IL_00CF: ldloc.s V_1 pop <null> br IL_0100: leave IL_00CF leave IL_00CF: ldloc.s V_1 br IL_00CF: ldloc.s V_1 leave IL_0005: ret pop <null> br IL_0115: leave IL_0005 leave IL_0005: ret br IL_0005: ret
a761c9b7766d5de6a28ff8ea3c84479e (586.24 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙