a879a1f4bbdfc268ef37b19efca5659e

PE Executable
|
MD5: a879a1f4bbdfc268ef37b19efca5659e
|
Size: 1.11 MB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	a879a1f4bbdfc268ef37b19efca5659e
Sha1	476e7fb6993052ac638de0938a39de714f2d1d61
Sha256	f09c3060707025a8f0676dfb0ec5ea56dcbe47977a3dc4bccdbfdde29dc2c827
Sha384	e5422ef4de4516bee976b53abd582dbe9a5a5a65e1e6b9976268e0ec1eadf93f570b237b0621ccbb197cc6baccf32186
Sha512	834960d23e86ed9ecc018f7427cda9cf0504f965aaab4ef26c2e075820e039e6504b411a8962bb7b0fec59082c9e87670cb74fead36dd9e44496a4268b001bdf
SSDeep	12288:427fNUv+ZLkFrwtCBmWR7IS92lm4wbuPUSXb0Er4zEHx6OTHvT:7fNrLIcUHIK4wbuPUSXCzEHx6OT
TLSH	3935F907BB878BB2C2645776CCB7040CD364E981373BDF5A798A237A58D3BBA5940127

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	Documents-saradeivid00999.exe
Full Name	Documents-saradeivid00999.exe
EntryPoint	System.Void HidSharp.Mapping.ParameterMapper::ConvertScopeMapper()
Scope Name	Documents-saradeivid00999.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Documents-saradeivid00999
Assembly Version	22504.418.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	753
Main Method	System.Void HidSharp.Mapping.ParameterMapper::ConvertScopeMapper()
Main IL Instruction Count	32
Main IL	ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0028: ret ret <null> ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Mapping.ParameterMapper/<>c::_CollectorStrategy dup <null> brfalse IL_0039: pop br IL_006F: call System.Void HidSharp.Mapping.ParameterMapper::MapAdjustableMapper(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{112798ab-e5c2-4e74-837a-2865b083e05c} <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_a96d02ea202d4512ada6596bc809094e ldfld System.Int32 <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_af36118894b249a6ad902f12ee0275cc brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 1 br IL_0012: switch(IL_0028,IL_0059,IL_0029) ldsfld HidSharp.Mapping.ParameterMapper/<>c HidSharp.Mapping.ParameterMapper/<>c::_EvaluatorResponder ldftn System.Void HidSharp.Mapping.ParameterMapper/<>c::EvaluateEditablePublisher(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Mapping.ParameterMapper/<>c::_CollectorStrategy call System.Void HidSharp.Mapping.ParameterMapper::MapAdjustableMapper(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{112798ab-e5c2-4e74-837a-2865b083e05c} <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_a96d02ea202d4512ada6596bc809094e ldfld System.Int32 <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_f15ae5d858494ba0bb8539fe5ccbd4a9 brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 0 br IL_0012: switch(IL_0028,IL_0059,IL_0029)
Module Name	Documents-saradeivid00999.exe
Full Name	Documents-saradeivid00999.exe
EntryPoint	System.Void HidSharp.Mapping.ParameterMapper::ConvertScopeMapper()
Scope Name	Documents-saradeivid00999.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Documents-saradeivid00999
Assembly Version	22504.418.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	753
Main Method	System.Void HidSharp.Mapping.ParameterMapper::ConvertScopeMapper()
Main IL Instruction Count	32
Main IL	ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0028: ret ret <null> ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Mapping.ParameterMapper/<>c::_CollectorStrategy dup <null> brfalse IL_0039: pop br IL_006F: call System.Void HidSharp.Mapping.ParameterMapper::MapAdjustableMapper(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{112798ab-e5c2-4e74-837a-2865b083e05c} <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_a96d02ea202d4512ada6596bc809094e ldfld System.Int32 <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_af36118894b249a6ad902f12ee0275cc brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 1 br IL_0012: switch(IL_0028,IL_0059,IL_0029) ldsfld HidSharp.Mapping.ParameterMapper/<>c HidSharp.Mapping.ParameterMapper/<>c::_EvaluatorResponder ldftn System.Void HidSharp.Mapping.ParameterMapper/<>c::EvaluateEditablePublisher(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Mapping.ParameterMapper/<>c::_CollectorStrategy call System.Void HidSharp.Mapping.ParameterMapper::MapAdjustableMapper(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{112798ab-e5c2-4e74-837a-2865b083e05c} <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_a96d02ea202d4512ada6596bc809094e ldfld System.Int32 <Module>{112798ab-e5c2-4e74-837a-2865b083e05c}::m_f15ae5d858494ba0bb8539fe5ccbd4a9 brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 0 br IL_0012: switch(IL_0028,IL_0059,IL_0029)

a879a1f4bbdfc268ef37b19efca5659e (1.11 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

a879a1f4bbdfc268ef37b19efca5659e

PE Executable | MD5: a879a1f4bbdfc268ef37b19efca5659e | Size: 1.11 MB | application/x-dosexec

PE Executable
|
MD5: a879a1f4bbdfc268ef37b19efca5659e
|
Size: 1.11 MB
|
application/x-dosexec