Suspicious
Suspect

aea96bc105fcef5648285bc411c941f7

PE Executable
|
MD5: aea96bc105fcef5648285bc411c941f7
|
Size: 585.22 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
aea96bc105fcef5648285bc411c941f7
Sha1
55ddfcb63767ff2de05c933988a4cdb60d2814ef
Sha256
b8b0ad8a53f895ddb4318ac285b8d0c45d7301e4205ccbbace41913989ea2cc1
Sha384
2222d88fe4fa7974765f26637ea8d2edab72630d3be68d715572cf23f963f0377a4fea32dd002a046819fec2c93fc608
Sha512
12a919f8fa0490d451ad31e675b6baa2caefc46e29ff2fc9bbd75163899329bb2aa4453b49aa9a2b1ac18346f64a3db606225ba7facbaa3d2bbeb0961cba4e6d
SSDeep
12288:hWIgxu2/6HFCjN18broalgsJw8HP8shrsg7uS67D+P/12MYst:s9P6K8b2sBHEgrBKy1FY2
TLSH
93C42306612D68A1E1923EBF51F6F6491A8C16C6659BE307330E612008877BFF975E3B

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
aea96bc105fcef5648285bc411c941f7
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pbwihvl.Properties.Resources.resources
Nerqflo
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Pbwihvl.exe
Full Name

Pbwihvl.exe
EntryPoint

System.Void Pbwihvl.Jsafu::Main()
Scope Name

Pbwihvl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pbwihvl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Pbwihvl.Jsafu::Main()
Main IL Instruction Count

76
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Pbwihvl.Jsafu::aZHCRmdM0() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 br IL_005F: ldc.i4.0 br IL_002B: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_002B: ldloc V_3 br IL_0081: ldloc.s V_1 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_0091: nop ldc.i4.0 <null> stloc.s V_1 ldc.i4 1 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_b418a4e57ac94691a6270b9bcf11afb2 brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 8 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_0053: ldloc.s V_0 br IL_010A: leave IL_0005 nop <null> ldloc.s V_2 ldstr JjrVUS95B ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00AC: leave IL_00DB leave IL_00DB: ldloc.s V_1 pop <null> br IL_00B7: leave IL_00DB leave IL_00DB: ldloc.s V_1 ldc.i4 2 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_0481beff732e40778e62d626259e000d brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 1 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 ldc.i4 0 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_1907163b6b4c425b9328946e8d0d6508 brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 4 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) br IL_0081: ldloc.s V_1 br IL_0053: ldloc.s V_0 leave IL_0005: ret pop <null> br IL_0115: leave IL_0005 leave IL_0005: ret br IL_0005: ret
Module Name

Pbwihvl.exe
Full Name

Pbwihvl.exe
EntryPoint

System.Void Pbwihvl.Jsafu::Main()
Scope Name

Pbwihvl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pbwihvl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Pbwihvl.Jsafu::Main()
Main IL Instruction Count

76
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Pbwihvl.Jsafu::aZHCRmdM0() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 br IL_005F: ldc.i4.0 br IL_002B: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_002B: ldloc V_3 br IL_0081: ldloc.s V_1 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_0091: nop ldc.i4.0 <null> stloc.s V_1 ldc.i4 1 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_b418a4e57ac94691a6270b9bcf11afb2 brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 8 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_0053: ldloc.s V_0 br IL_010A: leave IL_0005 nop <null> ldloc.s V_2 ldstr JjrVUS95B ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00AC: leave IL_00DB leave IL_00DB: ldloc.s V_1 pop <null> br IL_00B7: leave IL_00DB leave IL_00DB: ldloc.s V_1 ldc.i4 2 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_0481beff732e40778e62d626259e000d brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 1 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 ldc.i4 0 ldsfld <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea} <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_18be536cde0b4ca4b4150453b52e7e7c ldfld System.Int32 <Module>{7a534184-187e-43dd-98be-63aaa3a9c6ea}::m_1907163b6b4c425b9328946e8d0d6508 brfalse IL_002F: switch(IL_0081,IL_0100,IL_00DB) pop <null> ldc.i4 4 br IL_002F: switch(IL_0081,IL_0100,IL_00DB) br IL_0081: ldloc.s V_1 br IL_0053: ldloc.s V_0 leave IL_0005: ret pop <null> br IL_0115: leave IL_0005 leave IL_0005: ret br IL_0005: ret
aea96bc105fcef5648285bc411c941f7 (585.22 KB)
File Structure
aea96bc105fcef5648285bc411c941f7
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pbwihvl.Properties.Resources.resources
Nerqflo
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙