Suspicious
Suspect

af5864a3414f5437da8360e98387807f

PE Executable
|
MD5: af5864a3414f5437da8360e98387807f
|
Size: 452.61 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
af5864a3414f5437da8360e98387807f
Sha1
de232688fffcc9b5707be1a6c5600027683a8792
Sha256
044d8e41acb7ef6ad30c8e74f48044d7811d2d8110f088f281ebc697525b3b48
Sha384
5de9a9aa87939c53a2be356b25a28fbb7ba500860ef2692b80fc43e8d09fa700da24e8cd6a2cdfc86909961386d7e78f
Sha512
e161acf4571893f75c6b890a9098d9366b89fdb86335ccec690869d99ef8688b06d2921149c597ae84fe1318758a49c51feed3502ee9138c01ff8ed16379c548
SSDeep
6144:oRZ7dZocBd7UhOJws7WR0Sl88rlCe6VlWT8b90pcPa1/OZqb5pXQh8:W4cjcOJwSW88EPVle80cPsW25Qh8
TLSH
B1A4A30CFE91E805DE1E3D77CBE614004B7129C12E219286316A6FFD8BA63B758E657C

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
af5864a3414f5437da8360e98387807f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
rcfmgczwsqki
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

rjvkkwvjcvpo.exe
Full Name

rjvkkwvjcvpo.exe
EntryPoint

System.Void HHMIbdHF.hwmWQlUo::BirDeajI(System.String[])
Scope Name

rjvkkwvjcvpo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rjvkkwvjcvpo
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1181
Main Method

System.Void HHMIbdHF.hwmWQlUo::BirDeajI(System.String[])
Main IL Instruction Count

55
Main IL

ldc.i4 8694 stloc.0 <null> br IL_00BA: br IL_000B nop <null> ldloc.0 <null> ldc.i4 8704 ceq <null> brfalse IL_0024: nop call System.Void HHMIbdHF.hwmWQlUo::OCYkNTTVC() ldc.i4 8708 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8712 ceq <null> brfalse IL_003D: nop call System.Void HHMIbdHF.LtQmYgGG::wbAJgtxOkMkXgQ() ldc.i4 8718 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8708 ceq <null> brfalse IL_0092: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 18000000 ldc.r8 3000 div <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 8712 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8694 ceq <null> brfalse IL_00A7: nop nop <null> ldc.i4 8704 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8718 ceq <null> brfalse IL_00BA: br IL_000B br IL_00BF: ret br IL_000B: nop ret <null>
Module Name

rjvkkwvjcvpo.exe
Full Name

rjvkkwvjcvpo.exe
EntryPoint

System.Void HHMIbdHF.hwmWQlUo::BirDeajI(System.String[])
Scope Name

rjvkkwvjcvpo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rjvkkwvjcvpo
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1181
Main Method

System.Void HHMIbdHF.hwmWQlUo::BirDeajI(System.String[])
Main IL Instruction Count

55
Main IL

ldc.i4 8694 stloc.0 <null> br IL_00BA: br IL_000B nop <null> ldloc.0 <null> ldc.i4 8704 ceq <null> brfalse IL_0024: nop call System.Void HHMIbdHF.hwmWQlUo::OCYkNTTVC() ldc.i4 8708 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8712 ceq <null> brfalse IL_003D: nop call System.Void HHMIbdHF.LtQmYgGG::wbAJgtxOkMkXgQ() ldc.i4 8718 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8708 ceq <null> brfalse IL_0092: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 18000000 ldc.r8 3000 div <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 8712 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8694 ceq <null> brfalse IL_00A7: nop nop <null> ldc.i4 8704 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 8718 ceq <null> brfalse IL_00BA: br IL_000B br IL_00BF: ret br IL_000B: nop ret <null>
af5864a3414f5437da8360e98387807f (452.61 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙