Suspicious
Suspect

b33f727e8e014964d296d911348e7bf8

PE Executable
|
MD5: b33f727e8e014964d296d911348e7bf8
|
Size: 1.01 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
b33f727e8e014964d296d911348e7bf8
Sha1
15cbed03d85d3f975abef5d2a3babf6d2772c26f
Sha256
b0d42bf65e480d232fa60d58d47eeaabf7b5a7d58c869185139a180f5cb4d920
Sha384
71c4d505216d2a10190d33b213e86edf59ae4c3806b5904e43ca34f80c5e01ce17e67639707097d91b165977a5266bc4
Sha512
418a09703e95bb243a374dcf6b49ed2f28d3a9954e65593bc34c8144dfd610de5fabbd9972baa82d85aa5801c8df5bddca9e1d6231ee1c55b58f4757fa2f7016
SSDeep
24576:8or8r76t4CllVkoav+HJ/oyfJuz0zy+3xVks:G6t4Cn2+VoycSyH
TLSH
D825F0119E8B6B98E53B0FB8C093004473F0D547D3A6D7AF6FED14FA29A2B48D923561

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b33f727e8e014964d296d911348e7bf8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
zWg6jb7.Resources.resources
zWg6jb7.g.resources
61e2d8164d9e2f.Resources.resources
a7dd4e4e0
[NBF]root.Data
a7dd4e4e1
[NBF]root.Data
a7dd4e4e10
[NBF]root.Data
a7dd4e4e11
[NBF]root.Data
a7dd4e4e12
[NBF]root.Data
a7dd4e4e13
[NBF]root.Data
a7dd4e4e14
[NBF]root.Data
a7dd4e4e15
[NBF]root.Data
a7dd4e4e16
[NBF]root.Data
a7dd4e4e17
[NBF]root.Data
a7dd4e4e18
[NBF]root.Data
a7dd4e4e19
[NBF]root.Data
a7dd4e4e2
[NBF]root.Data
a7dd4e4e20
[NBF]root.Data
a7dd4e4e21
[NBF]root.Data
a7dd4e4e22
[NBF]root.Data
a7dd4e4e23
[NBF]root.Data
a7dd4e4e24
[NBF]root.Data
a7dd4e4e3
[NBF]root.Data
a7dd4e4e4
[NBF]root.Data
a7dd4e4e5
[NBF]root.Data
a7dd4e4e6
[NBF]root.Data
a7dd4e4e7
[NBF]root.Data
a7dd4e4e8
[NBF]root.Data
a7dd4e4e9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

zWg6jb7
Full Name

zWg6jb7
EntryPoint

System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism()
Scope Name

zWg6jb7
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

zWg6jb7
Assembly Version

12.9.35.182
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism()
Main IL Instruction Count

236
Main IL

ldsfld System.Byte[] X_z1p0pJHg2f3.8TspaqC::1Eg_t9aT8y stloc.s V_20 ldc.i4.2 <null> stloc.s V_19 ldloc.s V_19 switch dnlib.DotNet.Emit.Instruction[] nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.1 <null> ldc.i4.s 25 stloc.2 <null> ldc.i4 826790 box System.Int32 stloc.3 <null> ldsfld System.String Ftd5q8Ye.5TcnMt3::4iwHEd8x stloc.s V_4 ldc.i4.3 <null> stloc.s V_19 br.s IL_000A: ldloc.s V_19 ldloc.s V_4 call System.String Ftd5q8Ye.5TcnMt3::7QokcbX5G2qkt(System.String) stloc.s V_5 ldloc.s V_5 call System.Byte[] sDq0zd8C2kSpp.rGj47kyDFz::0Aybm(System.String) ldloc.3 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Conversions::ToInteger(System.Object) call System.Object sDq0zd8C2kSpp.rGj47kyDFz/1wyBZd3b0CdbDr.0RiqsjM::Cit14Dsfpd7JTk(System.Byte[],System.Int32) ldnull <null> nop <null> ldnull <null> ldc.i4 486015274 ldc.i4.1 <null> call System.String Byo9n6.Ed8i5zeJ::tTx29z(Byo9n6.Ed8i5zeJ,System.Int32,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_6 ldc.i4.s 9 stloc.s V_19 br IL_000A: ldloc.s V_19 ldc.i4.3 <null> stloc.s V_7 ldc.i4.7 <null> stloc.0 <null> nop <null> ldloc.s V_7 ldc.i4.3 <null> beq.s IL_00BC: ldloc.s V_20 ldc.i4.6 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldloc.s V_20 ldc.i4 179 ldelem.u1 <null> ldc.i4.s 80 sub <null> br.s IL_00B5: stloc.s V_19 ldc.i4.s 10 stloc.s V_19 br IL_000A: ldloc.s V_19 nop <null> ldloc.s V_6 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_8 ldc.i4.s 10 stloc.s V_19 br IL_000A: ldloc.s V_19 nop <null> ldc.i4.s 9 stloc.0 <null> ldsfld System.String 4fxZwS3sJme.9EexDp6t0pe/4CypfdP6.eo8AeJt42cj/8pbRyA0eP.Ymj08eTiZzz::ia4CXek59Nkp nop <null> ldnull <null> ldc.i4 486015281 ldc.i4.0 <null> call System.String Byo9n6.Ed8i5zeJ::tTx29z(Byo9n6.Ed8i5zeJ,System.Int32,System.Int32) nop <null> ldc.i4.8 <null> ldnull <null> ldc.i4 1469273161 call System.String Byo9n6.Ed8i5zeJ::bXe35yg(System.Int32,System.Reflection.Assembly,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) stloc.s V_9 ldc.i4.1 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldtoken System.Reflection.Assembly call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Reflection.MethodInfo[] System.Type::GetMethods() stloc.s V_10 ldc.i4.0 <null> stloc.s V_11 ldloc.s V_10 stloc.s V_12 ldc.i4.0 <null> stloc.s V_13 br IL_027E: ldloc.s V_13 ldloc.s V_12 ldloc.s V_13 ldelem.ref <null> stloc.s V_14 ldloc.s V_14 callvirt System.String System.Reflection.MemberInfo::get_Name() ldloc.s V_9 ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> ceq <null> stloc.s V_15 ldc.i4.8 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldloc.s V_15 brfalse IL_0271: nop br.s IL_0163: ldc.i4.0 ldc.i4.0 <null> stloc.s V_22 ldloc.s V_22 switch dnlib.DotNet.Emit.Instruction[] br.s IL_018B: nop nop <null> ldloc.s V_14 ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_16 ldc.i4.3 <null> stloc.s V_22 br.s IL_0166: ldloc.s V_22 ldloc.s V_16 ldnull <null> nop <null> ldc.i4.1 <null> ldnull <null> ldc.i4 1469275566 call System.String Byo9n6.Ed8i5zeJ::bXe35yg(System.Int32,System.Reflection.Assembly,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.s 25 box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) ldnull <null> nop <null> ldc.i4.2 <null> ldc.i4 893960293 ldc.i4.0 <null> call System.String dw7DcMa5e_1RgF.Yz2bfyF7A4::Et6f0_cMx1(System.Int32,System.Int32,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.0 <null> box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::Jti3xZ(System.Object) pop <null> ldc.i4.5 <null> stloc.s V_22 br IL_0166: ldloc.s V_22 ldc.i4.1 <null> stloc.s V_11 leave IL_0294: ldc.i4.4 br.s IL_022D: br.s IL_022F br.s IL_022F: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_023C: br.s IL_023E br.s IL_023E: ldc.i4.0 ldc.i4.0 <null> stloc.s V_24 ldloc.s V_24 switch dnlib.DotNet.Emit.Instruction[] br.s IL_026A: nop nop <null> nop <null> ldc.i4.6 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 nop <null> nop <null> ldloc.s V_13 ldc.i4.1 <null> add.ovf <null> stloc.s V_13 ldc.i4.7 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 ldloc.s V_13 ldloc.s V_12 ldlen <null> conv.i4 <null> clt <null> stloc.s V_17 ldloc.s V_17 brtrue IL_0137: ldloc.s V_12 ldc.i4.1 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 ldc.i4.4 <null> stloc.0 <null> ldc.i4.4 <null> stloc.0 <null> ret <null> ldtoken System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism() pop <null> ret <null>
Module Name

zWg6jb7
Full Name

zWg6jb7
EntryPoint

System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism()
Scope Name

zWg6jb7
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

zWg6jb7
Assembly Version

12.9.35.182
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism()
Main IL Instruction Count

236
Main IL

ldsfld System.Byte[] X_z1p0pJHg2f3.8TspaqC::1Eg_t9aT8y stloc.s V_20 ldc.i4.2 <null> stloc.s V_19 ldloc.s V_19 switch dnlib.DotNet.Emit.Instruction[] nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.1 <null> ldc.i4.s 25 stloc.2 <null> ldc.i4 826790 box System.Int32 stloc.3 <null> ldsfld System.String Ftd5q8Ye.5TcnMt3::4iwHEd8x stloc.s V_4 ldc.i4.3 <null> stloc.s V_19 br.s IL_000A: ldloc.s V_19 ldloc.s V_4 call System.String Ftd5q8Ye.5TcnMt3::7QokcbX5G2qkt(System.String) stloc.s V_5 ldloc.s V_5 call System.Byte[] sDq0zd8C2kSpp.rGj47kyDFz::0Aybm(System.String) ldloc.3 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Conversions::ToInteger(System.Object) call System.Object sDq0zd8C2kSpp.rGj47kyDFz/1wyBZd3b0CdbDr.0RiqsjM::Cit14Dsfpd7JTk(System.Byte[],System.Int32) ldnull <null> nop <null> ldnull <null> ldc.i4 486015274 ldc.i4.1 <null> call System.String Byo9n6.Ed8i5zeJ::tTx29z(Byo9n6.Ed8i5zeJ,System.Int32,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_6 ldc.i4.s 9 stloc.s V_19 br IL_000A: ldloc.s V_19 ldc.i4.3 <null> stloc.s V_7 ldc.i4.7 <null> stloc.0 <null> nop <null> ldloc.s V_7 ldc.i4.3 <null> beq.s IL_00BC: ldloc.s V_20 ldc.i4.6 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldloc.s V_20 ldc.i4 179 ldelem.u1 <null> ldc.i4.s 80 sub <null> br.s IL_00B5: stloc.s V_19 ldc.i4.s 10 stloc.s V_19 br IL_000A: ldloc.s V_19 nop <null> ldloc.s V_6 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_8 ldc.i4.s 10 stloc.s V_19 br IL_000A: ldloc.s V_19 nop <null> ldc.i4.s 9 stloc.0 <null> ldsfld System.String 4fxZwS3sJme.9EexDp6t0pe/4CypfdP6.eo8AeJt42cj/8pbRyA0eP.Ymj08eTiZzz::ia4CXek59Nkp nop <null> ldnull <null> ldc.i4 486015281 ldc.i4.0 <null> call System.String Byo9n6.Ed8i5zeJ::tTx29z(Byo9n6.Ed8i5zeJ,System.Int32,System.Int32) nop <null> ldc.i4.8 <null> ldnull <null> ldc.i4 1469273161 call System.String Byo9n6.Ed8i5zeJ::bXe35yg(System.Int32,System.Reflection.Assembly,System.Int32) callvirt System.String System.String::Replace(System.String,System.String) stloc.s V_9 ldc.i4.1 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldtoken System.Reflection.Assembly call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Reflection.MethodInfo[] System.Type::GetMethods() stloc.s V_10 ldc.i4.0 <null> stloc.s V_11 ldloc.s V_10 stloc.s V_12 ldc.i4.0 <null> stloc.s V_13 br IL_027E: ldloc.s V_13 ldloc.s V_12 ldloc.s V_13 ldelem.ref <null> stloc.s V_14 ldloc.s V_14 callvirt System.String System.Reflection.MemberInfo::get_Name() ldloc.s V_9 ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> ceq <null> stloc.s V_15 ldc.i4.8 <null> stloc.s V_19 br IL_000A: ldloc.s V_19 ldloc.s V_15 brfalse IL_0271: nop br.s IL_0163: ldc.i4.0 ldc.i4.0 <null> stloc.s V_22 ldloc.s V_22 switch dnlib.DotNet.Emit.Instruction[] br.s IL_018B: nop nop <null> ldloc.s V_14 ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_16 ldc.i4.3 <null> stloc.s V_22 br.s IL_0166: ldloc.s V_22 ldloc.s V_16 ldnull <null> nop <null> ldc.i4.1 <null> ldnull <null> ldc.i4 1469275566 call System.String Byo9n6.Ed8i5zeJ::bXe35yg(System.Int32,System.Reflection.Assembly,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.s 25 box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) ldnull <null> nop <null> ldc.i4.2 <null> ldc.i4 893960293 ldc.i4.0 <null> call System.String dw7DcMa5e_1RgF.Yz2bfyF7A4::Et6f0_cMx1(System.Int32,System.Int32,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.0 <null> box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::Jti3xZ(System.Object) pop <null> ldc.i4.5 <null> stloc.s V_22 br IL_0166: ldloc.s V_22 ldc.i4.1 <null> stloc.s V_11 leave IL_0294: ldc.i4.4 br.s IL_022D: br.s IL_022F br.s IL_022F: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_023C: br.s IL_023E br.s IL_023E: ldc.i4.0 ldc.i4.0 <null> stloc.s V_24 ldloc.s V_24 switch dnlib.DotNet.Emit.Instruction[] br.s IL_026A: nop nop <null> nop <null> ldc.i4.6 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 nop <null> nop <null> ldloc.s V_13 ldc.i4.1 <null> add.ovf <null> stloc.s V_13 ldc.i4.7 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 ldloc.s V_13 ldloc.s V_12 ldlen <null> conv.i4 <null> clt <null> stloc.s V_17 ldloc.s V_17 brtrue IL_0137: ldloc.s V_12 ldc.i4.1 <null> stloc.s V_24 br.s IL_0241: ldloc.s V_24 ldc.i4.4 <null> stloc.0 <null> ldc.i4.4 <null> stloc.0 <null> ret <null> ldtoken System.Void Ftd5q8Ye.5TcnMt3/nx9SF4d.db9ACim6ow3::5Zzgw9Pism() pop <null> ret <null>
b33f727e8e014964d296d911348e7bf8 (1.01 MB)
File Structure
b33f727e8e014964d296d911348e7bf8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
zWg6jb7.Resources.resources
zWg6jb7.g.resources
61e2d8164d9e2f.Resources.resources
a7dd4e4e0
[NBF]root.Data
a7dd4e4e1
[NBF]root.Data
a7dd4e4e10
[NBF]root.Data
a7dd4e4e11
[NBF]root.Data
a7dd4e4e12
[NBF]root.Data
a7dd4e4e13
[NBF]root.Data
a7dd4e4e14
[NBF]root.Data
a7dd4e4e15
[NBF]root.Data
a7dd4e4e16
[NBF]root.Data
a7dd4e4e17
[NBF]root.Data
a7dd4e4e18
[NBF]root.Data
a7dd4e4e19
[NBF]root.Data
a7dd4e4e2
[NBF]root.Data
a7dd4e4e20
[NBF]root.Data
a7dd4e4e21
[NBF]root.Data
a7dd4e4e22
[NBF]root.Data
a7dd4e4e23
[NBF]root.Data
a7dd4e4e24
[NBF]root.Data
a7dd4e4e3
[NBF]root.Data
a7dd4e4e4
[NBF]root.Data
a7dd4e4e5
[NBF]root.Data
a7dd4e4e6
[NBF]root.Data
a7dd4e4e7
[NBF]root.Data
a7dd4e4e8
[NBF]root.Data
a7dd4e4e9
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙