Suspicious
Suspect

b399c368bd6e11c5c317db8fd3bbebbb

PE Executable
|
MD5: b399c368bd6e11c5c317db8fd3bbebbb
|
Size: 1.63 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
b399c368bd6e11c5c317db8fd3bbebbb
Sha1
2f17cd222950f850cfb23e79049dffb8ef14586e
Sha256
67de6fb5afc5af13a1c7d7eec47738efbea3366de56263d56f929f9a195ce082
Sha384
74fdfa674c5e0b9dbb921ae1c5a2aa09376a4daaf6a1e5d1413e2a7b5c5e6519465bf45996ec2952bd7a837147039271
Sha512
0f2c9ba0bdbf74058a33075cbeb8dc7cbe05a9ea7de01d7622de98535271275f89480db303596a7e17fe363c720dc84d73dc0877c5f20352b0273123bd96ca1f
SSDeep
24576:hwMQtnruvK0Pz+t3T/fr2KA1SNg+xkNut0AurZrOq8VJvLqNbUARgAhPiSyr+:hGnr0sCKA1+g+xDsyP7LqBgARiSyr+
TLSH
4775330909FD2DFFCD12C4BAE8776A851B24B3472046D6FDED7B71A94D63203A89481E

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b399c368bd6e11c5c317db8fd3bbebbb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Clftimveqq.Properties.Resources.resources
Cgsoog
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Putqq.exe
Full Name

Putqq.exe
EntryPoint

System.Void Putqq.Diagnostics.ArgumentNotifier::ProfileEfficientProfiler()
Scope Name

Putqq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Putqq
Assembly Version

1.0.4902.12234
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Putqq.Diagnostics.ArgumentNotifier::ProfileEfficientProfiler()
Main IL Instruction Count

33
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_009A: ret newobj System.Void Clftimveqq.Tokens.CalculatorChecker::.ctor() ldloc.s V_1 call System.Void Clftimveqq.Tokens.CalculatorChecker::GenerateRemoteToken(System.Byte[]) ldc.i4 0 ldsfld <Module>{68a41f97-7c70-47a6-b398-14695418c9b5} <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_74202dfdf1f44dbd84108d2823f40306 ldfld System.Int32 <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_1ff92a1781df48fda9009f9a0397063b brtrue IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) pop <null> ldc.i4 0 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) newobj System.Void Clftimveqq.Authentication.AuthenticatorDictionary::.ctor() call System.Byte[] Clftimveqq.Authentication.AuthenticatorDictionary::AuthenticateMixedAuthenticator() stloc.s V_2 ldc.i4 2 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) newobj System.Void Clftimveqq.Networking.DynamicRequest::.ctor() ldloc.s V_2 call System.Byte[] Clftimveqq.Networking.DynamicRequest::InstantiateRequest(System.Byte[]) stloc.s V_1 ldc.i4 0 ldsfld <Module>{68a41f97-7c70-47a6-b398-14695418c9b5} <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_74202dfdf1f44dbd84108d2823f40306 ldfld System.Int32 <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_b823fda31b9e4dab94891772c3be7fd6 brtrue IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) pop <null> ldc.i4 1 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) ret <null>
Module Name

Putqq.exe
Full Name

Putqq.exe
EntryPoint

System.Void Putqq.Diagnostics.ArgumentNotifier::ProfileEfficientProfiler()
Scope Name

Putqq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Putqq
Assembly Version

1.0.4902.12234
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Putqq.Diagnostics.ArgumentNotifier::ProfileEfficientProfiler()
Main IL Instruction Count

33
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_009A: ret newobj System.Void Clftimveqq.Tokens.CalculatorChecker::.ctor() ldloc.s V_1 call System.Void Clftimveqq.Tokens.CalculatorChecker::GenerateRemoteToken(System.Byte[]) ldc.i4 0 ldsfld <Module>{68a41f97-7c70-47a6-b398-14695418c9b5} <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_74202dfdf1f44dbd84108d2823f40306 ldfld System.Int32 <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_1ff92a1781df48fda9009f9a0397063b brtrue IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) pop <null> ldc.i4 0 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) newobj System.Void Clftimveqq.Authentication.AuthenticatorDictionary::.ctor() call System.Byte[] Clftimveqq.Authentication.AuthenticatorDictionary::AuthenticateMixedAuthenticator() stloc.s V_2 ldc.i4 2 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) newobj System.Void Clftimveqq.Networking.DynamicRequest::.ctor() ldloc.s V_2 call System.Byte[] Clftimveqq.Networking.DynamicRequest::InstantiateRequest(System.Byte[]) stloc.s V_1 ldc.i4 0 ldsfld <Module>{68a41f97-7c70-47a6-b398-14695418c9b5} <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_74202dfdf1f44dbd84108d2823f40306 ldfld System.Int32 <Module>{68a41f97-7c70-47a6-b398-14695418c9b5}::m_b823fda31b9e4dab94891772c3be7fd6 brtrue IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) pop <null> ldc.i4 1 br IL_0012: switch(IL_009A,IL_002C,IL_006D,IL_0057) ret <null>
b399c368bd6e11c5c317db8fd3bbebbb (1.63 MB)
File Structure
b399c368bd6e11c5c317db8fd3bbebbb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Clftimveqq.Properties.Resources.resources
Cgsoog
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙