Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b4a86e27f0a70da966cea071f6daebd0
|
| Sha1 | 939da6ba42b07b59713f8a921c234dcf12b2ac43
|
| Sha256 | 625c148f7eacb68305880c51c7b7c217862ac253a6a804941c9d9224dd4e13e2
|
| Sha384 | 4641b449cda030397f23c2d3acb7bec70cc8e84c6e197e762a7c117a00abced5d1cb355b1ac464a7412062ce702a9b88
|
| Sha512 | 01b609be300034335b0a889fbf09910b58c05811940aa09367ff3cb435166943c9ac22936044d9ff5c7d71f3b9f6706c113f179ad7882d3872c1d6bb50495bad
|
| SSDeep | 12288:yiwOGl8MEDRJbhrPox3+MSI34sxC8XTQZepe0oWkrp2qu:HXMavNMOhIbI8Dqe9F
|
| TLSH | 6EF423AA0676EF16CE4C1CBEC183F2C383BD9835156BE51F766CD6882B593E5DB08841
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Aemjqntxcu.exe |
| Full Name | Aemjqntxcu.exe |
| EntryPoint | System.Void Aemjqntxcu.Idxls::Main() |
| Scope Name | Aemjqntxcu.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Aemjqntxcu |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 5 |
| Main Method | System.Void Aemjqntxcu.Idxls::Main() |
| Main IL Instruction Count | 70 |
| Main IL | nop <null> call System.Byte[] Aemjqntxcu.Idxls::VFxkqHuwX() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 ldc.i4 1 ldsfld <Module>{676a6095-e10a-49be-acb8-61bb11774957} <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_b0735236f4b34dca853ecf96201b709f ldfld System.Int32 <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_c3e9abbced9d44c9a1fa996b85a35ce4 brtrue IL_0043: switch(IL_00B5,IL_0077,IL_0099) pop <null> ldc.i4 5 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) br IL_003F: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_003F: ldloc V_3 br IL_00B5: br IL_0099 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 ldc.i4 2 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) ldc.i4.0 <null> stloc.s V_1 ldc.i4 5 ldsfld <Module>{676a6095-e10a-49be-acb8-61bb11774957} <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_b0735236f4b34dca853ecf96201b709f ldfld System.Int32 <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_9a0d35f0b5b44e54bbf6121a5cde8f13 brtrue IL_0043: switch(IL_00B5,IL_0077,IL_0099) pop <null> ldc.i4 0 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_00A9: ldloc.s V_0 br IL_00EF: leave IL_0104 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_00BF: nop br IL_0099: ldloc.s V_1 br IL_00A9: ldloc.s V_0 nop <null> ldloc.s V_2 ldstr FY1ExamNFj ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00DA: leave IL_0067 leave IL_0067: ldloc.s V_1 pop <null> br IL_00E5: leave IL_0067 leave IL_0067: ldloc.s V_1 br IL_0067: ldloc.s V_1 leave IL_0104: ret pop <null> br IL_00FA: leave IL_0104 leave IL_0104: ret br IL_0104: ret ret <null> |
| Module Name | Aemjqntxcu.exe |
| Full Name | Aemjqntxcu.exe |
| EntryPoint | System.Void Aemjqntxcu.Idxls::Main() |
| Scope Name | Aemjqntxcu.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Aemjqntxcu |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 5 |
| Main Method | System.Void Aemjqntxcu.Idxls::Main() |
| Main IL Instruction Count | 70 |
| Main IL | nop <null> call System.Byte[] Aemjqntxcu.Idxls::VFxkqHuwX() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_0 ldc.i4 1 ldsfld <Module>{676a6095-e10a-49be-acb8-61bb11774957} <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_b0735236f4b34dca853ecf96201b709f ldfld System.Int32 <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_c3e9abbced9d44c9a1fa996b85a35ce4 brtrue IL_0043: switch(IL_00B5,IL_0077,IL_0099) pop <null> ldc.i4 5 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) br IL_003F: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_003F: ldloc V_3 br IL_00B5: br IL_0099 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 ldc.i4 2 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) ldc.i4.0 <null> stloc.s V_1 ldc.i4 5 ldsfld <Module>{676a6095-e10a-49be-acb8-61bb11774957} <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_b0735236f4b34dca853ecf96201b709f ldfld System.Int32 <Module>{676a6095-e10a-49be-acb8-61bb11774957}::m_9a0d35f0b5b44e54bbf6121a5cde8f13 brtrue IL_0043: switch(IL_00B5,IL_0077,IL_0099) pop <null> ldc.i4 0 br IL_0043: switch(IL_00B5,IL_0077,IL_0099) ldloc.s V_1 ldloc.s V_0 ldlen <null> conv.i4 <null> blt IL_00A9: ldloc.s V_0 br IL_00EF: leave IL_0104 ldloc.s V_0 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_00BF: nop br IL_0099: ldloc.s V_1 br IL_00A9: ldloc.s V_0 nop <null> ldloc.s V_2 ldstr FY1ExamNFj ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00DA: leave IL_0067 leave IL_0067: ldloc.s V_1 pop <null> br IL_00E5: leave IL_0067 leave IL_0067: ldloc.s V_1 br IL_0067: ldloc.s V_1 leave IL_0104: ret pop <null> br IL_00FA: leave IL_0104 leave IL_0104: ret br IL_0104: ret ret <null> |