Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b6003b10a39d4837b5b08d28d8d25c70
|
| Sha1 | db3ccd50e88a88bef5964875e5681b7f525d8356
|
| Sha256 | fe6d3ed30645ae6288561db528bdd58eb883685943a70e42c2b12736796cfe7d
|
| Sha384 | ada49b42a8d6da2cc047bf2134137ca0e953ab4a1c277231bd6376d407900fce4d1c251b999e742313af88ec355c44fb
|
| Sha512 | f902cd497471ebc006eb333211a4def87693cc325258f5bb72757a891074b5de0919a2e2ce8082527bb879bbeeed1972c1ca26c33db4e3bd27e8076017a0e0d4
|
| SSDeep | 768:DH00SdrG2IqNxOLe1k4hQ1jReSJ7TPHDQHUoY46BGenr0k2o5DfEt2Ir8zizwV4F:7D2IkELik421jEwoKnrl2o1e4zizw6
|
| TLSH | D043B303F68A9DA1C1115737DCBE55981364E683F663DA1F394AE31E1843FBAD902E0B
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | defender |
| Full Name | defender |
| EntryPoint | System.Void defender.Audit.RegAuditor::HandleConnectedAuditor() |
| Scope Name | defender |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | defender |
| Assembly Version | 1.0.5706.48 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 47 |
| Main Method | System.Void defender.Audit.RegAuditor::HandleConnectedAuditor() |
| Main IL Instruction Count | 94 |
| Main IL | ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0096: ldsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor newobj System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::.ctor() stloc.s V_3 ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ret <null> ldstr yoo9tZG+3NY= stloc.s V_2 ldc.i4 0 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_b1ab36e18c4b49a99a2c367c13f0b978 brfalse IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 0 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldstr Df4bImAKtt6fnJjZ8hbDUg== stloc.s V_1 ldc.i4 4 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_fddbb8a030b746d6b74761fcbf232987 brtrue IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 5 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor dup <null> brfalse IL_00A6: pop br IL_00DC: newobj System.Void CryptSharp.IO.WriterValue::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 1 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_d1bcc119d266457d87e9b2723ff92c4e brtrue IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 1 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldsfld defender.Audit.RegAuditor/<>c defender.Audit.RegAuditor/<>c::m_AuditorProcessor ldftn System.Byte[] defender.Audit.RegAuditor/<>c::InstantiateAuditor() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor newobj System.Void CryptSharp.IO.WriterValue::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_3 ldloc.s V_1 ldloc.s V_2 newobj System.Void CryptSharp.Concurrency.WorkerExplorer::.ctor(System.String,System.String) stfld CryptSharp.Concurrency.WorkerExplorer defender.Audit.RegAuditor/<>c__DisplayClass0_0::m_AccessibleAuditor ldloc.s V_3 newobj System.Void CryptSharp.Concurrency.CentralWorker::.ctor() stfld CryptSharp.Concurrency.CentralWorker defender.Audit.RegAuditor/<>c__DisplayClass0_0::groupedAuditor ldloc.s V_3 ldstr aPKTJaCVyY4EsVks4j.IGIx9HvFIM65MU5N4K ldstr RBZTVEAt2 newobj System.Void defender.DataProcessing.FilterValidator::.ctor(System.String,System.String) stfld defender.DataProcessing.FilterValidator defender.Audit.RegAuditor/<>c__DisplayClass0_0::_StatelessAuditor dup <null> ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::PopAuditor(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.IO.WriterValue::RecordGroupedWriter(System.Action`1<System.IO.MemoryStream>) ldloc.s V_3 ldfld CryptSharp.Concurrency.WorkerExplorer defender.Audit.RegAuditor/<>c__DisplayClass0_0::m_AccessibleAuditor ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::HandleIsolatedAuditor(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Concurrency.WorkerExplorer::RunEfficientWorker(System.Action`1<System.IO.MemoryStream>) ldloc.s V_3 ldfld CryptSharp.Concurrency.CentralWorker defender.Audit.RegAuditor/<>c__DisplayClass0_0::groupedAuditor ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::HandleConfigurableAuditor(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Concurrency.CentralWorker::StopAdaptableWorker(System.Action`1<System.Reflection.Assembly>) ldloc.s V_3 ldfld defender.DataProcessing.FilterValidator defender.Audit.RegAuditor/<>c__DisplayClass0_0::_StatelessAuditor ldsfld System.Action defender.Audit.RegAuditor/<>c::customAuthorizer dup <null> brfalse IL_016F: pop br IL_0186: callvirt System.Void defender.DataProcessing.FilterValidator::RefineIntegratedFilter(System.Action) pop <null> ldsfld defender.Audit.RegAuditor/<>c defender.Audit.RegAuditor/<>c::m_AuditorProcessor ldftn System.Void defender.Audit.RegAuditor/<>c::InspectRemoteAuditor() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action defender.Audit.RegAuditor/<>c::customAuthorizer callvirt System.Void defender.DataProcessing.FilterValidator::RefineIntegratedFilter(System.Action) callvirt System.Void CryptSharp.IO.WriterValue::RecordConcreteWriter() ldc.i4 4 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) |
| Module Name | defender |
| Full Name | defender |
| EntryPoint | System.Void defender.Audit.RegAuditor::HandleConnectedAuditor() |
| Scope Name | defender |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | defender |
| Assembly Version | 1.0.5706.48 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 47 |
| Main Method | System.Void defender.Audit.RegAuditor::HandleConnectedAuditor() |
| Main IL Instruction Count | 94 |
| Main IL | ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0096: ldsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor newobj System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::.ctor() stloc.s V_3 ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ret <null> ldstr yoo9tZG+3NY= stloc.s V_2 ldc.i4 0 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_b1ab36e18c4b49a99a2c367c13f0b978 brfalse IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 0 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldstr Df4bImAKtt6fnJjZ8hbDUg== stloc.s V_1 ldc.i4 4 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_fddbb8a030b746d6b74761fcbf232987 brtrue IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 5 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor dup <null> brfalse IL_00A6: pop br IL_00DC: newobj System.Void CryptSharp.IO.WriterValue::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 1 ldsfld <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875} <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_73bf92b4dd054722a7d04f1beb4748c3 ldfld System.Int32 <Module>{82d6defc-eca3-4c20-a4ad-1fb9bd054875}::m_d1bcc119d266457d87e9b2723ff92c4e brtrue IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) pop <null> ldc.i4 1 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) ldsfld defender.Audit.RegAuditor/<>c defender.Audit.RegAuditor/<>c::m_AuditorProcessor ldftn System.Byte[] defender.Audit.RegAuditor/<>c::InstantiateAuditor() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> defender.Audit.RegAuditor/<>c::_IntegratedAuditor newobj System.Void CryptSharp.IO.WriterValue::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_3 ldloc.s V_1 ldloc.s V_2 newobj System.Void CryptSharp.Concurrency.WorkerExplorer::.ctor(System.String,System.String) stfld CryptSharp.Concurrency.WorkerExplorer defender.Audit.RegAuditor/<>c__DisplayClass0_0::m_AccessibleAuditor ldloc.s V_3 newobj System.Void CryptSharp.Concurrency.CentralWorker::.ctor() stfld CryptSharp.Concurrency.CentralWorker defender.Audit.RegAuditor/<>c__DisplayClass0_0::groupedAuditor ldloc.s V_3 ldstr aPKTJaCVyY4EsVks4j.IGIx9HvFIM65MU5N4K ldstr RBZTVEAt2 newobj System.Void defender.DataProcessing.FilterValidator::.ctor(System.String,System.String) stfld defender.DataProcessing.FilterValidator defender.Audit.RegAuditor/<>c__DisplayClass0_0::_StatelessAuditor dup <null> ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::PopAuditor(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.IO.WriterValue::RecordGroupedWriter(System.Action`1<System.IO.MemoryStream>) ldloc.s V_3 ldfld CryptSharp.Concurrency.WorkerExplorer defender.Audit.RegAuditor/<>c__DisplayClass0_0::m_AccessibleAuditor ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::HandleIsolatedAuditor(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Concurrency.WorkerExplorer::RunEfficientWorker(System.Action`1<System.IO.MemoryStream>) ldloc.s V_3 ldfld CryptSharp.Concurrency.CentralWorker defender.Audit.RegAuditor/<>c__DisplayClass0_0::groupedAuditor ldloc.s V_3 ldftn System.Void defender.Audit.RegAuditor/<>c__DisplayClass0_0::HandleConfigurableAuditor(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Concurrency.CentralWorker::StopAdaptableWorker(System.Action`1<System.Reflection.Assembly>) ldloc.s V_3 ldfld defender.DataProcessing.FilterValidator defender.Audit.RegAuditor/<>c__DisplayClass0_0::_StatelessAuditor ldsfld System.Action defender.Audit.RegAuditor/<>c::customAuthorizer dup <null> brfalse IL_016F: pop br IL_0186: callvirt System.Void defender.DataProcessing.FilterValidator::RefineIntegratedFilter(System.Action) pop <null> ldsfld defender.Audit.RegAuditor/<>c defender.Audit.RegAuditor/<>c::m_AuditorProcessor ldftn System.Void defender.Audit.RegAuditor/<>c::InspectRemoteAuditor() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action defender.Audit.RegAuditor/<>c::customAuthorizer callvirt System.Void defender.DataProcessing.FilterValidator::RefineIntegratedFilter(System.Action) callvirt System.Void CryptSharp.IO.WriterValue::RecordConcreteWriter() ldc.i4 4 br IL_0012: switch(IL_0096,IL_00C6,IL_0070,IL_0034,IL_0049,IL_004A) |