Suspicious
Suspect

b622c4f6422ecc9b7cbb92b19c48e166

PE Executable
|
MD5: b622c4f6422ecc9b7cbb92b19c48e166
|
Size: 1.12 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
b622c4f6422ecc9b7cbb92b19c48e166
Sha1
ef01047cd9c6aaed579492865475397faf2442ec
Sha256
dc49aeec5bb4764842104e24b3904378d4ce5c8a1a9f73df7d318dd40a2df303
Sha384
4ed1cd52e8af0cb3fd5d8bbd52cb627c6f0d226dcf69c4484acf5378054be42217b37dd6ff3e54b048282ff964b8fc8e
Sha512
8ae15c8fcb4d2f89758e11f7be8fdb1d1312041ea702cb3026e4397c262b98603daca027a0243a5c1a924b9ef7ee89fc94670ef308e134a1e64979df2741de40
SSDeep
24576:qvSBGryV3mbVkBw24/iuOWQoSGl9DrDIWXry0JINE1QB:uuV0Vsw2UO9oBVrD9WNRB
TLSH
E3353377F619C292C6660F7BD42F0A98E5B4BEA541D7D13CDE23E3547206B0E842E0A6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b622c4f6422ecc9b7cbb92b19c48e166
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Nqvbcreypls.Properties.Resources.resources
Enyciaeigh
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Runsrul.exe
Full Name

Runsrul.exe
EntryPoint

System.Void Nqvbcreypls.Conversion.ConverterProfile::ConvertDividedConverter()
Scope Name

Runsrul.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Runsrul
Assembly Version

1.0.8415.27297
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Nqvbcreypls.Conversion.ConverterProfile::ConvertDividedConverter()
Main IL Instruction Count

33
Main IL

ldc.i4 2 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_005A: newobj System.Void Runsrul.API.Requester.CustomizableRequester::.ctor() ret <null> newobj System.Void Runsrul.Messaging.InterruptibleConsumer::.ctor() ldloc.s V_0 call System.Byte[] Runsrul.Messaging.InterruptibleConsumer::ReceiveConnectedConsumer(System.Byte[]) stloc.s V_2 ldc.i4 0 ldsfld <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2} <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_5ab9583441cc44a9a5736cfedc4d748b ldfld System.Int32 <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_01d43cecd01d4712a9999cf6a9d85274 brtrue IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) pop <null> ldc.i4 0 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) newobj System.Void Runsrul.API.Requester.CustomizableRequester::.ctor() ldloc.s V_2 call System.Void Runsrul.API.Requester.CustomizableRequester::RequestInterruptibleRequester(System.Byte[]) ldc.i4 3 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) newobj System.Void Nqvbcreypls.Settings.ConvertibleConfiguration::.ctor() call System.Byte[] Nqvbcreypls.Settings.ConvertibleConfiguration::SetIsolatedConfiguration() stloc.s V_0 ldc.i4 1 ldsfld <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2} <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_5ab9583441cc44a9a5736cfedc4d748b ldfld System.Int32 <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_28fd6d6e02e74f35a4c63a0483f26f3b brfalse IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) pop <null> ldc.i4 0 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C)
Module Name

Runsrul.exe
Full Name

Runsrul.exe
EntryPoint

System.Void Nqvbcreypls.Conversion.ConverterProfile::ConvertDividedConverter()
Scope Name

Runsrul.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Runsrul
Assembly Version

1.0.8415.27297
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Nqvbcreypls.Conversion.ConverterProfile::ConvertDividedConverter()
Main IL Instruction Count

33
Main IL

ldc.i4 2 stloc V_1 br IL_000E: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_005A: newobj System.Void Runsrul.API.Requester.CustomizableRequester::.ctor() ret <null> newobj System.Void Runsrul.Messaging.InterruptibleConsumer::.ctor() ldloc.s V_0 call System.Byte[] Runsrul.Messaging.InterruptibleConsumer::ReceiveConnectedConsumer(System.Byte[]) stloc.s V_2 ldc.i4 0 ldsfld <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2} <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_5ab9583441cc44a9a5736cfedc4d748b ldfld System.Int32 <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_01d43cecd01d4712a9999cf6a9d85274 brtrue IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) pop <null> ldc.i4 0 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) newobj System.Void Runsrul.API.Requester.CustomizableRequester::.ctor() ldloc.s V_2 call System.Void Runsrul.API.Requester.CustomizableRequester::RequestInterruptibleRequester(System.Byte[]) ldc.i4 3 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) newobj System.Void Nqvbcreypls.Settings.ConvertibleConfiguration::.ctor() call System.Byte[] Nqvbcreypls.Settings.ConvertibleConfiguration::SetIsolatedConfiguration() stloc.s V_0 ldc.i4 1 ldsfld <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2} <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_5ab9583441cc44a9a5736cfedc4d748b ldfld System.Int32 <Module>{a143ad3b-62b9-41b0-8d16-1a1fa25268a2}::m_28fd6d6e02e74f35a4c63a0483f26f3b brfalse IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C) pop <null> ldc.i4 0 br IL_0012: switch(IL_005A,IL_002D,IL_0070,IL_002C)
b622c4f6422ecc9b7cbb92b19c48e166 (1.12 MB)
File Structure
b622c4f6422ecc9b7cbb92b19c48e166
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Nqvbcreypls.Properties.Resources.resources
Enyciaeigh
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙