Suspicious
Suspect

b7226d0ed1acfc1830e300948cdf432d

PE Executable
|
MD5: b7226d0ed1acfc1830e300948cdf432d
|
Size: 6.5 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
b7226d0ed1acfc1830e300948cdf432d
Sha1
dfffa18c5d8af0388f85c6aa63dfe4c6de65f7ee
Sha256
4cf46903b22a7c767238431d7bebf8109a3ee11e2be9aa6c2f72500a34075661
Sha384
65bf09c43b7aadf989e07d12c074def7db2e41f98c6fa52c059437e891066c45cb9ca0788b44cfb800a00222930f9932
Sha512
4b1ea8f90373db757edae5ef205cf289b2e51f52be11e2e2b1931a1f3d98148c57bdef7f19ce517dbe8cbf1bdce3068df6eca4794dffdf46d29347f67476f372
SSDeep
49152:r3PGFjJHufIZ2mca4klgbzxuL+47noG1tIJUbChvv7nwYVetiV3RFCx7Hitu3AeI:r3uFjTuxxtEoaCJVhT0scEuQpA1
TLSH
7166900CFD92F809DE2A3DB7CFE510045FB125C1AE1284562119AFFD97AA3B255E263C

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b7226d0ed1acfc1830e300948cdf432d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
mkgnmhqpccqa
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Nursultan_Loader.exe
Full Name

Nursultan_Loader.exe
EntryPoint

System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Scope Name

Nursultan_Loader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nursultan_Loader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

20648
Main Method

System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Main IL Instruction Count

55
Main IL

ldc.r8 7516 stloc.0 <null> br IL_00D6: br IL_000F nop <null> ldloc.0 <null> ldc.r8 7534 ceq <null> brfalse IL_0030: nop call System.Void omLqXVLKMFR.DeeWPbkVWgkZmu::VkbdCOhGOy() ldc.r8 7543 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7528 ceq <null> brfalse IL_0081: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.i4 1650801543 ldc.i4 1650797815 xor <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 7534 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7521 ceq <null> brfalse IL_00A2: nop call System.Void omLqXVLKMFR.LLzFayfDoIU::PfrGOCQPjhb() ldc.r8 7528 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7516 ceq <null> brfalse IL_00BF: nop nop <null> ldc.r8 7521 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7543 ceq <null> brfalse IL_00D6: br IL_000F br IL_00DB: ret br IL_000F: nop ret <null>
Module Name

Nursultan_Loader.exe
Full Name

Nursultan_Loader.exe
EntryPoint

System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Scope Name

Nursultan_Loader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nursultan_Loader
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

20648
Main Method

System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Main IL Instruction Count

55
Main IL

ldc.r8 7516 stloc.0 <null> br IL_00D6: br IL_000F nop <null> ldloc.0 <null> ldc.r8 7534 ceq <null> brfalse IL_0030: nop call System.Void omLqXVLKMFR.DeeWPbkVWgkZmu::VkbdCOhGOy() ldc.r8 7543 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7528 ceq <null> brfalse IL_0081: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.i4 1650801543 ldc.i4 1650797815 xor <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 7534 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7521 ceq <null> brfalse IL_00A2: nop call System.Void omLqXVLKMFR.LLzFayfDoIU::PfrGOCQPjhb() ldc.r8 7528 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7516 ceq <null> brfalse IL_00BF: nop nop <null> ldc.r8 7521 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7543 ceq <null> brfalse IL_00D6: br IL_000F br IL_00DB: ret br IL_000F: nop ret <null>
b7226d0ed1acfc1830e300948cdf432d (6.5 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙