Suspicious
Suspect

b753666ff88126ff7f2c49029eaefd95

PE Executable
|
MD5: b753666ff88126ff7f2c49029eaefd95
|
Size: 260.1 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
b753666ff88126ff7f2c49029eaefd95
Sha1
471465cc775174bb5864583e43c63051675d1547
Sha256
401df4dab08113b4398b62f431ba6776e9574d611d1f9f18f72a9fd5cb2f0838
Sha384
8f26256b06fcda1121e23b15c68079e1c9cc164a5940bcad781a2a7df497ab0250c60df458bfb26bcd7a414fa85590e3
Sha512
2ae5636b2b8d317fb55162a9a29585df56629e6afae419110f6174a1fc99ca929935c015ca6c61fc925be2d3e07044b7bb385835b3072c1289e4bdf6bee679e5
SSDeep
6144:K4oZoAeVHPtHgTIAaZgCwDx7axHU0unC28ejI8Y7:xoZyHPvWCwjXCsIH
TLSH
8B448E4533B8CB12E29F8FBCE571449F8BB1F107ED06F78E1D8899E81851B41E849A67

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b753666ff88126ff7f2c49029eaefd95
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
costura.system.diagnostics.diagnosticsource.dll.compressed
costura.system.diagnostics.diagnosticsource.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
Name
 Value
Module Name

dead.payload.exe
Full Name

dead.payload.exe
EntryPoint

System.Void Umbral.payload.Program::<Main>(System.String[])
Scope Name

dead.payload.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dead.payload
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

981
Main Method

System.Void Umbral.payload.Program::<Main>(System.String[])
Main IL Instruction Count

7
Main IL

ldarg.0 <null> call System.Threading.Tasks.Task Umbral.payload.Program::Main(System.String[]) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.0 <null> ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ret <null>
Module Name

dead.payload.exe
Full Name

dead.payload.exe
EntryPoint

System.Void Umbral.payload.Program::<Main>(System.String[])
Scope Name

dead.payload.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dead.payload
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

981
Main Method

System.Void Umbral.payload.Program::<Main>(System.String[])
Main IL Instruction Count

7
Main IL

ldarg.0 <null> call System.Threading.Tasks.Task Umbral.payload.Program::Main(System.String[]) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.0 <null> ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ret <null>
Artefacts
Name
 Value
PDB Path

?
PDB Path

D:\A\_work\39\s\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\System.Diagnostics.DiagnosticSource.pdb
PDB Path

C:\CI_WS\Ws\198629\Source\Costura_Fody\src\Costura\obj\Release\netstandard1.0\Costura.pdb
b753666ff88126ff7f2c49029eaefd95 (260.1 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙