Suspicious
Suspect

b772eef2e1a7bb4d123fabb0b29ed60a

PE Executable
|
MD5: b772eef2e1a7bb4d123fabb0b29ed60a
|
Size: 867.84 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
b772eef2e1a7bb4d123fabb0b29ed60a
Sha1
2478dc2b70ee219b3a359ee611559677bba583e6
Sha256
87deb6fc7235762d86f7eff99194f3a8f95cbae5abb1571b5c46e07607774bb3
Sha384
b07821af8d089216afbe963210a3d5f7389147f8f991db376c292a00d6ebb30f2f42922eb943df0e618f6ded81bbf5fc
Sha512
22435abd3a6f9de7dd918d5e33a06a1e8e9874303e27fc39d57bbfbbe32541774c7af82f7705f1c28051495e766dbd53e25dad57a4533608db18116da73f5a5d
SSDeep
12288:vGXqz3A4GCyi+Wa8we/oCwXCSTCYbMv0eqeIF8kjrJOX0DUMd86ndcFIULWgJZ7M:vWziyiFauQK0fJcXDQvyFR5j719sl
TLSH
DA0523947FAD938CD361D33EC5DB4A03135C669E5412EA2EAA9B13EB0B93B74C40F215

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b772eef2e1a7bb4d123fabb0b29ed60a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Lftnqwjvmkp.Properties.Resources.resources
Bnpaondlq
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Hdaxlql.exe
Full Name

Hdaxlql.exe
EntryPoint

System.Void Hdaxlql.Collections.HiddenSet::CountSegmentedSet()
Scope Name

Hdaxlql.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hdaxlql
Assembly Version

1.0.6240.20655
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Hdaxlql.Collections.HiddenSet::CountSegmentedSet()
Main IL Instruction Count

33
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_002C: newobj System.Void Lftnqwjvmkp.Handling.TransferableHandler::.ctor() newobj System.Void Lftnqwjvmkp.Handling.TransferableHandler::.ctor() ldloc.s V_2 call System.Byte[] Lftnqwjvmkp.Handling.TransferableHandler::HandleExternalHandler(System.Byte[]) stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) newobj System.Void Lftnqwjvmkp.Management.ManagerVerifier::.ctor() ldloc.s V_1 call System.Void Lftnqwjvmkp.Management.ManagerVerifier::HandleCustomManager(System.Byte[]) ldc.i4 2 ldsfld <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02} <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_c96ae32c869f441dbc56d91b834c39f9 ldfld System.Int32 <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_ffd9989c91d747f8b2320db6109752b7 brtrue IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) newobj System.Void Lftnqwjvmkp.Parameters.SortedParameter::.ctor() call System.Byte[] Lftnqwjvmkp.Parameters.SortedParameter::RenameTransferableParameter() stloc.s V_2 ldc.i4 0 ldsfld <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02} <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_c96ae32c869f441dbc56d91b834c39f9 ldfld System.Int32 <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_90a53c6c10e44aabb8f0b0881befc8df brfalse IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) ret <null>
Module Name

Hdaxlql.exe
Full Name

Hdaxlql.exe
EntryPoint

System.Void Hdaxlql.Collections.HiddenSet::CountSegmentedSet()
Scope Name

Hdaxlql.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hdaxlql
Assembly Version

1.0.6240.20655
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Hdaxlql.Collections.HiddenSet::CountSegmentedSet()
Main IL Instruction Count

33
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_002C: newobj System.Void Lftnqwjvmkp.Handling.TransferableHandler::.ctor() newobj System.Void Lftnqwjvmkp.Handling.TransferableHandler::.ctor() ldloc.s V_2 call System.Byte[] Lftnqwjvmkp.Handling.TransferableHandler::HandleExternalHandler(System.Byte[]) stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) newobj System.Void Lftnqwjvmkp.Management.ManagerVerifier::.ctor() ldloc.s V_1 call System.Void Lftnqwjvmkp.Management.ManagerVerifier::HandleCustomManager(System.Byte[]) ldc.i4 2 ldsfld <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02} <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_c96ae32c869f441dbc56d91b834c39f9 ldfld System.Int32 <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_ffd9989c91d747f8b2320db6109752b7 brtrue IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) newobj System.Void Lftnqwjvmkp.Parameters.SortedParameter::.ctor() call System.Byte[] Lftnqwjvmkp.Parameters.SortedParameter::RenameTransferableParameter() stloc.s V_2 ldc.i4 0 ldsfld <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02} <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_c96ae32c869f441dbc56d91b834c39f9 ldfld System.Int32 <Module>{2c8b152d-acbc-42ac-bf28-42139ea1ae02}::m_90a53c6c10e44aabb8f0b0881befc8df brfalse IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_006F,IL_009A,IL_0044) ret <null>
b772eef2e1a7bb4d123fabb0b29ed60a (867.84 KB)
File Structure
b772eef2e1a7bb4d123fabb0b29ed60a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Lftnqwjvmkp.Properties.Resources.resources
Bnpaondlq
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙