b8e0ea374aafc4fc9196a13ad2b0e3d7
PE Executable | MD5: b8e0ea374aafc4fc9196a13ad2b0e3d7 | Size: 1.02 MB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b8e0ea374aafc4fc9196a13ad2b0e3d7
|
| Sha1 | 238447ccf96b6ce0e61e96afee15e3562c27bc43
|
| Sha256 | c76590bd3c27c485dac2c5fd4c3c2cbee803e2b963e6a272323a9f88cbfc773e
|
| Sha384 | 355723ff06059348e3f9cdeef1ea7cfe6420a7cf5d868662ac4b37091ad142f3e06a26fbedcc6bc902fe14985235339b
|
| Sha512 | bf92554ef8f6f3ca35605e3be4d8d39861d6cff7dd25d98b63b06f1ffa1530e6f6cec988ebacd66de061133cc21e11e230f9cf47946ba42a01d03ba53c7b0d2d
|
| SSDeep | 24576:h7xrIPZCYr1yWr9BmNurn4buqSqiLSRz:h/YrcWDm04buaU
|
| TLSH | F725D0A772068E11C2854373D1CB8A4197FC9685B6A7FB0E71D6239A14073EFDE0A397
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Buhot.exe |
| Full Name | Buhot.exe |
| EntryPoint | System.Void F4qKikgeeccbq6xo1E.GJZTF9LaqFOHSrJsQ8::iSdGcHVIp() |
| Scope Name | Buhot.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Buhot |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 43 |
| Main Method | System.Void F4qKikgeeccbq6xo1E.GJZTF9LaqFOHSrJsQ8::iSdGcHVIp() |
| Main IL Instruction Count | 107 |
| Main IL | ldc.i4 1 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 989 beq IL_0009: ldloc V_6 br IL_002E: nop ret <null> nop <null> newobj System.Void lkt43mv3JWJh30utZP.piiFEOq3XdFRVUYaDI::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{ee697dc7-0153-4f37-b11a-7443b631579a} <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_f47aee0fdb144dd9830da2877816d724 ldfld System.Int32 <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_492b1de5bf064e76a8a1b5a5928e567c brfalse IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) pop <null> ldc.i4 0 br IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) br IL_0063: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 11 beq IL_015B: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_1 ldc.i4 991 beq IL_0063: ldloc V_1 br IL_010F: newobj System.Void hAUc0rCc8sYsaBNR1V.xs01AX97v0jAY3JhKj::.ctor() newobj System.Void A79ej4IQVSLq6hUEEp.IOld3YEWxdQnhH25sH::.ctor() stloc.s V_2 ldc.i4 2 br IL_005F: stloc V_1 newobj System.Void xYY6FIYl3CgQJRNIbG.xP0fIb7qUjIvApkGbf::.ctor() dup <null> dup <null> ldsfld bIsS7o2ZqEbA1XTWdRZ bIsS7o2ZqEbA1XTWdRZ::N232oZKxW4 call System.Void bIsS7o2ZqEbA1XTWdRZ::U3W2GycxPh(System.Object,xYY6FIYl3CgQJRNIbG.xP0fIb7qUjIvApkGbf,bIsS7o2ZqEbA1XTWdRZ) dup <null> ldloc.s V_3 ldsfld EAqDRA26syerZ9rOcU4 EAqDRA26syerZ9rOcU4::rRR2XdjWo1 call System.Void EAqDRA26syerZ9rOcU4::U3W2GycxPh(System.Object,hAUc0rCc8sYsaBNR1V.xs01AX97v0jAY3JhKj,EAqDRA26syerZ9rOcU4) ldloc.s V_3 ldloc.s V_2 ldsfld R3GB0U2a3MkqWqgWRti R3GB0U2a3MkqWqgWRti::fd02n74vTV call System.Void R3GB0U2a3MkqWqgWRti::U3W2GycxPh(System.Object,A79ej4IQVSLq6hUEEp.IOld3YEWxdQnhH25sH,R3GB0U2a3MkqWqgWRti) ldloc.s V_2 ldloc.s V_5 ldsfld zou9Vo2AcnqOUhGVLIN zou9Vo2AcnqOUhGVLIN::kOK2R47HRv call System.Void zou9Vo2AcnqOUhGVLIN::U3W2GycxPh(System.Object,fRpG8vR6Gv4ptHOVZK.Yv9oT6AlsVwoTihKBt,zou9Vo2AcnqOUhGVLIN) ldloc.s V_5 ldloc.s V_0 ldsfld iTlwGN2VrhUjXxSdldA iTlwGN2VrhUjXxSdldA::CLr2SI2hgR call System.Void iTlwGN2VrhUjXxSdldA::U3W2GycxPh(System.Object,lkt43mv3JWJh30utZP.piiFEOq3XdFRVUYaDI,iTlwGN2VrhUjXxSdldA) ldsfld vxTHDB2HsULWhnvfrEP vxTHDB2HsULWhnvfrEP::fqt2KC58QS call System.Boolean vxTHDB2HsULWhnvfrEP::U3W2GycxPh(System.Object,vxTHDB2HsULWhnvfrEP) brtrue IL_0161: leave IL_002D ldc.i4 11 br IL_005F: stloc V_1 newobj System.Void hAUc0rCc8sYsaBNR1V.xs01AX97v0jAY3JhKj::.ctor() stloc.s V_3 ldc.i4 1 ldsfld <Module>{ee697dc7-0153-4f37-b11a-7443b631579a} <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_f47aee0fdb144dd9830da2877816d724 ldfld System.Int32 <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_a2c28d41203b49d6b33534e4ab75116d brtrue IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) pop <null> ldc.i4 4 br IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) newobj System.Void fRpG8vR6Gv4ptHOVZK.Yv9oT6AlsVwoTihKBt::.ctor() stloc.s V_5 ldc.i4 3 ldsfld <Module>{ee697dc7-0153-4f37-b11a-7443b631579a} <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_f47aee0fdb144dd9830da2877816d724 ldfld System.Int32 <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_12c6c520a410400b8df16b70a575a39c brtrue IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) pop <null> ldc.i4 6 br IL_0067: switch(IL_0135,IL_00AE,IL_010F,IL_009D) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 6 ldsfld <Module>{ee697dc7-0153-4f37-b11a-7443b631579a} <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_f47aee0fdb144dd9830da2877816d724 ldfld System.Int32 <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_99a5a9d5826f4c9785b134e068effa9d brtrue IL_0198: switch(IL_01B4) pop <null> ldc.i4 0 br IL_0198: switch(IL_01B4) br IL_0194: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 988 beq IL_0194: ldloc V_4 br IL_01B4: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{ee697dc7-0153-4f37-b11a-7443b631579a} <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_f47aee0fdb144dd9830da2877816d724 ldfld System.Int32 <Module>{ee697dc7-0153-4f37-b11a-7443b631579a}::m_3c66c13a5d4a48ca990a601611e53628 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E) |