Suspicious
Suspect

b9666747e94c62e5616dd40079632fca

PE Executable
|
MD5: b9666747e94c62e5616dd40079632fca
|
Size: 1.55 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
b9666747e94c62e5616dd40079632fca
Sha1
fcfd0f2b783c38ea63110e911c9495b119bce3d2
Sha256
15c4f381e82e4d4d24ddd1f3ca33cf16678933534da2e5c27f67ec7ece8b7509
Sha384
c95068aa62619d0314631ee30e6e728543db19d957de14bf8d55840cd1741429f07c9f6e43ecb8979e29862a7f4068c9
Sha512
b47b0d2de1ceb1c3da49e9a186c0275a436f3ab850f20cf2b68bfa4e833e9d0a9056174561788509888b1ce07797fe9da5cef99cc1aef04c5c15b0f3ea0d9ee2
SSDeep
24576:bWTrnkxMgmL9aa7Amz1UQoHiTNiBgybwAF+kbIUNfb:sbsa7NBUQoHihUpbwenxN
TLSH
0075235F6C8A46F0C2469A7BCCC78A4153219B2A7267D61E7BCB07BD06A33FF5652103

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b9666747e94c62e5616dd40079632fca
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Avfzerrju.Properties.Resources.resources
Mqsbgerrftk
ILRepack.List
Informations
Name
 Value
Module Name

PO 33062831
Full Name

PO 33062831
EntryPoint

System.Void PO33062831.Factories.FactoryCalculator::GenerateTransformableFactory()
Scope Name

PO 33062831
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PO 33062831
Assembly Version

1.0.8202.16329
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

48
Main Method

System.Void PO33062831.Factories.FactoryCalculator::GenerateTransformableFactory()
Main IL Instruction Count

86
Main IL

ldc.i4 2 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_00A8: ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ret <null> ldstr H47L0AAQKUw= stloc.s V_2 ldc.i4 4 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldsfld System.Func`1<System.Byte[]> PO33062831.Factories.FactoryCalculator/<>c::m_FactoryStrategy dup <null> brtrue IL_00BE: newobj System.Void CryptSharp.Core.ObjectAllocator::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 0 ldsfld <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d} <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_fcfafa8786f0487aabc0a30dc45525c4 ldfld System.Int32 <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_5290c94416644986886bd904d83981cf brtrue IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) newobj System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d} <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_fcfafa8786f0487aabc0a30dc45525c4 ldfld System.Int32 <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_bb39c5ccaf754098b540bb6e7370e4c4 brtrue IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldstr KM3x3p0IUKIOt8i7CVq/BQ== stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ldftn System.Byte[] PO33062831.Factories.FactoryCalculator/<>c::CollectFactory() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> PO33062831.Factories.FactoryCalculator/<>c::m_FactoryStrategy newobj System.Void CryptSharp.Core.ObjectAllocator::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_2 newobj System.Void CryptSharp.Publishing.ConvertiblePublisher::.ctor(System.String,System.String) stfld CryptSharp.Publishing.ConvertiblePublisher PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::mapTracer ldloc.s V_0 newobj System.Void CryptSharp.Resolution.ResolverParser::.ctor() stfld CryptSharp.Resolution.ResolverParser PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::m_ReporterModule ldloc.s V_0 ldstr lwgW73KmKSX7R3uE0e.QDmViHaLoW63FPKPvh ldstr T2JRILMWX newobj System.Void CryptSharp.Publishing.PublisherExplorer::.ctor(System.String,System.String) stfld CryptSharp.Publishing.PublisherExplorer PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::_MixedAttribute dup <null> ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateCustomizableFactory(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Core.ObjectAllocator::InstantiateConvertibleObject(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Publishing.ConvertiblePublisher PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::mapTracer ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateVirtualFactory(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Publishing.ConvertiblePublisher::LeadPublisher(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Resolution.ResolverParser PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::m_ReporterModule ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateExternalFactory(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Resolution.ResolverParser::DecodeCombinedResolver(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld CryptSharp.Publishing.PublisherExplorer PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::_MixedAttribute ldsfld System.Action PO33062831.Factories.FactoryCalculator/<>c::_LiteralFactory dup <null> brtrue IL_0163: callvirt System.Void CryptSharp.Publishing.PublisherExplorer::PublishJoinedPublisher(System.Action) pop <null> ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c::CreateVisibleFactory() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action PO33062831.Factories.FactoryCalculator/<>c::_LiteralFactory callvirt System.Void CryptSharp.Publishing.PublisherExplorer::PublishJoinedPublisher(System.Action) callvirt System.Void CryptSharp.Core.ObjectAllocator::CompareInternalObject() ldc.i4 5 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034)
Module Name

PO 33062831
Full Name

PO 33062831
EntryPoint

System.Void PO33062831.Factories.FactoryCalculator::GenerateTransformableFactory()
Scope Name

PO 33062831
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PO 33062831
Assembly Version

1.0.8202.16329
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

48
Main Method

System.Void PO33062831.Factories.FactoryCalculator::GenerateTransformableFactory()
Main IL Instruction Count

86
Main IL

ldc.i4 2 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_00A8: ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ret <null> ldstr H47L0AAQKUw= stloc.s V_2 ldc.i4 4 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldsfld System.Func`1<System.Byte[]> PO33062831.Factories.FactoryCalculator/<>c::m_FactoryStrategy dup <null> brtrue IL_00BE: newobj System.Void CryptSharp.Core.ObjectAllocator::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 0 ldsfld <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d} <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_fcfafa8786f0487aabc0a30dc45525c4 ldfld System.Int32 <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_5290c94416644986886bd904d83981cf brtrue IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) newobj System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d} <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_fcfafa8786f0487aabc0a30dc45525c4 ldfld System.Int32 <Module>{e64c85e8-9328-4848-b0ee-de2e4e4cc85d}::m_bb39c5ccaf754098b540bb6e7370e4c4 brtrue IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldstr KM3x3p0IUKIOt8i7CVq/BQ== stloc.s V_1 ldc.i4 3 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034) ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ldftn System.Byte[] PO33062831.Factories.FactoryCalculator/<>c::CollectFactory() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> PO33062831.Factories.FactoryCalculator/<>c::m_FactoryStrategy newobj System.Void CryptSharp.Core.ObjectAllocator::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_2 newobj System.Void CryptSharp.Publishing.ConvertiblePublisher::.ctor(System.String,System.String) stfld CryptSharp.Publishing.ConvertiblePublisher PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::mapTracer ldloc.s V_0 newobj System.Void CryptSharp.Resolution.ResolverParser::.ctor() stfld CryptSharp.Resolution.ResolverParser PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::m_ReporterModule ldloc.s V_0 ldstr lwgW73KmKSX7R3uE0e.QDmViHaLoW63FPKPvh ldstr T2JRILMWX newobj System.Void CryptSharp.Publishing.PublisherExplorer::.ctor(System.String,System.String) stfld CryptSharp.Publishing.PublisherExplorer PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::_MixedAttribute dup <null> ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateCustomizableFactory(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Core.ObjectAllocator::InstantiateConvertibleObject(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Publishing.ConvertiblePublisher PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::mapTracer ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateVirtualFactory(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Publishing.ConvertiblePublisher::LeadPublisher(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld CryptSharp.Resolution.ResolverParser PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::m_ReporterModule ldloc.s V_0 ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::CreateExternalFactory(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void CryptSharp.Resolution.ResolverParser::DecodeCombinedResolver(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld CryptSharp.Publishing.PublisherExplorer PO33062831.Factories.FactoryCalculator/<>c__DisplayClass0_0::_MixedAttribute ldsfld System.Action PO33062831.Factories.FactoryCalculator/<>c::_LiteralFactory dup <null> brtrue IL_0163: callvirt System.Void CryptSharp.Publishing.PublisherExplorer::PublishJoinedPublisher(System.Action) pop <null> ldsfld PO33062831.Factories.FactoryCalculator/<>c PO33062831.Factories.FactoryCalculator/<>c::m_FactoryMonitor ldftn System.Void PO33062831.Factories.FactoryCalculator/<>c::CreateVisibleFactory() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action PO33062831.Factories.FactoryCalculator/<>c::_LiteralFactory callvirt System.Void CryptSharp.Publishing.PublisherExplorer::PublishJoinedPublisher(System.Action) callvirt System.Void CryptSharp.Core.ObjectAllocator::CompareInternalObject() ldc.i4 5 br IL_0012: switch(IL_00A8,IL_0097,IL_0071,IL_0035,IL_0046,IL_0034)
b9666747e94c62e5616dd40079632fca (1.55 MB)
File Structure
b9666747e94c62e5616dd40079632fca
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Avfzerrju.Properties.Resources.resources
Mqsbgerrftk
ILRepack.List
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙