Suspicious
Suspect

bc6e750813c1c7a3b0c5abe2e09b6186

PE Executable
|
MD5: bc6e750813c1c7a3b0c5abe2e09b6186
|
Size: 67.58 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
bc6e750813c1c7a3b0c5abe2e09b6186
Sha1
54274bf5aaf6f6dae35152e21afcfe477316cc20
Sha256
4c35f8df4b98e72eeca270aebc7d06992329744860ec94cd9eb18c7bf0905ed4
Sha384
8570a4989e7d21316fbc8f2279bfe6c174bd17e9b4c3d4efb49b71bc80a7994355c915b08f7795cd77995c905893e6a0
Sha512
df94718dc900f83fedd3a9de5cc4b4570109e131b1d9a36b2c738dd8c57fae1e27d5ae3a4fed415610b0fb74873597aeb45e5c88e0ed7c9a2f7d525ff4cee770
SSDeep
1536:1pFj2g4BK2MaaQJsHNlHAUp3G/ojmBaVfigyq4a:tjn4BDMaYtlgUp3G6mBaBfyq4a
TLSH
97636B49ABC59335D3AF8779D83206070231E957AD13D78E1CE6506E0F327D88B69BB2

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
bc6e750813c1c7a3b0c5abe2e09b6186
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

DocumentEstimationIssuing.exe
Full Name

DocumentEstimationIssuing.exe
EntryPoint

System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::Main(System.String[])
Scope Name

DocumentEstimationIssuing.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RuntimeCoefficientsWarwickEmissionsInterference
Assembly Version

7.17.8489.803
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

210
Main Method

System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::Main(System.String[])
Main IL Instruction Count

75
Main IL

call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::MonogramFireflyAccountancyLexiconControversial() call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShermanPrincessCookbooksVersionMetacritic() ldarg.0 <null> ldlen <null> conv.i4 <null> ldc.i4.2 <null> beq.s IL_0028: ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative ldarg.0 <null> ldlen <null> conv.i4 <null> ldc.i4.1 <null> bne.un.s IL_001E: call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::PhosphorusGlobalisationWeavingReuters() ldarg.0 <null> ldc.i4.0 <null> ldelem.ref <null> call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::RabbitsTownshipDreamedScarfaceSurprise(System.String) call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::PhosphorusGlobalisationWeavingReuters() call System.Void OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::TastingRepliesInventions() ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative brfalse.s IL_00A8: ret ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative ldlen <null> conv.i4 <null> ldc.i4.0 <null> ble.s IL_00A8: ret ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative call System.Boolean OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing/NativeRunPE::isNET(System.Byte[]) stloc.0 <null> ldloc.0 <null> brfalse.s IL_009D: ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.1 <null> ldloc.1 <null> ldnull <null> call System.Boolean System.Reflection.Assembly::op_Inequality(System.Reflection.Assembly,System.Reflection.Assembly) brfalse.s IL_0098: leave.s IL_00A8 ldloc.1 <null> callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() stloc.2 <null> ldloc.2 <null> ldnull <null> call System.Boolean System.Reflection.MethodInfo::op_Inequality(System.Reflection.MethodInfo,System.Reflection.MethodInfo) brfalse.s IL_0098: leave.s IL_00A8 ldloc.2 <null> callvirt System.Reflection.MethodInfo System.Reflection.MethodInfo::GetBaseDefinition() stloc.2 <null> ldnull <null> stloc.3 <null> ldloc.2 <null> callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> ldc.i4.1 <null> bne.un.s IL_008F: ldloc.2 ldc.i4.1 <null> newarr System.Object stloc.3 <null> ldloc.3 <null> ldc.i4.0 <null> ldc.i4.0 <null> newarr System.String stelem.ref <null> ldloc.2 <null> ldnull <null> ldloc.3 <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_00A8: ret pop <null> leave.s IL_00A8: ret ldsfld System.Byte[] OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing::ShiftedHealthierInitiative call System.Boolean OpeningRubbishPressureGalveston.DroughtNeuroscienceHoneymoonOngoing/NativeRunPE::Execute(System.Byte[]) pop <null> ret <null>
bc6e750813c1c7a3b0c5abe2e09b6186 (67.58 KB)
File Structure
bc6e750813c1c7a3b0c5abe2e09b6186
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙