Suspicious
Suspect

bf85b6866561c17b1ce56e8d1b2c80fe

PE Executable
|
MD5: bf85b6866561c17b1ce56e8d1b2c80fe
|
Size: 886.27 KB
|
application/x-dosexec


Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
Hash Value
MD5
bf85b6866561c17b1ce56e8d1b2c80fe
Sha1
e7c17fb5c644c39974b68d4a8ecea210c76c2e6c
Sha256
d602128bef26396a9ce57e55bdfdd512b3f8e292cd7e7de5870e3ec81dcc884b
Sha384
2e1b2e95450aa4c52c189261683ca6739f3be88a8ef932621e8663023bb29d3bf3ce45fadb95ecbd017f5202e3179e28
Sha512
3f5469321e8b1daa4b7fc4ea8568113e38693c761fa8f94eb49261dac04e2bf32c1b19ba6b94b41cb9192ee39d0e7361a06f18712ecbf3e03b158852639007c0
SSDeep
12288:Sz7dFeE9z3IrmN0Nw1HBY7sOft8VHP2YI1Qsc6F3lrK/CDqZ:Wxz3saJ1a7bfusjF3lejZ
TLSH
2C15E0109D96AB64E9AD0FBCC12105A4A3F0CA476693E36F6FEC41F49D6BF99CF06401

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Ⴍ.5icAzgH1Yd7onT.resources
9iwYMb5od.g.resources
74a076c1654a94.Resources.resources
babb489a0
[NBF]root.Data
babb489a1
[NBF]root.Data
babb489a10
[NBF]root.Data
babb489a11
[NBF]root.Data
babb489a12
[NBF]root.Data
babb489a13
[NBF]root.Data
babb489a14
[NBF]root.Data
babb489a15
[NBF]root.Data
babb489a16
[NBF]root.Data
babb489a17
[NBF]root.Data
babb489a18
[NBF]root.Data
babb489a19
[NBF]root.Data
babb489a2
[NBF]root.Data
babb489a20
[NBF]root.Data
babb489a21
[NBF]root.Data
babb489a22
[NBF]root.Data
babb489a23
[NBF]root.Data
babb489a3
[NBF]root.Data
babb489a4
[NBF]root.Data
babb489a5
[NBF]root.Data
babb489a6
[NBF]root.Data
babb489a7
[NBF]root.Data
babb489a8
[NBF]root.Data
babb489a9
[NBF]root.Data
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

9iwYMb5od

Full Name

9iwYMb5od

EntryPoint

System.Void San07fBfqX.2TreMtf3y1x::4Assyj()

Scope Name

9iwYMb5od

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

9iwYMb5od

Assembly Version

5.16.23.252

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.6

Total Strings

0

Main Method

System.Void San07fBfqX.2TreMtf3y1x::4Assyj()

Main IL Instruction Count

7

Main IL

nop <null> newobj System.Void Aja46Tdxx3yWwk.5icAzgH1Yd7onT::.ctor() stloc.0 <null> ret <null> ldtoken System.Void San07fBfqX.2TreMtf3y1x::4Assyj() pop <null> ret <null>

Module Name

9iwYMb5od

Full Name

9iwYMb5od

EntryPoint

System.Void San07fBfqX.2TreMtf3y1x::4Assyj()

Scope Name

9iwYMb5od

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

9iwYMb5od

Assembly Version

5.16.23.252

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.6

Total Strings

0

Main Method

System.Void San07fBfqX.2TreMtf3y1x::4Assyj()

Main IL Instruction Count

7

Main IL

nop <null> newobj System.Void Aja46Tdxx3yWwk.5icAzgH1Yd7onT::.ctor() stloc.0 <null> ret <null> ldtoken System.Void San07fBfqX.2TreMtf3y1x::4Assyj() pop <null> ret <null>

bf85b6866561c17b1ce56e8d1b2c80fe (886.27 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙