Suspicious
Suspect

ca21fcc9378dfdc1ceefa835aa7750a3

PE Executable
|
MD5: ca21fcc9378dfdc1ceefa835aa7750a3
|
Size: 1.12 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
ca21fcc9378dfdc1ceefa835aa7750a3
Sha1
7336be55fa7d1cd6dd5f4863a7c2c3f60bc16677
Sha256
09a08aaed109ea12258695665c467524566a324260f1dfd19307779f29446809
Sha384
6898d173bf63a058c313a6987689ef225c9cd9981e85cfcb0d20521a3ace514c4aebf17cca88b14ecb7f908ee3f89f00
Sha512
0389c282c287a0abbd3374a67dd9f4ea4e710a8744be1df60f8f1eab9bbe6ded2815fa12f3d0b8a1039dca7c566c7f76e7a835fe60a1f6e252d08dc66d9695b8
SSDeep
24576:mOEOqkQJl+Q1+xEX4Vlz4H+dvB0HVJEbnwm8p4WJjpPaHWqIsOcF0:eJl+aYtl7dveH3iwm8pv1pqIx
TLSH
D9351207FADB49F1C2505B79C1AB580083A5D692FFF3D60BBA8863660B437DB4B1524B

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
ca21fcc9378dfdc1ceefa835aa7750a3
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
QfHfm
Informations
Name
 Value
Module Name

Purchase List.exe
Full Name

Purchase List.exe
EntryPoint

System.Void Nseci.Collections.EnumeratorSorter::StoreTransformableDic()
Scope Name

Purchase List.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Purchase List
Assembly Version

1.0.7883.3947
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

20
Main Method

System.Void Nseci.Collections.EnumeratorSorter::StoreTransformableDic()
Main IL Instruction Count

32
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0059: ldsfld Nseci.Collections.EnumeratorSorter/<>c Nseci.Collections.EnumeratorSorter/<>c::sortedDic ret <null> ldsfld System.Action`1<System.IO.MemoryStream> Nseci.Collections.EnumeratorSorter/<>c::m_DriverCommand dup <null> brfalse IL_0039: pop br IL_006F: call System.Void Nseci.Collections.EnumeratorSorter::ManageDynamicDic(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 0 ldsfld <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c} <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c}::m_65b7ff96a4754f41b1e59ef852f042d6 ldfld System.Int32 <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c}::m_380d29e2967d483d8ec1279d5728ce0c brfalse IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0059,IL_0029,IL_0028) ldsfld Nseci.Collections.EnumeratorSorter/<>c Nseci.Collections.EnumeratorSorter/<>c::sortedDic ldftn System.Void Nseci.Collections.EnumeratorSorter/<>c::SerializeDic(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Nseci.Collections.EnumeratorSorter/<>c::m_DriverCommand call System.Void Nseci.Collections.EnumeratorSorter::ManageDynamicDic(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c} <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c}::m_65b7ff96a4754f41b1e59ef852f042d6 ldfld System.Int32 <Module>{c8933bdc-52dd-4d88-93f8-993f80d2722c}::m_339ab10ec6f94de286a64918df68951f brtrue IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 2 br IL_0012: switch(IL_0059,IL_0029,IL_0028)
ca21fcc9378dfdc1ceefa835aa7750a3 (1.12 MB)
File Structure
ca21fcc9378dfdc1ceefa835aa7750a3
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
QfHfm
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙