Suspicious
Suspect

cd3b2dc8239cd54d863fe6bdc5660f78

PE Executable
|
MD5: cd3b2dc8239cd54d863fe6bdc5660f78
|
Size: 1.73 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
cd3b2dc8239cd54d863fe6bdc5660f78
Sha1
a0e38953fdc029f58d5443598128d7becb8fdfd3
Sha256
4cffa27ee0b37db676408b2fab2f4b95488880d98ceb760ac0beb9e373e1f642
Sha384
2ad0cfb5c781996b42cd41fdda184a114747573b2082f4454214fa1baea0624b85f41fbe9d8cfe7e7cb4b9e7e63c585f
Sha512
60a1e719835e362d0c4407633de9575b90341eaf6c499806eb39772cd13d63e437e21c63c5af55bacbabdc0b7d530f441b579145bcbee01d655eb7bb6e5d8ce9
SSDeep
49152:GHyJJTcyuPwTHG8f5MFIHcz99ySkbS0E7Y:GHmjZvhGAM99ySkbS0cY
TLSH
9A8502AA0FA0551ED9BD0ABAFCD159479AFAC00A9EC7B3CD02B614B01C337DD58C5297

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
cd3b2dc8239cd54d863fe6bdc5660f78
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pwousqtmkl.Properties.Resources.resources
Inbfhvtd
       ​     
Informations
Name
 Value
Module Name

cityboy crypted.exe
Full Name

cityboy crypted.exe
EntryPoint

System.Void   ::()
Scope Name

cityboy crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cityboy crypted
Assembly Version

1.0.3834.18327
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void   ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>   /:: dup <null> brtrue.s IL_001F: call System.Void   ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld   /   /:: ldftn System.Void   /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>   /:: call System.Void   ::(System.Action`1<System.IO.MemoryStream>) ret <null>
Module Name

cityboy crypted.exe
Full Name

cityboy crypted.exe
EntryPoint

System.Void   ::()
Scope Name

cityboy crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cityboy crypted
Assembly Version

1.0.3834.18327
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void   ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>   /:: dup <null> brtrue.s IL_001F: call System.Void   ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld   /   /:: ldftn System.Void   /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>   /:: call System.Void   ::(System.Action`1<System.IO.MemoryStream>) ret <null>
cd3b2dc8239cd54d863fe6bdc5660f78 (1.73 MB)
File Structure
cd3b2dc8239cd54d863fe6bdc5660f78
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pwousqtmkl.Properties.Resources.resources
Inbfhvtd
       ​     
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙