Suspicious
Suspect

cdaca42b390158e2a994f0a5115db451

PE Executable
|
MD5: cdaca42b390158e2a994f0a5115db451
|
Size: 1.2 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
cdaca42b390158e2a994f0a5115db451
Sha1
ca5bd8786b2146efc8bb8fa53caad929895f68fc
Sha256
41700fe0e7369606d4c4739998f3eab0b911c42261b36152424b3907b755e567
Sha384
f3fde86b08484b34c4b966a29b605f25b6035b22d056f81d421895e934e15abbf8d6842bc315ae957f7881faf09dd5ba
Sha512
32700b47e1bc903fac1b725f2faceeb51e8fa35822bb096281801d74742104fd687825dc88b5eb8759ea8ea85dcbcedcfe9efd2da1ada6aac78853a6bd96f8a1
SSDeep
24576:PnlOfGrYDpozmJjF2ABk1Err1X6h4Ft3LklH18u2qW+Wc+Z:Pll8oSJjkwrrd5t3y18uX+
TLSH
8F45236F3A596422CE7949F98292104053BC67AE95C3E7D6AD423DF03D53BDA3E01339

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
cdaca42b390158e2a994f0a5115db451
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
uvoZ
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Rzdyo.exe
Full Name

Rzdyo.exe
EntryPoint

System.Void  ::()
Scope Name

Rzdyo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rzdyo
Assembly Version

1.0.8111.4292
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void  ::()
Main IL Instruction Count

64
Main IL

newobj System.Void  /::.ctor() stloc.0 <null> ldc.i4 1941780533 call System.String ::(System.Int32) stloc.1 <null> ldc.i4 1941780566 call System.String ::(System.Int32) stloc.2 <null> ldsfld System.Func`1<System.Byte[]>  /:: dup <null> brtrue.s IL_003B: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) pop <null> ldsfld  /  /:: ldftn System.Byte[]  /::() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]>  /:: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void  ::.ctor(System.String,System.String) stfld    /:: ldloc.0 <null> newobj System.Void  ::.ctor() stfld    /:: ldloc.0 <null> ldc.i4 1941780579 call System.String ::(System.Int32) ldc.i4 1941780887 call System.String ::(System.Int32) newobj System.Void  ::.ctor(System.String,System.String) stfld    /:: dup <null> ldloc.0 <null> ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /:: ldloc.0 <null> ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /:: ldloc.0 <null> ldftn System.Void  /::(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld    /:: ldsfld System.Action  /:: dup <null> brtrue.s IL_00DC: callvirt System.Void  ::(System.Action) pop <null> ldsfld  /  /:: ldftn System.Void  /::() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action  /:: callvirt System.Void  ::(System.Action) callvirt System.Void  ::() ret <null>
Module Name

Rzdyo.exe
Full Name

Rzdyo.exe
EntryPoint

System.Void  ::()
Scope Name

Rzdyo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rzdyo
Assembly Version

1.0.8111.4292
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void  ::()
Main IL Instruction Count

64
Main IL

newobj System.Void  /::.ctor() stloc.0 <null> ldc.i4 1941780533 call System.String ::(System.Int32) stloc.1 <null> ldc.i4 1941780566 call System.String ::(System.Int32) stloc.2 <null> ldsfld System.Func`1<System.Byte[]>  /:: dup <null> brtrue.s IL_003B: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) pop <null> ldsfld  /  /:: ldftn System.Byte[]  /::() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]>  /:: newobj System.Void  ::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void  ::.ctor(System.String,System.String) stfld    /:: ldloc.0 <null> newobj System.Void  ::.ctor() stfld    /:: ldloc.0 <null> ldc.i4 1941780579 call System.String ::(System.Int32) ldc.i4 1941780887 call System.String ::(System.Int32) newobj System.Void  ::.ctor(System.String,System.String) stfld    /:: dup <null> ldloc.0 <null> ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /:: ldloc.0 <null> ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld    /:: ldloc.0 <null> ldftn System.Void  /::(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void  ::(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld    /:: ldsfld System.Action  /:: dup <null> brtrue.s IL_00DC: callvirt System.Void  ::(System.Action) pop <null> ldsfld  /  /:: ldftn System.Void  /::() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action  /:: callvirt System.Void  ::(System.Action) callvirt System.Void  ::() ret <null>
cdaca42b390158e2a994f0a5115db451 (1.2 MB)
File Structure
cdaca42b390158e2a994f0a5115db451
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
uvoZ
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙