d1aceb3e38028e96fef4816f4e582dab
PE Executable | MD5: d1aceb3e38028e96fef4816f4e582dab | Size: 10.49 MB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | d1aceb3e38028e96fef4816f4e582dab
|
| Sha1 | a7fafdead0808bcebb49d3e8e0e01da1af5c7246
|
| Sha256 | 49996891040e8b318c9ba591cca03d01b7c8f043fac38e31d4240e82f833a3eb
|
| Sha384 | 1fae4b47bf8f11cc7d43ec61d3dc6e73ad1913b606e16a9b93652e8bf81a664a903af236a2d3238dc69bf3125bb36afa
|
| Sha512 | fb6efd6a59a2233bfd7fcf12b4a77180fc270c6a6fafdcf6705f5ed2fd1d8c4a5b612419a01e7e0b2b0c341c1076a7368062c182b25af0641cfe644b0a5bbe49
|
| SSDeep | 6144:vUrlV9TkpmJdVM6zjYaaGce6VlWT8b9o0jQjRVY0JsZjK3vaVsadA0bbuhXad3:8rld4PVle8GF4i/vpjUJ
|
| TLSH | C2B6C60CFE91E80ADF1F3DB7CBE915000F7162C22E1185562259AFFE9B6537268A257C
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Authenticode present at 0x81000 size 10216 bytes |
| Info | Overlay extracted: Overlay_83fd2354.bin (9947160 bytes) |
| Module Name | GunSaw.exe |
| Full Name | GunSaw.exe |
| EntryPoint | System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[]) |
| Scope Name | GunSaw.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | GunSaw |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 1528 |
| Main Method | System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[]) |
| Main IL Instruction Count | 57 |
| Main IL | ldc.r8 2894 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2903 ceq <null> brfalse IL_0030: nop call System.Void YpZZeToB.RdwmeNDVGYkPWNq::bkjxZgNKfrjmNDe() ldc.r8 2908 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2908 ceq <null> brfalse IL_0097: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4000.930039504416 ldc.r8 2000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2916 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2916 ceq <null> brfalse IL_00B8: nop call System.Void NXfQRwuIDrcV.KmdjrpzfMcRimQI::enyulQgEOWNk() ldc.r8 2920 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2894 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2903 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2920 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null> |
| Module Name | GunSaw.exe |
| Full Name | GunSaw.exe |
| EntryPoint | System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[]) |
| Scope Name | GunSaw.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | GunSaw |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 1528 |
| Main Method | System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[]) |
| Main IL Instruction Count | 57 |
| Main IL | ldc.r8 2894 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2903 ceq <null> brfalse IL_0030: nop call System.Void YpZZeToB.RdwmeNDVGYkPWNq::bkjxZgNKfrjmNDe() ldc.r8 2908 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2908 ceq <null> brfalse IL_0097: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4000.930039504416 ldc.r8 2000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2916 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2916 ceq <null> brfalse IL_00B8: nop call System.Void NXfQRwuIDrcV.KmdjrpzfMcRimQI::enyulQgEOWNk() ldc.r8 2920 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2894 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2903 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2920 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null> |