Suspicious
Suspect

d1aceb3e38028e96fef4816f4e582dab

PE Executable
|
MD5: d1aceb3e38028e96fef4816f4e582dab
|
Size: 10.49 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d1aceb3e38028e96fef4816f4e582dab
Sha1
a7fafdead0808bcebb49d3e8e0e01da1af5c7246
Sha256
49996891040e8b318c9ba591cca03d01b7c8f043fac38e31d4240e82f833a3eb
Sha384
1fae4b47bf8f11cc7d43ec61d3dc6e73ad1913b606e16a9b93652e8bf81a664a903af236a2d3238dc69bf3125bb36afa
Sha512
fb6efd6a59a2233bfd7fcf12b4a77180fc270c6a6fafdcf6705f5ed2fd1d8c4a5b612419a01e7e0b2b0c341c1076a7368062c182b25af0641cfe644b0a5bbe49
SSDeep
6144:vUrlV9TkpmJdVM6zjYaaGce6VlWT8b9o0jQjRVY0JsZjK3vaVsadA0bbuhXad3:8rld4PVle8GF4i/vpjUJ
TLSH
C2B6C60CFE91E80ADF1F3DB7CBE915000F7162C22E1185562259AFFE9B6537268A257C

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d1aceb3e38028e96fef4816f4e582dab
[Authenticode]_71825e5e.p7b
Overlay_83fd2354.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
koxpalplxnss
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x81000 size 10216 bytes
Info

Overlay extracted: Overlay_83fd2354.bin (9947160 bytes)
Module Name

GunSaw.exe
Full Name

GunSaw.exe
EntryPoint

System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[])
Scope Name

GunSaw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GunSaw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1528
Main Method

System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 2894 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2903 ceq <null> brfalse IL_0030: nop call System.Void YpZZeToB.RdwmeNDVGYkPWNq::bkjxZgNKfrjmNDe() ldc.r8 2908 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2908 ceq <null> brfalse IL_0097: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4000.930039504416 ldc.r8 2000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2916 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2916 ceq <null> brfalse IL_00B8: nop call System.Void NXfQRwuIDrcV.KmdjrpzfMcRimQI::enyulQgEOWNk() ldc.r8 2920 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2894 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2903 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2920 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
Module Name

GunSaw.exe
Full Name

GunSaw.exe
EntryPoint

System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[])
Scope Name

GunSaw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GunSaw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1528
Main Method

System.Void YpZZeToB.RdwmeNDVGYkPWNq::YTFRHaSmeZKPlm(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 2894 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2903 ceq <null> brfalse IL_0030: nop call System.Void YpZZeToB.RdwmeNDVGYkPWNq::bkjxZgNKfrjmNDe() ldc.r8 2908 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2908 ceq <null> brfalse IL_0097: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 4000.930039504416 ldc.r8 2000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 9000 ldc.r8 3000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2916 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2916 ceq <null> brfalse IL_00B8: nop call System.Void NXfQRwuIDrcV.KmdjrpzfMcRimQI::enyulQgEOWNk() ldc.r8 2920 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2894 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2903 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2920 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
d1aceb3e38028e96fef4816f4e582dab (10.49 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙