Suspicious
Suspect

d8a264be38a98c28b9c9d57b4e3bf8d8

PE Executable
|
MD5: d8a264be38a98c28b9c9d57b4e3bf8d8
|
Size: 55.81 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
d8a264be38a98c28b9c9d57b4e3bf8d8
Sha1
b3a7cd0da3292853abb51265af6ea39ed1b90cec
Sha256
4bc434a4fc47e4e3e5345d0a8180dd9ea36272ade2901a6865415acf75f43228
Sha384
8313b5c9e65d6b92615d18392175d37fbe3c0f3e94e04c0d8ebedaf9f9dfa9f6954a3538d0583b844568dfcebece11a5
Sha512
904a04eea41e55cf96c5e87596f1ea279dd44ecc4f5e08aeb1caaa9553c727543f313b144687d621954c4c82677bd9a9f66df1c46a813f2a81126f021ecc44cc
SSDeep
768:rwloeq5ypNsAz2DaPWWRfYL2+8LZGyp7izjrcY9FV4msZOgzdueYsg4:rzeq5y0AsaeWRfYwL7igYzCmSOMF
TLSH
AC436C0CB799BA12C63C4E7E98B1030892BDD1D76243F73F6DC129694D827ED1712A9B

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
d8a264be38a98c28b9c9d57b4e3bf8d8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
zIKv
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Tetvrenmoka.exe
Full Name

Tetvrenmoka.exe
EntryPoint

System.Void Runbbt.Rwqfmaoytis::Main()
Scope Name

Tetvrenmoka.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Tetvrenmoka
Assembly Version

1.0.3362.10948
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Runbbt.Rwqfmaoytis::Main()
Main IL Instruction Count

84
Main IL

newobj System.Void Runbbt.Rwqfmaoytis/a::.ctor() stloc.0 <null> br.s IL_0033: ldc.i4.s -9 ldc.i4 15713 call System.String i::a(System.Int32) stloc.1 <null> br.s IL_003B: ldc.i4.s -91 ldc.i4 15690 call System.String i::a(System.Int32) stloc.2 <null> ldsfld System.Func`1<System.Byte[]> Runbbt.Rwqfmaoytis/<>c::<>9__0_0 dup <null> brfalse.s IL_002B: ldc.i4.0 ldc.i4.1 <null> br.s IL_002E: brtrue.s IL_0057 ldc.i4.0 <null> br.s IL_002E: brtrue.s IL_0057 brtrue.s IL_0057: newobj System.Void Runbbt.Xsfxrkrv::.ctor(System.Func`1<System.Byte[]>) pop <null> br.s IL_0041: ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldc.i4.s -9 ldc.i4.s 33 blt.s IL_0008: ldc.i4 15713 br.s IL_0041: ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldc.i4.s -91 ldc.i4.s -61 blt.s IL_0015: ldc.i4 15690 ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldftn System.Byte[] Runbbt.Rwqfmaoytis/<>c::a() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Runbbt.Rwqfmaoytis/<>c::<>9__0_0 newobj System.Void Runbbt.Xsfxrkrv::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Runbbt.Ubxnpgzs::.ctor(System.String,System.String) stfld Runbbt.Ubxnpgzs Runbbt.Rwqfmaoytis/a::a ldloc.0 <null> newobj System.Void Runbbt.Hegykmohy::.ctor() stfld Runbbt.Hegykmohy Runbbt.Rwqfmaoytis/a::b ldloc.0 <null> ldc.i4 15687 call System.String i::a(System.Int32) ldc.i4 15677 call System.String i::a(System.Int32) newobj System.Void Runbbt.Efsgdkv::.ctor(System.String,System.String) stfld Runbbt.Efsgdkv Runbbt.Rwqfmaoytis/a::c dup <null> ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::a(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Xsfxrkrv::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Runbbt.Ubxnpgzs Runbbt.Rwqfmaoytis/a::a ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::b(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Ubxnpgzs::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Runbbt.Hegykmohy Runbbt.Rwqfmaoytis/a::b ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::c(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Hegykmohy::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Runbbt.Efsgdkv Runbbt.Rwqfmaoytis/a::c ldsfld System.Action Runbbt.Rwqfmaoytis/<>c::<>9__0_4 dup <null> brfalse.s IL_00E4: ldc.i4.0 ldc.i4.1 <null> br.s IL_00E7: brtrue.s IL_0100 ldc.i4.0 <null> br.s IL_00E7: brtrue.s IL_0100 brtrue.s IL_0100: callvirt System.Void Runbbt.Efsgdkv::add_InvocationCompleted(System.Action) pop <null> ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldftn System.Void Runbbt.Rwqfmaoytis/<>c::b() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Runbbt.Rwqfmaoytis/<>c::<>9__0_4 callvirt System.Void Runbbt.Efsgdkv::add_InvocationCompleted(System.Action) callvirt System.Void Runbbt.Xsfxrkrv::Osyobhbv() ret <null>
Module Name

Tetvrenmoka.exe
Full Name

Tetvrenmoka.exe
EntryPoint

System.Void Runbbt.Rwqfmaoytis::Main()
Scope Name

Tetvrenmoka.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Tetvrenmoka
Assembly Version

1.0.3362.10948
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Runbbt.Rwqfmaoytis::Main()
Main IL Instruction Count

84
Main IL

newobj System.Void Runbbt.Rwqfmaoytis/a::.ctor() stloc.0 <null> br.s IL_0033: ldc.i4.s -9 ldc.i4 15713 call System.String i::a(System.Int32) stloc.1 <null> br.s IL_003B: ldc.i4.s -91 ldc.i4 15690 call System.String i::a(System.Int32) stloc.2 <null> ldsfld System.Func`1<System.Byte[]> Runbbt.Rwqfmaoytis/<>c::<>9__0_0 dup <null> brfalse.s IL_002B: ldc.i4.0 ldc.i4.1 <null> br.s IL_002E: brtrue.s IL_0057 ldc.i4.0 <null> br.s IL_002E: brtrue.s IL_0057 brtrue.s IL_0057: newobj System.Void Runbbt.Xsfxrkrv::.ctor(System.Func`1<System.Byte[]>) pop <null> br.s IL_0041: ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldc.i4.s -9 ldc.i4.s 33 blt.s IL_0008: ldc.i4 15713 br.s IL_0041: ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldc.i4.s -91 ldc.i4.s -61 blt.s IL_0015: ldc.i4 15690 ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldftn System.Byte[] Runbbt.Rwqfmaoytis/<>c::a() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Runbbt.Rwqfmaoytis/<>c::<>9__0_0 newobj System.Void Runbbt.Xsfxrkrv::.ctor(System.Func`1<System.Byte[]>) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> newobj System.Void Runbbt.Ubxnpgzs::.ctor(System.String,System.String) stfld Runbbt.Ubxnpgzs Runbbt.Rwqfmaoytis/a::a ldloc.0 <null> newobj System.Void Runbbt.Hegykmohy::.ctor() stfld Runbbt.Hegykmohy Runbbt.Rwqfmaoytis/a::b ldloc.0 <null> ldc.i4 15687 call System.String i::a(System.Int32) ldc.i4 15677 call System.String i::a(System.Int32) newobj System.Void Runbbt.Efsgdkv::.ctor(System.String,System.String) stfld Runbbt.Efsgdkv Runbbt.Rwqfmaoytis/a::c dup <null> ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::a(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Xsfxrkrv::add_DownloadCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Runbbt.Ubxnpgzs Runbbt.Rwqfmaoytis/a::a ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::b(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Ubxnpgzs::add_DecryptionCompleted(System.Action`1<System.IO.MemoryStream>) ldloc.0 <null> ldfld Runbbt.Hegykmohy Runbbt.Rwqfmaoytis/a::b ldloc.0 <null> ldftn System.Void Runbbt.Rwqfmaoytis/a::c(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Runbbt.Hegykmohy::add_LoadCompleted(System.Action`1<System.Reflection.Assembly>) ldloc.0 <null> ldfld Runbbt.Efsgdkv Runbbt.Rwqfmaoytis/a::c ldsfld System.Action Runbbt.Rwqfmaoytis/<>c::<>9__0_4 dup <null> brfalse.s IL_00E4: ldc.i4.0 ldc.i4.1 <null> br.s IL_00E7: brtrue.s IL_0100 ldc.i4.0 <null> br.s IL_00E7: brtrue.s IL_0100 brtrue.s IL_0100: callvirt System.Void Runbbt.Efsgdkv::add_InvocationCompleted(System.Action) pop <null> ldsfld Runbbt.Rwqfmaoytis/<>c Runbbt.Rwqfmaoytis/<>c::<>9 ldftn System.Void Runbbt.Rwqfmaoytis/<>c::b() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action Runbbt.Rwqfmaoytis/<>c::<>9__0_4 callvirt System.Void Runbbt.Efsgdkv::add_InvocationCompleted(System.Action) callvirt System.Void Runbbt.Xsfxrkrv::Osyobhbv() ret <null>
d8a264be38a98c28b9c9d57b4e3bf8d8 (55.81 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙