Suspicious
Suspect

daa46b833b44e542c385ae5487efd482

PE Executable
|
MD5: daa46b833b44e542c385ae5487efd482
|
Size: 1.43 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
daa46b833b44e542c385ae5487efd482
Sha1
c901a4eac0944d16590ebb9d5d60af11e809f610
Sha256
d593ddbfe63dbf2b738f9a64619fbb720fab9f79facdeedc24b2c6960121b1a4
Sha384
ced859e98a816c0dc9ae64fd11c0bed115bcafcaf7ccc0f3bfa7ce5a533e544f087fe796449ed0265e63d4ca8826b454
Sha512
ed065d1f2b3019c8ca2eabc36723ecb0759670f6e9e0a84b0b7b48667939b0b9ed25b73589378f9aba9834cafea69cea57b66b5f976d541f48ba2ed9883e7947
SSDeep
24576:+jzkiJJZ6eQiba/d3dilHQyYtZhoe7WrW0Li8qsWa3e9Bnoh5rS5aaq8mT7a253:2z/7QICswylVrW7Hnqeadu9mvv5
TLSH
E365336337E446A4F8594BBA9076015409B9BBD325C3CBBECCE9E0131E266971BF448F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
daa46b833b44e542c385ae5487efd482
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Yotcqich.Properties.Resources.resources
Djhsrwus
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

smilebuildcry.exe
Full Name

smilebuildcry.exe
EntryPoint

System.Void smilebuildcry.Templating.TemplateServer::GenerateStaticTemplate()
Scope Name

smilebuildcry.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

smilebuildcry
Assembly Version

1.0.3686.1653
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void smilebuildcry.Templating.TemplateServer::GenerateStaticTemplate()
Main IL Instruction Count

33
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_002C: newobj System.Void smilebuildcry.Templating.CustomizableTemplate::.ctor() newobj System.Void smilebuildcry.Templating.CustomizableTemplate::.ctor() ldloc.s V_1 call System.Void smilebuildcry.Templating.CustomizableTemplate::UpdateTemplate(System.Byte[]) ldc.i4 0 ldsfld <Module>{062bade0-4a1d-4833-af6e-91e83b27395b} <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_cdb3ba63b0e946aca9c4a83145c922f6 ldfld System.Int32 <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_db5fe78b48be4a16bef6333dc0ae9f29 brtrue IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) pop <null> ldc.i4 1 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) newobj System.Void Yotcqich.Core.ProgramDispatcher::.ctor() ldloc.s V_2 call System.Byte[] Yotcqich.Core.ProgramDispatcher::TerminatePassiveProgram(System.Byte[]) stloc.s V_1 ldc.i4 0 ldsfld <Module>{062bade0-4a1d-4833-af6e-91e83b27395b} <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_cdb3ba63b0e946aca9c4a83145c922f6 ldfld System.Int32 <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_6a776b00dbba4e8d88ab2f2f07c06893 brtrue IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) ret <null> newobj System.Void Yotcqich.DataStructures.ErrorStrategy::.ctor() call System.Byte[] Yotcqich.DataStructures.ErrorStrategy::InvokeTree() stloc.s V_2 ldc.i4 2 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085)
Module Name

smilebuildcry.exe
Full Name

smilebuildcry.exe
EntryPoint

System.Void smilebuildcry.Templating.TemplateServer::GenerateStaticTemplate()
Scope Name

smilebuildcry.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

smilebuildcry
Assembly Version

1.0.3686.1653
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void smilebuildcry.Templating.TemplateServer::GenerateStaticTemplate()
Main IL Instruction Count

33
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_002C: newobj System.Void smilebuildcry.Templating.CustomizableTemplate::.ctor() newobj System.Void smilebuildcry.Templating.CustomizableTemplate::.ctor() ldloc.s V_1 call System.Void smilebuildcry.Templating.CustomizableTemplate::UpdateTemplate(System.Byte[]) ldc.i4 0 ldsfld <Module>{062bade0-4a1d-4833-af6e-91e83b27395b} <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_cdb3ba63b0e946aca9c4a83145c922f6 ldfld System.Int32 <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_db5fe78b48be4a16bef6333dc0ae9f29 brtrue IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) pop <null> ldc.i4 1 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) newobj System.Void Yotcqich.Core.ProgramDispatcher::.ctor() ldloc.s V_2 call System.Byte[] Yotcqich.Core.ProgramDispatcher::TerminatePassiveProgram(System.Byte[]) stloc.s V_1 ldc.i4 0 ldsfld <Module>{062bade0-4a1d-4833-af6e-91e83b27395b} <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_cdb3ba63b0e946aca9c4a83145c922f6 ldfld System.Int32 <Module>{062bade0-4a1d-4833-af6e-91e83b27395b}::m_6a776b00dbba4e8d88ab2f2f07c06893 brtrue IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) pop <null> ldc.i4 0 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085) ret <null> newobj System.Void Yotcqich.DataStructures.ErrorStrategy::.ctor() call System.Byte[] Yotcqich.DataStructures.ErrorStrategy::InvokeTree() stloc.s V_2 ldc.i4 2 br IL_0012: switch(IL_002C,IL_0084,IL_0057,IL_0085)
daa46b833b44e542c385ae5487efd482 (1.43 MB)
File Structure
daa46b833b44e542c385ae5487efd482
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Yotcqich.Properties.Resources.resources
Djhsrwus
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙