Suspicious
Suspect

debc5451a1cba0528327f95daa19982f

PE Executable
|
MD5: debc5451a1cba0528327f95daa19982f
|
Size: 3.61 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
debc5451a1cba0528327f95daa19982f
Sha1
e35f0b7f50b156887bdc6522cf895806390db9a3
Sha256
9d5a8515ee389bc2aeb83bfb6a0cea9a2bb4ef4b5dbff60b93ad6d4184f43a11
Sha384
81ece9e7e9215cefe4bbafdc2fe48b382b1b7755f4c346ba95ae946ac2e83ea62b4f75be4f8a98320fbd11422da0128a
Sha512
4d744519eac63e50366770799ea34d3f8cdfc0aa77f48a1d5da518f0908405a1d4457d5ca18250d9b92df1bd5aff80f302c9fd8f64f51bea1e2186b19ac2844e
SSDeep
49152:NGZUkVVB9Z7AMSVWpzROPBCx8RRveYkqM3fC41p2VEn:AVVN7AXWhROpCx8XGrqMvz1pmS
TLSH
6DF5F181A5C57994C5A63330F536460B33BAFE57E931C48D0C9EB8A1F3B728A5E870D6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
debc5451a1cba0528327f95daa19982f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0032
ID:0
ID:0-preview.png
ID:0033
ID:0
ID:0-preview.png
ID:0034
ID:0
ID:0035
ID:0
ID:0036
ID:0
ID:0037
ID:0
ID:0038
ID:0
ID:0039
ID:0
ID:003A
ID:0
ID:003B
ID:0
RT_GROUP_CURSOR4
ID:008F
ID:0
RT_VERSION
ID:0001
ID:2052
.Net Resources
done.g.resources
done.Form1.resources
done.FrmHoaDonThue.resources
$this.Icon
[NBF]root.IconData
done.FrmMNBaocaobh.resources
_Command_0.Image
[NBF]root.Data
[NBF]root.Data-preview.png
_Command_3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
_cmd_0.Image
[NBF]root.Data
[NBF]root.Data-preview.png
4d71a3bba8f0b5.Resources.resources
2be1a30d0
[NBF]root.Data
2be1a30d1
[NBF]root.Data
2be1a30d10
[NBF]root.Data
2be1a30d11
[NBF]root.Data
2be1a30d12
[NBF]root.Data
2be1a30d13
[NBF]root.Data
2be1a30d14
[NBF]root.Data
2be1a30d15
[NBF]root.Data
2be1a30d16
[NBF]root.Data
2be1a30d17
[NBF]root.Data
2be1a30d18
[NBF]root.Data
2be1a30d19
[NBF]root.Data
2be1a30d2
[NBF]root.Data
2be1a30d20
[NBF]root.Data
2be1a30d21
[NBF]root.Data
2be1a30d22
[NBF]root.Data
2be1a30d23
[NBF]root.Data
2be1a30d24
[NBF]root.Data
2be1a30d25
[NBF]root.Data
2be1a30d26
[NBF]root.Data
2be1a30d27
[NBF]root.Data
2be1a30d28
[NBF]root.Data
2be1a30d29
[NBF]root.Data
2be1a30d3
[NBF]root.Data
2be1a30d30
[NBF]root.Data
2be1a30d31
[NBF]root.Data
2be1a30d32
[NBF]root.Data
2be1a30d33
[NBF]root.Data
2be1a30d34
[NBF]root.Data
2be1a30d35
[NBF]root.Data
2be1a30d36
[NBF]root.Data
2be1a30d37
[NBF]root.Data
2be1a30d38
[NBF]root.Data
2be1a30d39
[NBF]root.Data
2be1a30d4
[NBF]root.Data
2be1a30d40
[NBF]root.Data
2be1a30d41
[NBF]root.Data
2be1a30d5
[NBF]root.Data
2be1a30d6
[NBF]root.Data
2be1a30d7
[NBF]root.Data
2be1a30d8
[NBF]root.Data
2be1a30d9
[NBF]root.Data
Informations
Name
 Value
Module Name

done
Full Name

done
EntryPoint

System.Void Pm4w.e6X8::t0K2()
Scope Name

done
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

done
Assembly Version

2.7.11.4
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1329
Main Method

System.Void Pm4w.e6X8::t0K2()
Main IL Instruction Count

99
Main IL

nop <null> nop <null> newobj System.Void Pm4w.To62::.ctor() stloc.0 <null> newobj System.Void System.Object::.ctor() ldnull <null> ldstr CreateTab ldc.i4.2 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldstr segmen stelem.ref <null> dup <null> ldc.i4.1 <null> ldloc.0 <null> stelem.ref <null> dup <null> stloc.2 <null> ldnull <null> ldnull <null> ldc.i4.2 <null> newarr System.Boolean dup <null> ldc.i4.1 <null> ldc.i4.1 <null> stelem.i1 <null> dup <null> stloc.3 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) stloc.s V_4 ldloc.3 <null> ldc.i4.1 <null> ldelem.u1 <null> brtrue.s IL_0043: ldloc.2 br.s IL_0060: ldloc.s V_4 ldloc.2 <null> ldc.i4.1 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken Pm4w.To62 call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass Pm4w.To62 stloc.0 <null> ldloc.s V_4 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.1 <null> leave.s IL_00D7: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 nop <null> nop <null> ldc.i4 214 stloc.s V_6 br.s IL_00A2: ldloc.s V_6 ldloc.s V_6 ldc.i4.3 <null> mul.ovf <null> stloc.s V_6 ldloc.s V_6 ldc.i4.s 24 cgt <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_00A0: nop ldc.i4.s 24 stloc.s V_6 ldstr resources/985674 call System.Byte[] Pm4w.Be40Ksp7::Ae31EpFm(System.String) stloc.s V_7 nop <null> nop <null> nop <null> ldloc.s V_6 ldc.i4.s 24 rem <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_9 ldloc.s V_9 brtrue.s IL_007D: ldloc.s V_6 ldloc.s V_7 castclass System.Byte[] call System.Void Pm4w.To62::Hw38Lbo0(System.Byte[]) nop <null> leave.s IL_00CF: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CF: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00D7: nop nop <null> ret <null>
Module Name

done
Full Name

done
EntryPoint

System.Void Pm4w.e6X8::t0K2()
Scope Name

done
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

done
Assembly Version

2.7.11.4
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1329
Main Method

System.Void Pm4w.e6X8::t0K2()
Main IL Instruction Count

99
Main IL

nop <null> nop <null> newobj System.Void Pm4w.To62::.ctor() stloc.0 <null> newobj System.Void System.Object::.ctor() ldnull <null> ldstr CreateTab ldc.i4.2 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldstr segmen stelem.ref <null> dup <null> ldc.i4.1 <null> ldloc.0 <null> stelem.ref <null> dup <null> stloc.2 <null> ldnull <null> ldnull <null> ldc.i4.2 <null> newarr System.Boolean dup <null> ldc.i4.1 <null> ldc.i4.1 <null> stelem.i1 <null> dup <null> stloc.3 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) stloc.s V_4 ldloc.3 <null> ldc.i4.1 <null> ldelem.u1 <null> brtrue.s IL_0043: ldloc.2 br.s IL_0060: ldloc.s V_4 ldloc.2 <null> ldc.i4.1 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken Pm4w.To62 call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass Pm4w.To62 stloc.0 <null> ldloc.s V_4 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.1 <null> leave.s IL_00D7: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 nop <null> nop <null> ldc.i4 214 stloc.s V_6 br.s IL_00A2: ldloc.s V_6 ldloc.s V_6 ldc.i4.3 <null> mul.ovf <null> stloc.s V_6 ldloc.s V_6 ldc.i4.s 24 cgt <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_00A0: nop ldc.i4.s 24 stloc.s V_6 ldstr resources/985674 call System.Byte[] Pm4w.Be40Ksp7::Ae31EpFm(System.String) stloc.s V_7 nop <null> nop <null> nop <null> ldloc.s V_6 ldc.i4.s 24 rem <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_9 ldloc.s V_9 brtrue.s IL_007D: ldloc.s V_6 ldloc.s V_7 castclass System.Byte[] call System.Void Pm4w.To62::Hw38Lbo0(System.Byte[]) nop <null> leave.s IL_00CF: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CF: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00D7: nop nop <null> ret <null>
Artefacts
Name
 Value
URLs in VB Code - #1

http://ocsp.digicert.com0C
URLs in VB Code - #2

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #3

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
URLs in VB Code - #4

http://ocsp.digicert.com0A
URLs in VB Code - #5

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #7

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
URLs in VB Code - #8

http://ocsp.digicert.com0X
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
URLs in VB Code - #10

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
URLs in VB Code - #11

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
URLs in VB Code - #12

http://www.digicert.com/CPS0
URLs in VB Code - #13

http://ocsp.digicert.com0
URLs in VB Code - #14

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
debc5451a1cba0528327f95daa19982f (3.61 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙