Suspicious
Suspect

e18728d041017faf1761d6e2c50334ad

PE Executable
|
MD5: e18728d041017faf1761d6e2c50334ad
|
Size: 583.68 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e18728d041017faf1761d6e2c50334ad
Sha1
2304c96154b0ea3e60f4643606b9153a67dfc03c
Sha256
3d71d379cd6ae2f310790df0437da79892156c4f7daf026cd83acadc45127373
Sha384
adb63c6defafd4117b740275ff6daaadb87de3b35efa220deaa0bd67e194a830fa7e1071186abe8ae3717f4e529b843d
Sha512
41d15b70432ed2fa4ad53b7f2d4acccdc8ef372724a6852f3bbb3fe16e909e28dba960535ade2245b3a52b0563a9cf8a21a63f08f25154b0a4bbe1102e487a64
SSDeep
12288:+hVK1TSlKkyINHYiiHNcu0RsTwfmspIU5WgW1QS1ORCu0ee+YT:4VTlhte0aTw958QS4Rhs
TLSH
DCC4235073F9AAE0CEE0C6B9C8EB58056771EE271D2FD67D48CE5B4858B1BE640C9220

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e18728d041017faf1761d6e2c50334ad
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ortftu.Properties.Resources.resources
Vtvlqc
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ortftu.exe
Full Name

Ortftu.exe
EntryPoint

System.Void Ortftu.Xrcreaxs::Main()
Scope Name

Ortftu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ortftu
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Ortftu.Xrcreaxs::Main()
Main IL Instruction Count

79
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Ortftu.Properties.Ulywibhu::get_Vtvlqc() ldsfld System.Byte[] iFmDkqTRDxFcSDmDrF.ajPE4E5gCOUgsRJiOK::VkxmxavFU ldsfld System.Byte[] iFmDkqTRDxFcSDmDrF.ajPE4E5gCOUgsRJiOK::p0qlB3IAD call System.Byte[] Ortftu.Xrcreaxs::Wrrj0LC03(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 ldc.i4 7 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_4e6b35430c1a410f9370841dacf94aa3 brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 2 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) br IL_0054: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0054: ldloc V_0 br IL_0119: leave IL_0005 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00EF: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 br IL_008F: br IL_00EF br IL_00EF: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_f488718dbc0f4b2aa1b1f797ba71604c brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 8 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_00BF: nop nop <null> ldloc.s V_2 ldstr M2V5nWnjP ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00DA: leave IL_007C leave IL_007C: ldloc.s V_1 pop <null> br IL_00E5: leave IL_007C leave IL_007C: ldloc.s V_1 br IL_007C: ldloc.s V_1 ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00B3: ldloc.s V_3 ldc.i4 0 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_5b196d0dc90b4d7fa211220f347a9021 brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 3 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) leave IL_0005: ret pop <null> br IL_0124: leave IL_0005 leave IL_0005: ret br IL_0005: ret
Module Name

Ortftu.exe
Full Name

Ortftu.exe
EntryPoint

System.Void Ortftu.Xrcreaxs::Main()
Scope Name

Ortftu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ortftu
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Ortftu.Xrcreaxs::Main()
Main IL Instruction Count

79
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Ortftu.Properties.Ulywibhu::get_Vtvlqc() ldsfld System.Byte[] iFmDkqTRDxFcSDmDrF.ajPE4E5gCOUgsRJiOK::VkxmxavFU ldsfld System.Byte[] iFmDkqTRDxFcSDmDrF.ajPE4E5gCOUgsRJiOK::p0qlB3IAD call System.Byte[] Ortftu.Xrcreaxs::Wrrj0LC03(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 ldc.i4 7 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_4e6b35430c1a410f9370841dacf94aa3 brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 2 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) br IL_0054: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0054: ldloc V_0 br IL_0119: leave IL_0005 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00EF: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 br IL_008F: br IL_00EF br IL_00EF: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_f488718dbc0f4b2aa1b1f797ba71604c brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 8 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_00BF: nop nop <null> ldloc.s V_2 ldstr M2V5nWnjP ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00DA: leave IL_007C leave IL_007C: ldloc.s V_1 pop <null> br IL_00E5: leave IL_007C leave IL_007C: ldloc.s V_1 br IL_007C: ldloc.s V_1 ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00B3: ldloc.s V_3 ldc.i4 0 ldsfld <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4} <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_d65932956f46434e94df87266c56b2b8 ldfld System.Int32 <Module>{3c497db4-9ffd-4202-abb8-985c9da8ecf4}::m_5b196d0dc90b4d7fa211220f347a9021 brfalse IL_0058: switch(IL_0119,IL_00B3,IL_0087) pop <null> ldc.i4 3 br IL_0058: switch(IL_0119,IL_00B3,IL_0087) leave IL_0005: ret pop <null> br IL_0124: leave IL_0005 leave IL_0005: ret br IL_0005: ret
e18728d041017faf1761d6e2c50334ad (583.68 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙