Suspicious
Suspect

e3c9cd7e607d6a8c22ca2da8fcfdd85f

PE Executable
|
MD5: e3c9cd7e607d6a8c22ca2da8fcfdd85f
|
Size: 827.39 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e3c9cd7e607d6a8c22ca2da8fcfdd85f
Sha1
2e50b8c9cadd76b33344d5a376f0e5c35c393305
Sha256
65ec55211eab69a9e13861594366ec8e679afd34866893fc7a5c34976e379da0
Sha384
e73ca64d5fdd7b999f04e313148e330a9eb8a9a130bfc47984f07e8a44748472dead2219cf4038999903a0d4e3511cb5
Sha512
8b07fcb5371af3ee085e98ee5f3c00b6d4649c56ec5a70e807b9a988fbf4c8c3f5dc8e39fedde44092c68b4f2648c6281c23971d7b1616084a14f14868f45e81
SSDeep
12288:ly2bUA/D/PVle8cpRKyYaqQs8pBmnI7DTSFi14A:l3UAurKyYas8pBm
TLSH
4005428C7E50E80EDF0BFC7F8AA5D1348B3169925E92810160D5AAFD872737574A6B3C

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e3c9cd7e607d6a8c22ca2da8fcfdd85f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yearatcqywbv
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::esvCmuzU(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1462
Main Method

System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::esvCmuzU(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 2662 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2675 ceq <null> brfalse IL_0076: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 call System.Double System.Math::Floor(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6003.477121254719 ldc.r8 3000 call System.Double System.Math::Log10(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2678 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2678 ceq <null> brfalse IL_0097: nop call System.Void DmabmUld.qkgcVBYvlQO::neCBWdUFSYqvICG() ldc.r8 2683 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2671 ceq <null> brfalse IL_00B8: nop call System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::lYyMqpnAHgaZN() ldc.r8 2675 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2662 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2671 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2683 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::esvCmuzU(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1462
Main Method

System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::esvCmuzU(System.String[])
Main IL Instruction Count

57
Main IL

ldc.r8 2662 stloc.0 <null> br IL_00EC: br IL_000F nop <null> ldloc.0 <null> ldc.r8 2675 ceq <null> brfalse IL_0076: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2000 ldc.r8 2000 call System.Double System.Math::Floor(System.Double) add <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6003.477121254719 ldc.r8 3000 call System.Double System.Math::Log10(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 2678 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2678 ceq <null> brfalse IL_0097: nop call System.Void DmabmUld.qkgcVBYvlQO::neCBWdUFSYqvICG() ldc.r8 2683 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2671 ceq <null> brfalse IL_00B8: nop call System.Void CSDvvvFGrtV.zGWbCkkYoYIgt::lYyMqpnAHgaZN() ldc.r8 2675 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2662 ceq <null> brfalse IL_00D5: nop nop <null> ldc.r8 2671 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 2683 ceq <null> brfalse IL_00EC: br IL_000F br IL_00F1: ret br IL_000F: nop ret <null>
e3c9cd7e607d6a8c22ca2da8fcfdd85f (827.39 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙