agentWebSaves.exe
PE Executable | MD5: e445665faf3ae1bc3e8cbd68b3d29a0b | Size: 2.05 MB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | e445665faf3ae1bc3e8cbd68b3d29a0b
|
| Sha1 | 915f4e6668b0ff621d1fd770732c7c22cef7e46a
|
| Sha256 | f9875282eec8dd6f9c8586ecc389cb28816c9feb7ce4ddff6720c47c4942d380
|
| Sha384 | ba702940e0484e12a458e59e662c14f70216b108c58f19076a284d5866339fc3fd35e66bedffc2bd33a62c53ec8daf9d
|
| Sha512 | 65c238c632463058dadc97efc09ad14d0fa3f4953cf8a5c67b236f3cfc03e6b8623fff095ad3547e9574daa89cbb3ec5165019c9d6034f3d64befc2ef6fc7c5e
|
| SSDeep | 49152:gF2tzxZ8+KP2e5fAtQDifQ4JG49Jn7w6WgP:gkRVy58hYKZMh2
|
| TLSH | 5D95BF1665925F32C7642B318697013D82D0DB627A52EB0F391F24D3A90BBF4EB725B3
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | pxqDsBPmp0nY |
| Full Name | pxqDsBPmp0nY |
| EntryPoint | System.Void YDBwNFGm1SSKG8rPncp.PvBx9UGkRReOlIfGcAi::NUfGr0bct9() |
| Scope Name | pxqDsBPmp0nY |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SGxDUr5uRrbW2X9YcTIdUkMi5E |
| Assembly Version | 4.1.5.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 47 |
| Main Method | System.Void YDBwNFGm1SSKG8rPncp.PvBx9UGkRReOlIfGcAi::NUfGr0bct9() |
| Main IL Instruction Count | 42 |
| Main IL | ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_003F: ret call System.Void IUECOs2XoYrySYDQXS8.GUHVTU2Z7juFX2GQ25R::LxYMQzgOKZc() ldc.i4 2 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) ret <null> ldnull <null> ldnull <null> newobj System.Void BvZpSymOiZLJ7AiWe1E.pLkZq1m1kXrUUuAJfwd::.ctor(System.String,System.String) call System.Void mVHT5oM5X0YTqgASA0i.anrnSFMGa8uMVW947aO::MgPMbTxvlW(BvZpSymOiZLJ7AiWe1E.pLkZq1m1kXrUUuAJfwd) ldc.i4 4 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) newobj System.Void HuKITN4V0N0FIhOpMaF.CYDZnn473LN8IUefAwm::.ctor() pop <null> ldc.i4 1 ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_4695e75213294d1ca38fb99b3b9c1fef brfalse IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) pop <null> ldc.i4 1 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) ldc.i4 -872993570 not <null> ldc.i4 1319432118 xor <null> ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_a0a864a59d0243d6966fb0b42d7c3f47 xor <null> call System.String CarjwfKZ7oSnkr7FP86.ymRgqlKlBklY4v6Q64G::hyIKw4KGGm(System.Int32) newobj System.Void vskXmkT6V190Gwcm19S.OeVo0CTVGDoCfbMwNWP::.ctor(System.String) call System.Void vskXmkT6V190Gwcm19S.OeVo0CTVGDoCfbMwNWP::MRFTu9Hqem() ldc.i4 0 ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_8fc4ea82d4fa4b1998db36b8932d552a brfalse IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) pop <null> ldc.i4 0 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) |
| Module Name | pxqDsBPmp0nY |
| Full Name | pxqDsBPmp0nY |
| EntryPoint | System.Void YDBwNFGm1SSKG8rPncp.PvBx9UGkRReOlIfGcAi::NUfGr0bct9() |
| Scope Name | pxqDsBPmp0nY |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SGxDUr5uRrbW2X9YcTIdUkMi5E |
| Assembly Version | 4.1.5.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 47 |
| Main Method | System.Void YDBwNFGm1SSKG8rPncp.PvBx9UGkRReOlIfGcAi::NUfGr0bct9() |
| Main IL Instruction Count | 42 |
| Main IL | ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_003F: ret call System.Void IUECOs2XoYrySYDQXS8.GUHVTU2Z7juFX2GQ25R::LxYMQzgOKZc() ldc.i4 2 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) ret <null> ldnull <null> ldnull <null> newobj System.Void BvZpSymOiZLJ7AiWe1E.pLkZq1m1kXrUUuAJfwd::.ctor(System.String,System.String) call System.Void mVHT5oM5X0YTqgASA0i.anrnSFMGa8uMVW947aO::MgPMbTxvlW(BvZpSymOiZLJ7AiWe1E.pLkZq1m1kXrUUuAJfwd) ldc.i4 4 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) newobj System.Void HuKITN4V0N0FIhOpMaF.CYDZnn473LN8IUefAwm::.ctor() pop <null> ldc.i4 1 ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_4695e75213294d1ca38fb99b3b9c1fef brfalse IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) pop <null> ldc.i4 1 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) ldc.i4 -872993570 not <null> ldc.i4 1319432118 xor <null> ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_a0a864a59d0243d6966fb0b42d7c3f47 xor <null> call System.String CarjwfKZ7oSnkr7FP86.ymRgqlKlBklY4v6Q64G::hyIKw4KGGm(System.Int32) newobj System.Void vskXmkT6V190Gwcm19S.OeVo0CTVGDoCfbMwNWP::.ctor(System.String) call System.Void vskXmkT6V190Gwcm19S.OeVo0CTVGDoCfbMwNWP::MRFTu9Hqem() ldc.i4 0 ldsfld <Module>{be6370de-4523-4d40-80cf-b2974ee23972} <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_85666c85b19d49359c6fb397e04190a6 ldfld System.Int32 <Module>{be6370de-4523-4d40-80cf-b2974ee23972}::m_8fc4ea82d4fa4b1998db36b8932d552a brfalse IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) pop <null> ldc.i4 0 br IL_0012: switch(IL_003F,IL_0040,IL_0056,IL_0030,IL_007B) |