Suspicious
Suspect

e4562f290c84240ff91d97daac392357

PE Executable
|
MD5: e4562f290c84240ff91d97daac392357
|
Size: 507.68 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
e4562f290c84240ff91d97daac392357
Sha1
65771a26c55a9620ba4827812209504f6bc0d608
Sha256
26adf732be63c8bc0f0efc3ea21dbe8ac4f81f258ff52873a00caa88fc1fdcc8
Sha384
4046a096f672eaa0856a782903fd273ddd5b35f43c54363970d0d57bb9c717e8351e7d6c1dbdca14d03e90fa5403c3b3
Sha512
3825bbb3ad791e1b69b5fa1f1210de17ca2f4a158ad8be78e9d160c95b246ea46ebf2f040f7f6c74f341da830b7fe0bca5c2d9562f928ccea513a6eae5321957
SSDeep
6144:7nArtNVcKngZTVb5FM+7ciJczVFKAPLpgFgiM61:kr3VqBb5aykKAFgvM61
TLSH
3BB49ADD695029FBCC3F47E4130D87894AFF97B1B29B8CC9A8851A57CC4E0678509E8E
File Structure
e4562f290c84240ff91d97daac392357
[Authenticode]_249816da.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
j34ytje.Properties.Resources.resources
j34ytje.ehtgoiuqchwetq
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x7A600 size 6432 bytes
Info

PDB Path: C:\work\cryptor_c\real_exe\E1\obj\Release\j34ytje.pdb
Module Name

j34ytje.exe
Full Name

j34ytje.exe
EntryPoint

System.Void up4oevyj8utpweu.Program::Main()
Scope Name

j34ytje.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j34ytje
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

10
Main Method

System.Void up4oevyj8utpweu.Program::Main()
Main IL Instruction Count

59
Main IL

ldsfld System.String System.String::Empty pop <null> ldc.i4.3 <null> newarr System.Char dup <null> ldtoken <PrivateImplementationDetails>/__StaticArrayInitTypeSize=6 <PrivateImplementationDetails>::58FF2E9091C6F11944C244873D6D1F512FFE83E4019C12BB96113923E3FF420F call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) newobj System.Void System.String::.ctor(System.Char[]) pop <null> ldc.i4.0 <null> stloc.3 <null> br.s IL_002B: ldloc.3 ldc.i4.0 <null> call System.Void up4oevyj8utpweu.Program::EndDoc(System.Int32) ldloc.3 <null> ldc.i4.1 <null> add <null> stloc.3 <null> ldloc.3 <null> ldc.i4 14235123 blt.un.s IL_0021: ldc.i4.0 call System.Void up4oevyj8utpweu.Program::hithjdhwg() call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldstr j34ytje.ehtgoiuqchwetq callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) dup <null> stloc.2 <null> stloc.s V_4 ldloc.2 <null> callvirt System.Int64 System.IO.Stream::get_Length() conv.ovf.i <null> newarr System.Byte stloc.1 <null> ldloc.2 <null> newobj System.Void System.IO.BinaryReader::.ctor(System.IO.Stream) callvirt System.UInt32 System.IO.BinaryReader::ReadUInt32() stloc.0 <null> ldloc.2 <null> ldloc.1 <null> ldc.i4.0 <null> ldloc.1 <null> ldlen <null> conv.i4 <null> ldc.i4.4 <null> sub <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldc.r8 12 newobj System.Void up4oevyj8utpweu.drhvnerhvg::.ctor(System.Double) ldloc.1 <null> ldloc.0 <null> callvirt System.Void up4oevyj8utpweu.drhvnerhvg::ejweuhqp4(System.Byte[],System.UInt32) leave.s IL_0095: ret ldloc.s V_4 brfalse.s IL_0094: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
e4562f290c84240ff91d97daac392357 (507.68 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙