Suspicious
Suspect

e4801944e20936680e452f94f1bb0d72

PE Executable
|
MD5: e4801944e20936680e452f94f1bb0d72
|
Size: 422.4 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e4801944e20936680e452f94f1bb0d72
Sha1
4a40952e0a8e984e5ead411fcf1e6985f3686aa2
Sha256
9967e313faf2ba6e1de18e7a4a8d7134cca1701f51e41d913a93370577a583ab
Sha384
4b4ac70a029279658cc48bb5c4a1a5b8ce79721bcdb595ddc0eb4805d662093f8689ec009325673dc66c3e7343b3f633
Sha512
71f4c9d104cb7a1eafd9de62b84ba9edafcfc25ee4c7c8a08f48a0ffe5263f8435e324bbebdef5278f334f59ecfe451b8221e210d8e6cc0ab8e145d350a88821
SSDeep
6144:oxbf5bYRC6lCNFee6VlWT8b96UWCkWsHwmf19bYMkQjM3aP:ohGHy4PVle84ykpbf1ZhSa
TLSH
9F94B20CFE91F805DE1E3DB3CBE614044B7125C12E229652364AAFFE8B6537658E25BC

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e4801944e20936680e452f94f1bb0d72
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
catbovgghxac
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

DSsnoserV3.exe
Full Name

DSsnoserV3.exe
EntryPoint

System.Void sEOMQUqv.sFpXXOwP::esPamNsBqPIXHa(System.String[])
Scope Name

DSsnoserV3.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DSsnoserV3
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1141
Main Method

System.Void sEOMQUqv.sFpXXOwP::esPamNsBqPIXHa(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 3358 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 3376 ceq <null> brfalse IL_0024: nop call System.Void rzTpeMSniYh.xeYHGlIyKm::AxaRbHfEqJeEQ() ldc.i4 3384 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3370 ceq <null> brfalse IL_0083: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 6000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 5999.775346957946 ldc.r8 3000 call System.Double System.Math::Tan(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 3376 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3366 ceq <null> brfalse IL_009C: nop call System.Void sEOMQUqv.sFpXXOwP::BXqIoOZGrHFhD() ldc.i4 3370 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3358 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 3366 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3384 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
Module Name

DSsnoserV3.exe
Full Name

DSsnoserV3.exe
EntryPoint

System.Void sEOMQUqv.sFpXXOwP::esPamNsBqPIXHa(System.String[])
Scope Name

DSsnoserV3.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DSsnoserV3
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1141
Main Method

System.Void sEOMQUqv.sFpXXOwP::esPamNsBqPIXHa(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 3358 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 3376 ceq <null> brfalse IL_0024: nop call System.Void rzTpeMSniYh.xeYHGlIyKm::AxaRbHfEqJeEQ() ldc.i4 3384 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3370 ceq <null> brfalse IL_0083: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 6000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 5999.775346957946 ldc.r8 3000 call System.Double System.Math::Tan(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 3376 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3366 ceq <null> brfalse IL_009C: nop call System.Void sEOMQUqv.sFpXXOwP::BXqIoOZGrHFhD() ldc.i4 3370 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3358 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 3366 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 3384 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
e4801944e20936680e452f94f1bb0d72 (422.4 KB)
File Structure
e4801944e20936680e452f94f1bb0d72
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
catbovgghxac
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙