Suspicious
Suspect

e568556824e0b145e1d1d072b61b0ae1

PE Executable
|
MD5: e568556824e0b145e1d1d072b61b0ae1
|
Size: 1.28 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
e568556824e0b145e1d1d072b61b0ae1
Sha1
daa6a7c5b3e46353968609e73a9cb475b8fa7d67
Sha256
14fb9a33ac9ff99dfb0106400ea813b3cebeb4dfa601ddd6d5a0f19a5599fb02
Sha384
70fdafa0fb25a0bdd78929e822483b0b5efcf82a076433d414eb9104b6701c28aec45bf6f76498a0378325c3904277dc
Sha512
8a40be89ad4e264eb4497bd1022e379a46a63af11250b78a9d31488a1cb94eb05a7f860f70c3fca8fa455c2414a55ecd2040a57f59fd248bbba23de7f79eb57f
SSDeep
24576:DPAqhCllVkoav+HJUN0uuT7uutGf7ATY9Tu/NNGK7:zBhCn2+CqJ7If2Yp+H
TLSH
3F55E01A4DC72BE5C16F4F74D2A5009863F0C64BA292E7FB1EDD02F4DE6274AD9170A2
File Structure
e568556824e0b145e1d1d072b61b0ae1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Hq4q7rkFG3.Resources.resources
Hq4q7rkFG3.g.resources
b9194f64bb546f.Resources.resources
46cbceb80
[NBF]root.Data
46cbceb81
[NBF]root.Data
46cbceb810
[NBF]root.Data
46cbceb811
[NBF]root.Data
46cbceb812
[NBF]root.Data
46cbceb813
[NBF]root.Data
46cbceb814
[NBF]root.Data
46cbceb815
[NBF]root.Data
46cbceb816
[NBF]root.Data
46cbceb817
[NBF]root.Data
46cbceb818
[NBF]root.Data
46cbceb819
[NBF]root.Data
46cbceb82
[NBF]root.Data
46cbceb820
[NBF]root.Data
46cbceb821
[NBF]root.Data
46cbceb822
[NBF]root.Data
46cbceb823
[NBF]root.Data
46cbceb824
[NBF]root.Data
46cbceb825
[NBF]root.Data
46cbceb826
[NBF]root.Data
46cbceb827
[NBF]root.Data
46cbceb828
[NBF]root.Data
46cbceb829
[NBF]root.Data
46cbceb83
[NBF]root.Data
46cbceb830
[NBF]root.Data
46cbceb831
[NBF]root.Data
46cbceb832
[NBF]root.Data
46cbceb833
[NBF]root.Data
46cbceb834
[NBF]root.Data
46cbceb835
[NBF]root.Data
46cbceb836
[NBF]root.Data
46cbceb837
[NBF]root.Data
46cbceb838
[NBF]root.Data
46cbceb839
[NBF]root.Data
46cbceb84
[NBF]root.Data
46cbceb85
[NBF]root.Data
46cbceb86
[NBF]root.Data
46cbceb87
[NBF]root.Data
46cbceb88
[NBF]root.Data
46cbceb89
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Hq4q7rkFG3
Full Name

Hq4q7rkFG3
EntryPoint

System.Void yWr23oNng9.7NbtaeF9Kw3f1q/Kom7qH3isn.Hci8ka1G4f::ox5R9Kiqn3JjBg()
Scope Name

Hq4q7rkFG3
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hq4q7rkFG3
Assembly Version

26.8.9.169
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void yWr23oNng9.7NbtaeF9Kw3f1q/Kom7qH3isn.Hci8ka1G4f::ox5R9Kiqn3JjBg()
Main IL Instruction Count

241
Main IL

ldc.i4.4 <null> stloc.s V_19 ldloc.s V_19 switch dnlib.DotNet.Emit.Instruction[] nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.1 <null> ldc.i4.s 25 stloc.2 <null> ldc.i4 826790 box System.Int32 stloc.3 <null> ldsfld System.String yWr23oNng9.7NbtaeF9Kw3f1q::Hoz17W stloc.s V_4 ldc.i4.5 <null> stloc.s V_19 br.s IL_0003: ldloc.s V_19 ldloc.s V_4 call System.String yWr23oNng9.7NbtaeF9Kw3f1q::7Wfsq9eM(System.String) stloc.s V_5 ldloc.s V_5 call System.Byte[] cd0ZA7tfe.cf6Q4Y::Azc3aH5(System.String) ldloc.3 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Conversions::ToInteger(System.Object) call System.Object cd0ZA7tfe.cf6Q4Y/7NqbL.tRt6rr::Dbq8mz2M7cGpfj(System.Byte[],System.Int32) ldnull <null> nop <null> ldc.i4 600987052 ldc.i4.4 <null> ldnull <null> call System.String ti3EA.4LdoBx2jfGj7e::bg4SH1aaq(System.Int32,System.Int32,System.Reflection.Assembly) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_6 ldc.i4.s 9 stloc.s V_19 br IL_0003: ldloc.s V_19 ldc.i4.3 <null> stloc.s V_7 ldc.i4.7 <null> stloc.0 <null> nop <null> ldloc.s V_7 ldc.i4.3 <null> beq.s IL_00B6: ldc.i4.1 ldc.i4.s 11 stloc.s V_19 br IL_0003: ldloc.s V_19 ldc.i4.1 <null> br.s IL_00AF: stloc.s V_19 ldc.i4.s 10 stloc.s V_19 br IL_0003: ldloc.s V_19 nop <null> ldloc.s V_6 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_8 ldc.i4.s 10 stloc.s V_19 br IL_0003: ldloc.s V_19 nop <null> ldc.i4.s 9 stloc.0 <null> ldsfld System.String 0QwcDjb48HcaF.Gs4_z0/La4a0KwjE.iw3FNeq/Yo3xcbZ7o8.Sq9p1Yad::5XpdTp8xw nop <null> ldc.i4 600988254 ldc.i4.8 <null> ldnull <null> call System.String ti3EA.4LdoBx2jfGj7e::bg4SH1aaq(System.Int32,System.Int32,System.Reflection.Assembly) nop <null> ldc.i4.s 31 ldc.i4.0 <null> ldc.i4 624317114 ldtoken yWr23oNng9.7NbtaeF9Kw3f1q/pSj7Ef0m.5ErdGef2zY call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.String ti3EA.4LdoBx2jfGj7e::Pb1fy4E(System.Byte,System.Int32,System.Int32,System.Type) callvirt System.String System.String::Replace(System.String,System.String) stloc.s V_9 ldc.i4.0 <null> stloc.s V_19 br IL_0003: ldloc.s V_19 ldtoken System.Reflection.Assembly call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Reflection.MethodInfo[] System.Type::GetMethods() stloc.s V_10 ldc.i4.0 <null> stloc.s V_11 ldloc.s V_10 stloc.s V_12 ldc.i4.0 <null> stloc.s V_13 br IL_0289: ldloc.s V_13 ldloc.s V_12 ldloc.s V_13 ldelem.ref <null> stloc.s V_14 ldloc.s V_14 callvirt System.String System.Reflection.MemberInfo::get_Name() ldloc.s V_9 ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> ceq <null> stloc.s V_15 ldc.i4.7 <null> stloc.s V_19 br IL_0003: ldloc.s V_19 ldloc.s V_15 brfalse IL_027C: nop br.s IL_015E: ldc.i4.4 ldc.i4.4 <null> stloc.s V_21 ldloc.s V_21 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0186: nop nop <null> ldloc.s V_14 ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_16 ldc.i4.0 <null> stloc.s V_21 br.s IL_0161: ldloc.s V_21 ldloc.s V_16 ldnull <null> nop <null> ldc.i4.s 24 ldc.i4.4 <null> ldc.i4 624318461 ldtoken 0QwcDjb48HcaF.Gs4_z0/La4a0KwjE.iw3FNeq/Xmt9bg8ZA0qq.4YxyTb call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.String ti3EA.4LdoBx2jfGj7e::Pb1fy4E(System.Byte,System.Int32,System.Int32,System.Type) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.s 25 box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) ldnull <null> nop <null> ldnull <null> ldc.i4 153 ldc.i4.4 <null> ldc.i4 1679274750 call System.String ti3EA.4LdoBx2jfGj7e/o_7S9X.3Sxig2FiNg1on::7YmxQf2(System.Reflection.Assembly,System.Char,System.Int32,System.Int32) ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldc.i4.0 <null> box System.Int32 stelem.ref <null> ldnull <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateIndexGet(System.Object,System.Object[],System.String[]) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object yWr23oNng9.7NbtaeF9Kw3f1q/Kom7qH3isn.Hci8ka1G4f::Pq7xzHg4ac1W(System.Object) pop <null> ldc.i4.6 <null> stloc.s V_21 br IL_0161: ldloc.s V_21 ldc.i4.1 <null> stloc.s V_11 leave IL_029F: ldc.i4.4 br.s IL_0238: br.s IL_023A br.s IL_023A: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0247: br.s IL_0249 br.s IL_0249: ldc.i4.7 ldc.i4.7 <null> stloc.s V_23 ldloc.s V_23 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0275: nop nop <null> nop <null> ldc.i4.6 <null> stloc.s V_23 br.s IL_024C: ldloc.s V_23 nop <null> nop <null> ldloc.s V_13 ldc.i4.1 <null> add.ovf <null> stloc.s V_13 ldc.i4.3 <null> stloc.s V_23 br.s IL_024C: ldloc.s V_23 ldloc.s V_13 ldloc.s V_12 ldlen <null> conv.i4 <null> clt <null> stloc.s V_17 ldloc.s V_17 brtrue IL_0132: ldloc.s V_12 ldc.i4.1 <null> stloc.s V_23 br.s IL_024C: ldloc.s V_23 ldc.i4.4 <null> stloc.0 <null> ldc.i4.4 <null> stloc.0 <null> ldsfld System.Byte[] Eii0aP6ptcM8.Kdo2w::br8QsSt3mc5ZBn ldc.i4 508 ldsfld System.Byte[] Pp8i4Rnje.Yno9wg5::eGx25giMQd1p ldc.i4 212 ldelem.u1 <null> stelem.i1 <null> ret <null> ldtoken System.Void yWr23oNng9.7NbtaeF9Kw3f1q/Kom7qH3isn.Hci8ka1G4f::ox5R9Kiqn3JjBg() pop <null> ret <null>
e568556824e0b145e1d1d072b61b0ae1 (1.28 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙