Suspicious
Suspect

e6b94c6b7f9fc977aa8c5ee478ff4671

PE Executable
|
MD5: e6b94c6b7f9fc977aa8c5ee478ff4671
|
Size: 837.47 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e6b94c6b7f9fc977aa8c5ee478ff4671
Sha1
0db726ff4e0f48056d196947555afc7d9c9c8448
Sha256
c774a62fa56e4930e80406e63c6d93e84fc62d991575d9f53832229fc12a6aa5
Sha384
d5b35b34954e18f1584a3d7d1f6dd644a931f69de988cd2c980f3b9ae2af744a8ac0cc2f9f9d3a141c4cb2389e0c2ad6
Sha512
c0141bbd1f5e751ab2ebf405137d72cc66851377e3564aa83227acef533af6fa510d6a7dfc2098ba74ae6196e23143997ebdb730308796b16dd4f0d4e73e2124
SSDeep
12288:sjZ5861IjJQPVle85OtX8RGt/sxqa2GqrTkNml9IXbYJWY/G5:sn861IjJKOZ8RGtUxqa2uNml9IsJWYG
TLSH
1B05800CBEB0E8C0CD19A9738AE5D4043B315D81AF11B672AD157EE9FB7636215A21FC

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e6b94c6b7f9fc977aa8c5ee478ff4671
[Authenticode]_5470982c.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hrclxljpdhhd
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xB1400 size 111456 bytes
Module Name

adwcleaner.exe
Full Name

adwcleaner.exe
EntryPoint

System.Void oCZZgMvVCCO.PSdNyFcgioNxX::VUMpIxvOCIHS(System.String[])
Scope Name

adwcleaner.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

adwcleaner
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1686
Main Method

System.Void oCZZgMvVCCO.PSdNyFcgioNxX::VUMpIxvOCIHS(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 4562 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 4579 ceq <null> brfalse IL_006A: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 6000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6000.219189974283 ldc.r8 3000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 4581 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4581 ceq <null> brfalse IL_0083: nop call System.Void FrovUKbJB.KjoDnxewiDP::wISughzOHOLTF() ldc.i4 4586 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4574 ceq <null> brfalse IL_009C: nop call System.Void oCZZgMvVCCO.PSdNyFcgioNxX::cHkJPieQeAqQyK() ldc.i4 4579 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4562 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 4574 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4586 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
Module Name

adwcleaner.exe
Full Name

adwcleaner.exe
EntryPoint

System.Void oCZZgMvVCCO.PSdNyFcgioNxX::VUMpIxvOCIHS(System.String[])
Scope Name

adwcleaner.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

adwcleaner
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1686
Main Method

System.Void oCZZgMvVCCO.PSdNyFcgioNxX::VUMpIxvOCIHS(System.String[])
Main IL Instruction Count

57
Main IL

ldc.i4 4562 stloc.0 <null> br IL_00C4: br IL_000B nop <null> ldloc.0 <null> ldc.i4 4579 ceq <null> brfalse IL_006A: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 6000 ldc.r8 2000 call System.Double System.Math::Ceiling(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.r8 6000.219189974283 ldc.r8 3000 call System.Double System.Math::Sin(System.Double) sub <null> call System.Int32 System.Convert::ToInt32(System.Double) callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 4581 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4581 ceq <null> brfalse IL_0083: nop call System.Void FrovUKbJB.KjoDnxewiDP::wISughzOHOLTF() ldc.i4 4586 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4574 ceq <null> brfalse IL_009C: nop call System.Void oCZZgMvVCCO.PSdNyFcgioNxX::cHkJPieQeAqQyK() ldc.i4 4579 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4562 ceq <null> brfalse IL_00B1: nop nop <null> ldc.i4 4574 stloc.0 <null> nop <null> ldloc.0 <null> ldc.i4 4586 ceq <null> brfalse IL_00C4: br IL_000B br IL_00C9: ret br IL_000B: nop ret <null>
e6b94c6b7f9fc977aa8c5ee478ff4671 (837.47 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙