Suspicious
Suspect

e74dc3f1c5fd8e9c4d37c70e2aa446aa

PE Executable
|
MD5: e74dc3f1c5fd8e9c4d37c70e2aa446aa
|
Size: 2.95 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e74dc3f1c5fd8e9c4d37c70e2aa446aa
Sha1
399eab884ab25f0e0e4aafa6d2c29d338d9c410b
Sha256
b3b29bb015dcf4d167651ac1da563b9c6cf9bdfdaf344d6a9a017907b5ac48d1
Sha384
6b31a8bc722d407f5b2f2bc815c24953ce91b6c72076f2025ad05d0df11ea043aead495cc2a5722995ff48492d0512f7
Sha512
c8fbd1f97f4c7e2fc5e7a8dfd48cfec37a963eea6ad4a231afe24e4b80050cdb1471151c35f49c8e81a0fa5e2462ce43c2af6dde2e6885bad7efea72f53951e0
SSDeep
12288:rEurMymkL9f4QtDkeAoAmJa1ey7B0HXH:royma9f4Q9ka3A1l7G3
TLSH
73D58B3DDE18112ED2B7D23DD1864906E8D84F6F223CAC4651C73E4B685A542B8AB3DF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e74dc3f1c5fd8e9c4d37c70e2aa446aa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
M_a9i7xR3Nrkke.eMx2zx5F4oA.resources
893a7cba8f552d.Resources.resources
f1f3b7f70
[NBF]root.Data
f1f3b7f71
[NBF]root.Data
f1f3b7f710
[NBF]root.Data
f1f3b7f711
[NBF]root.Data
f1f3b7f712
[NBF]root.Data
f1f3b7f713
[NBF]root.Data
f1f3b7f714
[NBF]root.Data
f1f3b7f715
[NBF]root.Data
f1f3b7f716
[NBF]root.Data
f1f3b7f717
[NBF]root.Data
f1f3b7f718
[NBF]root.Data
f1f3b7f719
[NBF]root.Data
f1f3b7f72
[NBF]root.Data
f1f3b7f720
[NBF]root.Data
f1f3b7f721
[NBF]root.Data
f1f3b7f722
[NBF]root.Data
f1f3b7f723
[NBF]root.Data
f1f3b7f724
[NBF]root.Data
f1f3b7f725
[NBF]root.Data
f1f3b7f73
[NBF]root.Data
f1f3b7f74
[NBF]root.Data
f1f3b7f75
[NBF]root.Data
f1f3b7f76
[NBF]root.Data
f1f3b7f77
[NBF]root.Data
f1f3b7f78
[NBF]root.Data
f1f3b7f79
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

M_a9i7xR3Nrkke
Full Name

M_a9i7xR3Nrkke
EntryPoint

System.Void M_a9i7xR3Nrkke.Je8k5M::0rtYPd()
Scope Name

M_a9i7xR3Nrkke
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

M_a9i7xR3Nrkke
Assembly Version

5.21.36.192
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

16
Main Method

System.Void M_a9i7xR3Nrkke.Je8k5M::0rtYPd()
Main IL Instruction Count

77
Main IL

nop <null> newobj System.Void M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> newobj System.Void M_a9i7xR3Nrkke.eMx2zx5F4oA::.ctor() dup <null> ldc.i4.s 100 ldc.i4 200 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Size(System.Drawing.Size) nop <null> stloc.1 <null> ldloc.0 <null> newobj System.Void M_a9i7xR3Nrkke.Je8k5M::.ctor() dup <null> ldc.i4 1000 ldc.i4 500 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> stfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK ldloc.1 <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Int32 System.Windows.Forms.Control::get_Width() conv.r8 <null> ldc.r8 2 div <null> ldloc.1 <null> callvirt System.Int32 System.Windows.Forms.Control::get_Width() conv.r8 <null> ldc.r8 2 div <null> sub <null> call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Int32 System.Windows.Forms.Control::get_Height() conv.r8 <null> ldc.r8 2 div <null> ldloc.1 <null> callvirt System.Int32 System.Windows.Forms.Control::get_Height() conv.r8 <null> ldc.r8 2 div <null> sub <null> call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() callvirt System.Void System.Windows.Forms.Control/ControlCollection::Clear() nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.1 <null> callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK ldloc.0 <null> ldftn System.Void M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::Kjx5k1Lqbx(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Load(System.EventHandler) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

M_a9i7xR3Nrkke
Full Name

M_a9i7xR3Nrkke
EntryPoint

System.Void M_a9i7xR3Nrkke.Je8k5M::0rtYPd()
Scope Name

M_a9i7xR3Nrkke
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

M_a9i7xR3Nrkke
Assembly Version

5.21.36.192
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

16
Main Method

System.Void M_a9i7xR3Nrkke.Je8k5M::0rtYPd()
Main IL Instruction Count

77
Main IL

nop <null> newobj System.Void M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> newobj System.Void M_a9i7xR3Nrkke.eMx2zx5F4oA::.ctor() dup <null> ldc.i4.s 100 ldc.i4 200 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Size(System.Drawing.Size) nop <null> stloc.1 <null> ldloc.0 <null> newobj System.Void M_a9i7xR3Nrkke.Je8k5M::.ctor() dup <null> ldc.i4 1000 ldc.i4 500 newobj System.Void System.Drawing.Size::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Form::set_Size(System.Drawing.Size) nop <null> stfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK ldloc.1 <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Int32 System.Windows.Forms.Control::get_Width() conv.r8 <null> ldc.r8 2 div <null> ldloc.1 <null> callvirt System.Int32 System.Windows.Forms.Control::get_Width() conv.r8 <null> ldc.r8 2 div <null> sub <null> call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Int32 System.Windows.Forms.Control::get_Height() conv.r8 <null> ldc.r8 2 div <null> ldloc.1 <null> callvirt System.Int32 System.Windows.Forms.Control::get_Height() conv.r8 <null> ldc.r8 2 div <null> sub <null> call System.Double System.Math::Round(System.Double) conv.ovf.i4 <null> newobj System.Void System.Drawing.Point::.ctor(System.Int32,System.Int32) callvirt System.Void System.Windows.Forms.Control::set_Location(System.Drawing.Point) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() callvirt System.Void System.Windows.Forms.Control/ControlCollection::Clear() nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK callvirt System.Windows.Forms.Control/ControlCollection System.Windows.Forms.Control::get_Controls() ldloc.1 <null> callvirt System.Void System.Windows.Forms.Control/ControlCollection::Add(System.Windows.Forms.Control) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK ldloc.0 <null> ldftn System.Void M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::Kjx5k1Lqbx(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.Windows.Forms.Form::add_Load(System.EventHandler) nop <null> ldloc.0 <null> ldfld M_a9i7xR3Nrkke.Je8k5M M_a9i7xR3Nrkke.Je8k5M/nt9W0Zbbf7dSFt.jAz1w3Ei::0Dyjs4qM2fK call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
e74dc3f1c5fd8e9c4d37c70e2aa446aa (2.95 MB)
File Structure
e74dc3f1c5fd8e9c4d37c70e2aa446aa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
M_a9i7xR3Nrkke.eMx2zx5F4oA.resources
893a7cba8f552d.Resources.resources
f1f3b7f70
[NBF]root.Data
f1f3b7f71
[NBF]root.Data
f1f3b7f710
[NBF]root.Data
f1f3b7f711
[NBF]root.Data
f1f3b7f712
[NBF]root.Data
f1f3b7f713
[NBF]root.Data
f1f3b7f714
[NBF]root.Data
f1f3b7f715
[NBF]root.Data
f1f3b7f716
[NBF]root.Data
f1f3b7f717
[NBF]root.Data
f1f3b7f718
[NBF]root.Data
f1f3b7f719
[NBF]root.Data
f1f3b7f72
[NBF]root.Data
f1f3b7f720
[NBF]root.Data
f1f3b7f721
[NBF]root.Data
f1f3b7f722
[NBF]root.Data
f1f3b7f723
[NBF]root.Data
f1f3b7f724
[NBF]root.Data
f1f3b7f725
[NBF]root.Data
f1f3b7f73
[NBF]root.Data
f1f3b7f74
[NBF]root.Data
f1f3b7f75
[NBF]root.Data
f1f3b7f76
[NBF]root.Data
f1f3b7f77
[NBF]root.Data
f1f3b7f78
[NBF]root.Data
f1f3b7f79
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙