Suspicious
Suspect

ea06fcf8cc00700003b61556d3c23e47

PE Executable
|
MD5: ea06fcf8cc00700003b61556d3c23e47
|
Size: 1.28 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
ea06fcf8cc00700003b61556d3c23e47
Sha1
8cb33bd33b3bc6938a7c5f0f0e42928db4fd4c55
Sha256
8e428ed7bec47c35783cca6568a6a8f8d5229669d1cce764d30ecac9ff9c28d4
Sha384
bc30be9a119b5535bf9e5add2adb24b285097ee80014aa861297e4fd23eab73d7002578de3ee9fbc623222e5741c99b7
Sha512
b9ae0a91978d5d2c79eff8c92080195c0219677cfe8442760afed57a3c02a301344c69075a2a43284a2d5e0c72bb4fd9a90047589476aa153bf67c3d43ca6719
SSDeep
24576:E/QyYYNRHYm9Ph6WE4n54NpojZ6tm48YG1KObi3G:rudPh6WP5oOj94p4D
TLSH
3855D00A12D28A64F4BB9B38D3F5452443F8BD1B9635E76E3B4B12F89F1274A9502373

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
ea06fcf8cc00700003b61556d3c23e47
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Cerkagofan.habadegar
6DocedW3.Resources.resources
b67a226cef3e53.Resources.resources
0193d2ef0
[NBF]root.Data
0193d2ef1
[NBF]root.Data
0193d2ef10
[NBF]root.Data
0193d2ef11
[NBF]root.Data
0193d2ef12
[NBF]root.Data
0193d2ef13
[NBF]root.Data
0193d2ef14
[NBF]root.Data
0193d2ef15
[NBF]root.Data
0193d2ef16
[NBF]root.Data
0193d2ef17
[NBF]root.Data
0193d2ef18
[NBF]root.Data
0193d2ef19
[NBF]root.Data
0193d2ef2
[NBF]root.Data
0193d2ef20
[NBF]root.Data
0193d2ef21
[NBF]root.Data
0193d2ef22
[NBF]root.Data
0193d2ef23
[NBF]root.Data
0193d2ef24
[NBF]root.Data
0193d2ef25
[NBF]root.Data
0193d2ef26
[NBF]root.Data
0193d2ef27
[NBF]root.Data
0193d2ef28
[NBF]root.Data
0193d2ef29
[NBF]root.Data
0193d2ef3
[NBF]root.Data
0193d2ef30
[NBF]root.Data
0193d2ef31
[NBF]root.Data
0193d2ef32
[NBF]root.Data
0193d2ef33
[NBF]root.Data
0193d2ef34
[NBF]root.Data
0193d2ef35
[NBF]root.Data
0193d2ef36
[NBF]root.Data
0193d2ef37
[NBF]root.Data
0193d2ef4
[NBF]root.Data
0193d2ef5
[NBF]root.Data
0193d2ef6
[NBF]root.Data
0193d2ef7
[NBF]root.Data
0193d2ef8
[NBF]root.Data
0193d2ef9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

6DocedW3
Full Name

6DocedW3
EntryPoint

System.Void 6DocedW3.zm8FTay23/iXa8tm4YP_a3.Wqx1o::Qnf3mJ6()
Scope Name

6DocedW3
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

6DocedW3
Assembly Version

6.4.25.124
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void 6DocedW3.zm8FTay23/iXa8tm4YP_a3.Wqx1o::Qnf3mJ6()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void 6DocedW3.0jbHrL7/cc2Ji9Ejom4.Tx5aqNa7D::Gm3zc8Pd7yoA(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
Module Name

6DocedW3
Full Name

6DocedW3
EntryPoint

System.Void 6DocedW3.zm8FTay23/iXa8tm4YP_a3.Wqx1o::Qnf3mJ6()
Scope Name

6DocedW3
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

6DocedW3
Assembly Version

6.4.25.124
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

993
Main Method

System.Void 6DocedW3.zm8FTay23/iXa8tm4YP_a3.Wqx1o::Qnf3mJ6()
Main IL Instruction Count

91
Main IL

nop <null> nop <null> newobj System.Void System.Windows.Forms.Form::.ctor() stloc.0 <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.s 20 stloc.1 <null> newobj System.Void System.Collections.Generic.List`1<System.Int32>::.ctor() stloc.2 <null> ldloc.1 <null> stloc.s V_7 ldc.i4.1 <null> stloc.s V_8 br.s IL_002E: ldloc.s V_8 ldloc.2 <null> ldloc.s V_8 callvirt System.Void System.Collections.Generic.List`1<System.Int32>::Add(System.Int32) nop <null> ldloc.s V_8 ldc.i4.1 <null> add.ovf <null> stloc.s V_8 ldloc.s V_8 ldloc.s V_7 ble.s IL_001F: ldloc.2 ldstr FacilityOptima.Core stloc.3 <null> ldstr 2.4.1 stloc.s V_4 call System.Guid System.Guid::NewGuid() stloc.s V_9 ldloca.s V_9 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.s 12 callvirt System.String System.String::Substring(System.Int32,System.Int32) stloc.s V_5 ldloc.2 <null> callvirt System.Int32 System.Collections.Generic.List`1<System.Int32>::get_Count() ldloc.1 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_10 ldloc.s V_10 brfalse.s IL_0078: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> nop <null> nop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr FacilityOptima ldstr Cache call System.String System.IO.Path::Combine(System.String,System.String,System.String) stloc.s V_6 ldloc.s V_6 call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_11 ldloc.s V_11 brfalse.s IL_00AA: nop ldloc.s V_6 call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 40 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr habadegar call System.Void 6DocedW3.0jbHrL7/cc2Ji9Ejom4.Tx5aqNa7D::Gm3zc8Pd7yoA(System.String) nop <null> call System.Void System.GC::Collect() nop <null> call System.Void System.GC::WaitForPendingFinalizers() nop <null> leave.s IL_00E0: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: nop nop <null> ret <null>
ea06fcf8cc00700003b61556d3c23e47 (1.28 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙