Suspicious
Suspect

ecf8ce650cbe9fbfc6696f568cc817b8

PE Executable
|
MD5: ecf8ce650cbe9fbfc6696f568cc817b8
|
Size: 92.16 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
ecf8ce650cbe9fbfc6696f568cc817b8
Sha1
6dcbb9974c95dde50aa82469db249c9fb4ec9f35
Sha256
5d3f6e64b57051bb8e3c6a540b46bafb98ff9274368b652b340f5071c664e421
Sha384
273b4e95e41f3d3432b23433c19c06fec1629bda5f27f26d85d1faf708bc2e29152819a2a033d59ac0a327330adf2c89
Sha512
eb9a1f5232784e21cc2df34ca025b79c80d6777244b8bd136c101af59347fd0b3f1a4d77bef8fd2baa0fc6d525af5e227c66650f5994e29fdcb0a63d7a049ca1
SSDeep
1536:n3bh64ywT4nCh4q/AL0vbrc09BerseB+YzB1h91SjDviYIv0Qf266/ql2:n3bc4BT4y4q/A89BeF+YzB1hXeiYY0Ik
TLSH
D493C07EC5D0ECD0CB8B26B49DB6FBD600AFCE937D161B0DB188328526707486F69914
File Structure
ecf8ce650cbe9fbfc6696f568cc817b8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_VERSION
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

GeneratedExe.exe
Full Name

GeneratedExe.exe
EntryPoint

System.Void Program::Main()
Scope Name

GeneratedExe.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GeneratedExe
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

5
Main Method

System.Void Program::Main()
Main IL Instruction Count

104
Main IL

nop <null> ldc.i4 13294 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>/__StaticArrayInitTypeSize=13294 <PrivateImplementationDetails>::02403E06C40AE6EA7FC3100545BEF5FDB7092ED15239C2AD3D427DE693EC05E4 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Collections.Generic.Dictionary`2<System.String,System.Int32> Program::InitializeData() stloc.1 <null> ldloc.1 <null> call System.Int32 Program::ProcessData(System.Collections.Generic.Dictionary`2<System.String,System.Int32>) stloc.2 <null> ldloc.2 <null> call System.Void Program::Cleanup(System.Int32) nop <null> call System.String System.IO.Path::GetTempPath() call System.Guid System.Guid::NewGuid() stloc.s V_4 ldloca.s V_4 constrained. System.Guid callvirt System.String System.Object::ToString() ldstr .bat call System.String System.String::Concat(System.String,System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> nop <null> ldloc.3 <null> ldloc.0 <null> call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) nop <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.s V_6 ldloc.s V_6 ldstr cmd.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) nop <null> ldloc.s V_6 ldstr /C " ldloc.3 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) nop <null> ldloc.s V_6 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) nop <null> ldloc.s V_6 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) nop <null> ldloc.s V_6 ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) nop <null> ldloc.s V_6 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_RedirectStandardOutput(System.Boolean) nop <null> ldloc.s V_6 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_RedirectStandardError(System.Boolean) nop <null> ldloc.s V_6 stloc.s V_5 ldloc.s V_5 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_7 nop <null> ldloc.s V_7 callvirt System.IO.StreamReader System.Diagnostics.Process::get_StandardOutput() callvirt System.String System.IO.TextReader::ReadToEnd() stloc.s V_8 ldloc.s V_7 callvirt System.IO.StreamReader System.Diagnostics.Process::get_StandardError() callvirt System.String System.IO.TextReader::ReadToEnd() stloc.s V_9 ldloc.s V_7 callvirt System.Void System.Diagnostics.Process::WaitForExit() nop <null> nop <null> leave.s IL_00F8: nop ldloc.s V_7 brfalse.s IL_00F7: endfinally ldloc.s V_7 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> leave.s IL_010E: ret nop <null> nop <null> ldloc.3 <null> call System.Void System.IO.File::Delete(System.String) nop <null> nop <null> leave.s IL_010C: nop pop <null> nop <null> nop <null> leave.s IL_010C: nop nop <null> endfinally <null> ret <null>
ecf8ce650cbe9fbfc6696f568cc817b8 (92.16 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙