Suspicious
Suspect

f1d68439e46ff4a4fb083dc89933f472

PE Executable
|
MD5: f1d68439e46ff4a4fb083dc89933f472
|
Size: 271.87 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
f1d68439e46ff4a4fb083dc89933f472
Sha1
3f7e5dbc8849f89b125be2ec0cb78456ef394c45
Sha256
4326cdbae0a4b8d8fc9a8c6fd24557dbc0d6407299eb8e6600ed4075e5b29ddd
Sha384
4a00a219c1d19c9bd48e6b40fd9c0fd355f0b95591d187c37ba5c31a0d0edfa3f5604300562d0fb4e7cd77ebb49fcd38
Sha512
f4459bd9669360cb9cbaaaa6c2263ae2eb6702e0aed39239265a16fdf560024d84783b0005ca9881b9d852c9280658b01321100b671ba679d641cd34a66cbda3
SSDeep
6144:S2tTCjxB0mm0yY9oS9hPNNxsGsqIqb4ePO3wgMthlAAOOsyRGQ9:Ar0mm0yp+x2LqbnGgPWqs9Q9
TLSH
6644138DB7CC0933F254D67C7FE5E91249B06789B210FBEAE42C7229A52B771015BA43

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f1d68439e46ff4a4fb083dc89933f472
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

DownloaderApp.exe
Full Name

DownloaderApp.exe
EntryPoint

System.Int32 <Module>::Main(System.String[])
Scope Name

DownloaderApp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DownloaderApp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1
Main Method

System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count

96
Main IL

ldc.i4 64620 pop <null> ldc.i4 64620 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() dup <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.1 <null> ldloc.0 <null> ldc.i4 -1834129892 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.2 <null> ldloca.s V_2 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.3 <null> ldstr koi ldloc.3 <null> callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) ldloc.3 <null> ldc.i4.0 <null> ldloc.3 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_2 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.1 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) dup <null> callvirt System.Type[] System.Reflection.Module::GetTypes() pop <null> ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) dup <null> callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_4 ldloc.s V_4 ldlen <null> brfalse.s IL_00D9: ldnull ldloc.s V_4 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldnull <null> ldloc.s V_4 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_5 ldloc.s V_5 isinst System.Int32 brfalse.s IL_00F4: ldc.i4.0 ldloc.s V_5 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>
Module Name

DownloaderApp.exe
Full Name

DownloaderApp.exe
EntryPoint

System.Int32 <Module>::Main(System.String[])
Scope Name

DownloaderApp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DownloaderApp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1
Main Method

System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count

96
Main IL

ldc.i4 64620 pop <null> ldc.i4 64620 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() dup <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.1 <null> ldloc.0 <null> ldc.i4 -1834129892 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.2 <null> ldloca.s V_2 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.3 <null> ldstr koi ldloc.3 <null> callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) ldloc.3 <null> ldc.i4.0 <null> ldloc.3 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_2 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.1 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) dup <null> callvirt System.Type[] System.Reflection.Module::GetTypes() pop <null> ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) dup <null> callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_4 ldloc.s V_4 ldlen <null> brfalse.s IL_00D9: ldnull ldloc.s V_4 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldnull <null> ldloc.s V_4 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_5 ldloc.s V_5 isinst System.Int32 brfalse.s IL_00F4: ldc.i4.0 ldloc.s V_5 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
f1d68439e46ff4a4fb083dc89933f472 (271.87 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙