Suspicious
Suspect

f68a81a8dcf57ce0dbb5f4853b0bf95e

PE Executable
|
MD5: f68a81a8dcf57ce0dbb5f4853b0bf95e
|
Size: 1.64 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
f68a81a8dcf57ce0dbb5f4853b0bf95e
Sha1
3758be222203d10284c89e01006f660f03ab02e6
Sha256
e73cc325529d9cc0db1a8f76f6231cb37f3f30fe4e22008a99ea9792f37dc105
Sha384
2f248c0b7b7b80ba68eb1ffdc2c42d0dfcce79d5d579c16ce1ad8a5f4fd347fd0872478bccd6cc098c5970d4a5ae5c41
Sha512
7d34f9b1207186702fe9598e56bb307943fe1dd7f93b6fd12fd6a2c677853f0908fbbad05730363323f0666652a04f8359da585b95d550cb65dce1586b4641d1
SSDeep
24576:YFqYflPCmQui1rBgc+9io4nc/I887O9GL52AXTg7yo:IBYus3o4czGO9GtZ
TLSH
D775D02E2ACF445CD0D1DF789B3237D407B0943758F2D3577B8C53B8EA266A56A8C292

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f68a81a8dcf57ce0dbb5f4853b0bf95e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
xQb09mrKDw.Resources.resources
xQb09mrKDw.g.resources
6341534a872c26.Resources.resources
ec45de660
[NBF]root.Data
ec45de661
[NBF]root.Data
ec45de6610
[NBF]root.Data
ec45de6611
[NBF]root.Data
ec45de6612
[NBF]root.Data
ec45de6613
[NBF]root.Data
ec45de6614
[NBF]root.Data
ec45de6615
[NBF]root.Data
ec45de6616
[NBF]root.Data
ec45de6617
[NBF]root.Data
ec45de6618
[NBF]root.Data
ec45de6619
[NBF]root.Data
ec45de662
[NBF]root.Data
ec45de6620
[NBF]root.Data
ec45de6621
[NBF]root.Data
ec45de6622
[NBF]root.Data
ec45de6623
[NBF]root.Data
ec45de6624
[NBF]root.Data
ec45de6625
[NBF]root.Data
ec45de6626
[NBF]root.Data
ec45de6627
[NBF]root.Data
ec45de6628
[NBF]root.Data
ec45de6629
[NBF]root.Data
ec45de663
[NBF]root.Data
ec45de6630
[NBF]root.Data
ec45de6631
[NBF]root.Data
ec45de6632
[NBF]root.Data
ec45de6633
[NBF]root.Data
ec45de6634
[NBF]root.Data
ec45de6635
[NBF]root.Data
ec45de6636
[NBF]root.Data
ec45de6637
[NBF]root.Data
ec45de6638
[NBF]root.Data
ec45de6639
[NBF]root.Data
ec45de664
[NBF]root.Data
ec45de6640
[NBF]root.Data
ec45de6641
[NBF]root.Data
ec45de665
[NBF]root.Data
ec45de666
[NBF]root.Data
ec45de667
[NBF]root.Data
ec45de668
[NBF]root.Data
ec45de669
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

xQb09mrKDw
Full Name

xQb09mrKDw
EntryPoint

System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH()
Scope Name

xQb09mrKDw
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

xQb09mrKDw
Assembly Version

4.1.21.98
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH()
Main IL Instruction Count

198
Main IL

nop <null> call System.Boolean System.Diagnostics.Debugger::get_IsAttached() stloc.0 <null> br.s IL_0009: ldc.i4.2 ldc.i4.2 <null> stloc.s V_11 ldloc.s V_11 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0045: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> ldc.r8 0 stloc.1 <null> ldc.i4.0 <null> stloc.s V_6 ldc.i4.7 <null> stloc.s V_11 br.s IL_000C: ldloc.s V_11 ldloc.1 <null> ldloc.s V_6 conv.r8 <null> ldc.r8 0.01 mul <null> call System.Double System.Math::Sin(System.Double) ldloc.s V_6 conv.r8 <null> ldc.r8 0.015 mul <null> call System.Double System.Math::Cos(System.Double) ldsfld System.Char[] Dir5cq.kBo2xy6TKf::Fd0e1pf ldc.i4 259 ldsfld System.Char[] Dir5cq.kBo2xy6TKf::Fd0e1pf ldc.i4 259 ldelem.u2 <null> ldsfld System.Int32[] 9xwSX7wn2o.Pxx7w::gn5Pa8Dm ldc.i4.1 <null> ldelem.i4 <null> add <null> ldc.i4.s 91 and <null> stelem.i2 <null> mul <null> add <null> stloc.1 <null> ldc.i4.1 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldloc.s V_6 ldc.i4.1 <null> add.ovf <null> stloc.s V_6 ldloc.s V_6 ldc.i4 5000 ble.s IL_00CD: ldc.i4.7 ldc.i4.5 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldc.i4.7 <null> br.s IL_00C6: stloc.s V_11 nop <null> ldc.i4.2 <null> ldnull <null> ldc.i4 1802201017 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) stloc.2 <null> ldc.i4 214 stloc.3 <null> ldloc.3 <null> call System.Object yr9KL6q.2MmyotN51::0weWZs9oj5rTcQ(System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_4 ldc.i4.0 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldloc.s V_4 castclass System.Byte[] call System.Void mNk0zb1HDwg56d.rQr6Pj::Lbd8f9iH(System.Byte[]) nop <null> ldloc.2 <null> call System.Boolean System.Diagnostics.EventLog::SourceExists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_011D: ldc.i4.8 ldc.i4.3 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldc.i4.8 <null> br.s IL_0116: stloc.s V_11 ldloc.2 <null> nop <null> ldc.i4.0 <null> ldc.i4.0 <null> ldc.i4 2079714478 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) call System.Void System.Diagnostics.EventLog::CreateEventSource(System.String,System.String) nop <null> nop <null> ldc.i4.8 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 nop <null> nop <null> ldc.i4.2 <null> ldc.i4.0 <null> ldc.i4 2079714476 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_5 ldloc.s V_5 ldloc.2 <null> callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) ldc.i4.6 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 nop <null> ldloc.s V_5 nop <null> ldc.i4.6 <null> ldnull <null> ldc.i4 1802200978 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) ldc.i4.4 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave IL_0237: br.s IL_0239 br.s IL_0180: br.s IL_0182 br.s IL_0182: dup dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 nop <null> br.s IL_018D: ldc.i4.3 ldc.i4.3 <null> stloc.s V_13 ldloc.s V_13 switch dnlib.DotNet.Emit.Instruction[] br.s IL_01B1: nop nop <null> nop <null> ldc.i4.4 <null> ldc.i4.6 <null> ldc.i4 2079714474 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_9 ldloc.s V_9 nop <null> ldc.i4.5 <null> ldnull <null> ldc.i4 1802201022 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) ldc.i4.0 <null> stloc.s V_13 br.s IL_0190: ldloc.s V_13 nop <null> ldloc.s V_9 nop <null> ldc.i4 2021873792 ldc.i4 187 ldc.i4.3 <null> call System.String Gdg9ar1ZRit07.Rn9xbnE4::jBz3rc9L5qHpxM(System.Int32,System.Char,System.Int32) ldc.i4.2 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_020D: br.s IL_020F br.s IL_01FE: br.s IL_0200 br.s IL_0200: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_020D: br.s IL_020F br.s IL_020F: ldc.i4.3 ldc.i4.3 <null> stloc.s V_15 ldloc.s V_15 switch dnlib.DotNet.Emit.Instruction[] br.s IL_022F: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0237: br.s IL_0239 br.s IL_0239: ldc.i4.0 ldc.i4.0 <null> stloc.s V_17 ldloc.s V_17 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0259: nop nop <null> ret <null> ldtoken System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH() pop <null> ret <null>
Module Name

xQb09mrKDw
Full Name

xQb09mrKDw
EntryPoint

System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH()
Scope Name

xQb09mrKDw
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

xQb09mrKDw
Assembly Version

4.1.21.98
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH()
Main IL Instruction Count

198
Main IL

nop <null> call System.Boolean System.Diagnostics.Debugger::get_IsAttached() stloc.0 <null> br.s IL_0009: ldc.i4.2 ldc.i4.2 <null> stloc.s V_11 ldloc.s V_11 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0045: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> ldc.r8 0 stloc.1 <null> ldc.i4.0 <null> stloc.s V_6 ldc.i4.7 <null> stloc.s V_11 br.s IL_000C: ldloc.s V_11 ldloc.1 <null> ldloc.s V_6 conv.r8 <null> ldc.r8 0.01 mul <null> call System.Double System.Math::Sin(System.Double) ldloc.s V_6 conv.r8 <null> ldc.r8 0.015 mul <null> call System.Double System.Math::Cos(System.Double) ldsfld System.Char[] Dir5cq.kBo2xy6TKf::Fd0e1pf ldc.i4 259 ldsfld System.Char[] Dir5cq.kBo2xy6TKf::Fd0e1pf ldc.i4 259 ldelem.u2 <null> ldsfld System.Int32[] 9xwSX7wn2o.Pxx7w::gn5Pa8Dm ldc.i4.1 <null> ldelem.i4 <null> add <null> ldc.i4.s 91 and <null> stelem.i2 <null> mul <null> add <null> stloc.1 <null> ldc.i4.1 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldloc.s V_6 ldc.i4.1 <null> add.ovf <null> stloc.s V_6 ldloc.s V_6 ldc.i4 5000 ble.s IL_00CD: ldc.i4.7 ldc.i4.5 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldc.i4.7 <null> br.s IL_00C6: stloc.s V_11 nop <null> ldc.i4.2 <null> ldnull <null> ldc.i4 1802201017 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) stloc.2 <null> ldc.i4 214 stloc.3 <null> ldloc.3 <null> call System.Object yr9KL6q.2MmyotN51::0weWZs9oj5rTcQ(System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_4 ldc.i4.0 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldloc.s V_4 castclass System.Byte[] call System.Void mNk0zb1HDwg56d.rQr6Pj::Lbd8f9iH(System.Byte[]) nop <null> ldloc.2 <null> call System.Boolean System.Diagnostics.EventLog::SourceExists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_7 ldloc.s V_7 brfalse.s IL_011D: ldc.i4.8 ldc.i4.3 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 ldc.i4.8 <null> br.s IL_0116: stloc.s V_11 ldloc.2 <null> nop <null> ldc.i4.0 <null> ldc.i4.0 <null> ldc.i4 2079714478 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) call System.Void System.Diagnostics.EventLog::CreateEventSource(System.String,System.String) nop <null> nop <null> ldc.i4.8 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 nop <null> nop <null> ldc.i4.2 <null> ldc.i4.0 <null> ldc.i4 2079714476 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_5 ldloc.s V_5 ldloc.2 <null> callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) ldc.i4.6 <null> stloc.s V_11 br IL_000C: ldloc.s V_11 nop <null> ldloc.s V_5 nop <null> ldc.i4.6 <null> ldnull <null> ldc.i4 1802200978 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) ldc.i4.4 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave IL_0237: br.s IL_0239 br.s IL_0180: br.s IL_0182 br.s IL_0182: dup dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 nop <null> br.s IL_018D: ldc.i4.3 ldc.i4.3 <null> stloc.s V_13 ldloc.s V_13 switch dnlib.DotNet.Emit.Instruction[] br.s IL_01B1: nop nop <null> nop <null> ldc.i4.4 <null> ldc.i4.6 <null> ldc.i4 2079714474 call System.String Gdg9ar1ZRit07.Rn9xbnE4::1SngkwD0x(System.Int32,System.Int32,System.Int32) newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.s V_9 ldloc.s V_9 nop <null> ldc.i4.5 <null> ldnull <null> ldc.i4 1802201022 call System.String Gdg9ar1ZRit07.Rn9xbnE4::Xk2p5TrqabQ8(System.Int32,System.String,System.Int32) callvirt System.Void System.Diagnostics.EventLog::set_Source(System.String) ldc.i4.0 <null> stloc.s V_13 br.s IL_0190: ldloc.s V_13 nop <null> ldloc.s V_9 nop <null> ldc.i4 2021873792 ldc.i4 187 ldc.i4.3 <null> call System.String Gdg9ar1ZRit07.Rn9xbnE4::jBz3rc9L5qHpxM(System.Int32,System.Char,System.Int32) ldc.i4.2 <null> callvirt System.Void System.Diagnostics.EventLog::WriteEntry(System.String,System.Diagnostics.EventLogEntryType) nop <null> leave.s IL_020D: br.s IL_020F br.s IL_01FE: br.s IL_0200 br.s IL_0200: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_020D: br.s IL_020F br.s IL_020F: ldc.i4.3 ldc.i4.3 <null> stloc.s V_15 ldloc.s V_15 switch dnlib.DotNet.Emit.Instruction[] br.s IL_022F: nop nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0237: br.s IL_0239 br.s IL_0239: ldc.i4.0 ldc.i4.0 <null> stloc.s V_17 ldloc.s V_17 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0259: nop nop <null> ret <null> ldtoken System.Void mNk0zb1HDwg56d.rQr6Pj/4z_JA.Tjx5p4_SG::gSs8Tg7szeH() pop <null> ret <null>
f68a81a8dcf57ce0dbb5f4853b0bf95e (1.64 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙