Suspicious
Suspect

f7ed4269b2e61d7d0700632262682d4f

PE Executable
|
MD5: f7ed4269b2e61d7d0700632262682d4f
|
Size: 972.29 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
f7ed4269b2e61d7d0700632262682d4f
Sha1
0ab615ba3b2f5bdedfa86a1a5e579b1171cd16b5
Sha256
fa859b7665e5676ac7d00c5d81d122897ab1abcb434a4321517e8b92fa19f4f4
Sha384
3002df581c2bddb9eb33fd2e657c9526ae2d0b8a33a410d83b2faa9447c2ac8dfad9a8c26f3c26655deb21b9f998857d
Sha512
f7b5c99a7b7ff17a2c396d7ae180aa870314a092bc615dbc9d1f50533a586e5f1466b05dca10a6a959db4fb6d53ef132753e70d2ee4a86bee1282d90a4991c9b
SSDeep
12288:0pYaxYhRMykk7CdKdrBCQ9n399wNJDvwjlSWqAklAi6X5hVKYWnE26gF:02SqyOCdk99Otv810SX5rJW2
TLSH
0F25F12A27D88F40E07F9B7855B1005413FBBD4ACF22D7DD6D985DE87A21781A923363

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f7ed4269b2e61d7d0700632262682d4f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0032
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Kairolytix.DTnolina
7iaHNe4gq2r.Resources.resources
68ed35b1ae348b.Resources.resources
7280878b0
[NBF]root.Data
7280878b1
[NBF]root.Data
7280878b10
[NBF]root.Data
7280878b11
[NBF]root.Data
7280878b12
[NBF]root.Data
7280878b13
[NBF]root.Data
7280878b14
[NBF]root.Data
7280878b15
[NBF]root.Data
7280878b16
[NBF]root.Data
7280878b17
[NBF]root.Data
7280878b18
[NBF]root.Data
7280878b19
[NBF]root.Data
7280878b2
[NBF]root.Data
7280878b20
[NBF]root.Data
7280878b21
[NBF]root.Data
7280878b22
[NBF]root.Data
7280878b23
[NBF]root.Data
7280878b24
[NBF]root.Data
7280878b25
[NBF]root.Data
7280878b3
[NBF]root.Data
7280878b4
[NBF]root.Data
7280878b5
[NBF]root.Data
7280878b6
[NBF]root.Data
7280878b7
[NBF]root.Data
7280878b8
[NBF]root.Data
7280878b9
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

7iaHNe4gq2r
Full Name

7iaHNe4gq2r
EntryPoint

System.Void 7iaHNe4gq2r.tf7Wb1::Hxk25KaqGcg3()
Scope Name

7iaHNe4gq2r
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

7iaHNe4gq2r
Assembly Version

19.8.18.287
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

674
Main Method

System.Void 7iaHNe4gq2r.tf7Wb1::Hxk25KaqGcg3()
Main IL Instruction Count

87
Main IL

nop <null> nop <null> ldc.i4.s 25 stloc.0 <null> ldloc.0 <null> ldc.i4.s 23 add.ovf <null> ldc.i4.s 25 div <null> ldc.i4.s 25 mul.ovf <null> stloc.0 <null> ldloc.0 <null> ldc.i4.1 <null> sub.ovf <null> ldc.i4.1 <null> add.ovf <null> newarr System.Object stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Diagnostics.FileVersionInfo System.Diagnostics.FileVersionInfo::GetVersionInfo(System.String) callvirt System.String System.Diagnostics.FileVersionInfo::get_FileVersion() stloc.2 <null> ldloc.2 <null> call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_7 ldloc.s V_7 brfalse.s IL_0042: ldc.i4.s 26 ldstr 1.0.0.0 stloc.2 <null> ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr SystemTools call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_006B: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 80 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr DTnolina stloc.s V_4 ldloc.s V_4 call System.Object 7iaHNe4gq2r.tf7Wb1::wn4BrHf(System.String) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_5 ldloc.s V_5 ldnull <null> ceq <null> stloc.s V_9 ldloc.s V_9 brfalse.s IL_0096: ldloc.s V_5 leave.s IL_00CC: nop ldloc.s V_5 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 7iaHNe4gq2r.tf7Wb1::9Frjs4Sg(System.Object) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_6 ldloc.1 <null> ldloc.0 <null> ldc.i4.1 <null> sub.ovf <null> ldloc.s V_6 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stelem.ref <null> ldloc.1 <null> ldloc.0 <null> call System.Void 7iaHNe4gq2r.tf7Wb1::xZq2sz3TqR(System.Object[],System.Int32) nop <null> leave.s IL_00CC: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CC: nop nop <null> ret <null>
Module Name

7iaHNe4gq2r
Full Name

7iaHNe4gq2r
EntryPoint

System.Void 7iaHNe4gq2r.tf7Wb1::Hxk25KaqGcg3()
Scope Name

7iaHNe4gq2r
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

7iaHNe4gq2r
Assembly Version

19.8.18.287
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

674
Main Method

System.Void 7iaHNe4gq2r.tf7Wb1::Hxk25KaqGcg3()
Main IL Instruction Count

87
Main IL

nop <null> nop <null> ldc.i4.s 25 stloc.0 <null> ldloc.0 <null> ldc.i4.s 23 add.ovf <null> ldc.i4.s 25 div <null> ldc.i4.s 25 mul.ovf <null> stloc.0 <null> ldloc.0 <null> ldc.i4.1 <null> sub.ovf <null> ldc.i4.1 <null> add.ovf <null> newarr System.Object stloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() callvirt System.String System.Reflection.Assembly::get_Location() call System.Diagnostics.FileVersionInfo System.Diagnostics.FileVersionInfo::GetVersionInfo(System.String) callvirt System.String System.Diagnostics.FileVersionInfo::get_FileVersion() stloc.2 <null> ldloc.2 <null> call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_7 ldloc.s V_7 brfalse.s IL_0042: ldc.i4.s 26 ldstr 1.0.0.0 stloc.2 <null> ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr SystemTools call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> call System.Boolean System.IO.Directory::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_8 ldloc.s V_8 brfalse.s IL_006B: nop ldloc.3 <null> call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> nop <null> nop <null> ldc.i4.s 80 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldstr DTnolina stloc.s V_4 ldloc.s V_4 call System.Object 7iaHNe4gq2r.tf7Wb1::wn4BrHf(System.String) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_5 ldloc.s V_5 ldnull <null> ceq <null> stloc.s V_9 ldloc.s V_9 brfalse.s IL_0096: ldloc.s V_5 leave.s IL_00CC: nop ldloc.s V_5 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object 7iaHNe4gq2r.tf7Wb1::9Frjs4Sg(System.Object) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_6 ldloc.1 <null> ldloc.0 <null> ldc.i4.1 <null> sub.ovf <null> ldloc.s V_6 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stelem.ref <null> ldloc.1 <null> ldloc.0 <null> call System.Void 7iaHNe4gq2r.tf7Wb1::xZq2sz3TqR(System.Object[],System.Int32) nop <null> leave.s IL_00CC: nop call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CC: nop nop <null> ret <null>
f7ed4269b2e61d7d0700632262682d4f (972.29 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙