f99fa9d56880301b4819bf769150d0ea

PE Executable
|
MD5: f99fa9d56880301b4819bf769150d0ea
|
Size: 1.46 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	f99fa9d56880301b4819bf769150d0ea
Sha1	ee4dc820b59f4d7c7b2e42dd889cd6e5e2e2c46c
Sha256	b7897827242addbf963c57f44ae4a2623cdd56c00935e30c9bd2231fa8eb8b31
Sha384	083fb11817726e6b1c81cac04ac24ef4a34ecb69bfd0787d0d18aa8d7532b077d498dae483ead1881c1b5c6cdfcc13c9
Sha512	c2d48d75ce8160d3c65326d5fd6d6d2ae6e16aef6bd52b03d92317bbf639cd63a84b795abcc1b01e29ab8ceee02aa8e4893f6428b217b1bc78af608a721e0946
SSDeep	24576:pwkaiyDjyRzTjgFjsxIL5nR5f99Ukk6PHpC11OnACh55Xl:p7aJDOlTAjs2BoDgJC11aFl
TLSH	A865F107B9CD16E1C88C96399E6AF33C2375AD00A077CD457C8AF609453A7265AF393E

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Dry-Dock Specifications
Full Name	Dry-Dock Specifications
EntryPoint	System.Void Dry-DockSpecifications.Audit.AdaptableAuditor::PatchAuditor()
Scope Name	Dry-Dock Specifications
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Dry-Dock Specifications
Assembly Version	1.0.4281.17684
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	0
Main Method	System.Void Dry-DockSpecifications.Audit.AdaptableAuditor::PatchAuditor()
Main IL Instruction Count	91
Main IL	ldc.i4 2 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_00B7: ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldc.i4 -1959599630 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) stloc.s V_3 ldc.i4 3 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) newobj System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0} <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_e37a1683ff4346c9b45012c8eb1eb9bd ldfld System.Int32 <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_ea94495090e748b08787a1c25bb8e549 brfalse IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) pop <null> ldc.i4 1 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ret <null> ldc.i4 -1959599661 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) stloc.s V_1 ldc.i4 4 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ldsfld System.Func`1<System.Byte[]> Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_ConverterProcessor dup <null> brfalse IL_0097: pop br IL_00CD: newobj System.Void Dry-DockSpecifications.Execution.ViewerExecutor::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 0 ldsfld <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0} <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_e37a1683ff4346c9b45012c8eb1eb9bd ldfld System.Int32 <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_ee36106569e345449597b1090cba4f8f brtrue IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) pop <null> ldc.i4 0 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldftn System.Byte[] Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::AlertSetNotifier() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_ConverterProcessor newobj System.Void Dry-DockSpecifications.Execution.ViewerExecutor::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_3 newobj System.Void Dry-DockSpecifications.Notifications.ExtendedNotifier::.ctor(System.String,System.String) stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::decryptorField ldloc.s V_0 newobj System.Void Dry-DockSpecifications.Networking.ConnectedSender::.ctor() stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::_VisibleSelector ldloc.s V_0 ldc.i4 -1959599871 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) ldc.i4 -1959599819 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) newobj System.Void Dry-DockSpecifications.Execution.ModularExecutor::.ctor(System.String,System.String) stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::m_ObjectTracker dup <null> ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::InvokeSelector(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Execution.ViewerExecutor::RunDetailedExecutor(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::decryptorField ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::UndoMixedSelector(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Notifications.ExtendedNotifier::NotifyLiteralNotifier(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::_VisibleSelector ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::UndoAdvancedSelector(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Networking.ConnectedSender::SendTransformableWorker(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::m_ObjectTracker ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_RunnerCommand dup <null> brtrue IL_017C: callvirt System.Void Dry-DockSpecifications.Execution.ModularExecutor::ReplaceExecutor(System.Action) pop <null> ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::SolveNotifier() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_RunnerCommand callvirt System.Void Dry-DockSpecifications.Execution.ModularExecutor::ReplaceExecutor(System.Action) callvirt System.Void Dry-DockSpecifications.Execution.ViewerExecutor::PostExecutor() ldc.i4 5 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070)
Module Name	Dry-Dock Specifications
Full Name	Dry-Dock Specifications
EntryPoint	System.Void Dry-DockSpecifications.Audit.AdaptableAuditor::PatchAuditor()
Scope Name	Dry-Dock Specifications
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Dry-Dock Specifications
Assembly Version	1.0.4281.17684
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	0
Main Method	System.Void Dry-DockSpecifications.Audit.AdaptableAuditor::PatchAuditor()
Main IL Instruction Count	91
Main IL	ldc.i4 2 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_00B7: ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldc.i4 -1959599630 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) stloc.s V_3 ldc.i4 3 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) newobj System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0} <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_e37a1683ff4346c9b45012c8eb1eb9bd ldfld System.Int32 <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_ea94495090e748b08787a1c25bb8e549 brfalse IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) pop <null> ldc.i4 1 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ret <null> ldc.i4 -1959599661 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) stloc.s V_1 ldc.i4 4 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ldsfld System.Func`1<System.Byte[]> Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_ConverterProcessor dup <null> brfalse IL_0097: pop br IL_00CD: newobj System.Void Dry-DockSpecifications.Execution.ViewerExecutor::.ctor(System.Func`1<System.Byte[]>) pop <null> ldc.i4 0 ldsfld <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0} <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_e37a1683ff4346c9b45012c8eb1eb9bd ldfld System.Int32 <Module>{5744c7d4-b0a8-4b98-8000-24d10b2b9cd0}::m_ee36106569e345449597b1090cba4f8f brtrue IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) pop <null> ldc.i4 0 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070) ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldftn System.Byte[] Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::AlertSetNotifier() newobj System.Void System.Func`1<System.Byte[]>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`1<System.Byte[]> Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_ConverterProcessor newobj System.Void Dry-DockSpecifications.Execution.ViewerExecutor::.ctor(System.Func`1<System.Byte[]>) ldloc.s V_0 ldloc.s V_1 ldloc.s V_3 newobj System.Void Dry-DockSpecifications.Notifications.ExtendedNotifier::.ctor(System.String,System.String) stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::decryptorField ldloc.s V_0 newobj System.Void Dry-DockSpecifications.Networking.ConnectedSender::.ctor() stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::_VisibleSelector ldloc.s V_0 ldc.i4 -1959599871 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) ldc.i4 -1959599819 call System.String Dry-DockSpecifications.Selections.SelectorPublisher::FilterAccessibleSelector(System.Int32) newobj System.Void Dry-DockSpecifications.Execution.ModularExecutor::.ctor(System.String,System.String) stfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::m_ObjectTracker dup <null> ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::InvokeSelector(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Execution.ViewerExecutor::RunDetailedExecutor(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::decryptorField ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::UndoMixedSelector(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Notifications.ExtendedNotifier::NotifyLiteralNotifier(System.Action`1<System.IO.MemoryStream>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::_VisibleSelector ldloc.s V_0 ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::UndoAdvancedSelector(System.Reflection.Assembly) newobj System.Void System.Action`1<System.Reflection.Assembly>::.ctor(System.Object,System.IntPtr) callvirt System.Void Dry-DockSpecifications.Networking.ConnectedSender::SendTransformableWorker(System.Action`1<System.Reflection.Assembly>) ldloc.s V_0 ldfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/DividedSelector::m_ObjectTracker ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_RunnerCommand dup <null> brtrue IL_017C: callvirt System.Void Dry-DockSpecifications.Execution.ModularExecutor::ReplaceExecutor(System.Action) pop <null> ldsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::m_ReadableNotifier ldftn System.Void Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::SolveNotifier() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Object Dry-DockSpecifications.Audit.AdaptableAuditor/AccessibleNotifier::_RunnerCommand callvirt System.Void Dry-DockSpecifications.Execution.ModularExecutor::ReplaceExecutor(System.Action) callvirt System.Void Dry-DockSpecifications.Execution.ViewerExecutor::PostExecutor() ldc.i4 5 br IL_0012: switch(IL_00B7,IL_0071,IL_004A,IL_0087,IL_0034,IL_0070)

f99fa9d56880301b4819bf769150d0ea (1.46 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

f99fa9d56880301b4819bf769150d0ea

PE Executable | MD5: f99fa9d56880301b4819bf769150d0ea | Size: 1.46 MB | application/x-dosexec

PE Executable
|
MD5: f99fa9d56880301b4819bf769150d0ea
|
Size: 1.46 MB
|
application/x-dosexec