c0070a1b694fa520a2e184ac9a4586bd637ef007cfaea744330a8d790166c53a.exe
PE
Verdict: BENIGN
Mal-ecule
O₂(CoEr₂)H₆(Db₂DsF₆Os₄Po₄U)Md₂(Bi₃Si)
↗
Objectives
-
0x779a
73 69 62 6c 65 00 42 00 43 6c 6f 73 65 43 6c 69 70 62 6f 61 72 64 sible.B.CloseClipboard
-
System.dll
System.dll -
System.Linq.Queryable.dll
file.stem != pe.debug.pdb.stem ("system.linq.queryable" != "system.linq.queryable.ni")
-
0xcca
75 f4 ff 15 14 81 40 00 3b fb 0f 8d 85 10 00 00 83 ff fe 75 13 6a u.....@.;..........u.j
Micro-behaviors
-
System.Linq.Queryable.dll
<assembly fullname="System.Linq.Queryable" feature="Sys… -
System.Linq.Queryable.dll
<resource name="FxResources.System.Linq.Queryable.SR.resources" action="remove" /> -
System.Linq.Queryable.dll
FxResources.System.Linq.Queryable -
System.Linq.Queryable.dll
System.Linq -
System.Linq.Queryable.dll
System.Linq.IQueryProvider.Execute -
System.Linq.Queryable.dll
System.Linq.IQueryable.ElementType -
System.Linq.Queryable.dll
System.Linq.IQueryable.Expression -
System.Linq.Queryable.dll
System.Linq.IQueryable.Provider -
System.Linq.Queryable.dll
System.Linq.IQueryable.get_ElementType -
System.Linq.Queryable.dll
System.Linq.IQueryable.get_Expression -
System.Linq.Queryable.dll
System.Linq.Queryable -
System.Linq.Queryable.dll
System.Linq.Queryable.dll -
System.Linq.Queryable.dll
System.Linq.Queryable.ni.pdb -
System.Linq.Queryable.dll
…_work\1\s\artifacts\obj\System.Linq.Queryable\net6.0-Releas… -
System.Linq.Queryable.dll
…ueryable\net6.0-Release\System.Linq.Queryable.pdb -
0x464
15 0c 82 40 00 8b 7d f0 83 65 f0 00 8b 1d 5c 80 40 00 e9 80 00 00 ...@..}..e....\.@..... -
0x5d6a
e8 a3 40 00 23 4d c0 8b 55 f8 2b d8 03 d1 8b c8 8b 46 04 d3 6d c0 ..@.#M..U.+......F..m.
-
System.dll
LoadLibraryA
-
0x8150
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x8138
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x814c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x810c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x80dc
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x73dc
47 65 74 54 65 6d 70 46 69 6c 65 4e 61 6d 65 41 00 00 b5 02 52 65 GetTempFileNameA....Re -
0x72ea
6f 72 79 41 00 00 d5 01 47 65 74 54 65 6d 70 50 61 74 68 41 00 00 oryA....GetTempPathA..
-
0x81c0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x77ac
00 00 4a 02 53 65 74 43 6c 69 70 62 6f 61 72 64 44 61 74 61 00 00 ..J.SetClipboardData.. -
0x8260
04 00 00 00 88 01 00 80 05 00 00 00 a0 01 00 80 06 00 00 00 b8 01 ...................... -
0x77c0
c1 00 45 6d 70 74 79 43 6c 69 70 62 6f 61 72 64 00 00 f6 01 4f 70 ..EmptyClipboard....Op -
0x77d2
c1 00 45 6d 70 74 79 43 6c 69 70 62 6f 61 72 64 00 00 f6 01 4f 70 ..EmptyClipboard....Op
-
System.dll
CLSIDFromString -
System.dll
StringFromGUID2 -
0x8290
00 02 00 80 0a 00 00 00 18 02 00 80 0b 00 00 00 30 02 00 80 0c 00 ................0..... -
0x8284
00 80 07 00 00 00 d0 01 00 80 08 00 00 00 e8 01 00 80 09 00 00 00 ...................... -
0x3050
a1 40 00 7e 3f 6a ff eb 1d 6a 02 5f 3b f7 75 34 39 2d ac f4 42 00 .@.~?j...j._;.u49-..B.
-
0x8028
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8008
00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x801c
00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x7a9a
65 79 45 78 41 00 d1 01 52 65 67 43 72 65 61 74 65 4b 65 79 45 78 eyExA...RegCreateKeyEx
-
0x80b0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x80e4
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x742e
63 61 74 41 00 00 c1 01 47 65 74 53 79 73 74 65 6d 44 69 72 65 63 catA....GetSystemDirec -
0x7f70
75 61 67 65 00 00 00 00 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 uage....GetDiskFreeSpa -
0x7342
c9 03 6c 73 74 72 63 70 79 6e 41 00 4d 01 47 65 74 44 69 73 6b 46 ..lstrcpynA.M.GetDiskF
-
0x80c0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x816c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x8190
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8194
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x81ac
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x81fc
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8254
00 00 40 01 00 80 02 00 00 00 58 01 00 80 03 00 00 00 70 01 00 80 [email protected]... -
0x8270
00 80 07 00 00 00 d0 01 00 80 08 00 00 00 e8 01 00 80 09 00 00 00 ...................... -
0x8224
00 80 0e 00 00 00 f8 00 00 80 10 00 00 00 10 01 00 80 18 00 00 00 ...................... -
0x8234
28 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 01 00 (..................... -
0x7776
74 6d 61 70 41 00 1b 00 43 61 6c 6c 57 69 6e 64 6f 77 50 72 6f 63 tmapA...CallWindowProc
Metadata
-
System.Linq.Queryable.dll
BSJB×2 -
System.dll
binary.overall_entropy = 3.66×2 -
System.Linq.Queryable.dll
Microsoft Corporation -
System.Linq.Queryable.dll
RT_VERSION -
System.Linq.Queryable.dll
System.Linq.Queryable.dll -
System.Linq.Queryable.dll
System.Linq.Queryable.ni.pdb -
System.dll
binary.avg_string_entropy = 2.82 -
System.dll
binary.export_count = 8.00 -
System.dll
binary.file_size = 11776.00 -
System.dll
binary.function_count = 20.00 -
System.Linq.Queryable.dll
binary.has_overlay = 1.00 -
System.dll
binary.rsrc_to_file_ratio = 0.00 -
System.dll
binary.section_count = 4.00 -
System.Linq.Queryable.dll
binary.string_count = 1127.00 -
System.Linq.Queryable.dll
pe.checksum_valid = 1.00 -
System.dll
pe.rich_header_present = 1.00 -
System.dll
pe.size_of_image = 24576.00 -
System.Linq.Queryable.dll
sections.count = 3.00 -
0x3360c
76 69 6c 65 67 65 73 3e 3c 72 65 71 75 65 73 74 65 64 45 78 65 63 vileges><requestedExec -
0x1f340
e6 e6 e6 ff e9 e9 e8 ff ea ea ea ff eb eb eb ff c0 c0 c0 ff d1 d1 ......................
-
System.dll
Call×2 -
System.dll
Int64Op×2 -
System.dll
StrAlloc×2 -
System.dll
System.dll×2 -
0x33498
09 04 e4 04 00 00 00 00 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d ........<?xml version=
-
System.Linq.Queryable.dll
Microsoft Corporation×2 -
System.Linq.Queryable.dll
.NET -
System.Linq.Queryable.dll
CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US -
System.Linq.Queryable.dll
Microsoft Code Signing PCA 2011 -
System.Linq.Queryable.dll
Microsoft Time-Stamp PCA 2010 -
System.Linq.Queryable.dll
Microsoft Time-Stamp Service -
System.Linq.Queryable.dll
true
notable severity, 100% confident.
unsigned
Binary is not digitally signed
file
-
0x2242
ff ff ff 75 72 81 7d dc ef be ad de 75 69 81 7d e8 49 6e 73 74 75 ...ur.}.....ui.}.Instu
20 of 100 traits shown
Objectives
-
0x779a
73 69 62 6c 65 00 42 00 43 6c 6f 73 65 43 6c 69 70 62 6f 61 72 64 sible.B.CloseClipboard
-
System.dll
System.dll -
System.Linq.Queryable.dll
file.stem != pe.debug.pdb.stem ("system.linq.queryable" != "system.linq.queryable.ni")
-
0xcca
75 f4 ff 15 14 81 40 00 3b fb 0f 8d 85 10 00 00 83 ff fe 75 13 6a u.....@.;..........u.j
Micro-behaviors
-
System.Linq.Queryable.dll
<assembly fullname="System.Linq.Queryable" feature="Sys… -
System.Linq.Queryable.dll
<resource name="FxResources.System.Linq.Queryable.SR.resources" action="remove" /> -
System.Linq.Queryable.dll
FxResources.System.Linq.Queryable -
System.Linq.Queryable.dll
System.Linq -
System.Linq.Queryable.dll
System.Linq.IQueryProvider.Execute -
System.Linq.Queryable.dll
System.Linq.IQueryable.ElementType -
System.Linq.Queryable.dll
System.Linq.IQueryable.Expression -
System.Linq.Queryable.dll
System.Linq.IQueryable.Provider -
System.Linq.Queryable.dll
System.Linq.IQueryable.get_ElementType -
System.Linq.Queryable.dll
System.Linq.IQueryable.get_Expression -
System.Linq.Queryable.dll
System.Linq.Queryable -
System.Linq.Queryable.dll
System.Linq.Queryable.dll -
System.Linq.Queryable.dll
System.Linq.Queryable.ni.pdb -
System.Linq.Queryable.dll
…_work\1\s\artifacts\obj\System.Linq.Queryable\net6.0-Releas… -
System.Linq.Queryable.dll
…ueryable\net6.0-Release\System.Linq.Queryable.pdb -
0x464
15 0c 82 40 00 8b 7d f0 83 65 f0 00 8b 1d 5c 80 40 00 e9 80 00 00 ...@..}..e....\.@..... -
0x5d6a
e8 a3 40 00 23 4d c0 8b 55 f8 2b d8 03 d1 8b c8 8b 46 04 d3 6d c0 ..@.#M..U.+......F..m.
-
System.dll
LoadLibraryA
-
0x8150
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x8138
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x814c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x810c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x80dc
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x73dc
47 65 74 54 65 6d 70 46 69 6c 65 4e 61 6d 65 41 00 00 b5 02 52 65 GetTempFileNameA....Re -
0x72ea
6f 72 79 41 00 00 d5 01 47 65 74 54 65 6d 70 50 61 74 68 41 00 00 oryA....GetTempPathA..
-
0x81c0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x77ac
00 00 4a 02 53 65 74 43 6c 69 70 62 6f 61 72 64 44 61 74 61 00 00 ..J.SetClipboardData.. -
0x8260
04 00 00 00 88 01 00 80 05 00 00 00 a0 01 00 80 06 00 00 00 b8 01 ...................... -
0x77c0
c1 00 45 6d 70 74 79 43 6c 69 70 62 6f 61 72 64 00 00 f6 01 4f 70 ..EmptyClipboard....Op -
0x77d2
c1 00 45 6d 70 74 79 43 6c 69 70 62 6f 61 72 64 00 00 f6 01 4f 70 ..EmptyClipboard....Op
-
System.dll
CLSIDFromString -
System.dll
StringFromGUID2 -
0x8290
00 02 00 80 0a 00 00 00 18 02 00 80 0b 00 00 00 30 02 00 80 0c 00 ................0..... -
0x8284
00 80 07 00 00 00 d0 01 00 80 08 00 00 00 e8 01 00 80 09 00 00 00 ...................... -
0x3050
a1 40 00 7e 3f 6a ff eb 1d 6a 02 5f 3b f7 75 34 39 2d ac f4 42 00 .@.~?j...j._;.u49-..B.
-
0x8028
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8008
00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x801c
00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x7a9a
65 79 45 78 41 00 d1 01 52 65 67 43 72 65 61 74 65 4b 65 79 45 78 eyExA...RegCreateKeyEx
-
0x80b0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x80e4
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x742e
63 61 74 41 00 00 c1 01 47 65 74 53 79 73 74 65 6d 44 69 72 65 63 catA....GetSystemDirec -
0x7f70
75 61 67 65 00 00 00 00 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 uage....GetDiskFreeSpa -
0x7342
c9 03 6c 73 74 72 63 70 79 6e 41 00 4d 01 47 65 74 44 69 73 6b 46 ..lstrcpynA.M.GetDiskF
-
0x80c0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x816c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
-
0x8190
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8194
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x81ac
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x81fc
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................... -
0x8254
00 00 40 01 00 80 02 00 00 00 58 01 00 80 03 00 00 00 70 01 00 80 [email protected]... -
0x8270
00 80 07 00 00 00 d0 01 00 80 08 00 00 00 e8 01 00 80 09 00 00 00 ...................... -
0x8224
00 80 0e 00 00 00 f8 00 00 80 10 00 00 00 10 01 00 80 18 00 00 00 ...................... -
0x8234
28 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 01 00 (..................... -
0x7776
74 6d 61 70 41 00 1b 00 43 61 6c 6c 57 69 6e 64 6f 77 50 72 6f 63 tmapA...CallWindowProc
Metadata
-
System.Linq.Queryable.dll
BSJB×2 -
System.dll
binary.overall_entropy = 3.66×2 -
System.Linq.Queryable.dll
Microsoft Corporation -
System.Linq.Queryable.dll
RT_VERSION -
System.Linq.Queryable.dll
System.Linq.Queryable.dll -
System.Linq.Queryable.dll
System.Linq.Queryable.ni.pdb -
System.dll
binary.avg_string_entropy = 2.82 -
System.dll
binary.export_count = 8.00 -
System.dll
binary.file_size = 11776.00 -
System.dll
binary.function_count = 20.00 -
System.Linq.Queryable.dll
binary.has_overlay = 1.00 -
System.dll
binary.rsrc_to_file_ratio = 0.00 -
System.dll
binary.section_count = 4.00 -
System.Linq.Queryable.dll
binary.string_count = 1127.00 -
System.Linq.Queryable.dll
pe.checksum_valid = 1.00 -
System.dll
pe.rich_header_present = 1.00 -
System.dll
pe.size_of_image = 24576.00 -
System.Linq.Queryable.dll
sections.count = 3.00 -
0x3360c
76 69 6c 65 67 65 73 3e 3c 72 65 71 75 65 73 74 65 64 45 78 65 63 vileges><requestedExec -
0x1f340
e6 e6 e6 ff e9 e9 e8 ff ea ea ea ff eb eb eb ff c0 c0 c0 ff d1 d1 ......................
-
System.dll
Call×2 -
System.dll
Int64Op×2 -
System.dll
StrAlloc×2 -
System.dll
System.dll×2 -
0x33498
09 04 e4 04 00 00 00 00 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d ........<?xml version=
-
System.Linq.Queryable.dll
Microsoft Corporation×2 -
System.Linq.Queryable.dll
.NET -
System.Linq.Queryable.dll
CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US -
System.Linq.Queryable.dll
Microsoft Code Signing PCA 2011 -
System.Linq.Queryable.dll
Microsoft Time-Stamp PCA 2010 -
System.Linq.Queryable.dll
Microsoft Time-Stamp Service -
System.Linq.Queryable.dll
true
notable severity, 100% confident.
unsigned
Binary is not digitally signed
file
-
0x2242
ff ff ff 75 72 81 7d dc ef be ad de 75 69 81 7d e8 49 6e 73 74 75 ...ur.}.....ui.}.Instu
20 of 100 traits shown
Identity
| SHA-256 | c0070a1b694fa520a2e184ac9a4586bd637ef007cfaea744330a8d790166c53a |
|---|---|
| Canonical SHA-256 | 02de005bccbe9d76251cfa41335b6426169449be245ea59f6d2b5fe421474ba1 |
| Filename | c0070a1b694fa520a2e184ac9a4586bd637ef007cfaea744330a8d790166c53a.exe |
Origin
| Source | harvest |
|---|
Timeline
| First seen | 13 May 2026 08:06 UTC |
|---|---|
| First analyzed | 10 Jun 2026 17:13 UTC |
| Last analyzed | 10 Jun 2026 17:13 UTC |
| Last updated | 10 Jun 2026 17:13 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
| Traits version | 3ee62 |
Not seeing what you expected? Let us know