Malicious
Malicious

00c1a338c50698f3c4e9a0221253c886

PE Executable
|
MD5: 00c1a338c50698f3c4e9a0221253c886
|
Size: 712.7 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
00c1a338c50698f3c4e9a0221253c886
Sha1
4bd87d507301308a34cab0847281211ab686239f
Sha256
958a1baba7679f4e3e775cae79d5d86f5acd04bc08c419b09ac5a3808a3b888f
Sha384
8c7f46e0a067d4c6a3d533c91b2823daa33b72d1c56bf4661b6e148d91383494b289f5fa695efad194d2c36c1b830dc5
Sha512
0debecf8ab96b5c3ec63cc3090e5a760b21ea31912cd93139d0544390cda61e5d31fc3b57887c9b9678a441bedd2f8a003c2d85a6256ae6c4b246122d102c69b
SSDeep
12288:Azsbu+bNSUBZEJ1P2topJobMF+NYDMEe6c:AWu+5d85coIM5MT
TLSH
76E4BE6B76534E12C2845333C1D76A0093E49AC675A7F30E75C913A7190A3FADE4BAB3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
00c1a338c50698f3c4e9a0221253c886
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
KfN855D9mpvKvLON3h.eawoAQVDHnqE8XmENv
VoC3dxZQtQg3qMnKBQ.c4lBgKdfQisljAQgYP
Zefnliyjaip.g.resources
aUbtywi8DnNnCncIW1.Svpo0WXqloxdKFAlk2
Yxpmykcgka.Properties.Resources.resources
Tumbxqfhabe
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Zefnliyjaip.exe
Full Name

Zefnliyjaip.exe
EntryPoint

System.Void HOGowXtnJxhXjxMbK9.Wt4nPojZh2MfnvMEUL::vygrrwM1v()
Scope Name

Zefnliyjaip.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Zefnliyjaip
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void HOGowXtnJxhXjxMbK9.Wt4nPojZh2MfnvMEUL::vygrrwM1v()
Main IL Instruction Count

113
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002E: nop ret <null> nop <null> newobj System.Void AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna::.ctor() stloc.s V_4 ldc.i4 4 br IL_004A: stloc V_5 br IL_004E: ldloc V_5 ldc.i4 0 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 12 beq IL_008C: newobj System.Void blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm::.ctor() ldloc V_5 ldc.i4 992 beq IL_004E: ldloc V_5 br IL_014F: newobj System.Void mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ::.ctor() newobj System.Void blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm::.ctor() dup <null> dup <null> ldsfld a7o6S1XoDg86KxTaOc7 a7o6S1XoDg86KxTaOc7::ykrXTfRJMG call System.Void a7o6S1XoDg86KxTaOc7::LvuX9xZJdp(System.Object,blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm,a7o6S1XoDg86KxTaOc7) dup <null> ldloc.s V_3 ldsfld fMLq7oXBsrjMOKW8lr0 fMLq7oXBsrjMOKW8lr0::bYlXgdftVu call System.Void fMLq7oXBsrjMOKW8lr0::LvuX9xZJdp(System.Object,mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ,fMLq7oXBsrjMOKW8lr0) ldloc.s V_3 ldloc.s V_4 ldsfld OP9N5KXEkxyIc3wxviA OP9N5KXEkxyIc3wxviA::uIDXlFcM3O call System.Void OP9N5KXEkxyIc3wxviA::LvuX9xZJdp(System.Object,AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna,OP9N5KXEkxyIc3wxviA) ldloc.s V_3 ldloc.s V_1 ldsfld TWqTtdX0ujS7B7sB31s TWqTtdX0ujS7B7sB31s::H4hXRmEMpE call System.Void TWqTtdX0ujS7B7sB31s::LvuX9xZJdp(System.Object,Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F,TWqTtdX0ujS7B7sB31s) ldloc.s V_3 ldloc.s V_2 ldsfld nVUF5jX14ouP6UacLs0 nVUF5jX14ouP6UacLs0::JjhXaAqfJA call System.Void nVUF5jX14ouP6UacLs0::LvuX9xZJdp(System.Object,CDFYBnvBBpRh2UF9Ki.G1QxTHsymgyU7LQUoq,nVUF5jX14ouP6UacLs0) ldloc.s V_2 ldloc.s V_1 ldsfld Vm30ZRXFfuH65JjwmZu Vm30ZRXFfuH65JjwmZu::IASX5aDi6s call System.Void Vm30ZRXFfuH65JjwmZu::LvuX9xZJdp(System.Object,Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F,Vm30ZRXFfuH65JjwmZu) ldloc.s V_1 ldloc.s V_4 ldsfld uHEQHhXGONIXISOvFFf uHEQHhXGONIXISOvFFf::G5LXKtlycU call System.Void uHEQHhXGONIXISOvFFf::LvuX9xZJdp(System.Object,AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna,uHEQHhXGONIXISOvFFf) ldsfld SnfK6DXW6qBtTwaMogf SnfK6DXW6qBtTwaMogf::Il3XQgt0Zl call System.Boolean SnfK6DXW6qBtTwaMogf::LvuX9xZJdp(System.Object,SnfK6DXW6qBtTwaMogf) brfalse IL_0175: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 3 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) br IL_017B: leave IL_002D ldc.i4 2 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) newobj System.Void CDFYBnvBBpRh2UF9Ki.G1QxTHsymgyU7LQUoq::.ctor() stloc.s V_2 ldc.i4 12 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_970af103a43543f98bacfef23d1f2ecd brtrue IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) pop <null> ldc.i4 0 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) newobj System.Void Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F::.ctor() stloc.s V_1 ldc.i4 1 br IL_004A: stloc V_5 newobj System.Void mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ::.ctor() stloc.s V_3 ldc.i4 12 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_2f682f17003143d6933f19c0dec7cd1b brfalse IL_004A: stloc V_5 pop <null> ldc.i4 12 br IL_004A: stloc V_5 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 3 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_6d57ae7ad86d4c9ca274e087a96e8bc8 brfalse IL_01B2: switch(IL_01CE) pop <null> ldc.i4 0 br IL_01B2: switch(IL_01CE) br IL_01AE: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 988 beq IL_01AE: ldloc V_6 br IL_01CE: leave IL_002D leave IL_002D: ret ldc.i4 6 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_5344ce5bdede4a6a94a291d4efee6c61 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Zefnliyjaip.exe
Full Name

Zefnliyjaip.exe
EntryPoint

System.Void HOGowXtnJxhXjxMbK9.Wt4nPojZh2MfnvMEUL::vygrrwM1v()
Scope Name

Zefnliyjaip.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Zefnliyjaip
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void HOGowXtnJxhXjxMbK9.Wt4nPojZh2MfnvMEUL::vygrrwM1v()
Main IL Instruction Count

113
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002E: nop ret <null> nop <null> newobj System.Void AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna::.ctor() stloc.s V_4 ldc.i4 4 br IL_004A: stloc V_5 br IL_004E: ldloc V_5 ldc.i4 0 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 12 beq IL_008C: newobj System.Void blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm::.ctor() ldloc V_5 ldc.i4 992 beq IL_004E: ldloc V_5 br IL_014F: newobj System.Void mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ::.ctor() newobj System.Void blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm::.ctor() dup <null> dup <null> ldsfld a7o6S1XoDg86KxTaOc7 a7o6S1XoDg86KxTaOc7::ykrXTfRJMG call System.Void a7o6S1XoDg86KxTaOc7::LvuX9xZJdp(System.Object,blTMqmcb7K678mvEQG.i7Ycl5L3lma7qerGwm,a7o6S1XoDg86KxTaOc7) dup <null> ldloc.s V_3 ldsfld fMLq7oXBsrjMOKW8lr0 fMLq7oXBsrjMOKW8lr0::bYlXgdftVu call System.Void fMLq7oXBsrjMOKW8lr0::LvuX9xZJdp(System.Object,mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ,fMLq7oXBsrjMOKW8lr0) ldloc.s V_3 ldloc.s V_4 ldsfld OP9N5KXEkxyIc3wxviA OP9N5KXEkxyIc3wxviA::uIDXlFcM3O call System.Void OP9N5KXEkxyIc3wxviA::LvuX9xZJdp(System.Object,AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna,OP9N5KXEkxyIc3wxviA) ldloc.s V_3 ldloc.s V_1 ldsfld TWqTtdX0ujS7B7sB31s TWqTtdX0ujS7B7sB31s::H4hXRmEMpE call System.Void TWqTtdX0ujS7B7sB31s::LvuX9xZJdp(System.Object,Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F,TWqTtdX0ujS7B7sB31s) ldloc.s V_3 ldloc.s V_2 ldsfld nVUF5jX14ouP6UacLs0 nVUF5jX14ouP6UacLs0::JjhXaAqfJA call System.Void nVUF5jX14ouP6UacLs0::LvuX9xZJdp(System.Object,CDFYBnvBBpRh2UF9Ki.G1QxTHsymgyU7LQUoq,nVUF5jX14ouP6UacLs0) ldloc.s V_2 ldloc.s V_1 ldsfld Vm30ZRXFfuH65JjwmZu Vm30ZRXFfuH65JjwmZu::IASX5aDi6s call System.Void Vm30ZRXFfuH65JjwmZu::LvuX9xZJdp(System.Object,Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F,Vm30ZRXFfuH65JjwmZu) ldloc.s V_1 ldloc.s V_4 ldsfld uHEQHhXGONIXISOvFFf uHEQHhXGONIXISOvFFf::G5LXKtlycU call System.Void uHEQHhXGONIXISOvFFf::LvuX9xZJdp(System.Object,AvHVBkgEdaUqTiKAOf.b0CFgoBYa3t95njDna,uHEQHhXGONIXISOvFFf) ldsfld SnfK6DXW6qBtTwaMogf SnfK6DXW6qBtTwaMogf::Il3XQgt0Zl call System.Boolean SnfK6DXW6qBtTwaMogf::LvuX9xZJdp(System.Object,SnfK6DXW6qBtTwaMogf) brfalse IL_0175: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 3 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) br IL_017B: leave IL_002D ldc.i4 2 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) newobj System.Void CDFYBnvBBpRh2UF9Ki.G1QxTHsymgyU7LQUoq::.ctor() stloc.s V_2 ldc.i4 12 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_970af103a43543f98bacfef23d1f2ecd brtrue IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) pop <null> ldc.i4 0 br IL_0052: switch(IL_014F,IL_0118,IL_0175,IL_0109,IL_013E) newobj System.Void Jp8cfnOTtA1MaEymqR.JlN2il6gBwIiJcI29F::.ctor() stloc.s V_1 ldc.i4 1 br IL_004A: stloc V_5 newobj System.Void mRUJifGhFnK1s7bnxL.O13vbH5tTgOJWx3IQQ::.ctor() stloc.s V_3 ldc.i4 12 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_2f682f17003143d6933f19c0dec7cd1b brfalse IL_004A: stloc V_5 pop <null> ldc.i4 12 br IL_004A: stloc V_5 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 3 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_6d57ae7ad86d4c9ca274e087a96e8bc8 brfalse IL_01B2: switch(IL_01CE) pop <null> ldc.i4 0 br IL_01B2: switch(IL_01CE) br IL_01AE: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 988 beq IL_01AE: ldloc V_6 br IL_01CE: leave IL_002D leave IL_002D: ret ldc.i4 6 ldsfld <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8} <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_7580c58603044d1c8a0784fda0a089e9 ldfld System.Int32 <Module>{01a61582-abbb-4a7a-925b-4dd7529c4bb8}::m_5344ce5bdede4a6a94a291d4efee6c61 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
00c1a338c50698f3c4e9a0221253c886 (712.7 KB)
File Structure
00c1a338c50698f3c4e9a0221253c886
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
KfN855D9mpvKvLON3h.eawoAQVDHnqE8XmENv
VoC3dxZQtQg3qMnKBQ.c4lBgKdfQisljAQgYP
Zefnliyjaip.g.resources
aUbtywi8DnNnCncIW1.Svpo0WXqloxdKFAlk2
Yxpmykcgka.Properties.Resources.resources
Tumbxqfhabe
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙