Malicious
Malicious

00e56c2a8643f9e9468ff8089754be80

PE Executable
|
MD5: 00e56c2a8643f9e9468ff8089754be80
|
Size: 645.12 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
00e56c2a8643f9e9468ff8089754be80
Sha1
6a66f2be1637547121c7971cb0ceefc85a181b11
Sha256
cefea254c114e09fa385fe5518fbf1e6310a56fea102fd5ebdbeae7d89724196
Sha384
5a7c321ba0f1e9ab672b3c585f982e9de822307c074aa12197929b9a35a51dee4db7bec066621112a65364e5e4d3a01f
Sha512
0cc6aaa6cf0742aaef83900c6a123c501fb73054d184f0552981ca67275951d732aff293f847d14840a2fbbf11a26ea043190c382b4f75ac33691ea5126e6fcf
SSDeep
12288:NCCDpr60vun5249eGhsxIKhDSmhD30hXJYMu8EufbyKj9Cw0:VVr6pZhsqKhDBEjYCEKb9
TLSH
89D49EE7B2234E24D2891337C4CB994193A59B5665E3F70E318913E624063EFCF4B6A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
00e56c2a8643f9e9468ff8089754be80
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Uo3O9W06F8N2EXGeAB.id8KSJAlbwD5tx9o9j
Ouuano.g.resources
FemWUsqsiEG44JDKfX.pPIODkBsTq4hUTUWM3
OkclQIYbFhNFG3QxTl.SBcBmr218TGYHvloFh
Cqjupczhl.Properties.Resources.resources
Ykamys
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ouuano.exe
Full Name

Ouuano.exe
EntryPoint

System.Void rqMjbXGwTlsmnDKxQa.NGUWZApqQI1COw0qQD::jwB6nGASH()
Scope Name

Ouuano.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ouuano
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void rqMjbXGwTlsmnDKxQa.NGUWZApqQI1COw0qQD::jwB6nGASH()
Main IL Instruction Count

66
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002E: nop ret <null> nop <null> newobj System.Void ldws4VxxpARWFJU1d0.u4qP9BkalD7jBal8ss::.ctor() ldsfld aHu3xJ26p0SFZXbmOC0 aHu3xJ26p0SFZXbmOC0::lYx2LKNyZ7 call System.Boolean aHu3xJ26p0SFZXbmOC0::ijS22r3Rax(System.Object,aHu3xJ26p0SFZXbmOC0) brfalse IL_00B8: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 0 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_729dd264080c41049f653a87696a4777 brtrue IL_0074: switch(IL_0094,IL_00B8) pop <null> ldc.i4 0 br IL_0074: switch(IL_0094,IL_00B8) br IL_0070: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0070: ldloc V_0 br IL_00B8: newobj System.Void System.InvalidOperationException::.ctor() br IL_00BE: leave IL_002D ldc.i4 4 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_665aaed4b09144b58d311c739873ecd6 brfalse IL_0074: switch(IL_0094,IL_00B8) pop <null> ldc.i4 1 br IL_0074: switch(IL_0094,IL_00B8) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 5 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_a7a546cdd032441cad5703a7b18a8183 brfalse IL_00F5: switch(IL_0111) pop <null> ldc.i4 0 br IL_00F5: switch(IL_0111) br IL_00F1: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00F1: ldloc V_2 br IL_0111: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_d1b57f49f68f4fd982cd7d77b95dee8b brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Ouuano.exe
Full Name

Ouuano.exe
EntryPoint

System.Void rqMjbXGwTlsmnDKxQa.NGUWZApqQI1COw0qQD::jwB6nGASH()
Scope Name

Ouuano.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ouuano
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void rqMjbXGwTlsmnDKxQa.NGUWZApqQI1COw0qQD::jwB6nGASH()
Main IL Instruction Count

66
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002E: nop ret <null> nop <null> newobj System.Void ldws4VxxpARWFJU1d0.u4qP9BkalD7jBal8ss::.ctor() ldsfld aHu3xJ26p0SFZXbmOC0 aHu3xJ26p0SFZXbmOC0::lYx2LKNyZ7 call System.Boolean aHu3xJ26p0SFZXbmOC0::ijS22r3Rax(System.Object,aHu3xJ26p0SFZXbmOC0) brfalse IL_00B8: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 0 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_729dd264080c41049f653a87696a4777 brtrue IL_0074: switch(IL_0094,IL_00B8) pop <null> ldc.i4 0 br IL_0074: switch(IL_0094,IL_00B8) br IL_0070: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0070: ldloc V_0 br IL_00B8: newobj System.Void System.InvalidOperationException::.ctor() br IL_00BE: leave IL_002D ldc.i4 4 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_665aaed4b09144b58d311c739873ecd6 brfalse IL_0074: switch(IL_0094,IL_00B8) pop <null> ldc.i4 1 br IL_0074: switch(IL_0094,IL_00B8) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 5 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_a7a546cdd032441cad5703a7b18a8183 brfalse IL_00F5: switch(IL_0111) pop <null> ldc.i4 0 br IL_00F5: switch(IL_0111) br IL_00F1: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00F1: ldloc V_2 br IL_0111: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8} <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_1f868924a5834a259ce236808acac5d8 ldfld System.Int32 <Module>{ff4c99af-1cfb-47ac-8d06-ad05995982b8}::m_d1b57f49f68f4fd982cd7d77b95dee8b brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
00e56c2a8643f9e9468ff8089754be80 (645.12 KB)
File Structure
00e56c2a8643f9e9468ff8089754be80
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Uo3O9W06F8N2EXGeAB.id8KSJAlbwD5tx9o9j
Ouuano.g.resources
FemWUsqsiEG44JDKfX.pPIODkBsTq4hUTUWM3
OkclQIYbFhNFG3QxTl.SBcBmr218TGYHvloFh
Cqjupczhl.Properties.Resources.resources
Ykamys
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙