Malicious
013081a63b3561182855875975b849ea
PE Executable
MD5: 013081a63b3561182855875975b849ea
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 013081a63b3561182855875975b849ea |
| Sha1 | 828547dae1fcb05f9e12cdec3faa9b8914eec7ff |
| Sha256 | ba368193363e2f907a667c48ebb1335aab4dcffb38a6843687a3a46bc9ca0b0d |
| Sha384 | f1f61534a7263b0c2f8e3a5727c42e7bfc2824e825da334886d1b5d48e41ccfccf15a7c220d10814a09c747a34e51ed3 |
| Sha512 | 8386942724fef42ffd81c71586fcfbc27d672e9ac4959f5349b81652e3b11395d9f0b8aa3d1227358b160046443dc83f48e15bd613a32220fe38a97845dbd726 |
| SSDeep | 3072:INBayiq6lEAKt9sOW1IkTHo9rG8KaG5jnThJq0ufzz:Qayiq6bA+Zsq8KaWTD |
| TLSH | FF3400027F88E715E1A93E3782EF6C2453B2B4C71733C60B6F49AB6524516826C7E72D |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.