Suspicious
Suspect

04c4f0289ca6f2242cc08822eb0470c9

PE Executable
|
MD5: 04c4f0289ca6f2242cc08822eb0470c9
|
Size: 235.01 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
04c4f0289ca6f2242cc08822eb0470c9
Sha1
3d4570994cb00f7cdb76ead23e5876176dcd565e
Sha256
3a7c54c18e2d346334d6fdd81596005b7cc8ea7307d5ba42d6bb4bacf0ca1970
Sha384
9d8a92a5690c78135d79c36c05a5397ab7bfbb019e99eb53ceff4db2ccabd7981994e6a7073a7b1e10a9e69f723bc462
Sha512
6f00c794fcfd809c8c48dd48df3fce3f77bcb07dcf09d94d6e09270855b7e871a42006555abde6d3d9d491efd4c75f2a581e490a877b1aa9d4c1ac090f53ee6b
SSDeep
6144:FloZM+rIkd8g+EtXHkv/iD4WWp0p3cw/7eHp0AV9hb8e1mpWi:HoZtL+EP8WWp0p3cw/7eHp0AV3m
TLSH
8A346C5533B88B17E25F8BBED5B1148F87B1F143E90AF78E0C8899F82411B42E949E57

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
04c4f0289ca6f2242cc08822eb0470c9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: ?
Module Name

Umbral.payload.exe
Full Name

Umbral.payload.exe
EntryPoint

System.Void ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::妝亠瓫炏쿉嗂㕗沏臭夗㓏俲ꨍ辭秊(System.String[])
Scope Name

Umbral.payload.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Umbral.payload
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

964
Main Method

System.Void ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::妝亠瓫炏쿉嗂㕗沏臭夗㓏俲ꨍ辭秊(System.String[])
Main IL Instruction Count

7
Main IL

ldarg.0 <null> call System.Threading.Tasks.Task ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::Main(System.String[]) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.0 <null> ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ret <null>
Module Name

Umbral.payload.exe
Full Name

Umbral.payload.exe
EntryPoint

System.Void ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::妝亠瓫炏쿉嗂㕗沏臭夗㓏俲ꨍ辭秊(System.String[])
Scope Name

Umbral.payload.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Umbral.payload
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

964
Main Method

System.Void ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::妝亠瓫炏쿉嗂㕗沏臭夗㓏俲ꨍ辭秊(System.String[])
Main IL Instruction Count

7
Main IL

ldarg.0 <null> call System.Threading.Tasks.Task ኛ횪⚐礵襃ǘポ弈㊈⓱䑸瀲�೺魦鐢句ᢤ::Main(System.String[]) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.0 <null> ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ret <null>
04c4f0289ca6f2242cc08822eb0470c9 (235.01 KB)
File Structure
04c4f0289ca6f2242cc08822eb0470c9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙