Malicious
Malicious

0578c47faaf4ab97682b82e6ca40e9c3

PE Executable
|
MD5: 0578c47faaf4ab97682b82e6ca40e9c3
|
Size: 612.86 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
0578c47faaf4ab97682b82e6ca40e9c3
Sha1
5407308314ea9f345e9b6d28b3f2321550e9929a
Sha256
3f4197e11f3302d776639170a8ed193aba1960aabd1ae98e2ff7e9c59e8ef23a
Sha384
68ef236b51449776dea1f17dd55294e40ac582e7f29d2ea8baf53a8e26608ecdc3c178e4351bf6e8b315aff87ad1bc14
Sha512
faf78e18c087f435ca4c5bca4ac7de750da3ffb6e96a1668705bbcaa1d62369652afe3280e94ce455e68e83fd9e82667ccf409cf2b732b57954a213b380a84dc
SSDeep
12288:y4zEbAXiknsIn5OQkVz7LwgWjA2cGMA+E3UL/AHrrvW1qU:ydAXDsI5v8ogQA2cGM3QUL0rjiqU
TLSH
1CD4AE24F7578E62F389277481E99740A3A99B5A9BA3F34B340831F8584238BDD075F7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0578c47faaf4ab97682b82e6ca40e9c3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
6oXnM4HN7KSinOygXI.0wctbdreH57AuSg3r2
6heA3bWsDOcFY0c1au.JfvdKS7WpHcSbTXrKp
Mwnfxicoan.g.resources
0tvIin4JT0kkYOC6fx.vFuWWr0wkNuY4BoYMQ
Olozvg.Properties.Resources.resources
Gzjeh
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Mwnfxicoan.exe
Full Name

Mwnfxicoan.exe
EntryPoint

System.Void RIFN0xdbFXR9xVuEan.DIoYfkObjbeIKH0KpO::j7CQgD8PQ()
Scope Name

Mwnfxicoan.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mwnfxicoan
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void RIFN0xdbFXR9xVuEan.DIoYfkObjbeIKH0KpO::j7CQgD8PQ()
Main IL Instruction Count

37
Main IL

nop <null> newobj System.Void bSs2QS194gQ4X7Yj44.etM5AAPfBZZXq6ljim::.ctor() ldsfld SpKe5QrQZnZC6QSRlKq SpKe5QrQZnZC6QSRlKq::y7nr2OgGdq call System.Boolean SpKe5QrQZnZC6QSRlKq::mM6rrSfmAX(System.Object,SpKe5QrQZnZC6QSRlKq) brtrue.s IL_0048: leave.s IL_007D ldc.i4 5 ldsfld <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337} <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_ca7b46e1f10a429295ef08670d1926ba ldfld System.Int32 <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_69ae1a49c45f44e19070f2ac67918af0 brfalse.s IL_0037: switch(IL_0042) pop <null> br.s IL_0042: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_1 ldc.i4 988 beq.s IL_0033: ldloc V_1 br.s IL_0042: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0026: ldloc V_1 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave.s IL_007D: ret pop <null> ldc.i4 4 ldsfld <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337} <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_ca7b46e1f10a429295ef08670d1926ba ldfld System.Int32 <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_4d48e6ad3a544446bd447f5954a9b57d brtrue.s IL_005F: switch(IL_007B) pop <null> br.s IL_007B: leave.s IL_007D switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq.s IL_0075: ldloc V_0 br.s IL_007B: leave.s IL_007D ldloc V_0 br.s IL_005F: switch(IL_007B) leave.s IL_007D: ret ret <null>
Module Name

Mwnfxicoan.exe
Full Name

Mwnfxicoan.exe
EntryPoint

System.Void RIFN0xdbFXR9xVuEan.DIoYfkObjbeIKH0KpO::j7CQgD8PQ()
Scope Name

Mwnfxicoan.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mwnfxicoan
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void RIFN0xdbFXR9xVuEan.DIoYfkObjbeIKH0KpO::j7CQgD8PQ()
Main IL Instruction Count

37
Main IL

nop <null> newobj System.Void bSs2QS194gQ4X7Yj44.etM5AAPfBZZXq6ljim::.ctor() ldsfld SpKe5QrQZnZC6QSRlKq SpKe5QrQZnZC6QSRlKq::y7nr2OgGdq call System.Boolean SpKe5QrQZnZC6QSRlKq::mM6rrSfmAX(System.Object,SpKe5QrQZnZC6QSRlKq) brtrue.s IL_0048: leave.s IL_007D ldc.i4 5 ldsfld <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337} <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_ca7b46e1f10a429295ef08670d1926ba ldfld System.Int32 <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_69ae1a49c45f44e19070f2ac67918af0 brfalse.s IL_0037: switch(IL_0042) pop <null> br.s IL_0042: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_1 ldc.i4 988 beq.s IL_0033: ldloc V_1 br.s IL_0042: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br.s IL_0026: ldloc V_1 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave.s IL_007D: ret pop <null> ldc.i4 4 ldsfld <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337} <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_ca7b46e1f10a429295ef08670d1926ba ldfld System.Int32 <Module>{3d538491-4de0-464d-bf16-a5d75f3b7337}::m_4d48e6ad3a544446bd447f5954a9b57d brtrue.s IL_005F: switch(IL_007B) pop <null> br.s IL_007B: leave.s IL_007D switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq.s IL_0075: ldloc V_0 br.s IL_007B: leave.s IL_007D ldloc V_0 br.s IL_005F: switch(IL_007B) leave.s IL_007D: ret ret <null>
0578c47faaf4ab97682b82e6ca40e9c3 (612.86 KB)
File Structure
0578c47faaf4ab97682b82e6ca40e9c3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
6oXnM4HN7KSinOygXI.0wctbdreH57AuSg3r2
6heA3bWsDOcFY0c1au.JfvdKS7WpHcSbTXrKp
Mwnfxicoan.g.resources
0tvIin4JT0kkYOC6fx.vFuWWr0wkNuY4BoYMQ
Olozvg.Properties.Resources.resources
Gzjeh
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙