Malicious
Malicious

09d7b1584ffef9f398c3c7acaaf299b5

PE Executable
|
MD5: 09d7b1584ffef9f398c3c7acaaf299b5
|
Size: 637.44 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
09d7b1584ffef9f398c3c7acaaf299b5
Sha1
028f56af3f5bb7fb7393fb7cb54cb6e185112f1a
Sha256
f85f97defd5f754e3a6186e945cea34c9b54c94a0ce409cc76df181c725f652f
Sha384
f178b8b082e3c1d753ecc50ad5f0ea8a89bc4dcb8ae264bdee0ff31f494eea68114555719c28592d98db8d7bff9e6d12
Sha512
090b3bb4d33dc393ffd8e8c34a43d9b0c7441e4cf1b9f080821c28536a129a86889a54e98d2b5308c7c93a673798a843c45122cd0ce24a73df4bf8d5f40bb6d9
SSDeep
12288:bK4ERiBympzPOmXaDm70HW2GePSE50Il0DL7Hv8mC7sgJMIdHDB:bnzpzTAK0HW2Lh50IS7HUmCAOj
TLSH
CDD4AE1B7305CE21C148663BD0C7850097F5A5D2B677E31EB9C9239A5A073BEEE0A397

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
09d7b1584ffef9f398c3c7acaaf299b5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hN7fFHvvTJg4Elk38O.CKABwmiVkbyyxPiE6R
Vrpdwsxm.g.resources
Q5l4ALgcbejfFMZYHk.ROVVVtsbfTGAtoq16y
Vrpdwsxm.Properties.Resources.resources
Awvzet
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Vrpdwsxm.exe
Full Name

Vrpdwsxm.exe
EntryPoint

System.Void jXrtSMrUiFwmclHaG5.kuqyEXBNO7igYCYQla::xGTEG6cmr()
Scope Name

Vrpdwsxm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Vrpdwsxm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void jXrtSMrUiFwmclHaG5.kuqyEXBNO7igYCYQla::xGTEG6cmr()
Main IL Instruction Count

89
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: nop nop <null> call System.Boolean VniB6yqRv8TxS9ZSfH.KON30V9tkH1hQY2Wjv::b4L7nFrBn() brfalse IL_00AD: ldc.i4 -1755195917 ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_5245f043ec1b4e6a88c7ad3d2d0ca894 brfalse IL_0069: switch(IL_00AD,IL_0089) pop <null> ldc.i4 1 br IL_0069: switch(IL_00AD,IL_0089) br IL_0065: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0065: ldloc V_3 br IL_0089: br IL_00CE br IL_00CE: leave IL_0195 ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_0ca36250032748c7b553419650966485 brtrue IL_0069: switch(IL_00AD,IL_0089) pop <null> ldc.i4 1 br IL_0069: switch(IL_00AD,IL_0089) ldc.i4 -1755195917 ldc.i4 -1634844491 xor <null> ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_c646fa82b2b542af82379d81f981f6ec xor <null> call System.String EdOjGII7EeF3jgZoYH.eVpuN3AKrkUZrJFLIJ::TYLv6qQYF1(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_0195: ret stloc.s V_0 ldc.i4 2 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_d0f3d033ef8749bab4c8d321be609d11 brtrue IL_0106: switch(IL_0126,IL_0171) pop <null> ldc.i4 0 br IL_0106: switch(IL_0126,IL_0171) br IL_0102: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0102: ldloc V_2 br IL_0126: ldc.i4 -197640705 ldc.i4 -197640705 ldc.i4 -1913094259 xor <null> ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_0ca36250032748c7b553419650966485 xor <null> call System.String EdOjGII7EeF3jgZoYH.eVpuN3AKrkUZrJFLIJ::TYLv6qQYF1(System.Int32) ldloc.s V_0 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 4 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_f9dcf5ecf77e4d0f97231bd000a88fb8 brtrue IL_0106: switch(IL_0126,IL_0171) pop <null> ldc.i4 1 br IL_0106: switch(IL_0126,IL_0171) leave IL_0195: ret ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_ef921932c3c3422688d57ac288780986 brtrue IL_000D: switch(IL_0195,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0195,IL_002D) ret <null>
Module Name

Vrpdwsxm.exe
Full Name

Vrpdwsxm.exe
EntryPoint

System.Void jXrtSMrUiFwmclHaG5.kuqyEXBNO7igYCYQla::xGTEG6cmr()
Scope Name

Vrpdwsxm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Vrpdwsxm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void jXrtSMrUiFwmclHaG5.kuqyEXBNO7igYCYQla::xGTEG6cmr()
Main IL Instruction Count

89
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: nop nop <null> call System.Boolean VniB6yqRv8TxS9ZSfH.KON30V9tkH1hQY2Wjv::b4L7nFrBn() brfalse IL_00AD: ldc.i4 -1755195917 ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_5245f043ec1b4e6a88c7ad3d2d0ca894 brfalse IL_0069: switch(IL_00AD,IL_0089) pop <null> ldc.i4 1 br IL_0069: switch(IL_00AD,IL_0089) br IL_0065: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0065: ldloc V_3 br IL_0089: br IL_00CE br IL_00CE: leave IL_0195 ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_0ca36250032748c7b553419650966485 brtrue IL_0069: switch(IL_00AD,IL_0089) pop <null> ldc.i4 1 br IL_0069: switch(IL_00AD,IL_0089) ldc.i4 -1755195917 ldc.i4 -1634844491 xor <null> ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_c646fa82b2b542af82379d81f981f6ec xor <null> call System.String EdOjGII7EeF3jgZoYH.eVpuN3AKrkUZrJFLIJ::TYLv6qQYF1(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_0195: ret stloc.s V_0 ldc.i4 2 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_d0f3d033ef8749bab4c8d321be609d11 brtrue IL_0106: switch(IL_0126,IL_0171) pop <null> ldc.i4 0 br IL_0106: switch(IL_0126,IL_0171) br IL_0102: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0102: ldloc V_2 br IL_0126: ldc.i4 -197640705 ldc.i4 -197640705 ldc.i4 -1913094259 xor <null> ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_0ca36250032748c7b553419650966485 xor <null> call System.String EdOjGII7EeF3jgZoYH.eVpuN3AKrkUZrJFLIJ::TYLv6qQYF1(System.Int32) ldloc.s V_0 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 4 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_f9dcf5ecf77e4d0f97231bd000a88fb8 brtrue IL_0106: switch(IL_0126,IL_0171) pop <null> ldc.i4 1 br IL_0106: switch(IL_0126,IL_0171) leave IL_0195: ret ldc.i4 0 ldsfld <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc} <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_678a7a510ebb404685ff6c1c7e493b91 ldfld System.Int32 <Module>{1fffd0e7-5633-40aa-b492-8783c3bf20bc}::m_ef921932c3c3422688d57ac288780986 brtrue IL_000D: switch(IL_0195,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0195,IL_002D) ret <null>
09d7b1584ffef9f398c3c7acaaf299b5 (637.44 KB)
File Structure
09d7b1584ffef9f398c3c7acaaf299b5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hN7fFHvvTJg4Elk38O.CKABwmiVkbyyxPiE6R
Vrpdwsxm.g.resources
Q5l4ALgcbejfFMZYHk.ROVVVtsbfTGAtoq16y
Vrpdwsxm.Properties.Resources.resources
Awvzet
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙