Malicious
Malicious

122ac1c9f14211226621454095c7da8f

PE Executable
|
MD5: 122ac1c9f14211226621454095c7da8f
|
Size: 599.55 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
122ac1c9f14211226621454095c7da8f
Sha1
89d04a63916e8a84c628f4d53ac3bcb529f8f247
Sha256
04766d99dbf4738ff82addb4a60fc8dac74506b45b0539f8dd316fa850a11a71
Sha384
6fbbd2284ac884f46c3ef8d32b0993005aaeffb1be4fab4422da73a62ac296d8a7afcc35d3506b6f47b7c86e90bfa0b0
Sha512
930bbe7d6442ff928fc06f84d43bec4f121461e1e228be58f1f837f78363b6dbcad7bb0f796fd970f66d02aa0ee7d94b8d87ccee5599e13be5cefe7ee7e4e4b9
SSDeep
12288:HMWCWWw6n5MU4tfkFQvmO5T/sJMepT9CYk/mu6n:DWTomu/sCiCY7n
TLSH
EAD48C6732564E20D2950733C1CB4941A3B8A68676E3F70F7586339624073FEDF8A6A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
122ac1c9f14211226621454095c7da8f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BQUkvh9MZCiIC56NjB.hHLBKowAl9wDitdOaw
awqZOIp8vE0FZdfvS5.GYeT4F8PQ14gEvfFS1
nPLaTMNZW64RdNDZLy.glRP0KeIptbhFedMOe
Lejtymx.g.resources
Jhpilzxuc.Properties.Resources.resources
Bwxyrx
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Lejtymx.exe
Full Name

Lejtymx.exe
EntryPoint

System.Void ah3X8lFpllurDn4VCs.wRcg4xdxWKWZwWqouk::T60VtqZbQ()
Scope Name

Lejtymx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Lejtymx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ah3X8lFpllurDn4VCs.wRcg4xdxWKWZwWqouk::T60VtqZbQ()
Main IL Instruction Count

107
Main IL

ldc.i4 1 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 989 beq IL_0009: ldloc V_5 br IL_002D: ret ret <null> nop <null> newobj System.Void ALfLNXAcHj1pLHcNHo.yWK3DVKL22hRAksk8V::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_0be450c6122d48709fca35721b50f14a brfalse IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 3 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) br IL_0063: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 11 beq IL_0124: newobj System.Void r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu::.ctor() ldloc V_3 ldc.i4 991 beq IL_0063: ldloc V_3 br IL_015B: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void BMSIiwhQKPHbdVo8Zy.O1OtTY5B0TUmxbWrq0::.ctor() dup <null> dup <null> ldsfld USDk7feqvsWSiinYhMy USDk7feqvsWSiinYhMy::Oyte00iFPm call System.Void USDk7feqvsWSiinYhMy::ETXeVPMmpb(System.Object,BMSIiwhQKPHbdVo8Zy.O1OtTY5B0TUmxbWrq0,USDk7feqvsWSiinYhMy) dup <null> ldloc.s V_6 ldsfld wapCLveaPLPGrKoY72C wapCLveaPLPGrKoY72C::EQHeU6pNPH call System.Void wapCLveaPLPGrKoY72C::ETXeVPMmpb(System.Object,hTaiOFv40kqRpm2ZPO.kmXmy2OjgCv6S0f7hy,wapCLveaPLPGrKoY72C) ldloc.s V_6 ldloc.s V_2 ldsfld P2OeNMeM3VpLjtwDZmW P2OeNMeM3VpLjtwDZmW::BVIeCR1vPd call System.Void P2OeNMeM3VpLjtwDZmW::ETXeVPMmpb(System.Object,r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu,P2OeNMeM3VpLjtwDZmW) ldloc.s V_2 ldloc.s V_1 ldsfld QmcLKCeXuhEuRhWIaYI QmcLKCeXuhEuRhWIaYI::xZNec15Z7I call System.Void QmcLKCeXuhEuRhWIaYI::ETXeVPMmpb(System.Object,TFbfwbchrVfUu8gaES.TUUwbDXuKbvdSIv2sl,QmcLKCeXuhEuRhWIaYI) ldloc.s V_1 ldloc.s V_0 ldsfld VbLydaeTiuhcX92g18y VbLydaeTiuhcX92g18y::gpwekhDmEZ call System.Void VbLydaeTiuhcX92g18y::ETXeVPMmpb(System.Object,ALfLNXAcHj1pLHcNHo.yWK3DVKL22hRAksk8V,VbLydaeTiuhcX92g18y) ldsfld M9Y4Z8euWsLWdkcJb1c M9Y4Z8euWsLWdkcJb1c::oGreHMpSSg call System.Boolean M9Y4Z8euWsLWdkcJb1c::ETXeVPMmpb(System.Object,M9Y4Z8euWsLWdkcJb1c) brtrue IL_0161: leave IL_002D ldc.i4 2 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_200bc60dfe834de4a538ab8acd1ec3d0 brtrue IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 10 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void TFbfwbchrVfUu8gaES.TUUwbDXuKbvdSIv2sl::.ctor() stloc.s V_1 ldc.i4 11 br IL_005F: stloc V_3 newobj System.Void r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu::.ctor() stloc.s V_2 ldc.i4 1 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_250b30b1f25342408f5cf71ff8bf72e3 brtrue IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 10 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void hTaiOFv40kqRpm2ZPO.kmXmy2OjgCv6S0f7hy::.ctor() stloc.s V_6 ldc.i4 3 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_6669d34edcb247038ee35b37f6df66ff brfalse IL_0198: switch(IL_01B4) pop <null> ldc.i4 0 br IL_0198: switch(IL_01B4) br IL_0194: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 988 beq IL_0194: ldloc V_4 br IL_01B4: leave IL_002D leave IL_002D: ret ldc.i4 5 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_a735fe257fdd494396c0f8b31cfadeac brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Lejtymx.exe
Full Name

Lejtymx.exe
EntryPoint

System.Void ah3X8lFpllurDn4VCs.wRcg4xdxWKWZwWqouk::T60VtqZbQ()
Scope Name

Lejtymx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Lejtymx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ah3X8lFpllurDn4VCs.wRcg4xdxWKWZwWqouk::T60VtqZbQ()
Main IL Instruction Count

107
Main IL

ldc.i4 1 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 989 beq IL_0009: ldloc V_5 br IL_002D: ret ret <null> nop <null> newobj System.Void ALfLNXAcHj1pLHcNHo.yWK3DVKL22hRAksk8V::.ctor() stloc.s V_0 ldc.i4 0 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_0be450c6122d48709fca35721b50f14a brfalse IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 3 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) br IL_0063: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 11 beq IL_0124: newobj System.Void r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu::.ctor() ldloc V_3 ldc.i4 991 beq IL_0063: ldloc V_3 br IL_015B: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void BMSIiwhQKPHbdVo8Zy.O1OtTY5B0TUmxbWrq0::.ctor() dup <null> dup <null> ldsfld USDk7feqvsWSiinYhMy USDk7feqvsWSiinYhMy::Oyte00iFPm call System.Void USDk7feqvsWSiinYhMy::ETXeVPMmpb(System.Object,BMSIiwhQKPHbdVo8Zy.O1OtTY5B0TUmxbWrq0,USDk7feqvsWSiinYhMy) dup <null> ldloc.s V_6 ldsfld wapCLveaPLPGrKoY72C wapCLveaPLPGrKoY72C::EQHeU6pNPH call System.Void wapCLveaPLPGrKoY72C::ETXeVPMmpb(System.Object,hTaiOFv40kqRpm2ZPO.kmXmy2OjgCv6S0f7hy,wapCLveaPLPGrKoY72C) ldloc.s V_6 ldloc.s V_2 ldsfld P2OeNMeM3VpLjtwDZmW P2OeNMeM3VpLjtwDZmW::BVIeCR1vPd call System.Void P2OeNMeM3VpLjtwDZmW::ETXeVPMmpb(System.Object,r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu,P2OeNMeM3VpLjtwDZmW) ldloc.s V_2 ldloc.s V_1 ldsfld QmcLKCeXuhEuRhWIaYI QmcLKCeXuhEuRhWIaYI::xZNec15Z7I call System.Void QmcLKCeXuhEuRhWIaYI::ETXeVPMmpb(System.Object,TFbfwbchrVfUu8gaES.TUUwbDXuKbvdSIv2sl,QmcLKCeXuhEuRhWIaYI) ldloc.s V_1 ldloc.s V_0 ldsfld VbLydaeTiuhcX92g18y VbLydaeTiuhcX92g18y::gpwekhDmEZ call System.Void VbLydaeTiuhcX92g18y::ETXeVPMmpb(System.Object,ALfLNXAcHj1pLHcNHo.yWK3DVKL22hRAksk8V,VbLydaeTiuhcX92g18y) ldsfld M9Y4Z8euWsLWdkcJb1c M9Y4Z8euWsLWdkcJb1c::oGreHMpSSg call System.Boolean M9Y4Z8euWsLWdkcJb1c::ETXeVPMmpb(System.Object,M9Y4Z8euWsLWdkcJb1c) brtrue IL_0161: leave IL_002D ldc.i4 2 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_200bc60dfe834de4a538ab8acd1ec3d0 brtrue IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 10 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void TFbfwbchrVfUu8gaES.TUUwbDXuKbvdSIv2sl::.ctor() stloc.s V_1 ldc.i4 11 br IL_005F: stloc V_3 newobj System.Void r5bdM0ERPklNmV5KSH.cWWYIgm581t9t55xLu::.ctor() stloc.s V_2 ldc.i4 1 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_250b30b1f25342408f5cf71ff8bf72e3 brtrue IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) pop <null> ldc.i4 10 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void hTaiOFv40kqRpm2ZPO.kmXmy2OjgCv6S0f7hy::.ctor() stloc.s V_6 ldc.i4 3 br IL_0067: switch(IL_0113,IL_014A,IL_015B,IL_009D) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_6669d34edcb247038ee35b37f6df66ff brfalse IL_0198: switch(IL_01B4) pop <null> ldc.i4 0 br IL_0198: switch(IL_01B4) br IL_0194: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 988 beq IL_0194: ldloc V_4 br IL_01B4: leave IL_002D leave IL_002D: ret ldc.i4 5 ldsfld <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a} <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_f7e9824759284b2e84b819cc96555487 ldfld System.Int32 <Module>{1cb10e4e-34fc-4759-851f-dc0bf577632a}::m_a735fe257fdd494396c0f8b31cfadeac brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
122ac1c9f14211226621454095c7da8f (599.55 KB)
File Structure
122ac1c9f14211226621454095c7da8f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BQUkvh9MZCiIC56NjB.hHLBKowAl9wDitdOaw
awqZOIp8vE0FZdfvS5.GYeT4F8PQ14gEvfFS1
nPLaTMNZW64RdNDZLy.glRP0KeIptbhFedMOe
Lejtymx.g.resources
Jhpilzxuc.Properties.Resources.resources
Bwxyrx
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙