Malicious
Malicious

12bfbe5fe642a549541282b4c6e06f8e

PE Executable
|
MD5: 12bfbe5fe642a549541282b4c6e06f8e
|
Size: 2.76 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
12bfbe5fe642a549541282b4c6e06f8e
Sha1
be56283eb946cbf81c7fac7543e2d12590be5760
Sha256
54c9a7b2d0118b16cc093ffe52bce2018e15fdee6827cb6deba928d71d67c93c
Sha384
fe5359d324e17f2745545265f483e81097c8009fe61c698ec72991f199b0a3e5f81753f8c1beac7695fea979452d403f
Sha512
d37ebcacbd59949dc52984d60755cb51b0aae12267f337b0022a84c15f33b1b748d557521bb15ac2b72ff495a7681b1ef0348b4b51271a1ed6180f5744f98bfa
SSDeep
49152:2EC3O1moX2nfWZGJB46V2E/T5ZWBTpHLHaQg:23K36LlZWz6Q
TLSH
BAD54A0FFA864BB2C1344736C5DB452CA3B4DA817B23CB3A7549235605CA7F97A4229F

PeID

HQR data file
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
File Structure
12bfbe5fe642a549541282b4c6e06f8e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Clsgbhb.Properties.Resources.resources
Agvevjfrwy
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

October Payment1.exe
Full Name

October Payment1.exe
EntryPoint

System.Void OctoberPayment1.Specifications.AlphabeticSpec::JoinSpec()
Scope Name

October Payment1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

October Payment1
Assembly Version

1.0.8128.9236
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1210
Main Method

System.Void OctoberPayment1.Specifications.AlphabeticSpec::JoinSpec()
Main IL Instruction Count

117
Main IL

ldc.i4 1 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_004F: nop ret <null> newobj System.Void OctoberPayment1.Execution.GenericCommand::.ctor() stloc.s V_2 ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_71c2287911d34e0b8a62955434da8071 brfalse IL_0012: switch(IL_004F,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004F,IL_0029,IL_0028) nop <null> ldloc.s V_2 callvirt System.String OctoberPayment1.Execution.GenericCommand::ExecuteConcreteCommand() brtrue IL_0124: ldloc.s V_2 ldc.i4 1 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_ea54539215374a919cb2c8b1ebc3ffdc brfalse IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 1 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] br IL_00F8: ldloc.s V_1 br IL_0173: leave IL_0028 ldc.i4 3 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_c573c5d3c00c45f5958e0e8da49316ff brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 5 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_1 call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldstr Pka4EBUtN ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ldc.i4 2 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) br IL_0173: leave IL_0028 ldc.i4 4 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_1 call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> bgt IL_00C5: ldloc.s V_1 ldc.i4 3 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_872111cf2348483da0581ef501fa0169 brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 3 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_2 callvirt System.Type[] OctoberPayment1.Execution.GenericCommand::FilterCommand() ldsfld System.Func`2<System.Type,System.Boolean> OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ProjectProvider dup <null> brtrue IL_014D: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld OctoberPayment1.Specifications.AlphabeticSpec/<>c OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ExternalContext ldftn System.Boolean OctoberPayment1.Specifications.AlphabeticSpec/<>c::OpenExternalLogger(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ProjectProvider call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.s V_1 ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_f090d6c46c6a4c8e9cc008b9e6b6d39b brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 0 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) leave IL_0028: ret ldloc.s V_2 brtrue IL_01CB: ldloc.s V_2 ldc.i4 2 stloc V_0 br IL_018D: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_01F1: endfinally br IL_01F1: endfinally ldc.i4 1 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_36e5c5d5339a4650a4af326f06241536 brtrue IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) pop <null> ldc.i4 0 br IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) ldloc.s V_2 callvirt System.Void System.IDisposable::Dispose() ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_f669b77d9b0a4b51acd25f6921c81da8 brtrue IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) pop <null> ldc.i4 0 br IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) endfinally <null> ldc.i4 2 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_946a6b1ef5b24c4c8ab7f0d225afbd2d brtrue IL_0012: switch(IL_004F,IL_0029,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_004F,IL_0029,IL_0028)
Module Name

October Payment1.exe
Full Name

October Payment1.exe
EntryPoint

System.Void OctoberPayment1.Specifications.AlphabeticSpec::JoinSpec()
Scope Name

October Payment1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

October Payment1
Assembly Version

1.0.8128.9236
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1210
Main Method

System.Void OctoberPayment1.Specifications.AlphabeticSpec::JoinSpec()
Main IL Instruction Count

117
Main IL

ldc.i4 1 stloc V_3 br IL_000E: ldloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] br IL_004F: nop ret <null> newobj System.Void OctoberPayment1.Execution.GenericCommand::.ctor() stloc.s V_2 ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_71c2287911d34e0b8a62955434da8071 brfalse IL_0012: switch(IL_004F,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004F,IL_0029,IL_0028) nop <null> ldloc.s V_2 callvirt System.String OctoberPayment1.Execution.GenericCommand::ExecuteConcreteCommand() brtrue IL_0124: ldloc.s V_2 ldc.i4 1 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_ea54539215374a919cb2c8b1ebc3ffdc brfalse IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 1 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] br IL_00F8: ldloc.s V_1 br IL_0173: leave IL_0028 ldc.i4 3 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_c573c5d3c00c45f5958e0e8da49316ff brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 5 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_1 call System.Type System.Linq.Enumerable::First<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldstr Pka4EBUtN ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> ldc.i4 2 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) br IL_0173: leave IL_0028 ldc.i4 4 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_1 call System.Int32 System.Linq.Enumerable::Count<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>) ldc.i4.0 <null> bgt IL_00C5: ldloc.s V_1 ldc.i4 3 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_872111cf2348483da0581ef501fa0169 brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 3 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) ldloc.s V_2 callvirt System.Type[] OctoberPayment1.Execution.GenericCommand::FilterCommand() ldsfld System.Func`2<System.Type,System.Boolean> OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ProjectProvider dup <null> brtrue IL_014D: call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld OctoberPayment1.Specifications.AlphabeticSpec/<>c OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ExternalContext ldftn System.Boolean OctoberPayment1.Specifications.AlphabeticSpec/<>c::OpenExternalLogger(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> OctoberPayment1.Specifications.AlphabeticSpec/<>c::_ProjectProvider call System.Collections.Generic.IEnumerable`1<System.Type> System.Linq.Enumerable::Where<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.s V_1 ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_f090d6c46c6a4c8e9cc008b9e6b6d39b brtrue IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) pop <null> ldc.i4 0 br IL_007F: switch(IL_00F8,IL_00A1,IL_0173,IL_00E9,IL_00C5,IL_0124) leave IL_0028: ret ldloc.s V_2 brtrue IL_01CB: ldloc.s V_2 ldc.i4 2 stloc V_0 br IL_018D: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_01F1: endfinally br IL_01F1: endfinally ldc.i4 1 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_36e5c5d5339a4650a4af326f06241536 brtrue IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) pop <null> ldc.i4 0 br IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) ldloc.s V_2 callvirt System.Void System.IDisposable::Dispose() ldc.i4 0 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_f669b77d9b0a4b51acd25f6921c81da8 brtrue IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) pop <null> ldc.i4 0 br IL_0191: switch(IL_01F1,IL_01CB,IL_01A7) endfinally <null> ldc.i4 2 ldsfld <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111} <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_bda315b6f96947dda0f80ef3b28a8119 ldfld System.Int32 <Module>{417ce429-a6b0-48b5-a735-2114ab2ba111}::m_946a6b1ef5b24c4c8ab7f0d225afbd2d brtrue IL_0012: switch(IL_004F,IL_0029,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_004F,IL_0029,IL_0028)
12bfbe5fe642a549541282b4c6e06f8e (2.76 MB)
File Structure
12bfbe5fe642a549541282b4c6e06f8e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Clsgbhb.Properties.Resources.resources
Agvevjfrwy
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙