Suspicious
Suspect

14fcd225713cef9965ecad6e37bd53fb

PE Executable
|
MD5: 14fcd225713cef9965ecad6e37bd53fb
|
Size: 584.7 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
14fcd225713cef9965ecad6e37bd53fb
Sha1
7dee83430939dbe1107374300165ed762e0a35ce
Sha256
55a4228fd84a40ecba70cbbf8b77f9a0b19b9ac0b8e969f4e07acef0c78e679d
Sha384
c7a84ccd00abb192af21b138f6267c48c467aa83f4f04151454887399eaa5144a82cb91fb82c057453e8e4896de521d5
Sha512
32b169261fe059f5dfe7cedccecc9e29c6815fc803e8970ecd1901cef4cd980b3a63c2c4851b3207a6e0c557237c52234a539a5a851f23633cbe92d111355d89
SSDeep
12288:BLMBscP8T+gVzXt1J989Quj833ZO2J0AQYK9Xv1K0bekD:BeGNXDz89633ZOiQTo2ekD
TLSH
10C4233239781D52E2E4E73F589470E053F9941C69098E4F764D2362DD05F2FCEBA29A

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
14fcd225713cef9965ecad6e37bd53fb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Qjgveevin.Properties.Resources.resources
Cbzeyqyckz
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Qjgveevin.exe
Full Name

Qjgveevin.exe
EntryPoint

System.Void Qjgveevin.Payjupkrtx::Main()
Scope Name

Qjgveevin.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Qjgveevin
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Qjgveevin.Payjupkrtx::Main()
Main IL Instruction Count

74
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Qjgveevin.Properties.Cdlediviwn::get_Cbzeyqyckz() ldsfld System.Byte[] HViDB1cKmhsX7SLT4y.G5SgAOMd13pIiDlX0s::FK33VbUdn ldsfld System.Byte[] HViDB1cKmhsX7SLT4y.G5SgAOMd13pIiDlX0s::LErGNPLD5 call System.Byte[] Qjgveevin.Payjupkrtx::H4rPGFcGm(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 ldc.i4 2 br IL_003B: stloc V_0 br IL_003F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_003F: ldloc V_0 br IL_0067: nop nop <null> ldloc.s V_2 ldstr JObuM2fA1 ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0082: leave IL_00CD leave IL_00CD: ldloc.s V_1 pop <null> br IL_008D: leave IL_00CD leave IL_00CD: ldloc.s V_1 br IL_00CD: ldloc.s V_1 ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00A7: ldloc.s V_3 br IL_0104: leave IL_0005 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 2 ldsfld <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732} <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_f0fac3aefaf34ab5bbc6e3c489f473ba ldfld System.Int32 <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_5c5f695546ba4e1985ca6e9cdb7ce588 brfalse IL_0043: switch(IL_0067,IL_00A7,IL_00FC) pop <null> ldc.i4 0 br IL_0043: switch(IL_0067,IL_00A7,IL_00FC) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0097: ldloc.s V_1 br IL_0097: ldloc.s V_1 ldc.i4 2 ldsfld <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732} <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_f0fac3aefaf34ab5bbc6e3c489f473ba ldfld System.Int32 <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_4d9254970895462e9746ca63b4868cd4 brfalse IL_0043: switch(IL_0067,IL_00A7,IL_00FC) pop <null> ldc.i4 1 br IL_0043: switch(IL_0067,IL_00A7,IL_00FC) ldc.i4.0 <null> stloc.s V_1 br IL_00D8: br IL_0097 leave IL_0005: ret pop <null> br IL_010F: leave IL_0005 leave IL_0005: ret br IL_0005: ret
Module Name

Qjgveevin.exe
Full Name

Qjgveevin.exe
EntryPoint

System.Void Qjgveevin.Payjupkrtx::Main()
Scope Name

Qjgveevin.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Qjgveevin
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Qjgveevin.Payjupkrtx::Main()
Main IL Instruction Count

74
Main IL

br IL_0006: nop ret <null> nop <null> call System.Byte[] Qjgveevin.Properties.Cdlediviwn::get_Cbzeyqyckz() ldsfld System.Byte[] HViDB1cKmhsX7SLT4y.G5SgAOMd13pIiDlX0s::FK33VbUdn ldsfld System.Byte[] HViDB1cKmhsX7SLT4y.G5SgAOMd13pIiDlX0s::LErGNPLD5 call System.Byte[] Qjgveevin.Payjupkrtx::H4rPGFcGm(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 ldc.i4 2 br IL_003B: stloc V_0 br IL_003F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_003F: ldloc V_0 br IL_0067: nop nop <null> ldloc.s V_2 ldstr JObuM2fA1 ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0082: leave IL_00CD leave IL_00CD: ldloc.s V_1 pop <null> br IL_008D: leave IL_00CD leave IL_00CD: ldloc.s V_1 br IL_00CD: ldloc.s V_1 ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00A7: ldloc.s V_3 br IL_0104: leave IL_0005 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 2 ldsfld <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732} <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_f0fac3aefaf34ab5bbc6e3c489f473ba ldfld System.Int32 <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_5c5f695546ba4e1985ca6e9cdb7ce588 brfalse IL_0043: switch(IL_0067,IL_00A7,IL_00FC) pop <null> ldc.i4 0 br IL_0043: switch(IL_0067,IL_00A7,IL_00FC) ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0097: ldloc.s V_1 br IL_0097: ldloc.s V_1 ldc.i4 2 ldsfld <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732} <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_f0fac3aefaf34ab5bbc6e3c489f473ba ldfld System.Int32 <Module>{2cd55d8f-a0a8-4e83-9c4e-b362c1ad7732}::m_4d9254970895462e9746ca63b4868cd4 brfalse IL_0043: switch(IL_0067,IL_00A7,IL_00FC) pop <null> ldc.i4 1 br IL_0043: switch(IL_0067,IL_00A7,IL_00FC) ldc.i4.0 <null> stloc.s V_1 br IL_00D8: br IL_0097 leave IL_0005: ret pop <null> br IL_010F: leave IL_0005 leave IL_0005: ret br IL_0005: ret
14fcd225713cef9965ecad6e37bd53fb (584.7 KB)
File Structure
14fcd225713cef9965ecad6e37bd53fb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Qjgveevin.Properties.Resources.resources
Cbzeyqyckz
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙