Malicious
Malicious

1808a922881c016afad04c1e2c62de7e

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: 1808a922881c016afad04c1e2c62de7e
Size: 787.46 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
1808a922881c016afad04c1e2c62de7e
Sha1
3483e103d1a13478f4b8df392c9cebc8c43f59a6
Sha256
d94a6d8e3d54432fcdb888a4f1e566f35c9ea8fc04381956f5e836da50390ee8
Sha384
4799486b68b3fa73e4bb0cd12a7c451c23eef6fd1b95862ebed8928ef9372a246b0d8c294f2ee725a3f93d8c2f2bca1f
Sha512
6053148f37a871c21ac8d2593b4f1b0456d8b1ef5aed4a11d3c30b40a3da8083d6a2d67f63d5971d194b12d7fdea61ddf2cbba2132acedff69c5b757269aa883
SSDeep
12288:K3yeOO4nCLEMAcbUxNEvGjnjz2UB1xoKgTeywFx0/Vd2JaCJu096hIKUDjGE:Gmcb2NEvor1x46x0tdSaCp3rj
TLSH
52F4BE5B76968E21D2880232C2E7120583E1654B7677E70E768523DB29073FBEE4F397

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1808a922881c016afad04c1e2c62de7e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
mCXU7mFxuGIMa9L5Pk.uVm5BCB8C0SR4Z6Lxh
hTJVRwMH55ch3AIocn.CbGJDSZVvTMIQ1JxgZ
uIAKUMl9WwiTMDOJ3Q.SwDMyOpGlUlnkc4RbP
XHP2Ck6BwBENviHXV8.1KASC2CB3FE2JqX18H
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Iudafeb.exe
Full Name

Iudafeb.exe
EntryPoint

System.Void KXQZUkNlnidWms4PaX.M9V1TmaE5Y4lwYerxB::n9dTcbnUm()
Scope Name

Iudafeb.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Iudafeb
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void KXQZUkNlnidWms4PaX.M9V1TmaE5Y4lwYerxB::n9dTcbnUm()
Main IL Instruction Count

63
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 990 beq IL_0009: ldloc V_1 br IL_0106: call System.Void EAOr8lCtjHqP12EUJY1.ED308TCcp5iLESwfuS1::kLjw4iIsCLsZtxc4lksN0j() ret <null> nop <null> newobj System.Void Co6pBhSSbRTy3k2196.PFHNDIvEB9t5ag5Xyg::.ctor() call System.Byte[] Qhcebujqai.Properties.Lrabuhup::get_Gptknecwsu() callvirt System.Void Co6pBhSSbRTy3k2196.PFHNDIvEB9t5ag5Xyg::LXmWFWs8Y(System.Byte[]) ldc.i4 0 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_40bc9dbab9004b118f94bb9e06338122 brfalse IL_0073: switch(IL_008F) pop <null> ldc.i4 3 br IL_0073: switch(IL_008F) br IL_006F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_006F: ldloc V_0 br IL_008F: leave IL_0031 leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_1f67715a8a34431dabcc7fb39a4e1865 brfalse IL_00C6: switch(IL_00E2) pop <null> ldc.i4 3 br IL_00C6: switch(IL_00E2) br IL_00C2: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C2: ldloc V_2 br IL_00E2: leave IL_0031 leave IL_0031: ret ldc.i4 4 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_3228b0b4d9f3445b8425f3adaccde015 brtrue IL_000D: switch(IL_0031,IL_0032,IL_0106) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0032,IL_0106) call System.Void EAOr8lCtjHqP12EUJY1.ED308TCcp5iLESwfuS1::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 1 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_1f67715a8a34431dabcc7fb39a4e1865 brfalse IL_000D: switch(IL_0031,IL_0032,IL_0106) pop <null> ldc.i4 5 br IL_000D: switch(IL_0031,IL_0032,IL_0106)
Module Name

Iudafeb.exe
Full Name

Iudafeb.exe
EntryPoint

System.Void KXQZUkNlnidWms4PaX.M9V1TmaE5Y4lwYerxB::n9dTcbnUm()
Scope Name

Iudafeb.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Iudafeb
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void KXQZUkNlnidWms4PaX.M9V1TmaE5Y4lwYerxB::n9dTcbnUm()
Main IL Instruction Count

63
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 990 beq IL_0009: ldloc V_1 br IL_0106: call System.Void EAOr8lCtjHqP12EUJY1.ED308TCcp5iLESwfuS1::kLjw4iIsCLsZtxc4lksN0j() ret <null> nop <null> newobj System.Void Co6pBhSSbRTy3k2196.PFHNDIvEB9t5ag5Xyg::.ctor() call System.Byte[] Qhcebujqai.Properties.Lrabuhup::get_Gptknecwsu() callvirt System.Void Co6pBhSSbRTy3k2196.PFHNDIvEB9t5ag5Xyg::LXmWFWs8Y(System.Byte[]) ldc.i4 0 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_40bc9dbab9004b118f94bb9e06338122 brfalse IL_0073: switch(IL_008F) pop <null> ldc.i4 3 br IL_0073: switch(IL_008F) br IL_006F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_006F: ldloc V_0 br IL_008F: leave IL_0031 leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_1f67715a8a34431dabcc7fb39a4e1865 brfalse IL_00C6: switch(IL_00E2) pop <null> ldc.i4 3 br IL_00C6: switch(IL_00E2) br IL_00C2: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C2: ldloc V_2 br IL_00E2: leave IL_0031 leave IL_0031: ret ldc.i4 4 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_3228b0b4d9f3445b8425f3adaccde015 brtrue IL_000D: switch(IL_0031,IL_0032,IL_0106) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0032,IL_0106) call System.Void EAOr8lCtjHqP12EUJY1.ED308TCcp5iLESwfuS1::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 1 ldsfld <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d} <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_a6b176f90ced4f199a51d2236a6134e0 ldfld System.Int32 <Module>{d7539fe6-e6ca-4dae-b840-e6c0de23137d}::m_1f67715a8a34431dabcc7fb39a4e1865 brfalse IL_000D: switch(IL_0031,IL_0032,IL_0106) pop <null> ldc.i4 5 br IL_000D: switch(IL_0031,IL_0032,IL_0106)
1808a922881c016afad04c1e2c62de7e (787.46 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙