Malicious
Malicious

1c7683551f247a15d95ba3ade5e01ed2

PE Executable
|
MD5: 1c7683551f247a15d95ba3ade5e01ed2
|
Size: 2.34 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
1c7683551f247a15d95ba3ade5e01ed2
Sha1
cf537ecd2a38a5fd32347c0a6d29e1795abae99e
Sha256
c0858c3ab7f16ee4e50bd6a41f080a1da5c991bb63740e8dee7b74d2190604b3
Sha384
db9778354473a98522630578c259d92c260e96d9cca26ac8956b3509868bde255a83d91bb93cd795975b0f83024c209c
Sha512
23228d76206fe561bf3a68a9ca5008334755cdedbf6d5fb69416ee787a3a53ec7a620ed9ddae3e215fd3235259b98ea1a640dc11cbfa88efafb6ca379c9f2279
SSDeep
49152:ieoH6TcFZmTRHQaABJnIU/7wgEdr9buhjHCjs:iZNFZGqxL/EN9yjHCj
TLSH
FFB5CF0665925E33C26527398663413D4291D76A3912FF0F3A5FA093B907BF18A723FB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1c7683551f247a15d95ba3ade5e01ed2
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
PRjnkuZ335fUQZPn8l.kVdrQGaWYan5rVFwRx
DG494jXoZdmiU6wNjs.QAUdTrj5JxRJl1jvVF
i5gsby8m5UYMMnmDje.g9J9RYl8eTNepkOCaA
DjivoAMB6sK1kyMTma.EyPvCCgGJArHnP6dls
y3tjlDSbB8PKxViwAa.UfwUNjHlMseb88O7ZX
8dv2dK6RNQSGWkmaEs.HKv0Cnq0KGSCkMw16l
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void aX0rxjYHasf9QTFBbN0.KaccQbYSSIe7ZEXTeHk::jJiYMK2heu()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void aX0rxjYHasf9QTFBbN0.KaccQbYSSIe7ZEXTeHk::jJiYMK2heu()
Main IL Instruction Count

51
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00C4: newobj System.Void b8Li6s8jWXX0TWlwbLr.X7ndn98XJDFdETfCdET::.ctor() ldc.i4 135591215 ldc.i4 1634732027 xor <null> ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_f323ad041bf348f9815086f4df1b0173 xor <null> call System.String wpxrQYdD9IFnGDrQ6Hr.P4Jhvfd3P6KRiKlmNyW::CDMdy02ocI(System.Int32) newobj System.Void UDA5MelZRAPN3V9aDsr.E5y04dljRO22jJbiasP::.ctor(System.String) call System.Void UDA5MelZRAPN3V9aDsr.E5y04dljRO22jJbiasP::muNlaMkFpK() ldc.i4 1 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_beea9c52af1f42fc914830d30767c479 brtrue IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 4 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) ret <null> ldnull <null> ldnull <null> newobj System.Void dxlOL0Hfu0o1uIXCeub.wUZY8TH0xMfLXvXNsjS::.ctor(System.String,System.String) call System.Void K3kXabqtKTNqMQ29VAN.PFL4duqYyerS4QwcC29::U1gqPVZQFK(dxlOL0Hfu0o1uIXCeub.wUZY8TH0xMfLXvXNsjS) ldc.i4 1 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_d8c7bca3c983486e9f0dc48520c8da4d brtrue IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 2 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) call System.Void mIsx8FnxUHHp6GJ7VVT.SakDxInDCcfAGBlrVmx::tojqg5gxR8A() ldc.i4 0 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_990003c9e27e4177847dca995db0961a brfalse IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 0 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) newobj System.Void b8Li6s8jWXX0TWlwbLr.X7ndn98XJDFdETfCdET::.ctor() pop <null> ldc.i4 2 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_fdfc204964d74d55a1ac39f8aa170cb5 brfalse IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 3 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void aX0rxjYHasf9QTFBbN0.KaccQbYSSIe7ZEXTeHk::jJiYMK2heu()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void aX0rxjYHasf9QTFBbN0.KaccQbYSSIe7ZEXTeHk::jJiYMK2heu()
Main IL Instruction Count

51
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00C4: newobj System.Void b8Li6s8jWXX0TWlwbLr.X7ndn98XJDFdETfCdET::.ctor() ldc.i4 135591215 ldc.i4 1634732027 xor <null> ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_f323ad041bf348f9815086f4df1b0173 xor <null> call System.String wpxrQYdD9IFnGDrQ6Hr.P4Jhvfd3P6KRiKlmNyW::CDMdy02ocI(System.Int32) newobj System.Void UDA5MelZRAPN3V9aDsr.E5y04dljRO22jJbiasP::.ctor(System.String) call System.Void UDA5MelZRAPN3V9aDsr.E5y04dljRO22jJbiasP::muNlaMkFpK() ldc.i4 1 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_beea9c52af1f42fc914830d30767c479 brtrue IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 4 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) ret <null> ldnull <null> ldnull <null> newobj System.Void dxlOL0Hfu0o1uIXCeub.wUZY8TH0xMfLXvXNsjS::.ctor(System.String,System.String) call System.Void K3kXabqtKTNqMQ29VAN.PFL4duqYyerS4QwcC29::U1gqPVZQFK(dxlOL0Hfu0o1uIXCeub.wUZY8TH0xMfLXvXNsjS) ldc.i4 1 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_d8c7bca3c983486e9f0dc48520c8da4d brtrue IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 2 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) call System.Void mIsx8FnxUHHp6GJ7VVT.SakDxInDCcfAGBlrVmx::tojqg5gxR8A() ldc.i4 0 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_990003c9e27e4177847dca995db0961a brfalse IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 0 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) newobj System.Void b8Li6s8jWXX0TWlwbLr.X7ndn98XJDFdETfCdET::.ctor() pop <null> ldc.i4 2 ldsfld <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac} <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_36bd708d65bf42e2ae5bbc8dfbdd040f ldfld System.Int32 <Module>{e69fbc2b-4414-4619-b1a6-7b0f6e9c69ac}::m_fdfc204964d74d55a1ac39f8aa170cb5 brfalse IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074) pop <null> ldc.i4 3 br IL_0012: switch(IL_00C4,IL_00A0,IL_0030,IL_0075,IL_0074)
1c7683551f247a15d95ba3ade5e01ed2 (2.34 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙