Suspicious
Suspect

1da31a49e21b6d13124a08df93110eec

PE Executable
|
MD5: 1da31a49e21b6d13124a08df93110eec
|
Size: 511.49 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
1da31a49e21b6d13124a08df93110eec
Sha1
a73318de79d785a0d716b2241efc6ce622525c52
Sha256
fb92f2044fd4221a569b8eb3193e777afb1d850f1317f808af3b4440e23c9660
Sha384
fb13fde0de21bd3fcc67d40a261c4a20fc34517d17a6a5d5e233ab339d6b01d22584b956f4845e6996a676965dfa0f9c
Sha512
1e4d1bbbe71b883362ac0e22fbaee4a69fd6d5f4a5afc750cda124731ac988ae5518114af315141db30451d3662bdfff20a186ff9b79fdd15b0672fb2078c154
SSDeep
12288:dSTW1fPQ+biwPPqDasqdQrlTT6znjVUJ7vn:kTW1fP9PPbSTT66N
TLSH
54B4BE6AD3E15D8DF2B69BBD9CF182344F72BCD8EB61D32E004020E81E72695DE51366
File Structure
1da31a49e21b6d13124a08df93110eec
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
3??%?
g47K
)0
.text
.rsrc
.reloc
.RVA
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Loki.Properties.ZZZZl.resources
MBR
_lock
[NBF]root.IconData
d32
file_0.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
d64
file_0.bin
Overlay_64e42751.bin
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Void Loki.ZZJ::ZZK(System.String[])
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.2.0.0
Assembly Culture

<null>
Has PublicKey

True
PublicKey Token

1033239b79792944
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void Loki.ZZJ::ZZK(System.String[])
Main IL Instruction Count

24
Main IL

UNKNOWN1 <null> sub <null> ldelem.i4 <null> ldc.r4 -0.00086504046 ldarg.s <null> conv.ovf.i4 <null> ldelem.i4 <null> stloc.3 <null> callvirt <null> ldind.u4 <null> UNKNOWN1 <null> UNKNOWN1 <null> leave <null> UNKNOWN1 <null> UNKNOWN1 <null> conv.i1 <null> UNKNOWN1 <null> blt.un.s <null> UNKNOWN1 <null> blt.un.s <null> ldarg.3 <null> call <null> stind.r8 <null> ldelem.ref <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
1da31a49e21b6d13124a08df93110eec (511.49 KB)
File Structure
1da31a49e21b6d13124a08df93110eec
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
3??%?
g47K
)0
.text
.rsrc
.reloc
.RVA
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Loki.Properties.ZZZZl.resources
MBR
_lock
[NBF]root.IconData
d32
file_0.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
d64
file_0.bin
Overlay_64e42751.bin
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PE Layout

MemoryMapped (process dump suspected)

1da31a49e21b6d13124a08df93110eec > .Net Resources > d64 > file_0.bin
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙