Suspicious
Suspect

21723ce72a1f58240cb1548fc1444bde

PE Executable
|
MD5: 21723ce72a1f58240cb1548fc1444bde
|
Size: 6.73 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
21723ce72a1f58240cb1548fc1444bde
Sha1
fedafcb714ba0439aa9a539a65e19ee7dc15cf61
Sha256
f82eec674bf95ff5819f711f2009f1d1efefeb96cd7fd314150b964d4d8af7e7
Sha384
aa98a0bafab8e4f2c0d74d328740831952e9c8ee72234f0ff03455398b9317c55322fba978862b21327fc5c72126c822
Sha512
2266759a1b418359872cfbc44f5d9edaa7b7f1bdef839efeb4b19db4e92724f6f5a1037b0df58fb2851475bb5c943ca5082bedd1901e13231c7bba04f38dd645
SSDeep
196608:eErT9VH7DGi+AjdIhWqnnWzHUZxsRmq2DndJcTEfh:DBrDKJnnDZxsREdm8
TLSH
DE663352CD6AC9B7E3302172CE64557C33F9332973BE94E40D8963E07899AE1C99F225

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
21723ce72a1f58240cb1548fc1444bde
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
iufzn.Resources
Client-built.exe
jjsploit_8.15.5_x64_en-US.msi
Informations
Name
 Value
Module Name

JJsploitinstaller.exe
Full Name

JJsploitinstaller.exe
EntryPoint

System.Void Program::Main()
Scope Name

JJsploitinstaller.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JJsploitinstaller
Assembly Version

8.15.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

13
Main Method

System.Void Program::Main()
Main IL Instruction Count

10
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: ldnull call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
Module Name

JJsploitinstaller.exe
Full Name

JJsploitinstaller.exe
EntryPoint

System.Void Program::Main()
Scope Name

JJsploitinstaller.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JJsploitinstaller
Assembly Version

8.15.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

13
Main Method

System.Void Program::Main()
Main IL Instruction Count

10
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: ldnull call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
21723ce72a1f58240cb1548fc1444bde (6.73 MB)
File Structure
21723ce72a1f58240cb1548fc1444bde
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
iufzn.Resources
Client-built.exe
jjsploit_8.15.5_x64_en-US.msi
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙