Malicious
Malicious

2197f41146180b59672fd9fdd7b1fe71

PE Executable
|
MD5: 2197f41146180b59672fd9fdd7b1fe71
|
Size: 603.14 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
2197f41146180b59672fd9fdd7b1fe71
Sha1
f455f170790eea58ef2782013c2da97dc3e29215
Sha256
7df95acc34c5d89eaae39b047fe51d50ae7abea93188e591146d7a11143413e9
Sha384
b7648162ee12f7a860ade8eab814260e77c6aacaac84f1344f26d8551c7e0629fe2c7284be0ad11d107b4af7fe209c82
Sha512
7f0f87d209dd08de2076bb18b2f9ed0b84567521480e1abffa6da1c9a0b6ed29b3bb969accb0a4453d359d0d6090c26f36ff12135889e18b6729ea0559283329
SSDeep
6144:UrNYBLsIdxFTDTwwO1mr81Ifm9IqITvMmx9x9RYnE7xf+yINFVaUVEAre+pXU9AT:SwXgi5OSVBinGxR6fax+UOnU
TLSH
7FD45B0FB55A4E20C1845737C9DB941067F49846B6E3EB5B394A23DA8C073BBDE4E287

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
2197f41146180b59672fd9fdd7b1fe71
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
cDxFBcKSFVwJcXpyWF.ZnDLFiRmYDgShKwMDe
dtXnYvPhvNhXAL5SMt.WaD15HNS4OyYjBmNl6
vmTbnbqAeZdAB04jTV.hbNOb5ZCodwmErM8qW
gjqSLLE8aiQgUGjBCr.GBKqq2GPoB8nmBPwJC
vSBciZDQEmX8Jss5Hl.jUQfXUbbyXremNcYo6
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

HostData_I6GS0RB5TC.exe
Full Name

HostData_I6GS0RB5TC.exe
EntryPoint

System.Void Js4fAKDWiC6p2Tf4VFH.WZlNuaDyq84vWP3LbcA::rAbD2oO1sF()
Scope Name

HostData_I6GS0RB5TC.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

HostData_I6GS0RB5TC
Assembly Version

3038.22.23.348
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

55
Main Method

System.Void Js4fAKDWiC6p2Tf4VFH.WZlNuaDyq84vWP3LbcA::rAbD2oO1sF()
Main IL Instruction Count

48
Main IL

ldc.i4 1 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_004D: nop ret <null> call System.Void sDJEuZEcuZa4sTDqYI8.n3PBejEeWkAnYZBPfxK::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 0 ldsfld <Module>{590a622b-f352-460e-b7c9-0639353b508f} <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_950f882b86694307af1f8d5f2cc42507 ldfld System.Int32 <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_2ae02c87d79a46979fa5c35911eaedf3 brtrue IL_0012: switch(IL_004D,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_004D,IL_0029,IL_0028) nop <null> newobj System.Void Ld4dX_hZs2_jMB1Q_j8gV.Zijahe::.ctor() callvirt System.Void Ld4dX_hZs2_jMB1Q_j8gV.Zijahe::TFDARCCZyAp() ldc.i4 0 ldsfld <Module>{590a622b-f352-460e-b7c9-0639353b508f} <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_950f882b86694307af1f8d5f2cc42507 ldfld System.Int32 <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_3224222aadcb4d0cb20a4e3ff2c278a1 brfalse IL_007B: switch(IL_0089) pop <null> ldc.i4 0 br IL_007B: switch(IL_0089) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0089: leave IL_0028 leave IL_0028: ret pop <null> ldc.i4 0 ldsfld <Module>{590a622b-f352-460e-b7c9-0639353b508f} <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_950f882b86694307af1f8d5f2cc42507 ldfld System.Int32 <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_78e6cba3eafc44e8873361c25f982b34 brtrue IL_00B2: switch(IL_00C0) pop <null> ldc.i4 0 br IL_00B2: switch(IL_00C0) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00C0: leave IL_0028 leave IL_0028: ret ldc.i4 0 ldsfld <Module>{590a622b-f352-460e-b7c9-0639353b508f} <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_950f882b86694307af1f8d5f2cc42507 ldfld System.Int32 <Module>{590a622b-f352-460e-b7c9-0639353b508f}::m_f90e53c278d54e86b3baf0ce738afd89 brtrue IL_0012: switch(IL_004D,IL_0029,IL_0028) pop <null> ldc.i4 2 br IL_0012: switch(IL_004D,IL_0029,IL_0028)
2197f41146180b59672fd9fdd7b1fe71 (603.14 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙