Malicious
Malicious

23ac423d9a6adec92d74a8c35cc153b3

PE Executable
MD5: 23ac423d9a6adec92d74a8c35cc153b3
Size: 823.81 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
Hash Value
MD5
23ac423d9a6adec92d74a8c35cc153b3
Sha1
791057f377abe9f522029fabb8eaf0837d75fe2c
Sha256
f17cb686d2371074b25d8a992014dbd75a454d06d436324001eac3f9f0ecef5a
Sha384
00df81ac4c152cb0410488b5affcb0c96bf596199ae8a00e77905e22310cded8d6a846b14cf11c24bc85b5f8c628223b
Sha512
915f377aac43a04687a705e6965982b6572984d937f0fedbaf869a314c13e106ce6adc8d92b9c2bb38f9a4199a0a4f54f2d2cb15aa1d3eebd8d6215538dbd6ec
SSDeep
12288:447whkcSTVJwoE0UnAxpVEx5iQ34eUv4iQXWkHDqFirZY:4IxJwoEFAxpu5iQobvPDkew
TLSH
E105AE6B73628E10C2850637C1EB045183F5AA877AA7F74F768423961C433FEDE466A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
5XhLBa3coaABtx45QY.NrtOHSTDSn38kZX6La
lp5C1xFhgSbnGbIoM6.VBioOhsZpaLmndRo97
dq010NE6ukgCARDl8D.hotAENBeWiUCH1OQKb
8XZiPj1roS7hwhGmTw.v91oHOg7JNcCEI803E
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

Eiumskcaea.exe

Full Name

Eiumskcaea.exe

EntryPoint

System.Void PANaJXQ4drhLgvjhMv.TZ3T909Y6pxxUqW6mb::lMKYLWjo4()

Scope Name

Eiumskcaea.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Eiumskcaea

Assembly Version

1.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

41

Main Method

System.Void PANaJXQ4drhLgvjhMv.TZ3T909Y6pxxUqW6mb::lMKYLWjo4()

Main IL Instruction Count

68

Main IL

br.s IL_0007: ldc.i4 2 call <null> ldc.i4 2 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0010: ldloc V_0 br IL_0116: ldsfld X2yXJqTuk4BSq6uLvoX X2yXJqTuk4BSq6uLvoX::w1STiShM75 nop <null> newobj System.Void MI10RqtTWOane1TTcE.ymX8cqZM6LFnk04QoA::.ctor() ldsfld jKmBAIT2poT07VBKS1K jKmBAIT2poT07VBKS1K::ETUTVbfoXO call System.Byte[] jKmBAIT2poT07VBKS1K::tdWTb6DPVL(jKmBAIT2poT07VBKS1K) ldsfld M6xE9rTpA9D9DHVAtpU M6xE9rTpA9D9DHVAtpU::mqUTPyLJE4 call System.Void M6xE9rTpA9D9DHVAtpU::tdWTb6DPVL(System.Object,System.Byte[],M6xE9rTpA9D9DHVAtpU) ldc.i4 0 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_f7358567debb48a4829c463162b26e0f brfalse IL_0083: switch(IL_009F) pop <null> ldc.i4 0 br IL_0083: switch(IL_009F) br IL_007F: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_007F: ldloc V_2 br IL_009F: leave IL_013F leave IL_013F: ret pop <null> ldc.i4 4 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_a6c2f1c211c74e1c96bc935cdc1c62e0 brtrue IL_00D6: switch(IL_00F2) pop <null> ldc.i4 0 br IL_00D6: switch(IL_00F2) br IL_00D2: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_00D2: ldloc V_1 br IL_00F2: leave IL_013F leave IL_013F: ret ldc.i4 6 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_e95717dcac9f47fe92daf5bf91a3c99d brtrue IL_0014: switch(IL_013F,IL_0038,IL_0116) pop <null> ldc.i4 0 br IL_0014: switch(IL_013F,IL_0038,IL_0116) ldsfld X2yXJqTuk4BSq6uLvoX X2yXJqTuk4BSq6uLvoX::w1STiShM75 call System.Void X2yXJqTuk4BSq6uLvoX::tdWTb6DPVL(X2yXJqTuk4BSq6uLvoX) ldc.i4 1 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_ac438e664a5742d6a6749009a79cf2da brtrue IL_0014: switch(IL_013F,IL_0038,IL_0116) pop <null> ldc.i4 5 br IL_0014: switch(IL_013F,IL_0038,IL_0116) ret <null>

Module Name

Eiumskcaea.exe

Full Name

Eiumskcaea.exe

EntryPoint

System.Void PANaJXQ4drhLgvjhMv.TZ3T909Y6pxxUqW6mb::lMKYLWjo4()

Scope Name

Eiumskcaea.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Eiumskcaea

Assembly Version

1.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

41

Main Method

System.Void PANaJXQ4drhLgvjhMv.TZ3T909Y6pxxUqW6mb::lMKYLWjo4()

Main IL Instruction Count

68

Main IL

br.s IL_0007: ldc.i4 2 call <null> ldc.i4 2 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0010: ldloc V_0 br IL_0116: ldsfld X2yXJqTuk4BSq6uLvoX X2yXJqTuk4BSq6uLvoX::w1STiShM75 nop <null> newobj System.Void MI10RqtTWOane1TTcE.ymX8cqZM6LFnk04QoA::.ctor() ldsfld jKmBAIT2poT07VBKS1K jKmBAIT2poT07VBKS1K::ETUTVbfoXO call System.Byte[] jKmBAIT2poT07VBKS1K::tdWTb6DPVL(jKmBAIT2poT07VBKS1K) ldsfld M6xE9rTpA9D9DHVAtpU M6xE9rTpA9D9DHVAtpU::mqUTPyLJE4 call System.Void M6xE9rTpA9D9DHVAtpU::tdWTb6DPVL(System.Object,System.Byte[],M6xE9rTpA9D9DHVAtpU) ldc.i4 0 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_f7358567debb48a4829c463162b26e0f brfalse IL_0083: switch(IL_009F) pop <null> ldc.i4 0 br IL_0083: switch(IL_009F) br IL_007F: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_007F: ldloc V_2 br IL_009F: leave IL_013F leave IL_013F: ret pop <null> ldc.i4 4 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_a6c2f1c211c74e1c96bc935cdc1c62e0 brtrue IL_00D6: switch(IL_00F2) pop <null> ldc.i4 0 br IL_00D6: switch(IL_00F2) br IL_00D2: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_00D2: ldloc V_1 br IL_00F2: leave IL_013F leave IL_013F: ret ldc.i4 6 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_e95717dcac9f47fe92daf5bf91a3c99d brtrue IL_0014: switch(IL_013F,IL_0038,IL_0116) pop <null> ldc.i4 0 br IL_0014: switch(IL_013F,IL_0038,IL_0116) ldsfld X2yXJqTuk4BSq6uLvoX X2yXJqTuk4BSq6uLvoX::w1STiShM75 call System.Void X2yXJqTuk4BSq6uLvoX::tdWTb6DPVL(X2yXJqTuk4BSq6uLvoX) ldc.i4 1 ldsfld <Module>{d462e290-bd60-4a86-addc-7e8219a604cf} <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_8542e8c8a7ba4ca7b897526775a8fd00 ldfld System.Int32 <Module>{d462e290-bd60-4a86-addc-7e8219a604cf}::m_ac438e664a5742d6a6749009a79cf2da brtrue IL_0014: switch(IL_013F,IL_0038,IL_0116) pop <null> ldc.i4 5 br IL_0014: switch(IL_013F,IL_0038,IL_0116) ret <null>

23ac423d9a6adec92d74a8c35cc153b3 (823.81 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙