Malicious
Malicious

28f81e4e74a678fdd20191e763ba82b6

PE Executable
|
MD5: 28f81e4e74a678fdd20191e763ba82b6
|
Size: 679.94 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
28f81e4e74a678fdd20191e763ba82b6
Sha1
1bd063ef70ab05f92a1b1fb162d2827451da8aaa
Sha256
0bc35e3fb163db74c098ec1829004335ce1ff33e205b4daef375a071d0053b36
Sha384
7bc11eee911edcbb3f68ea93f04532564350b896e6c99167e855a1f9f0517d9f0d91d56a3f42fb9f052cdae61d7c6177
Sha512
fa5c8ead0cbad0713446f92824fc0760a89d0c7f1f60555aa9a2681038c610e151791f3d2fd7078dfea2b9bdd19c61da1075ddf117a42fa05da8338341046c47
SSDeep
12288:vRlQB9z0O6M1MQJqdEeInG6DzvM24zIAB1hHvOtPcq+:vRyBVx11MQ4ExDg/XBLX
TLSH
C0E4BF6B764B8D61C1882337C5DB8810A3F19585B577EB0F788463E116273EADE0B2E7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
28f81e4e74a678fdd20191e763ba82b6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bW85trOkHDvxmfawmQ.elTh8LbMfcC4XJ3goX
Jptjetxgigg.g.resources
rmSvHkgg8CpeJLag2X.KyKgECITJ36DmeZnos
iyiaeEchiFHGcx1ISx.JHyuot7DbN6OjHc4Jh
Inrakliuzod.Properties.Resources.resources
Noxja
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Jptjetxgigg.exe
Full Name

Jptjetxgigg.exe
EntryPoint

System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bhnyr1G91()
Scope Name

Jptjetxgigg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jptjetxgigg
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bhnyr1G91()
Main IL Instruction Count

117
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_0208: ret nop <null> nop <null> ldsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/<>O::cl9S5i0ry dup <null> brtrue IL_00F0: call System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ldMiVwZwc(System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>) pop <null> ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_f89e31d8dea54674aa44e38f18e8de38 brfalse IL_006C: switch(IL_00DE,IL_00CE,IL_009E) pop <null> ldc.i4 0 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) br IL_0068: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 10 beq IL_0114: leave IL_0208 ldloc V_2 ldc.i4 990 beq IL_0068: ldloc V_2 br IL_00CE: ldc.i4.0 ldsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bfUuhcCZL ldnull <null> ldc.i4.0 <null> newobj System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM::.ctor(System.Int32) callvirt System.Void System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>::Invoke(System.Object,V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM) ldc.i4 10 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_34a92a25537d4ffca873be9c9a14a7f4 brfalse IL_0064: stloc V_2 pop <null> ldc.i4 10 br IL_0064: stloc V_2 ldc.i4.0 <null> stsfld System.Int32 V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::G6aAVhH0v ldc.i4 2 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) ldnull <null> ldftn System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ejE62Bum9(System.Object,System.Object) newobj System.Void System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/<>O::cl9S5i0ry call System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ldMiVwZwc(System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>) ldc.i4 1 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_8e352dc09f594078b148f050deb2e40e brtrue IL_006C: switch(IL_00DE,IL_00CE,IL_009E) pop <null> ldc.i4 7 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) leave IL_0208: ret pop <null> ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_9fe9722770ba4086af9c7e7795166d8c brtrue IL_014B: switch(IL_0167) pop <null> ldc.i4 0 br IL_014B: switch(IL_0167) br IL_0147: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_0147: ldloc V_3 br IL_0167: leave IL_0208 leave IL_0208: ret ldnull <null> stsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bfUuhcCZL ldc.i4 3 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_b27b3f3b23ab44c1987af7c16e9a2de0 brfalse IL_01A3: switch(IL_01E8,IL_01C3) pop <null> ldc.i4 1 br IL_01A3: switch(IL_01E8,IL_01C3) br IL_019F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_019F: ldloc V_0 br IL_01C3: ldnull ldnull <null> stsfld System.Object V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::OXhfUxAVH ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_a4cd4706b3af4c14b85c97e12bc3dd8f brfalse IL_01A3: switch(IL_01E8,IL_01C3) pop <null> ldc.i4 4 br IL_01A3: switch(IL_01E8,IL_01C3) endfinally <null> ldc.i4 4 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_e2204015e57f488aa2ee989a1ff6b397 brtrue IL_000D: switch(IL_0208,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0208,IL_002D) ret <null>
Module Name

Jptjetxgigg.exe
Full Name

Jptjetxgigg.exe
EntryPoint

System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bhnyr1G91()
Scope Name

Jptjetxgigg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jptjetxgigg
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bhnyr1G91()
Main IL Instruction Count

117
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_0208: ret nop <null> nop <null> ldsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/<>O::cl9S5i0ry dup <null> brtrue IL_00F0: call System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ldMiVwZwc(System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>) pop <null> ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_f89e31d8dea54674aa44e38f18e8de38 brfalse IL_006C: switch(IL_00DE,IL_00CE,IL_009E) pop <null> ldc.i4 0 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) br IL_0068: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 10 beq IL_0114: leave IL_0208 ldloc V_2 ldc.i4 990 beq IL_0068: ldloc V_2 br IL_00CE: ldc.i4.0 ldsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bfUuhcCZL ldnull <null> ldc.i4.0 <null> newobj System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM::.ctor(System.Int32) callvirt System.Void System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>::Invoke(System.Object,V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM) ldc.i4 10 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_34a92a25537d4ffca873be9c9a14a7f4 brfalse IL_0064: stloc V_2 pop <null> ldc.i4 10 br IL_0064: stloc V_2 ldc.i4.0 <null> stsfld System.Int32 V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::G6aAVhH0v ldc.i4 2 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) ldnull <null> ldftn System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ejE62Bum9(System.Object,System.Object) newobj System.Void System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/<>O::cl9S5i0ry call System.Void V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::ldMiVwZwc(System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM>) ldc.i4 1 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_8e352dc09f594078b148f050deb2e40e brtrue IL_006C: switch(IL_00DE,IL_00CE,IL_009E) pop <null> ldc.i4 7 br IL_006C: switch(IL_00DE,IL_00CE,IL_009E) leave IL_0208: ret pop <null> ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_9fe9722770ba4086af9c7e7795166d8c brtrue IL_014B: switch(IL_0167) pop <null> ldc.i4 0 br IL_014B: switch(IL_0167) br IL_0147: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_0147: ldloc V_3 br IL_0167: leave IL_0208 leave IL_0208: ret ldnull <null> stsfld System.EventHandler`1<V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev/YP17LAtiLJVDhSxWJM> V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::bfUuhcCZL ldc.i4 3 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_b27b3f3b23ab44c1987af7c16e9a2de0 brfalse IL_01A3: switch(IL_01E8,IL_01C3) pop <null> ldc.i4 1 br IL_01A3: switch(IL_01E8,IL_01C3) br IL_019F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_019F: ldloc V_0 br IL_01C3: ldnull ldnull <null> stsfld System.Object V2icF6dwItsBOmOdUA.O3JddTL23UOHSwkgev::OXhfUxAVH ldc.i4 0 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_a4cd4706b3af4c14b85c97e12bc3dd8f brfalse IL_01A3: switch(IL_01E8,IL_01C3) pop <null> ldc.i4 4 br IL_01A3: switch(IL_01E8,IL_01C3) endfinally <null> ldc.i4 4 ldsfld <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f} <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_6afbef2b48ba4a0198d53c9c9e9612ba ldfld System.Int32 <Module>{14b959f2-354a-4c30-83fe-2c610d8ce81f}::m_e2204015e57f488aa2ee989a1ff6b397 brtrue IL_000D: switch(IL_0208,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0208,IL_002D) ret <null>
28f81e4e74a678fdd20191e763ba82b6 (679.94 KB)
File Structure
28f81e4e74a678fdd20191e763ba82b6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bW85trOkHDvxmfawmQ.elTh8LbMfcC4XJ3goX
Jptjetxgigg.g.resources
rmSvHkgg8CpeJLag2X.KyKgECITJ36DmeZnos
iyiaeEchiFHGcx1ISx.JHyuot7DbN6OjHc4Jh
Inrakliuzod.Properties.Resources.resources
Noxja
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙