2b69843724fe15cef19928ec99b7bfc9

PE Executable
|
MD5: 2b69843724fe15cef19928ec99b7bfc9
|
Size: 403.46 KB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	2b69843724fe15cef19928ec99b7bfc9
Sha1	68625ed460171d0c0d9bc64747cce1f2710b0feb
Sha256	dad46ac711be7ee69322bea3f3069bcd644ba55cbbe635a232b1e76fdb08da23
Sha384	2a104810d0f9e83240aeef3fe31eea6b54e52f8e1620c9912b44c488fa3653cb8cf208390ea04061d110f3d60ef8bd56
Sha512	c21be77a73e12764550cf471366da1ce1c10e1650615feadc06d7727d36e9a39e9531b5cf585e04ff3ac1ce291ce218f0edc81e966826728cc5ffd6c48a51dc2
SSDeep	12288:e7WNkphjhJdQ+xgk8p9ISeXX9XdZ3wRe:e7Z7Dh1U9ISAnB
TLSH	B38422997FEDC4B3CDC5BC305412E89C8460D3E9AAB2632F4A58873B8D5DBC116EA075

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	XZCAFWERFS.exe
Full Name	XZCAFWERFS.exe
EntryPoint	System.Void KLOPZXFER.Core::Main()
Scope Name	XZCAFWERFS.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XZCAFWERFS
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	4
Main Method	System.Void KLOPZXFER.Core::Main()
Main IL Instruction Count	77
Main IL	call System.Void A.::() nop <null> ldc.i4.s 83 call System.String A.:: (System.Int32) stloc.0 <null> call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() dup <null> pop <null> ldc.i4 660951 call System.String A.:: (System.Int32) call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> nop <null> ldloc.0 <null> call System.Byte[] KLOPZXFER.Core::AttemptDecrypt(System.String) stloc.2 <null> ldloc.2 <null> brfalse.s IL_0050: ldc.i4.0 ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_0043: ldloc.2 ldtoken System.Void KLOPZXFER.Core::Main() pop <null> ldloc.2 <null> call System.UIntPtr A.::(System.Byte[]) dup <null> pop <null> ldc.i4.0 <null> cgt.un <null> br.s IL_0051: stloc.3 ldc.i4.0 <null> stloc.3 <null> ldloc.3 <null> brfalse.s IL_0090: nop ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] nop <null> call System.String KLOPZXFER.Core::DeployHelper() dup <null> pop <null> stloc.s V_4 ldloc.s V_4 call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_008F: nop ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] nop <null> ldloc.s V_4 ldloc.1 <null> ldloc.2 <null> call System.Void KLOPZXFER.Core::ExecuteHelper(System.String,System.String,System.Byte[]) nop <null> nop <null> nop <null> nop <null> leave.s IL_00B9: ret stloc.s V_6 nop <null> ldc.i4 660972 call System.String A.:: (System.Int32) ldloc.s V_6 callvirt System.String System.Exception::get_Message() dup <null> pop <null> call System.String A.::(System.String,System.String) dup <null> pop <null> call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_00B9: ret ret <null>
Module Name	XZCAFWERFS.exe
Full Name	XZCAFWERFS.exe
EntryPoint	System.Void KLOPZXFER.Core::Main()
Scope Name	XZCAFWERFS.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XZCAFWERFS
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	4
Main Method	System.Void KLOPZXFER.Core::Main()
Main IL Instruction Count	77
Main IL	call System.Void A.::() nop <null> ldc.i4.s 83 call System.String A.:: (System.Int32) stloc.0 <null> call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() dup <null> pop <null> ldc.i4 660951 call System.String A.:: (System.Int32) call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> nop <null> ldloc.0 <null> call System.Byte[] KLOPZXFER.Core::AttemptDecrypt(System.String) stloc.2 <null> ldloc.2 <null> brfalse.s IL_0050: ldc.i4.0 ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] ldc.i4.1 <null> brtrue.s IL_0043: ldloc.2 ldtoken System.Void KLOPZXFER.Core::Main() pop <null> ldloc.2 <null> call System.UIntPtr A.::(System.Byte[]) dup <null> pop <null> ldc.i4.0 <null> cgt.un <null> br.s IL_0051: stloc.3 ldc.i4.0 <null> stloc.3 <null> ldloc.3 <null> brfalse.s IL_0090: nop ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] nop <null> call System.String KLOPZXFER.Core::DeployHelper() dup <null> pop <null> stloc.s V_4 ldloc.s V_4 call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_008F: nop ldc.i4.3 <null> switch dnlib.DotNet.Emit.Instruction[] nop <null> ldloc.s V_4 ldloc.1 <null> ldloc.2 <null> call System.Void KLOPZXFER.Core::ExecuteHelper(System.String,System.String,System.Byte[]) nop <null> nop <null> nop <null> nop <null> leave.s IL_00B9: ret stloc.s V_6 nop <null> ldc.i4 660972 call System.String A.:: (System.Int32) ldloc.s V_6 callvirt System.String System.Exception::get_Message() dup <null> pop <null> call System.String A.::(System.String,System.String) dup <null> pop <null> call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_00B9: ret ret <null>

Artefacts

Name0	Value
PDB Path	C:\Users\VICTOR\Documents\CryptoObfuscator_Output\XZCAFWERFS.pdb

2b69843724fe15cef19928ec99b7bfc9 (403.46 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
PDB Path	C:\Users\VICTOR\Documents\CryptoObfuscator_Output\XZCAFWERFS.pdb	2b69843724fe15cef19928ec99b7bfc9

You must be signed in to post a comment.

2b69843724fe15cef19928ec99b7bfc9

PE Executable | MD5: 2b69843724fe15cef19928ec99b7bfc9 | Size: 403.46 KB | application/x-dosexec

PE Executable
|
MD5: 2b69843724fe15cef19928ec99b7bfc9
|
Size: 403.46 KB
|
application/x-dosexec