Malicious
Malicious

2e2436f5497f7442260593e23ff929be

PE Executable
|
MD5: 2e2436f5497f7442260593e23ff929be
|
Size: 644.1 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
2e2436f5497f7442260593e23ff929be
Sha1
a4c71f7b4b597787bd171f5655b976d1aa525e10
Sha256
4aca40c10f8129e3009f07ecd73f9c2d2e170d6129ebf12005f926e0237bedf6
Sha384
9c5fcca6862df1e27a738148890071fe376b5c41c7b8280f540bed046490f0164ef1cefa028c23b0be11ecb129a1cf52
Sha512
305f258a68c986684b343cbd99115dfe1f03607515616437fa7dba2ab8a0ee8baade7a56388dd7d09d8e0090a75ba654856357adbab3dcb24c7b21aa911a63f7
SSDeep
12288:Aq0TQPOhPreYRw7ijHa6FgSpNscevQEFHugft9G4ftCcQQ:N0z1ren7ijHa6FgSpNscQLOglPoc
TLSH
D8D4AF6A36534E21D2C41733C6CB580193B4978679A7F38E758823A729073FEDE4B693

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2e2436f5497f7442260593e23ff929be
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
1LBg8IJGutxdWtp887.sFlbg82pSR6t5KharM
IOy1Ps1YiEWHGVGkyS.4SbylaPqHGlo3cgcBF
Zapzejpta.g.resources
UKT2vLiStaJeWeYEfe.nGvUYNY4cK0KXQ37ER
Xcupeqygygb.Properties.Resources.resources
Xvvnwdctxyr
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Zapzejpta.exe
Full Name

Zapzejpta.exe
EntryPoint

System.Void ECMhthXa2uY9uq0Sfb.W1PfB4u7CSqWeZ9HEk::ldm8Zk26F()
Scope Name

Zapzejpta.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Zapzejpta
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ECMhthXa2uY9uq0Sfb.W1PfB4u7CSqWeZ9HEk::ldm8Zk26F()
Main IL Instruction Count

128
Main IL

ldc.i4 1 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0009: ldloc V_2 br IL_002D: nop nop <null> newobj System.Void Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_51f7ce9bd3fc4fe2986c534356f722ef brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) br IL_0062: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 12 beq IL_0112: newobj System.Void KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm::.ctor() ldloc V_4 ldc.i4 992 beq IL_0062: ldloc V_4 br IL_01A4: br IL_01B9 newobj System.Void O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K::.ctor() stloc.s V_1 ldc.i4 4 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_9fb39e218d4d41d9899221f9ef982ee2 brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 3 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void BgXu31xciupV2HOvQk.OtJbpseQVVGCgF8pl2::.ctor() stloc.s V_6 ldc.i4 0 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_887f6f02fcae4bceb32e892047e2aa63 brfalse IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void DZZoZaASMG6JdHKyNh.NylVhLsIUNNACPhAnW::.ctor() stloc.s V_3 ldc.i4 12 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_8e96554ce34f46b184a16da01f233edd brtrue IL_005E: stloc V_4 pop <null> ldc.i4 9 br IL_005E: stloc V_4 newobj System.Void KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm::.ctor() dup <null> dup <null> ldsfld MHnP412vPEOl9bbDBR2 MHnP412vPEOl9bbDBR2::APA2o78CRC call System.Void MHnP412vPEOl9bbDBR2::WPD2kEnkTw(System.Object,KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm,MHnP412vPEOl9bbDBR2) dup <null> ldloc.s V_3 ldsfld PIkUvd2yvXoWYhJvX0O PIkUvd2yvXoWYhJvX0O::w1i209yHVC call System.Void PIkUvd2yvXoWYhJvX0O::WPD2kEnkTw(System.Object,DZZoZaASMG6JdHKyNh.NylVhLsIUNNACPhAnW,PIkUvd2yvXoWYhJvX0O) ldloc.s V_3 ldloc.s V_0 ldsfld KhZIkL2fgCjkNYuxBAl KhZIkL2fgCjkNYuxBAl::zIt27TTUI3 call System.Void KhZIkL2fgCjkNYuxBAl::WPD2kEnkTw(System.Object,Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU,KhZIkL2fgCjkNYuxBAl) ldloc.s V_3 ldloc.s V_1 ldsfld zV8Fe02II65haQVAFxD zV8Fe02II65haQVAFxD::yN92hu0i3Z call System.Void zV8Fe02II65haQVAFxD::WPD2kEnkTw(System.Object,O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K,zV8Fe02II65haQVAFxD) ldloc.s V_3 ldloc.s V_6 ldsfld sw8FfO23KXD5eDiOgEV sw8FfO23KXD5eDiOgEV::k0i2QvNYpn call System.Void sw8FfO23KXD5eDiOgEV::WPD2kEnkTw(System.Object,BgXu31xciupV2HOvQk.OtJbpseQVVGCgF8pl2,sw8FfO23KXD5eDiOgEV) ldloc.s V_6 ldloc.s V_1 ldsfld uRMOvT2M3O3oLwYD6Ef uRMOvT2M3O3oLwYD6Ef::eYp2sx01AC call System.Void uRMOvT2M3O3oLwYD6Ef::WPD2kEnkTw(System.Object,O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K,uRMOvT2M3O3oLwYD6Ef) ldloc.s V_1 ldloc.s V_0 ldsfld zuW7Ci2A4WUHrJ28Ztf zuW7Ci2A4WUHrJ28Ztf::ddJ2R28wjm call System.Void zuW7Ci2A4WUHrJ28Ztf::WPD2kEnkTw(System.Object,Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU,zuW7Ci2A4WUHrJ28Ztf) ldsfld ikKqe225Wf5pI5bej86 ikKqe225Wf5pI5bej86::Idk2mp35Qk call System.Boolean ikKqe225Wf5pI5bej86::WPD2kEnkTw(System.Object,ikKqe225Wf5pI5bej86) brfalse IL_01B3: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 5 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_887f6f02fcae4bceb32e892047e2aa63 brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) br IL_01B9: leave IL_0230 ldc.i4 4 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0230: ret pop <null> ldc.i4 1 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_ede2a54e2d6c4906bc5f472559d095c6 brtrue IL_01F0: switch(IL_020C) pop <null> ldc.i4 0 br IL_01F0: switch(IL_020C) br IL_01EC: ldloc V_5 ldc.i4 0 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 988 beq IL_01EC: ldloc V_5 br IL_020C: leave IL_0230 leave IL_0230: ret ldc.i4 0 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_8a9612c2267042b9a707c5d12775f172 brtrue IL_000D: switch(IL_0230,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0230,IL_002D) ret <null>
Module Name

Zapzejpta.exe
Full Name

Zapzejpta.exe
EntryPoint

System.Void ECMhthXa2uY9uq0Sfb.W1PfB4u7CSqWeZ9HEk::ldm8Zk26F()
Scope Name

Zapzejpta.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Zapzejpta
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ECMhthXa2uY9uq0Sfb.W1PfB4u7CSqWeZ9HEk::ldm8Zk26F()
Main IL Instruction Count

128
Main IL

ldc.i4 1 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0009: ldloc V_2 br IL_002D: nop nop <null> newobj System.Void Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU::.ctor() stloc.s V_0 ldc.i4 1 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_51f7ce9bd3fc4fe2986c534356f722ef brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) br IL_0062: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 12 beq IL_0112: newobj System.Void KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm::.ctor() ldloc V_4 ldc.i4 992 beq IL_0062: ldloc V_4 br IL_01A4: br IL_01B9 newobj System.Void O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K::.ctor() stloc.s V_1 ldc.i4 4 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_9fb39e218d4d41d9899221f9ef982ee2 brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 3 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void BgXu31xciupV2HOvQk.OtJbpseQVVGCgF8pl2::.ctor() stloc.s V_6 ldc.i4 0 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_887f6f02fcae4bceb32e892047e2aa63 brfalse IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void DZZoZaASMG6JdHKyNh.NylVhLsIUNNACPhAnW::.ctor() stloc.s V_3 ldc.i4 12 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_8e96554ce34f46b184a16da01f233edd brtrue IL_005E: stloc V_4 pop <null> ldc.i4 9 br IL_005E: stloc V_4 newobj System.Void KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm::.ctor() dup <null> dup <null> ldsfld MHnP412vPEOl9bbDBR2 MHnP412vPEOl9bbDBR2::APA2o78CRC call System.Void MHnP412vPEOl9bbDBR2::WPD2kEnkTw(System.Object,KoL4OxjgxZ78SDtwni.O9FVwiB2yUgVjn4NZm,MHnP412vPEOl9bbDBR2) dup <null> ldloc.s V_3 ldsfld PIkUvd2yvXoWYhJvX0O PIkUvd2yvXoWYhJvX0O::w1i209yHVC call System.Void PIkUvd2yvXoWYhJvX0O::WPD2kEnkTw(System.Object,DZZoZaASMG6JdHKyNh.NylVhLsIUNNACPhAnW,PIkUvd2yvXoWYhJvX0O) ldloc.s V_3 ldloc.s V_0 ldsfld KhZIkL2fgCjkNYuxBAl KhZIkL2fgCjkNYuxBAl::zIt27TTUI3 call System.Void KhZIkL2fgCjkNYuxBAl::WPD2kEnkTw(System.Object,Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU,KhZIkL2fgCjkNYuxBAl) ldloc.s V_3 ldloc.s V_1 ldsfld zV8Fe02II65haQVAFxD zV8Fe02II65haQVAFxD::yN92hu0i3Z call System.Void zV8Fe02II65haQVAFxD::WPD2kEnkTw(System.Object,O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K,zV8Fe02II65haQVAFxD) ldloc.s V_3 ldloc.s V_6 ldsfld sw8FfO23KXD5eDiOgEV sw8FfO23KXD5eDiOgEV::k0i2QvNYpn call System.Void sw8FfO23KXD5eDiOgEV::WPD2kEnkTw(System.Object,BgXu31xciupV2HOvQk.OtJbpseQVVGCgF8pl2,sw8FfO23KXD5eDiOgEV) ldloc.s V_6 ldloc.s V_1 ldsfld uRMOvT2M3O3oLwYD6Ef uRMOvT2M3O3oLwYD6Ef::eYp2sx01AC call System.Void uRMOvT2M3O3oLwYD6Ef::WPD2kEnkTw(System.Object,O1oSbXwetxAcugjib7.j9bZx7USahB4txSX1K,uRMOvT2M3O3oLwYD6Ef) ldloc.s V_1 ldloc.s V_0 ldsfld zuW7Ci2A4WUHrJ28Ztf zuW7Ci2A4WUHrJ28Ztf::ddJ2R28wjm call System.Void zuW7Ci2A4WUHrJ28Ztf::WPD2kEnkTw(System.Object,Of5aiS0VvcyenSSs9K.DH0ihUyXetxtypiPjU,zuW7Ci2A4WUHrJ28Ztf) ldsfld ikKqe225Wf5pI5bej86 ikKqe225Wf5pI5bej86::Idk2mp35Qk call System.Boolean ikKqe225Wf5pI5bej86::WPD2kEnkTw(System.Object,ikKqe225Wf5pI5bej86) brfalse IL_01B3: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 5 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_887f6f02fcae4bceb32e892047e2aa63 brtrue IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) pop <null> ldc.i4 2 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) br IL_01B9: leave IL_0230 ldc.i4 4 br IL_0066: switch(IL_00EC,IL_00A0,IL_01A4,IL_00C6,IL_01B3) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0230: ret pop <null> ldc.i4 1 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_ede2a54e2d6c4906bc5f472559d095c6 brtrue IL_01F0: switch(IL_020C) pop <null> ldc.i4 0 br IL_01F0: switch(IL_020C) br IL_01EC: ldloc V_5 ldc.i4 0 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 988 beq IL_01EC: ldloc V_5 br IL_020C: leave IL_0230 leave IL_0230: ret ldc.i4 0 ldsfld <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a} <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_3cc6a71b7f03496889cf8ca88a1bee6c ldfld System.Int32 <Module>{229d548b-58fd-42dd-a0d8-a5056571bd5a}::m_8a9612c2267042b9a707c5d12775f172 brtrue IL_000D: switch(IL_0230,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_0230,IL_002D) ret <null>
2e2436f5497f7442260593e23ff929be (644.1 KB)
File Structure
2e2436f5497f7442260593e23ff929be
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
1LBg8IJGutxdWtp887.sFlbg82pSR6t5KharM
IOy1Ps1YiEWHGVGkyS.4SbylaPqHGlo3cgcBF
Zapzejpta.g.resources
UKT2vLiStaJeWeYEfe.nGvUYNY4cK0KXQ37ER
Xcupeqygygb.Properties.Resources.resources
Xvvnwdctxyr
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙