Suspect
PE Executable
MD5: 313029eff97b806bd71c6cf70f7ebfe0
Size: 232.45 KB
application/x-dosexec
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 313029eff97b806bd71c6cf70f7ebfe0 |
| Sha1 | 6fb7ab1785f53d0f8633c1dd6841db9de141f5c3 |
| Sha256 | 3ab45b027187d7114fdb07c66146ff5fa7fb9c3caf557a4671a61eba416cfb25 |
| Sha384 | e67be7685f2fd3bc04e3948b344b0eb0c816ac1edfeae773da25e1acc94a29dd4ad669a39af4e9ad50d9d788ffd40968 |
| Sha512 | 17192a35d37ba97f0eadbea8abb3c23666a06554df800e3ae5046405d803063910422e70db803fcb338a2b8120ff1fad782cb9be6ea6d09a4bc06e2c6ff1352e |
| SSDeep | 6144:+loZM+rIkd8g+EtXHkv/iD4TdIxt74szhKrd4UB5cb8e1mri:ooZtL+EP8TdIxt74szhKrd4UBm1 |
| TLSH | 7F346C1537B8CB17E25F8BBED5B1158F87B1F103E90AF78E0C8895E82411B42E949E57 |
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual Studio .NET
| Name | Value |
|---|---|
| Module Name | Umbral.payload.exe |
| Full Name | Umbral.payload.exe |
| EntryPoint | System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[]) |
| Scope Name | Umbral.payload.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Umbral.payload |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 964 |
| Main Method | System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[]) |
| Main IL Instruction Count | 7 |
| Main IL | |
| Module Name | Umbral.payload.exe |
| Full Name | Umbral.payload.exe |
| EntryPoint | System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[]) |
| Scope Name | Umbral.payload.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Umbral.payload |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 964 |
| Main Method | System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[]) |
| Main IL Instruction Count | 7 |
| Main IL | |
PDB Path
PATH
?huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential