Suspicious
Suspect

Share on LinkedIn
Print
PE Executable
MD5: 313029eff97b806bd71c6cf70f7ebfe0
Size: 232.45 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 313029eff97b806bd71c6cf70f7ebfe0
Sha1 6fb7ab1785f53d0f8633c1dd6841db9de141f5c3
Sha256 3ab45b027187d7114fdb07c66146ff5fa7fb9c3caf557a4671a61eba416cfb25
Sha384 e67be7685f2fd3bc04e3948b344b0eb0c816ac1edfeae773da25e1acc94a29dd4ad669a39af4e9ad50d9d788ffd40968
Sha512 17192a35d37ba97f0eadbea8abb3c23666a06554df800e3ae5046405d803063910422e70db803fcb338a2b8120ff1fad782cb9be6ea6d09a4bc06e2c6ff1352e
SSDeep 6144:+loZM+rIkd8g+EtXHkv/iD4TdIxt74szhKrd4UB5cb8e1mri:ooZtL+EP8TdIxt74szhKrd4UBm1
TLSH 7F346C1537B8CB17E25F8BBED5B1158F87B1F103E90AF78E0C8895E82411B42E949E57
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Name Value
Module Name
Umbral.payload.exe
Full Name
Umbral.payload.exe
EntryPoint
System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[])
Scope Name
Umbral.payload.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Umbral.payload
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.6
Total Strings
964
Main Method
System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[])
Main IL Instruction Count
7
Main IL
ldarg.0 <null>
call System.Threading.Tasks.Task 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::Main(System.String[])
callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter()
stloc.0 <null>
ldloca.s V_0
call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult()
ret <null>
Module Name
Umbral.payload.exe
Full Name
Umbral.payload.exe
EntryPoint
System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[])
Scope Name
Umbral.payload.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Umbral.payload
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.6
Total Strings
964
Main Method
System.Void 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::彬寴毌ꉩ͡촟홣簴嵇靏슎㯵ि츷嵮觇ꎻ鸼(System.String[])
Main IL Instruction Count
7
Main IL
ldarg.0 <null>
call System.Threading.Tasks.Task 㗦㢬甮欌땁ಛ탑髐�꒘㈮䛦밓鱹ﻍ�꾷냑::Main(System.String[])
callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter()
stloc.0 <null>
ldloca.s V_0
call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult()
ret <null>
PDB Path PATH
?huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙