Suspicious
Suspect

1v92L9.exe

PE Executable
|
MD5: 367a29a1e40ada2df1f2c63164d250d9
|
Size: 2.63 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
367a29a1e40ada2df1f2c63164d250d9
Sha1
6a9b66e8e4973de0610654d471ea8793902fcd2b
Sha256
4a9ea80070aeef34e75107e504544232228ffa9a09e037c778cd264a2c5564d2
Sha384
1faa315221e308e46533c802f87689d1f53d6559645ec6d427877c74fe42db92e7a6707098ddb3ecadfcf70245e7a842
Sha512
e4e6e0d8d2f87a181d1d66886e0537ac81f958f0d22eb385a1a480676085db4051db70826df99509f7a6254de9c15ed6dbfd4c79605b3aadd1039ae8f6d178f8
SSDeep
49152:oaJ6suwoIIif86pBAtf0tRsm2Reb/W6WTrOfmpGVSdJx3a:o4IIvBAtc7hbjArOOpoSnZ
TLSH
6FC53352DBF3F528FE7A9D34AA53B9B0C03AB5088A37047CA63C794D445727E904F61A
File Structure
1v92L9.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wQ49u9L1EXyP.pujB0.AtGVP
wQ49u9L1EXyP.nI8GOY.DiozL
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\10\boot\Downloader_win\DownloaderApp\DownloaderApp\obj\Release\DownloaderApp.pdb
Module Name

DownloaderApp.exe
Full Name

DownloaderApp.exe
EntryPoint

System.Void A.B::Main(System.String[])
Scope Name

DownloaderApp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DownloaderApp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

25
Main Method

System.Void A.B::Main(System.String[])
Main IL Instruction Count

84
Main IL

call System.Boolean A.B::C() brtrue.s IL_0015: call System.Boolean System.Environment::get_UserInteractive() call System.Void A.B::D() leave.s IL_0014: ret pop <null> leave IL_00F3: ret ret <null> call System.Boolean System.Environment::get_UserInteractive() brtrue.s IL_0027: ldstr "svchosthelper.exe" newobj System.Void A.E::.ctor() call System.Void System.ServiceProcess.ServiceBase::Run(System.ServiceProcess.ServiceBase) ret <null> ldstr svchosthelper.exe stloc.0 <null> ldstr systemhelper.exe stloc.1 <null> ldstr WindowsLogsHelper stloc.2 <null> ldc.i4.s 36 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) dup <null> ldloc.0 <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.1 <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.s V_4 ldstr wQ49u9L1EXyP.pujB0.AtGVP ldloc.3 <null> call System.Void A.B::F(System.String,System.String) ldstr wQ49u9L1EXyP.nI8GOY.DiozL ldloc.s V_4 call System.Void A.B::F(System.String,System.String) ldloc.3 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldloc.s V_4 ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) call System.Void A.B::H() ldloc.3 <null> ldloc.2 <null> call System.Void A.B::I(System.String,System.String) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldloc.s V_4 callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldc.r8 3 call System.TimeSpan System.TimeSpan::FromMinutes(System.Double) call System.Boolean A.B::WaitForDefenderStopped(System.TimeSpan) brfalse.s IL_00EE: leave.s IL_00F3 ldloc.3 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_00EE: leave.s IL_00F3 newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldloc.3 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave.s IL_00F3: ret pop <null> leave.s IL_00F3: ret ret <null>
1v92L9.exe (2.63 MB)
File Structure
1v92L9.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wQ49u9L1EXyP.pujB0.AtGVP
wQ49u9L1EXyP.nI8GOY.DiozL
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙