Malicious
Malicious

38bf9dce5ff96b9428cf4413154ef1e3

PE Executable
|
MD5: 38bf9dce5ff96b9428cf4413154ef1e3
|
Size: 1.11 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
38bf9dce5ff96b9428cf4413154ef1e3
Sha1
e941c6b11ff496b696d021d78443a46515a6320d
Sha256
26547389ff741eeba887fe39ec5f253d6597c03d1ffaf65c007ae5c40d897d5a
Sha384
fb2f0ac106dc23603c578d06f8d3b04166589fab99531e675f9f5d64c78aa151b6a3c341963a8c142a3a659ba8fb8639
Sha512
770059e2bb8ddd6cd23da186668449a2f49d63601dfedf5bc633ff8ddff303634c047fb3b7145041d4d6361274c7acb3866c80123e67a6fa8a8ec726d9a46fb8
SSDeep
24576:uWWhaulEzovPmU5L8lDDK7WkTXPFyor3fGkmI+4:ubkumGLwYXDPFy43+k2
TLSH
0A354A227A45CE02E269163BC5EF406447ACED417663DB1B7EAF335D25123AB4E0E1CE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
38bf9dce5ff96b9428cf4413154ef1e3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Informations
Name
 Value
Module Name

DAerCEIglb6I
Full Name

DAerCEIglb6I
EntryPoint

System.Void CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::C6d2X7OGjf()
Scope Name

DAerCEIglb6I
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8PPBSz1FsqFPbeV8qVADzlBsyhu9G68qRbu
Assembly Version

6.3.9.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

73
Main Method

System.Void CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::C6d2X7OGjf()
Main IL Instruction Count

29
Main IL

br.s IL_0004: call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::JD28KDMP56baoKTVqFi() pop <null> ldc.i4.0 <null> call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::JD28KDMP56baoKTVqFi() call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::mAPpHiMVE9NiLNlYQ3b() brfalse IL_0028: pop pop <null> ldc.i4 4 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) call System.Void OHHMW2KZoHgqgJ3M9Lx.BmDgL7KjTYsIM5XyIH4::kLjw4iIsCLsZtxc4lksN0j() br IL_0033: nop pop <null> ldc.i4 2 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> call System.Void OuF8wQQRLuBxoD9etWg.nlelaOQgSa2NehTW42x::DurIU9Nw2e() br IL_0072: nop ldc.i4 4 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldc.i4 3 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> call System.Void B3Qpy9mm7HqC6Cc95yL.xckEbkmQT9gs8IZ0IvX::hnEQtDwL8C() ldc.i4 5 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> ret <null>
Module Name

DAerCEIglb6I
Full Name

DAerCEIglb6I
EntryPoint

System.Void CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::C6d2X7OGjf()
Scope Name

DAerCEIglb6I
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8PPBSz1FsqFPbeV8qVADzlBsyhu9G68qRbu
Assembly Version

6.3.9.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

73
Main Method

System.Void CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::C6d2X7OGjf()
Main IL Instruction Count

29
Main IL

br.s IL_0004: call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::JD28KDMP56baoKTVqFi() pop <null> ldc.i4.0 <null> call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::JD28KDMP56baoKTVqFi() call System.Boolean CSs0QjwagYbUM4XhioW.A6yqBmwZP1QXuBmjZMQ::mAPpHiMVE9NiLNlYQ3b() brfalse IL_0028: pop pop <null> ldc.i4 4 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) call System.Void OHHMW2KZoHgqgJ3M9Lx.BmDgL7KjTYsIM5XyIH4::kLjw4iIsCLsZtxc4lksN0j() br IL_0033: nop pop <null> ldc.i4 2 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> call System.Void OuF8wQQRLuBxoD9etWg.nlelaOQgSa2NehTW42x::DurIU9Nw2e() br IL_0072: nop ldc.i4 4 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldc.i4 3 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> call System.Void B3Qpy9mm7HqC6Cc95yL.xckEbkmQT9gs8IZ0IvX::hnEQtDwL8C() ldc.i4 5 br IL_004B: switch(IL_001E,IL_0023,IL_0033,IL_0072,IL_001E,IL_0082) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
38bf9dce5ff96b9428cf4413154ef1e3 (1.11 MB)
File Structure
38bf9dce5ff96b9428cf4413154ef1e3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

2

38bf9dce5ff96b9428cf4413154ef1e3
Suspicious Type Names (1-2 chars)

0

38bf9dce5ff96b9428cf4413154ef1e3
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙