401f2e1e4e6d5ac8ffe99a47cf1ffbdc

PE Executable
|
MD5: 401f2e1e4e6d5ac8ffe99a47cf1ffbdc
|
Size: 242.69 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	401f2e1e4e6d5ac8ffe99a47cf1ffbdc
Sha1	0ded4f0353d6ba81cd022357ef8fea3f427cc3c8
Sha256	b982ee3dcfa99661be67b9b5b610398f3dd95538f7d97f754803be16b8117002
Sha384	92ecf2d205da6a0a12d80114def99f863e166cb9a8a0651d1ca62ed3b37b7fe50451e3aca701061106f0ca5a7b3aff02
Sha512	0e9de52461bc1d2e6a5f813d5849d8d2e6f95e617f2017c334722c76d9e6434704664e97b716e130e676f4480dcd71180038260383fbc3340288a462878d6695
SSDeep	3072:r3ul7h+CuSWCWz/vgn2EITYU5+QqXc3xgPPfCU57lUqI8oH1d:bul7UCuSWCY/vgn2EITYU5U5PaKUqTa
TLSH	80340F037E88EB15E1A87E3782EF2D2413B2B0C71733D60B6F49AAA514517825D7E72D

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	d3IACcsb
Full Name	d3IACcsb
EntryPoint	System.Void TBdlf3Zj.OcNh::tbjqE7qPly()
Scope Name	d3IACcsb
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	1dc79151-ab82-45c7-a1ea-3f75fbff36ed
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1063
Main Method	System.Void TBdlf3Zj.OcNh::tbjqE7qPly()
Main IL Instruction Count	62
Main IL	ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void x1imxjV4Z2c.THDQZELkV::3kpvfXKNrW() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_004C: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0070: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean TBdlf3Zj.OcNh::cPvcB3RTjCN(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Module Name	d3IACcsb
Full Name	d3IACcsb
EntryPoint	System.Void TBdlf3Zj.OcNh::tbjqE7qPly()
Scope Name	d3IACcsb
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	1dc79151-ab82-45c7-a1ea-3f75fbff36ed
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1063
Main Method	System.Void TBdlf3Zj.OcNh::tbjqE7qPly()
Main IL Instruction Count	62
Main IL	ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void x1imxjV4Z2c.THDQZELkV::3kpvfXKNrW() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_004C: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0070: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean TBdlf3Zj.OcNh::cPvcB3RTjCN(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback TBdlf3Zj.OcNh::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>

401f2e1e4e6d5ac8ffe99a47cf1ffbdc (242.69 KB)

401f2e1e4e6d5ac8ffe99a47cf1ffbdc

PE Executable | MD5: 401f2e1e4e6d5ac8ffe99a47cf1ffbdc | Size: 242.69 KB | application/x-dosexec

PE Executable
|
MD5: 401f2e1e4e6d5ac8ffe99a47cf1ffbdc
|
Size: 242.69 KB
|
application/x-dosexec