Malicious
Malicious

41a0317f24681be6376d979e91ba980f

PE Executable
|
MD5: 41a0317f24681be6376d979e91ba980f
|
Size: 1.39 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
41a0317f24681be6376d979e91ba980f
Sha1
d73b924fda3a1a1ae1005694bb44b1023537827c
Sha256
1a12f351719aea41823db2bd70eebcd2333d65b1b48e1f43074b5ab48c4b22e8
Sha384
dbe5bff6056c5fc54c607c66a88db377a2feb94e86853ff478256f67b6be4548651b8204fac049fef24a1526b0a3e9d1
Sha512
36909e2bbef4ed32f08112a523b0f5a7c21fbb930341d65d74472a2ba84de71a39ec41a94f205d8b20f745838e295b541e7803774ba0130206fa4322214ed918
SSDeep
24576:P5Jl5Cmkcae8LEqMDEWqeKFDmkntlOobWQV740R8ApCL:xJZmgPKFFltWQxl/
TLSH
C1556B027E84CE11F0191233C2EF454847B9AD5166A6E32FBDBA37AE55523A73C0D9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
41a0317f24681be6376d979e91ba980f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
bTIE2W92dPBQ2fSDMU.Dx1TJweQ5hRKJ3gL68
BBPnd5R1LdeBGj1XFr.t19SF1GJ18kwrpPxcr
Informations
Name
 Value
Module Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
Full Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
EntryPoint

System.Void yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::EVRq2JmYEa()
Scope Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

33F0gU219
Assembly Version

9.3.7.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::EVRq2JmYEa()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void wOgCsLwgI5unw3RYg7c.hTsuyrwpew4HqklMdcy::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::ylHqLKAT6b callvirt System.Void pegZTgMpPMPBL2UGFle.KFeY1tMlhItngWybJJ9::akL5GCHoSq() nop <null> ret <null>
Module Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
Full Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
EntryPoint

System.Void yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::EVRq2JmYEa()
Scope Name

ZvfrnXClD7fMejsHjncj5WNCbB0eurVnKC32
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

33F0gU219
Assembly Version

9.3.7.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::EVRq2JmYEa()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void wOgCsLwgI5unw3RYg7c.hTsuyrwpew4HqklMdcy::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object yq5gHOMijGd5KpR6hPP.Hwiy9mMtxdc8ljLSfJs::ylHqLKAT6b callvirt System.Void pegZTgMpPMPBL2UGFle.KFeY1tMlhItngWybJJ9::akL5GCHoSq() nop <null> ret <null>
41a0317f24681be6376d979e91ba980f (1.39 MB)
File Structure
41a0317f24681be6376d979e91ba980f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
bTIE2W92dPBQ2fSDMU.Dx1TJweQ5hRKJ3gL68
BBPnd5R1LdeBGj1XFr.t19SF1GJ18kwrpPxcr
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙