Malicious
Malicious

461a8951de7f9c3a534a75364b6d927e

PE Executable
|
MD5: 461a8951de7f9c3a534a75364b6d927e
|
Size: 1.64 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
461a8951de7f9c3a534a75364b6d927e
Sha1
4cd5ea09aeeeed828b3615329e100e7bd749fe35
Sha256
41cbadacf6d3c6d992783009923ceaca6c2148439fa043a260ab5928b8996f10
Sha384
9364ad6eafa0f12e227db7334ca0c1c943f96e942b9522bf689cd320fe5ef1d7bfa2ad63acce62288b4c9651c16b9607
Sha512
e2fab3d9bf94b08f147e0c52db5649cdf67239bf4ffc2dc0a6e2028e6500d00817c93a79a148c32fdc584cf9425b166130a090f3ee8f73de33850cdc67abc8be
SSDeep
49152:gxjT1nM1chCOzuBIt1oBiY6KlXDOXmhuM80:gxjT1nPCOiBIa6sVf
TLSH
1D759D0A55928EB7C6A1373148A7003D56A1C7763962FF0E355F34A1A803BB5CE726FB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
461a8951de7f9c3a534a75364b6d927e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
y8U8BT3FOSt8kUIWMq.UT0AtEx6DI3tGcImg2
9skdQuG5jTfXS8sBgy.PnI7RJ1c7EkpmxgLpi
hv81xRqhS0x5WMyWYE.FHW6Nrc50YlSrtgIGw
pKPxvNZwTNJM3gh2J7.XTym5nu7Bj7FgkQTKl
M4EkVtHZkeKEAAlHAF.4O94vUTcBeJYlxaZMQ
8qgr5rkCZry0D1QCrH.PkSjhL8ngHRdd3hrKB
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void jVTLnRy1AQonQEkUksZ.jmv4K1yGIhXyb7Zf2ot::BhKy3SqUij()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void jVTLnRy1AQonQEkUksZ.jmv4K1yGIhXyb7Zf2ot::BhKy3SqUij()
Main IL Instruction Count

48
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0055: ret newobj System.Void UfSF9yquQ4e6LpvZ49j.CgJCGhqZjxu75CXDt1y::.ctor() pop <null> ldc.i4 3 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_76396a43be8d49de94982aff9205c2fa brtrue IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ret <null> call System.Void fyhXWQUKIiYrFjEiUy4.VjvesjUmek9S7f9j6P0::XGx8xUA7Fgd() ldc.i4 1 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_4ed9b1f6b9c84dbfa696a684bd801b90 brtrue IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ldnull <null> ldnull <null> newobj System.Void kv5cml1W26mE8KygJbx.gAO8wU1axflFEePhLfY::.ctor(System.String,System.String) call System.Void mf58058wYn8V9Rkhv9c.rZjZ8c8yGt6iiE205V9::DFx8dJnfWA(kv5cml1W26mE8KygJbx.gAO8wU1axflFEePhLfY) ldc.i4 4 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ldc.i4 1026395292 ldc.i4 -824041201 add <null> ldc.i4 1565878390 xor <null> ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_3e92e67fee8f453ba06ea560e9c9852f xor <null> call System.String wyGpE9Bm3vDWIVTPIsa.JeOT8UBC91by5gF2BpL::CMFBtYKwN8(System.Int32) newobj System.Void WLl39McHOudVdqYhdKj.qHBN7Mcu349hSPCZaEq::.ctor(System.String) call System.Void WLl39McHOudVdqYhdKj.qHBN7Mcu349hSPCZaEq::YbJcTEXN5W() ldc.i4 0 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_60c94bec0c194b3dacf571ccce305956 brfalse IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void jVTLnRy1AQonQEkUksZ.jmv4K1yGIhXyb7Zf2ot::BhKy3SqUij()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void jVTLnRy1AQonQEkUksZ.jmv4K1yGIhXyb7Zf2ot::BhKy3SqUij()
Main IL Instruction Count

48
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0055: ret newobj System.Void UfSF9yquQ4e6LpvZ49j.CgJCGhqZjxu75CXDt1y::.ctor() pop <null> ldc.i4 3 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_76396a43be8d49de94982aff9205c2fa brtrue IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ret <null> call System.Void fyhXWQUKIiYrFjEiUy4.VjvesjUmek9S7f9j6P0::XGx8xUA7Fgd() ldc.i4 1 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_4ed9b1f6b9c84dbfa696a684bd801b90 brtrue IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ldnull <null> ldnull <null> newobj System.Void kv5cml1W26mE8KygJbx.gAO8wU1axflFEePhLfY::.ctor(System.String,System.String) call System.Void mf58058wYn8V9Rkhv9c.rZjZ8c8yGt6iiE205V9::DFx8dJnfWA(kv5cml1W26mE8KygJbx.gAO8wU1axflFEePhLfY) ldc.i4 4 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) ldc.i4 1026395292 ldc.i4 -824041201 add <null> ldc.i4 1565878390 xor <null> ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_3e92e67fee8f453ba06ea560e9c9852f xor <null> call System.String wyGpE9Bm3vDWIVTPIsa.JeOT8UBC91by5gF2BpL::CMFBtYKwN8(System.Int32) newobj System.Void WLl39McHOudVdqYhdKj.qHBN7Mcu349hSPCZaEq::.ctor(System.String) call System.Void WLl39McHOudVdqYhdKj.qHBN7Mcu349hSPCZaEq::YbJcTEXN5W() ldc.i4 0 ldsfld <Module>{c9544f77-8a56-4942-9951-d16a60020dd6} <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_ee6e738fe28f4521bc849962f69df0b3 ldfld System.Int32 <Module>{c9544f77-8a56-4942-9951-d16a60020dd6}::m_60c94bec0c194b3dacf571ccce305956 brfalse IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090) pop <null> ldc.i4 0 br IL_0012: switch(IL_0055,IL_0030,IL_0056,IL_007A,IL_0090)
461a8951de7f9c3a534a75364b6d927e (1.64 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙