Malicious
Malicious

49bc508124aa5506ed1be0885e7f5ed7

PE Executable
|
MD5: 49bc508124aa5506ed1be0885e7f5ed7
|
Size: 848.38 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
49bc508124aa5506ed1be0885e7f5ed7
Sha1
e3d31ad4bfc0d53324f11ac8e5a7e08f326a12a5
Sha256
16a57c9ed682c3472d0119b8d8683c6e337c45521791f1cc2a470dadb87665cb
Sha384
835577763f994d82c7a6db7313c8e735a2ed43e2b155dd02afec64d303461e910eb08f6a667c49649cfed9bac9448025
Sha512
199e3e929516416ec51ff4ee83155c770283e12b988279f60d71657497b6b1a79a1bc1b8f90cab404b15c9d74daf9f5dd42375680b8ed7d1a04f81f73c4fc41f
SSDeep
12288:HSHyuJejhMqRWH1wAeKdjnQrUhwiBehjQp8nvu+GslN:34ejhMpVwAeK2cPBiQp8GslN
TLSH
1105F7017E44CE11F0199233C2EF454847B49A5966B6E32B7DBA377E26623A73C0D9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
49bc508124aa5506ed1be0885e7f5ed7
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
LO9UtKvkXOJnxW9RWl.T7DVAjPeEF2j1rBpYi
b2hPNBJc5NCYSuobQ7.fXvVvQ4nWZp9O3C5Nq
Informations
Name
 Value
Module Name

iOFoSXslc6kvVRGhutF6EUpKM
Full Name

iOFoSXslc6kvVRGhutF6EUpKM
EntryPoint

System.Void gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::HUNMwRnltv()
Scope Name

iOFoSXslc6kvVRGhutF6EUpKM
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

5WCx6jj5a8OzeqRM7EUrWdW
Assembly Version

1.1.4.3
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::HUNMwRnltv()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void pEkQrrMSR5L8RoDTqe2.Gwc6SqMY6aajATgL2hK::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::BCaMDJOsEb callvirt System.Void kbgW9UxYIjflaCtL6B0.ncwaHox1G3syL1u09q2::xr2ihQqXTV() nop <null> ret <null>
Module Name

iOFoSXslc6kvVRGhutF6EUpKM
Full Name

iOFoSXslc6kvVRGhutF6EUpKM
EntryPoint

System.Void gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::HUNMwRnltv()
Scope Name

iOFoSXslc6kvVRGhutF6EUpKM
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

5WCx6jj5a8OzeqRM7EUrWdW
Assembly Version

1.1.4.3
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::HUNMwRnltv()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void pEkQrrMSR5L8RoDTqe2.Gwc6SqMY6aajATgL2hK::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object gvCmq7x2o38DcL6o12f.rL3AV3xH3UQYWKkhTwS::BCaMDJOsEb callvirt System.Void kbgW9UxYIjflaCtL6B0.ncwaHox1G3syL1u09q2::xr2ihQqXTV() nop <null> ret <null>
49bc508124aa5506ed1be0885e7f5ed7 (848.38 KB)
File Structure
49bc508124aa5506ed1be0885e7f5ed7
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
LO9UtKvkXOJnxW9RWl.T7DVAjPeEF2j1rBpYi
b2hPNBJc5NCYSuobQ7.fXvVvQ4nWZp9O3C5Nq
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙