4d4608812fcc58ac4474bf36b33f5691

PE Executable
|
MD5: 4d4608812fcc58ac4474bf36b33f5691
|
Size: 1.25 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	4d4608812fcc58ac4474bf36b33f5691
Sha1	6d2db770d09059b99db2db3e6993859ca12b8eed
Sha256	3bc8b86be3492b3feae4b5fef80145e82cc533e4dfcf59ff623db80ebd44f6b5
Sha384	d219f56b7b31af5aec3d70fd5dc9e5d946e55b7fb687fa6340b76ce54883df9899e6a0b41efe1565a0285d109990b63b
Sha512	1189e97cb4b0266cde1441b2ecdaa08dd6b620b4e4bdc527f979e528c22385833bd88f4854e9dfef9a7117277d3a1b58e04f96b69a57f4eda9b28e785d42ec4c
SSDeep	24576:sqoK1RTvWwR+dHNvw0FYtKKjPWlYlPw04HqzJGKfMGoSNoWE:si1R7WwsvwtKgPWlYyDKzfw8
TLSH	8B4533857EEEC235C1A59D3FF4BD0D0553244185D86ACE07AE8E2AA01F7B312DE8B9D1

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Uyhaik.exe
Full Name	Uyhaik.exe
EntryPoint	System.Void Wbdcvgh.Interpreters.ControllableInterpreter::InterpretRemoteInterpreter()
Scope Name	Uyhaik.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Uyhaik
Assembly Version	1.0.1272.21598
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	6
Main Method	System.Void Wbdcvgh.Interpreters.ControllableInterpreter::InterpretRemoteInterpreter()
Main IL Instruction Count	71
Main IL	ldc.i4 2 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0076: nop nop <null> ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_31491fe57f3148aa8861b2c393dd9df1 brfalse IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) pop <null> ldc.i4 0 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) nop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 1 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_6a1b66f239fb4d3ea4da62336222a0f5 brtrue IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) pop <null> ldc.i4 1 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) nop <null> nop <null> newobj System.Void Wbdcvgh.Visitors.SingletonEnumerator::.ctor() stloc.s V_3 ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_9395acb8522c4a08bee17222738c8afb brfalse IL_00A2: switch(IL_00B4,IL_00EA) pop <null> ldc.i4 0 br IL_00A2: switch(IL_00B4,IL_00EA) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_00B4: ldloc.s V_3 ldloc.s V_3 ldnull <null> ldstr G4lTA/gPk0yyzc4sMou1+A== ldstr XTI3paBgZyNBNGPGk7.BSrwyxoD4vDQS6J6Du ldstr ufiaepnBZ callvirt System.Void Wbdcvgh.Visitors.SingletonEnumerator::SendVisitor(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_d992c351b5ac452fa2d7127bf1b893af brfalse IL_00A2: switch(IL_00B4,IL_00EA) pop <null> ldc.i4 1 br IL_00A2: switch(IL_00B4,IL_00EA) nop <null> nop <null> leave IL_0134: ret pop <null> ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_3789d88f1bb9406abb63fa36eec92a81 brtrue IL_0115: switch(IL_0123) pop <null> ldc.i4 0 br IL_0115: switch(IL_0123) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0123: nop nop <null> nop <null> leave IL_0134: ret ldc.i4 3 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) ret <null>
Module Name	Uyhaik.exe
Full Name	Uyhaik.exe
EntryPoint	System.Void Wbdcvgh.Interpreters.ControllableInterpreter::InterpretRemoteInterpreter()
Scope Name	Uyhaik.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Uyhaik
Assembly Version	1.0.1272.21598
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	6
Main Method	System.Void Wbdcvgh.Interpreters.ControllableInterpreter::InterpretRemoteInterpreter()
Main IL Instruction Count	71
Main IL	ldc.i4 2 stloc V_2 br IL_000E: ldloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0076: nop nop <null> ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_31491fe57f3148aa8861b2c393dd9df1 brfalse IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) pop <null> ldc.i4 0 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) nop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 1 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_6a1b66f239fb4d3ea4da62336222a0f5 brtrue IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) pop <null> ldc.i4 1 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) nop <null> nop <null> newobj System.Void Wbdcvgh.Visitors.SingletonEnumerator::.ctor() stloc.s V_3 ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_9395acb8522c4a08bee17222738c8afb brfalse IL_00A2: switch(IL_00B4,IL_00EA) pop <null> ldc.i4 0 br IL_00A2: switch(IL_00B4,IL_00EA) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_00B4: ldloc.s V_3 ldloc.s V_3 ldnull <null> ldstr G4lTA/gPk0yyzc4sMou1+A== ldstr XTI3paBgZyNBNGPGk7.BSrwyxoD4vDQS6J6Du ldstr ufiaepnBZ callvirt System.Void Wbdcvgh.Visitors.SingletonEnumerator::SendVisitor(System.String,System.String,System.String,System.String) ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_d992c351b5ac452fa2d7127bf1b893af brfalse IL_00A2: switch(IL_00B4,IL_00EA) pop <null> ldc.i4 1 br IL_00A2: switch(IL_00B4,IL_00EA) nop <null> nop <null> leave IL_0134: ret pop <null> ldc.i4 0 ldsfld <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e} <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_aff0ba298cbd4f299b96989b0c188c45 ldfld System.Int32 <Module>{18631df1-9ee7-4c3b-b55c-eec3aacc6f7e}::m_3789d88f1bb9406abb63fa36eec92a81 brtrue IL_0115: switch(IL_0123) pop <null> ldc.i4 0 br IL_0115: switch(IL_0123) ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0123: nop nop <null> nop <null> leave IL_0134: ret ldc.i4 3 br IL_0012: switch(IL_0076,IL_002C,IL_004C,IL_0134) ret <null>

4d4608812fcc58ac4474bf36b33f5691 (1.25 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

4d4608812fcc58ac4474bf36b33f5691

PE Executable | MD5: 4d4608812fcc58ac4474bf36b33f5691 | Size: 1.25 MB | application/x-dosexec

PE Executable
|
MD5: 4d4608812fcc58ac4474bf36b33f5691
|
Size: 1.25 MB
|
application/x-dosexec