Deep Malware Analysis of 4e2c5149b3ebecb7d6b16eec58955bfc | md5: 4e2c5149b3ebecb7d6b16eec58955bfc | Executable | PE (Portable Executable) | Win 32 Exe | x86 | .Net Obfuscator | .Net Reactor | .Net

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	4e2c5149b3ebecb7d6b16eec58955bfc
Sha1	b2bbb0f23e59c874a0baeff191c07495c25b86d4
Sha256	e68bab797b3d8f7f6ecf1e945c42e7d908e18b0fdf5f28a8aec40793c06290c2
Sha384	3291cef4694e6806199bc0578f65e183f5400ab030dcba390e0b4d6a78d396ff43a2525553c57906ef37a0c96c74b9ad
Sha512	041f4dbc73370337f95115b43813f47bf09880da2bc89f0e0091a98aa43b67cf2dfeb7b285eac25e6dce5a0854b0333bfcabc1ec9c08bc97107471d8302cb3b5
SSDeep	12288:pvzChArU3+aUP32AKGvWCqQ+j3kRNfF4O0suMRRG0EV:p7IwGAKmWCqxjQ9u2G5
TLSH	A3C4DF7F37848F60E16C0CB1D4E78A2483E19A9BB733E78A7A4904DD1E46366DD5A3C4

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name	Value
Module Name	DJoc.exe
Full Name	DJoc.exe
EntryPoint	System.Void BLPuxFYiiejR3JaYmpF.VVogfTYKbTq3Etn7gbG::R9DYtT0hLt()
Scope Name	DJoc.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	DJoc
Assembly Version	3.2.1.3
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	46
Main Method	System.Void BLPuxFYiiejR3JaYmpF.VVogfTYKbTq3Etn7gbG::R9DYtT0hLt()
Main IL Instruction Count	29
Main IL	br.s IL_0007: call System.Void a3yQwEe7L8VcXtWGdmH.JcaqmmedPE46ZOdVw6e::Y51Zs4pXxS() call <null> call System.Void a3yQwEe7L8VcXtWGdmH.JcaqmmedPE46ZOdVw6e::Y51Zs4pXxS() ldsfld JdvXYgLXlHOcw3dulCJ JdvXYgLXlHOcw3dulCJ::F66LpbRfh7 call System.Void JdvXYgLXlHOcw3dulCJ::x9SfsFQQmK(JdvXYgLXlHOcw3dulCJ) ldc.i4.0 <null> ldsfld dg42VVLncNul3RFYqIG dg42VVLncNul3RFYqIG::a0LLOpa0GO call System.Void dg42VVLncNul3RFYqIG::x9SfsFQQmK(System.Boolean,dg42VVLncNul3RFYqIG) call System.Void uxyYfrey7MS0kNX9mlx.TyDquHeDn9HOHSlNwKB::IqOxKxhCSV() ldc.i4 690195659 ldc.i4 4 shr <null> ldc.i4 1229483333 xor <null> ldsfld <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee} <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_b26b9211ec1f412fa298148eb6e930a1 ldfld System.Int32 <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_4836750f159e4750846e9daf6dab5226 xor <null> call System.String y4fxLKYjtsarYTjoygQ.VbMqu5YVIG4EhcVZrDu::i86JfmHlec(System.Int32) ldc.i4 -443191877 ldc.i4 -932639772 xor <null> ldsfld <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee} <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_b26b9211ec1f412fa298148eb6e930a1 ldfld System.Int32 <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_9282751216c74fa9a50dbbaf5eb46e50 xor <null> call System.String y4fxLKYjtsarYTjoygQ.VbMqu5YVIG4EhcVZrDu::i86JfmHlec(System.Int32) newobj System.Void Rental.MainForm::.ctor(System.String,System.String) ldsfld ukJUNiLvR31qHt2cR8B ukJUNiLvR31qHt2cR8B::C0gLFdYrL1 call System.Void ukJUNiLvR31qHt2cR8B::x9SfsFQQmK(System.Windows.Forms.Form,ukJUNiLvR31qHt2cR8B) ret <null>
Module Name	DJoc.exe
Full Name	DJoc.exe
EntryPoint	System.Void BLPuxFYiiejR3JaYmpF.VVogfTYKbTq3Etn7gbG::R9DYtT0hLt()
Scope Name	DJoc.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	DJoc
Assembly Version	3.2.1.3
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	46
Main Method	System.Void BLPuxFYiiejR3JaYmpF.VVogfTYKbTq3Etn7gbG::R9DYtT0hLt()
Main IL Instruction Count	29
Main IL	br.s IL_0007: call System.Void a3yQwEe7L8VcXtWGdmH.JcaqmmedPE46ZOdVw6e::Y51Zs4pXxS() call <null> call System.Void a3yQwEe7L8VcXtWGdmH.JcaqmmedPE46ZOdVw6e::Y51Zs4pXxS() ldsfld JdvXYgLXlHOcw3dulCJ JdvXYgLXlHOcw3dulCJ::F66LpbRfh7 call System.Void JdvXYgLXlHOcw3dulCJ::x9SfsFQQmK(JdvXYgLXlHOcw3dulCJ) ldc.i4.0 <null> ldsfld dg42VVLncNul3RFYqIG dg42VVLncNul3RFYqIG::a0LLOpa0GO call System.Void dg42VVLncNul3RFYqIG::x9SfsFQQmK(System.Boolean,dg42VVLncNul3RFYqIG) call System.Void uxyYfrey7MS0kNX9mlx.TyDquHeDn9HOHSlNwKB::IqOxKxhCSV() ldc.i4 690195659 ldc.i4 4 shr <null> ldc.i4 1229483333 xor <null> ldsfld <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee} <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_b26b9211ec1f412fa298148eb6e930a1 ldfld System.Int32 <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_4836750f159e4750846e9daf6dab5226 xor <null> call System.String y4fxLKYjtsarYTjoygQ.VbMqu5YVIG4EhcVZrDu::i86JfmHlec(System.Int32) ldc.i4 -443191877 ldc.i4 -932639772 xor <null> ldsfld <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee} <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_b26b9211ec1f412fa298148eb6e930a1 ldfld System.Int32 <Module>{279908d9-73a0-4b1e-bd8d-67fedcf72cee}::m_9282751216c74fa9a50dbbaf5eb46e50 xor <null> call System.String y4fxLKYjtsarYTjoygQ.VbMqu5YVIG4EhcVZrDu::i86JfmHlec(System.Int32) newobj System.Void Rental.MainForm::.ctor(System.String,System.String) ldsfld ukJUNiLvR31qHt2cR8B ukJUNiLvR31qHt2cR8B::C0gLFdYrL1 call System.Void ukJUNiLvR31qHt2cR8B::x9SfsFQQmK(System.Windows.Forms.Form,ukJUNiLvR31qHt2cR8B) ret <null>

Artefacts

Name	Value
Embedded Resources	5
Suspicious Type Names (1-2 chars)	0

4e2c5149b3ebecb7d6b16eec58955bfc (581.63 KB)