Malicious
Malicious

4e54ab1bcda9a1e6a28c10a29ad4c3b5

PE Executable
|
MD5: 4e54ab1bcda9a1e6a28c10a29ad4c3b5
|
Size: 531.97 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
4e54ab1bcda9a1e6a28c10a29ad4c3b5
Sha1
db377e25900e737041cb97ca54ef2d5510acbd20
Sha256
38582041b3f7cc4e17afab411b38cde8d1d434a030a95cca2cc644c43fe8c1b6
Sha384
5c257f3775434d2a828b0b3dc28cde6347708c7f6dd29b02082dfef0128b874151d453542ee631731fe0d2c5d4648834
Sha512
d366a956a96a1e0fb7c29ba1ade35f78509c3c44dddff323caaabb86f2b36d9257358bca7ae1e99339be2595d19e738448629401d9b508aac4e8117fca9503cb
SSDeep
12288:EjQE+zaDs1ocEIb2MyuKqP/I7lO9G8hit:EjQE+KxxIbUCk4i
TLSH
ECB401CB7BD58B11C2990AB1D8E74A2503EAF5C33AF3D7463B28169E0D823F4D955B84

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4e54ab1bcda9a1e6a28c10a29ad4c3b5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SVs7VfVnFXwCVjSqdo.NiL62vOKUGkiMlJg3f
tWZhbMv8OjiZcMPL9Y.GduT9HH6VKQsqGU1oy
kS3Bn34diaFmgPcpv0.AMQ4ofDg1MyVTBNLQk
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Puxotm.exe
Full Name

Puxotm.exe
EntryPoint

System.Void ASgFonWK6yBXVJKDCW.NQgrllUgHNyOxXHBQX::RdwljYvj9()
Scope Name

Puxotm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Puxotm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void ASgFonWK6yBXVJKDCW.NQgrllUgHNyOxXHBQX::RdwljYvj9()
Main IL Instruction Count

129
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0031: ret ret <null> ldsfld xs7Er1v2qucOdNQELMc xs7Er1v2qucOdNQELMc::Iy1vtNieTC call System.Void xs7Er1v2qucOdNQELMc::AHhvpr1n0W(xs7Er1v2qucOdNQELMc) ldc.i4 0 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_04053950b24c460082e84628db8c96e3 brtrue IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 3 br IL_000D: switch(IL_005B,IL_0032,IL_0031) nop <null> ldsfld qZD0bPvE52Lj7kan7Te qZD0bPvE52Lj7kan7Te::DP3vXFaK1u call System.Byte[] qZD0bPvE52Lj7kan7Te::AHhvpr1n0W(qZD0bPvE52Lj7kan7Te) stloc.s V_2 ldc.i4 4 br IL_007C: stloc V_0 br IL_0080: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 17 beq IL_01F9: leave IL_0031 ldloc V_0 ldc.i4 997 beq IL_0080: ldloc V_0 br IL_00D2: br IL_0159 br IL_0159: ldloc.s V_2 ldc.i4 5 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 13 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_d24bd3af0d744154a3c1cc3fa718ab0e brtrue IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 3 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 13 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_c32e8d631a7c43fd8801ad6d6e70de26 brfalse IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 7 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brtrue IL_01E1: ldloc.s V_2 ldc.i4 0 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_e0eff6cb87784efc9afbc452c0054b8e brfalse IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 7 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld WhuupRvx5Vn9FopRFnr WhuupRvx5Vn9FopRFnr::SAKva4Hmja call System.Byte[] WhuupRvx5Vn9FopRFnr::AHhvpr1n0W(System.Byte[],WhuupRvx5Vn9FopRFnr) stloc.s V_2 ldc.i4 8 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld yqeoMZvkaE31X3MUeiP yqeoMZvkaE31X3MUeiP::bHFvKyFOrF call System.Void yqeoMZvkaE31X3MUeiP::AHhvpr1n0W(System.Byte[],yqeoMZvkaE31X3MUeiP) ldc.i4 17 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brfalse IL_01B7: leave IL_0031 ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_a6a8a74a48fe4fbbb269c91fb953f3dd brtrue IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 11 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 2 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brtrue IL_0171: ldloc.s V_2 ldc.i4 6 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld XfMUVGvjZ4rQsxn68qJ XfMUVGvjZ4rQsxn68qJ::D4avQkC5Gf call System.Byte[] XfMUVGvjZ4rQsxn68qJ::AHhvpr1n0W(System.Byte[],XfMUVGvjZ4rQsxn68qJ) stloc.s V_2 ldc.i4 9 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_8f77c9e238594d3a9c8cd33e340a3e5a brfalse IL_0230: switch(IL_024C) pop <null> ldc.i4 0 br IL_0230: switch(IL_024C) br IL_022C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_022C: ldloc V_1 br IL_024C: leave IL_0031 leave IL_0031: ret ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_4baa04b989564a4f90d0806fd1e59ff0 brtrue IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_005B,IL_0032,IL_0031)
Module Name

Puxotm.exe
Full Name

Puxotm.exe
EntryPoint

System.Void ASgFonWK6yBXVJKDCW.NQgrllUgHNyOxXHBQX::RdwljYvj9()
Scope Name

Puxotm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Puxotm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void ASgFonWK6yBXVJKDCW.NQgrllUgHNyOxXHBQX::RdwljYvj9()
Main IL Instruction Count

129
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0031: ret ret <null> ldsfld xs7Er1v2qucOdNQELMc xs7Er1v2qucOdNQELMc::Iy1vtNieTC call System.Void xs7Er1v2qucOdNQELMc::AHhvpr1n0W(xs7Er1v2qucOdNQELMc) ldc.i4 0 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_04053950b24c460082e84628db8c96e3 brtrue IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 3 br IL_000D: switch(IL_005B,IL_0032,IL_0031) nop <null> ldsfld qZD0bPvE52Lj7kan7Te qZD0bPvE52Lj7kan7Te::DP3vXFaK1u call System.Byte[] qZD0bPvE52Lj7kan7Te::AHhvpr1n0W(qZD0bPvE52Lj7kan7Te) stloc.s V_2 ldc.i4 4 br IL_007C: stloc V_0 br IL_0080: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 17 beq IL_01F9: leave IL_0031 ldloc V_0 ldc.i4 997 beq IL_0080: ldloc V_0 br IL_00D2: br IL_0159 br IL_0159: ldloc.s V_2 ldc.i4 5 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 13 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_d24bd3af0d744154a3c1cc3fa718ab0e brtrue IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 3 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 13 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_c32e8d631a7c43fd8801ad6d6e70de26 brfalse IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 7 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brtrue IL_01E1: ldloc.s V_2 ldc.i4 0 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_e0eff6cb87784efc9afbc452c0054b8e brfalse IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 7 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld WhuupRvx5Vn9FopRFnr WhuupRvx5Vn9FopRFnr::SAKva4Hmja call System.Byte[] WhuupRvx5Vn9FopRFnr::AHhvpr1n0W(System.Byte[],WhuupRvx5Vn9FopRFnr) stloc.s V_2 ldc.i4 8 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld yqeoMZvkaE31X3MUeiP yqeoMZvkaE31X3MUeiP::bHFvKyFOrF call System.Void yqeoMZvkaE31X3MUeiP::AHhvpr1n0W(System.Byte[],yqeoMZvkaE31X3MUeiP) ldc.i4 17 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brfalse IL_01B7: leave IL_0031 ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_a6a8a74a48fe4fbbb269c91fb953f3dd brtrue IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) pop <null> ldc.i4 11 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret ldc.i4 2 br IL_007C: stloc V_0 ldloc.s V_2 ldsfld WloHsKvBwAYa02t0biM WloHsKvBwAYa02t0biM::sl1vMWCKoZ call System.Boolean WloHsKvBwAYa02t0biM::AHhvpr1n0W(System.Byte[],WloHsKvBwAYa02t0biM) brtrue IL_0171: ldloc.s V_2 ldc.i4 6 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) ldloc.s V_2 ldsfld XfMUVGvjZ4rQsxn68qJ XfMUVGvjZ4rQsxn68qJ::D4avQkC5Gf call System.Byte[] XfMUVGvjZ4rQsxn68qJ::AHhvpr1n0W(System.Byte[],XfMUVGvjZ4rQsxn68qJ) stloc.s V_2 ldc.i4 9 br IL_0084: switch(IL_00E1,IL_00D2,IL_0159,IL_01E1,IL_0187,IL_01B7,IL_0105,IL_0171,IL_0129,IL_01C6) leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_8f77c9e238594d3a9c8cd33e340a3e5a brfalse IL_0230: switch(IL_024C) pop <null> ldc.i4 0 br IL_0230: switch(IL_024C) br IL_022C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_022C: ldloc V_1 br IL_024C: leave IL_0031 leave IL_0031: ret ldc.i4 1 ldsfld <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf} <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_0499e748d2854ef2a2070c1d66cc32e1 ldfld System.Int32 <Module>{4283815f-c9d7-4853-bada-e6b05740e6cf}::m_4baa04b989564a4f90d0806fd1e59ff0 brtrue IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_005B,IL_0032,IL_0031)
4e54ab1bcda9a1e6a28c10a29ad4c3b5 (531.97 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙