Malicious
Malicious

Share on LinkedIn
Print
PE Executable
MD5: 4f80d4c8d7b055953aaa514aa222c4e3
Size: 1.36 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very high
MD5 4f80d4c8d7b055953aaa514aa222c4e3
Sha1 8be5e5d88cf73c4352cb72fdd6181b19fa8912a5
Sha256 1d3a2118bbc34aa2fa91f73d67bde270afc1c83776a991ebd2584a434ed436ce
Sha384 319a63d8867d09e8151bc78e35de440836fcbbfc150da9c3857a4e0b8c33a43c624f942195ae8ee2fd206aadcc679aa7
Sha512 c49bc152a6865c94760bea16af46c1f60509baf4dc1bc6217359f23dfdec632e335a188d0db9f8c156b0f09e91a2cb0ac75c42b8dc7cde967aaffb802483ea23
SSDeep 24576:QgLKChCYVnQm97Ud0FpCtvXTZI5aClI1BIqQAWMSTL:vzV1NhU70bI1BIYWMS
TLSH 59556B017E85CE12F0191633C6EF45488BB4A95166B6E72B7DBA33AE15133A73C0D9CB
PeID
.NET executableHQR data fileMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
vjHoVjdZWA7AmHD0Lo.Ri9DmdQj0dOrNYOCTq
kv5jeY35eFFWBR5cOw.LqY016Jq9rwrNdx9pu
Name Value
Module Name
C0eSN4RIEpXj
Full Name
C0eSN4RIEpXj
EntryPoint
System.Void XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::YYPIlpOXsF()
Scope Name
C0eSN4RIEpXj
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
TTLTbvg5FcStkqNK30WHvG5nFN3ubMZHbg0Ra9bwUP6Y
Assembly Version
1.5.6.2
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
63
Main Method
System.Void XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::YYPIlpOXsF()
Main IL Instruction Count
14
Main IL
br.s IL_000B: ldc.i4.0
call <null>
ldnull <null>
ldc.i4.0 <null>
ldelem.ref <null>
pop <null>
ldc.i4.0 <null>
brtrue.s IL_0007: ldnull
call System.Void LZh9TNIE5ct40kTjWo1.lObMcrIWYJSvfU7gHim::kLjw4iIsCLsZtxc4lksN0j()
nop <null>
ldsfld System.Object XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::I1SIDK4aal
callvirt System.Void pvpoRwsWtwn0bbVADZ5.gqBeJBsaYmmI47HS6N2::kG7XCoBX81()
nop <null>
ret <null>
Module Name
C0eSN4RIEpXj
Full Name
C0eSN4RIEpXj
EntryPoint
System.Void XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::YYPIlpOXsF()
Scope Name
C0eSN4RIEpXj
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
TTLTbvg5FcStkqNK30WHvG5nFN3ubMZHbg0Ra9bwUP6Y
Assembly Version
1.5.6.2
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
63
Main Method
System.Void XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::YYPIlpOXsF()
Main IL Instruction Count
14
Main IL
br.s IL_000B: ldc.i4.0
call <null>
ldnull <null>
ldc.i4.0 <null>
ldelem.ref <null>
pop <null>
ldc.i4.0 <null>
brtrue.s IL_0007: ldnull
call System.Void LZh9TNIE5ct40kTjWo1.lObMcrIWYJSvfU7gHim::kLjw4iIsCLsZtxc4lksN0j()
nop <null>
ldsfld System.Object XiDAIfs0a6eCa1YH23l.zpwfQ5sOYlpToVJy4PP::I1SIDK4aal
callvirt System.Void pvpoRwsWtwn0bbVADZ5.gqBeJBsaYmmI47HS6N2::kG7XCoBX81()
nop <null>
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙