Suspicious
Suspect

536a65d8f2157f392962f9ed81550c81

PE Executable
|
MD5: 536a65d8f2157f392962f9ed81550c81
|
Size: 586.75 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
536a65d8f2157f392962f9ed81550c81
Sha1
0bdbd96ec6ed2b2141699afc9317f6d6206a5f15
Sha256
eb71e28819e2f1c7a84f524b9e39f85b376eca36d3b6428f1edbe8e9d80227e9
Sha384
cf9d25f0a4ef0babe17250c9b0125eb16170570404b183a5a3e289b6fac080debab86f6956dc4a64a3b204a5fc61b939
Sha512
fcb7cd7d2f4e4c4fe8a021fbab24f0d6b393a194f15a3ec70827a7153c321f7baa801e1463089041b15d03d4d526440ebcd2bf5de38acb9cf9f67bb8abb46348
SSDeep
12288:2eGCinWceCTToeunTrrjeh5sA5jey6d9J0/ExMO9D7o:2ebinWce6f/jt6dP0AZ9D
TLSH
46C423D4F18B4AB6C78257F3F10B121B1675D3C6027BDB49649B638F011AB8ECAA7781

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
536a65d8f2157f392962f9ed81550c81
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Gwzkiuzoh.Properties.Resources.resources
Qikuzsadp
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Gwzkiuzoh.exe
Full Name

Gwzkiuzoh.exe
EntryPoint

System.Void Gwzkiuzoh.Luarj::Main()
Scope Name

Gwzkiuzoh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gwzkiuzoh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Gwzkiuzoh.Luarj::Main()
Main IL Instruction Count

73
Main IL

nop <null> call System.Byte[] Gwzkiuzoh.Properties.Jarccic::get_Qikuzsadp() ldsfld System.Byte[] HCT8yRbqlRhGahQMgh.EUAAe5YORiZNy9G396::COcKhbpZY ldsfld System.Byte[] HCT8yRbqlRhGahQMgh.EUAAe5YORiZNy9G396::rYMNOhe2q call System.Byte[] Gwzkiuzoh.Luarj::hD2996rQc(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 br IL_00A6: ldc.i4.0 br IL_0034: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0034: ldloc V_0 br IL_00E4: ldloc.s V_1 nop <null> ldloc.s V_2 ldstr Rbnv6hSHc ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0077: leave IL_00E4 leave IL_00E4: ldloc.s V_1 pop <null> br IL_0082: leave IL_00E4 leave IL_00E4: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd} <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_6a092d0c377c4cc194dbb021343f5d89 ldfld System.Int32 <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_b1c1f0727ffb433e851d55a981d1fe4e brtrue IL_0038: switch(IL_005C,IL_00E4,IL_00AE) pop <null> ldc.i4 7 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) ldc.i4.0 <null> stloc.s V_1 br IL_00EF: br IL_00D4 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 0 ldsfld <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd} <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_6a092d0c377c4cc194dbb021343f5d89 ldfld System.Int32 <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_0adf4edcb5ac4a9bbeedd28520f94ac5 brtrue IL_0038: switch(IL_005C,IL_00E4,IL_00AE) pop <null> ldc.i4 0 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00AE: ldloc.s V_3 br IL_00FE: leave IL_0113 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00D4: ldloc.s V_1 br IL_00D4: ldloc.s V_1 ldc.i4 2 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) leave IL_0113: ret pop <null> br IL_0109: leave IL_0113 leave IL_0113: ret br IL_0113: ret ret <null>
Module Name

Gwzkiuzoh.exe
Full Name

Gwzkiuzoh.exe
EntryPoint

System.Void Gwzkiuzoh.Luarj::Main()
Scope Name

Gwzkiuzoh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gwzkiuzoh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Gwzkiuzoh.Luarj::Main()
Main IL Instruction Count

73
Main IL

nop <null> call System.Byte[] Gwzkiuzoh.Properties.Jarccic::get_Qikuzsadp() ldsfld System.Byte[] HCT8yRbqlRhGahQMgh.EUAAe5YORiZNy9G396::COcKhbpZY ldsfld System.Byte[] HCT8yRbqlRhGahQMgh.EUAAe5YORiZNy9G396::rYMNOhe2q call System.Byte[] Gwzkiuzoh.Luarj::hD2996rQc(System.Byte[],System.Byte[],System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetTypes() stloc.s V_3 br IL_00A6: ldc.i4.0 br IL_0034: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0034: ldloc V_0 br IL_00E4: ldloc.s V_1 nop <null> ldloc.s V_2 ldstr Rbnv6hSHc ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0077: leave IL_00E4 leave IL_00E4: ldloc.s V_1 pop <null> br IL_0082: leave IL_00E4 leave IL_00E4: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd} <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_6a092d0c377c4cc194dbb021343f5d89 ldfld System.Int32 <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_b1c1f0727ffb433e851d55a981d1fe4e brtrue IL_0038: switch(IL_005C,IL_00E4,IL_00AE) pop <null> ldc.i4 7 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) ldc.i4.0 <null> stloc.s V_1 br IL_00EF: br IL_00D4 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 0 ldsfld <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd} <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_6a092d0c377c4cc194dbb021343f5d89 ldfld System.Int32 <Module>{f3d4e433-0459-4a07-b2a7-4579cceffbdd}::m_0adf4edcb5ac4a9bbeedd28520f94ac5 brtrue IL_0038: switch(IL_005C,IL_00E4,IL_00AE) pop <null> ldc.i4 0 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00AE: ldloc.s V_3 br IL_00FE: leave IL_0113 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00D4: ldloc.s V_1 br IL_00D4: ldloc.s V_1 ldc.i4 2 br IL_0038: switch(IL_005C,IL_00E4,IL_00AE) leave IL_0113: ret pop <null> br IL_0109: leave IL_0113 leave IL_0113: ret br IL_0113: ret ret <null>
536a65d8f2157f392962f9ed81550c81 (586.75 KB)
File Structure
536a65d8f2157f392962f9ed81550c81
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Gwzkiuzoh.Properties.Resources.resources
Qikuzsadp
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙