Malicious
Malicious

5392eb608fc713327511e473980d0a98

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: 5392eb608fc713327511e473980d0a98
Size: 784.9 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
5392eb608fc713327511e473980d0a98
Sha1
7f63d9fffe7737c61c47fd6b68dabe8c1ee42b71
Sha256
8a64ab77db431685a3c90321753643ab07ebc3908378d43e192756e0bc07620b
Sha384
d50d7a9ff2d48267be53d908c0e4d0dd0cde99f0a0423afc152c0b69c4b0041a937472f7c97bb9fc8a08d1d9b00f9cd3
Sha512
ee82ed7c7004b054fe389b598a75cb829f26bc9c27b07fde9da5519fbd36f54b725ac67d6c373deaf9b8cc126e576bc2d2634af2a5f3ee437ae345e40bec8231
SSDeep
12288:OB9FDV4WLiYiFOtX/qUAcVgbRpmzSKP/yqxvsUshs7WqgiDRCG4d:8DV4WiYTClsGiyqxvsuoG4
TLSH
05F4BF1B7696CF12D2841232C1DB120193F1658BB677E70EB98513966D033FAEE8B793

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5392eb608fc713327511e473980d0a98
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
nob7bn351eG7aO8U6Z.XF9i5vNwRjthoOd9f0
xTsjF7EdjhLSeLKQ42.OX7GOVgBTsZ0JUWNbV
Zp03MmpvE39moEm4rx.jS8lOKYUKkuvRxi9UA
CfE0ciBvOiCS3XMJoe.PVI3uZ8f5D0OxxyfbR
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ybtamnf.exe
Full Name

Ybtamnf.exe
EntryPoint

System.Void bFm65Zo9DRWdOUOR58.ImXEUpkhTKjlxmmiLX::D6NPA2I0y()
Scope Name

Ybtamnf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ybtamnf
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void bFm65Zo9DRWdOUOR58.ImXEUpkhTKjlxmmiLX::D6NPA2I0y()
Main IL Instruction Count

63
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_0105: ret nop <null> newobj System.Void friWrXmOChcmwTftAq.Ixv8nV2Cm3JeKrbedV::.ctor() call System.Byte[] Zrkvelxmaa.Properties.Lsjkk::get_Scydhpl() callvirt System.Void friWrXmOChcmwTftAq.Ixv8nV2Cm3JeKrbedV::axXiMCZun(System.Byte[]) ldc.i4 0 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_ea7ba8b235654b17bbbcbf607909cf44 brfalse IL_0072: switch(IL_008E) pop <null> ldc.i4 0 br IL_0072: switch(IL_008E) br IL_006E: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_006E: ldloc V_1 br IL_008E: leave IL_0105 leave IL_0105: ret pop <null> ldc.i4 0 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_83f5f7bda8764035b232269e495293f3 brtrue IL_00C5: switch(IL_00E1) pop <null> ldc.i4 4 br IL_00C5: switch(IL_00E1) br IL_00C1: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C1: ldloc V_2 br IL_00E1: leave IL_0105 leave IL_0105: ret ldc.i4 6 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_953449ad92dc472b9ac889a04c4c80e1 brfalse IL_000D: switch(IL_0031,IL_0106,IL_0105) pop <null> ldc.i4 2 br IL_000D: switch(IL_0031,IL_0106,IL_0105) ret <null> call System.Void rOKqsH8Tkf3OaWmQgPO.I3WfRy8RplApbfMBBQx::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 3 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_d4efe22b941b4a09b4218c28dec93cb2 brfalse IL_000D: switch(IL_0031,IL_0106,IL_0105) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0106,IL_0105)
Module Name

Ybtamnf.exe
Full Name

Ybtamnf.exe
EntryPoint

System.Void bFm65Zo9DRWdOUOR58.ImXEUpkhTKjlxmmiLX::D6NPA2I0y()
Scope Name

Ybtamnf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ybtamnf
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void bFm65Zo9DRWdOUOR58.ImXEUpkhTKjlxmmiLX::D6NPA2I0y()
Main IL Instruction Count

63
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_0105: ret nop <null> newobj System.Void friWrXmOChcmwTftAq.Ixv8nV2Cm3JeKrbedV::.ctor() call System.Byte[] Zrkvelxmaa.Properties.Lsjkk::get_Scydhpl() callvirt System.Void friWrXmOChcmwTftAq.Ixv8nV2Cm3JeKrbedV::axXiMCZun(System.Byte[]) ldc.i4 0 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_ea7ba8b235654b17bbbcbf607909cf44 brfalse IL_0072: switch(IL_008E) pop <null> ldc.i4 0 br IL_0072: switch(IL_008E) br IL_006E: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_006E: ldloc V_1 br IL_008E: leave IL_0105 leave IL_0105: ret pop <null> ldc.i4 0 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_83f5f7bda8764035b232269e495293f3 brtrue IL_00C5: switch(IL_00E1) pop <null> ldc.i4 4 br IL_00C5: switch(IL_00E1) br IL_00C1: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00C1: ldloc V_2 br IL_00E1: leave IL_0105 leave IL_0105: ret ldc.i4 6 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_953449ad92dc472b9ac889a04c4c80e1 brfalse IL_000D: switch(IL_0031,IL_0106,IL_0105) pop <null> ldc.i4 2 br IL_000D: switch(IL_0031,IL_0106,IL_0105) ret <null> call System.Void rOKqsH8Tkf3OaWmQgPO.I3WfRy8RplApbfMBBQx::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 3 ldsfld <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c} <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_f49b5bc9594846d9b9f7b1740c4ae945 ldfld System.Int32 <Module>{c4dc43b3-10f3-4d77-a968-e3a7a42b6b9c}::m_d4efe22b941b4a09b4218c28dec93cb2 brfalse IL_000D: switch(IL_0031,IL_0106,IL_0105) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0106,IL_0105)
5392eb608fc713327511e473980d0a98 (784.9 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙