5430da01b4d0db31b71b12a574e6167d

PE Executable
|
MD5: 5430da01b4d0db31b71b12a574e6167d
|
Size: 1.92 MB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	5430da01b4d0db31b71b12a574e6167d
Sha1	728a6014500a38ef499c025335dc5dc6ac847871
Sha256	0d1f717457b9300e23d20d37dd7482cbb588d0332c7fbd9b936469f6e917f49e
Sha384	00d3fc99d0c8f43cedbc588255f3a21614272030c40ef05648e977fb1a791bb343f0ff89725b1b974eb62b9eab4064aa
Sha512	58aa8ad4835e94afdb754b08560d04fda9ade2fd5c6c2d5139d319e83017173483d6271b76d2ba054e1575592a1c4c9eb0771e87c08bce7fb12a371389427a37
SSDeep	49152:s52jQhi2xhfXEVAV1Hf5YWL4OC1Qy7qD:s22xhfXQAV15Yi4OUqD
TLSH	B895BE1676A24E73C270673585AB523D4290C7223527EB4F391F20C6AD4BBF19BB61B3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	pxqDsBPmp0nY
Full Name	pxqDsBPmp0nY
EntryPoint	System.Void vTPABST846dfb6569Vt.qBOuaETH0PlTAUypPol::Im3TPUYoi6()
Scope Name	pxqDsBPmp0nY
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version	4.1.5.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	47
Main Method	System.Void vTPABST846dfb6569Vt.qBOuaETH0PlTAUypPol::Im3TPUYoi6()
Main IL Instruction Count	51
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A0: newobj System.Void FmyKRxqDW7rkhXlWjgV.euQdh1qRZHNGZZoyL5X::.ctor() ldc.i4 -402698293 ldc.i4 -98392118 xor <null> ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_64d94d41d9c3494b8393e8068ddc1f75 xor <null> call System.String uu5SjQmESPmvtDfBqU5.vSjPE2mNIGk0nUHM5YB::B6bmCMRCh5(System.Int32) newobj System.Void WVUYysfIUgx45nGhg2l.yyICNrfDO2mhgGKmgEb::.ctor(System.String) call System.Void WVUYysfIUgx45nGhg2l.yyICNrfDO2mhgGKmgEb::f1DfSjNqyw() ldc.i4 2 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_1b63bdf2d9954208a87d72b4e87d61d0 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 1 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) ldnull <null> ldnull <null> newobj System.Void MGqafv8JhB2IV26YAtM.PwJ6gm8v7m4dKNmaq3G::.ctor(System.String,System.String) call System.Void dNcckLcgEE24WHoG9tI.ywK2n1cT7ICLU8VwQiS::Im5c70VwWC(MGqafv8JhB2IV26YAtM.PwJ6gm8v7m4dKNmaq3G) ldc.i4 1 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_bbcccaeffa9941c3a97a595ef74c6998 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 3 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) ret <null> newobj System.Void FmyKRxqDW7rkhXlWjgV.euQdh1qRZHNGZZoyL5X::.ctor() pop <null> ldc.i4 3 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_558516efe81e4580bbfe4d5e937eeff7 brfalse IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 4 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) call System.Void jXqVYYXBclHxuoSAwqh.F1H8r5XE3iZPJxXyEWe::uEGcqnLw7dL() ldc.i4 0 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_2fb4a9efbeed4297bc05f48135978227 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074)
Module Name	pxqDsBPmp0nY
Full Name	pxqDsBPmp0nY
EntryPoint	System.Void vTPABST846dfb6569Vt.qBOuaETH0PlTAUypPol::Im3TPUYoi6()
Scope Name	pxqDsBPmp0nY
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version	4.1.5.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	47
Main Method	System.Void vTPABST846dfb6569Vt.qBOuaETH0PlTAUypPol::Im3TPUYoi6()
Main IL Instruction Count	51
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A0: newobj System.Void FmyKRxqDW7rkhXlWjgV.euQdh1qRZHNGZZoyL5X::.ctor() ldc.i4 -402698293 ldc.i4 -98392118 xor <null> ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_64d94d41d9c3494b8393e8068ddc1f75 xor <null> call System.String uu5SjQmESPmvtDfBqU5.vSjPE2mNIGk0nUHM5YB::B6bmCMRCh5(System.Int32) newobj System.Void WVUYysfIUgx45nGhg2l.yyICNrfDO2mhgGKmgEb::.ctor(System.String) call System.Void WVUYysfIUgx45nGhg2l.yyICNrfDO2mhgGKmgEb::f1DfSjNqyw() ldc.i4 2 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_1b63bdf2d9954208a87d72b4e87d61d0 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 1 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) ldnull <null> ldnull <null> newobj System.Void MGqafv8JhB2IV26YAtM.PwJ6gm8v7m4dKNmaq3G::.ctor(System.String,System.String) call System.Void dNcckLcgEE24WHoG9tI.ywK2n1cT7ICLU8VwQiS::Im5c70VwWC(MGqafv8JhB2IV26YAtM.PwJ6gm8v7m4dKNmaq3G) ldc.i4 1 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_bbcccaeffa9941c3a97a595ef74c6998 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 3 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) ret <null> newobj System.Void FmyKRxqDW7rkhXlWjgV.euQdh1qRZHNGZZoyL5X::.ctor() pop <null> ldc.i4 3 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_558516efe81e4580bbfe4d5e937eeff7 brfalse IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 4 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) call System.Void jXqVYYXBclHxuoSAwqh.F1H8r5XE3iZPJxXyEWe::uEGcqnLw7dL() ldc.i4 0 ldsfld <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6} <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_cf2ba6e22451436da98e17195f6e18bb ldfld System.Int32 <Module>{c74ea4c1-6afa-4098-b2f3-618f400c17f6}::m_2fb4a9efbeed4297bc05f48135978227 brtrue IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A0,IL_00C5,IL_009F,IL_0030,IL_0074)

5430da01b4d0db31b71b12a574e6167d (1.92 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

5430da01b4d0db31b71b12a574e6167d

PE Executable | MD5: 5430da01b4d0db31b71b12a574e6167d | Size: 1.92 MB | application/x-dosexec

PE Executable
|
MD5: 5430da01b4d0db31b71b12a574e6167d
|
Size: 1.92 MB
|
application/x-dosexec