568ffd19a56f9082a20348e931420ff4

PE Executable
|
MD5: 568ffd19a56f9082a20348e931420ff4
|
Size: 422.91 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	568ffd19a56f9082a20348e931420ff4
Sha1	aa30bd7c7e105567a4a2ccc8926de0ce8f4ac43a
Sha256	fddea77166c0444cd1841cf11936dc8bb597f9b3753e0c59e8210001896a3767
Sha384	96a898f9a74672b2b752fa393a28ac31a968f26d16b326bef4bee3e43222586d7a5bc855c801dd5fb05741f5f83e6047
Sha512	238b3c01486163bbd47a6fd8f8b5df6349127682caec3389383f7d6a5d0da684bd2495e3ca72d90db00ff0ef887fd2ab08b221e4a7578836fd153cc2737a94d2
SSDeep	6144:D+8KUyHCAydUJoOw2o2z7vhqwCh83U/NpFLbihuSIceTiMLJAs1RM5SvvQlaE3n:DlWCZq2EDhqw7UVG+cQNySXe
TLSH	F594F14BFBC15B01C9155AB1C4E3993103F6D8D73A73D78A7B85038A1F627A4CD8AB98

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

UPolyX 0.3 -> delikon

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Hnmgax.exe
Full Name	Hnmgax.exe
EntryPoint	System.Void jWx6Q5B8pf4wuom4cB.VO1ZUYhfqgN4Bm5Hkg::RxhYPhKAE()
Scope Name	Hnmgax.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Hnmgax
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void jWx6Q5B8pf4wuom4cB.VO1ZUYhfqgN4Bm5Hkg::RxhYPhKAE()
Main IL Instruction Count	99
Main IL	ldc.i4 2 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_019F: ldsfld ShequP6Uai5HFNcv69t ShequP6Uai5HFNcv69t::sBP6y7tjZn ret <null> nop <null> ldsfld ECTMPr6mwXR90iT20M8 ECTMPr6mwXR90iT20M8::b1r6r30i52 call System.Byte[] ECTMPr6mwXR90iT20M8::Rp967Ng13f(ECTMPr6mwXR90iT20M8) stloc.s V_2 ldc.i4 3 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) br IL_0057: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 11 beq IL_00A3: ldloc.s V_2 ldloc V_1 ldc.i4 991 beq IL_0057: ldloc V_1 br IL_00CE: ldloc.s V_2 ldloc.s V_2 ldlen <null> brfalse IL_0128: leave IL_0031 ldc.i4 11 br IL_0053: stloc V_1 ldloc.s V_2 ldsfld dFmN9L6pKnqV29Etc7I dFmN9L6pKnqV29Etc7I::xby6oeU7a5 call System.Void dFmN9L6pKnqV29Etc7I::Rp967Ng13f(System.Byte[],dFmN9L6pKnqV29Etc7I) ldc.i4 0 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_aab60ff949b842f5ab00d415f4de2197 brfalse IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 1 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) ldloc.s V_2 ldsfld rkwtcA6k5KUowG2paux rkwtcA6k5KUowG2paux::nVa6THpT3D call System.Byte[] rkwtcA6k5KUowG2paux::Rp967Ng13f(System.Byte[],rkwtcA6k5KUowG2paux) stloc.s V_2 ldc.i4 1 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_ad77cc4a4e9146bc902a102de443c8c4 brtrue IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 11 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) ldloc.s V_2 ldsfld k9CU166t64qnCs4LjiB k9CU166t64qnCs4LjiB::kPZ61yZHFZ call System.Byte[] k9CU166t64qnCs4LjiB::Rp967Ng13f(System.Byte[],k9CU166t64qnCs4LjiB) stloc.s V_2 ldc.i4 10 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_0aaffcdeca68439886852118487b3cbd brfalse IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 2 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_73f24cce426345f6a8478c379047289a brtrue IL_015F: switch(IL_017B) pop <null> ldc.i4 3 br IL_015F: switch(IL_017B) br IL_015B: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_015B: ldloc V_0 br IL_017B: leave IL_0031 leave IL_0031: ret ldc.i4 6 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_947cc78ea2f44830a0686e22de7e027b brtrue IL_000D: switch(IL_0031,IL_0032,IL_019F) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0032,IL_019F) ldsfld ShequP6Uai5HFNcv69t ShequP6Uai5HFNcv69t::sBP6y7tjZn call System.Void ShequP6Uai5HFNcv69t::Rp967Ng13f(ShequP6Uai5HFNcv69t) ldc.i4 4 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_0c6dedcd36674f5f814c1fa0c336f6a8 brfalse IL_000D: switch(IL_0031,IL_0032,IL_019F) pop <null> ldc.i4 1 br IL_000D: switch(IL_0031,IL_0032,IL_019F)
Module Name	Hnmgax.exe
Full Name	Hnmgax.exe
EntryPoint	System.Void jWx6Q5B8pf4wuom4cB.VO1ZUYhfqgN4Bm5Hkg::RxhYPhKAE()
Scope Name	Hnmgax.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Hnmgax
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void jWx6Q5B8pf4wuom4cB.VO1ZUYhfqgN4Bm5Hkg::RxhYPhKAE()
Main IL Instruction Count	99
Main IL	ldc.i4 2 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_019F: ldsfld ShequP6Uai5HFNcv69t ShequP6Uai5HFNcv69t::sBP6y7tjZn ret <null> nop <null> ldsfld ECTMPr6mwXR90iT20M8 ECTMPr6mwXR90iT20M8::b1r6r30i52 call System.Byte[] ECTMPr6mwXR90iT20M8::Rp967Ng13f(ECTMPr6mwXR90iT20M8) stloc.s V_2 ldc.i4 3 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) br IL_0057: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 11 beq IL_00A3: ldloc.s V_2 ldloc V_1 ldc.i4 991 beq IL_0057: ldloc V_1 br IL_00CE: ldloc.s V_2 ldloc.s V_2 ldlen <null> brfalse IL_0128: leave IL_0031 ldc.i4 11 br IL_0053: stloc V_1 ldloc.s V_2 ldsfld dFmN9L6pKnqV29Etc7I dFmN9L6pKnqV29Etc7I::xby6oeU7a5 call System.Void dFmN9L6pKnqV29Etc7I::Rp967Ng13f(System.Byte[],dFmN9L6pKnqV29Etc7I) ldc.i4 0 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_aab60ff949b842f5ab00d415f4de2197 brfalse IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 1 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) ldloc.s V_2 ldsfld rkwtcA6k5KUowG2paux rkwtcA6k5KUowG2paux::nVa6THpT3D call System.Byte[] rkwtcA6k5KUowG2paux::Rp967Ng13f(System.Byte[],rkwtcA6k5KUowG2paux) stloc.s V_2 ldc.i4 1 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_ad77cc4a4e9146bc902a102de443c8c4 brtrue IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 11 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) ldloc.s V_2 ldsfld k9CU166t64qnCs4LjiB k9CU166t64qnCs4LjiB::kPZ61yZHFZ call System.Byte[] k9CU166t64qnCs4LjiB::Rp967Ng13f(System.Byte[],k9CU166t64qnCs4LjiB) stloc.s V_2 ldc.i4 10 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_0aaffcdeca68439886852118487b3cbd brfalse IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) pop <null> ldc.i4 2 br IL_005B: switch(IL_0128,IL_00FB,IL_0091,IL_00CE) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_73f24cce426345f6a8478c379047289a brtrue IL_015F: switch(IL_017B) pop <null> ldc.i4 3 br IL_015F: switch(IL_017B) br IL_015B: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_015B: ldloc V_0 br IL_017B: leave IL_0031 leave IL_0031: ret ldc.i4 6 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_947cc78ea2f44830a0686e22de7e027b brtrue IL_000D: switch(IL_0031,IL_0032,IL_019F) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0032,IL_019F) ldsfld ShequP6Uai5HFNcv69t ShequP6Uai5HFNcv69t::sBP6y7tjZn call System.Void ShequP6Uai5HFNcv69t::Rp967Ng13f(ShequP6Uai5HFNcv69t) ldc.i4 4 ldsfld <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2} <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_8b070b9a1c7944d88f03e84fb6cad47c ldfld System.Int32 <Module>{f62f7ccf-5356-4d9d-a400-8c7d6d1fbba2}::m_0c6dedcd36674f5f814c1fa0c336f6a8 brfalse IL_000D: switch(IL_0031,IL_0032,IL_019F) pop <null> ldc.i4 1 br IL_000D: switch(IL_0031,IL_0032,IL_019F)

568ffd19a56f9082a20348e931420ff4 (422.91 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

568ffd19a56f9082a20348e931420ff4

PE Executable | MD5: 568ffd19a56f9082a20348e931420ff4 | Size: 422.91 KB | application/x-dosexec

PE Executable
|
MD5: 568ffd19a56f9082a20348e931420ff4
|
Size: 422.91 KB
|
application/x-dosexec