Malicious
Malicious

578a549be9926fbd8016a8ff8ec0636e

Share on LinkedIn
Print
PE Executable
MD5: 578a549be9926fbd8016a8ff8ec0636e
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 578a549be9926fbd8016a8ff8ec0636e
Sha1 7c61077ca3c1d12c73e308b2a674212bab4bf88b
Sha256 284ad50e9107b510ea42440c143b96f88fc30b524f325e4c450f659871438475
Sha384 e2b16975bfdefd41cc9669f7a19fbbac5b120720d26a1ee600554752c13e09d3c70d606bfa78ce068d0a9a372644d28d
Sha512 3304e2de66ae195995a92e07394c9c41052f577699347491c66939bb538397b8b69363a3a8ee71c2cec350aea0943254b0f61617380a2dbce1cfc927cbfa1983
SSDeep 3072:I1Bayiq6lEAKt9sOW1IkTHo9rG8KaG5jnThnq0ufzz:4ayiq6bA+Zsq8KaWTN
TLSH 2B3400027F88E715E1A93E3782EF6C2453B2B4C71733C60B6F49AB6524516826C7E72D
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙