Suspicious
Suspect

5a025a3a398e6bf6aeead2fb14eee791

PE Executable
|
MD5: 5a025a3a398e6bf6aeead2fb14eee791
|
Size: 747.52 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
5a025a3a398e6bf6aeead2fb14eee791
Sha1
846d3dda3d933929d7814a39a218a51fc8e5ae2f
Sha256
c0c33fc2b4998a89bd4ff5ffda166d0d02e455ada63b85c1e0216e3e3bff97aa
Sha384
6f55700896cc8c230a384027a63fb49384d8159fd4268e0e39ee0dfb6f67b6ec296c9600bf04631366c07ff111a02a5a
Sha512
fda847d7d304d912177566202403b06b38862fcdfd50897be5c1506364ec45675c0786d51e6126e2477ea958dbd822a3f9faea2575a75064aa346db9650dba47
SSDeep
12288:QNxA6GtSxRl0/oqcGzmn8Iol2ILUxg6FfA/1emY//zN41n4rYGENu2M1lGu:QfA6GtSxH0/T/vIol2ILHOCem+N4CfEO
TLSH
9BF4235564E24475E1E00F37BF7BEE6062ACCC03FFA66F19798907E51809335E90AB29

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
5a025a3a398e6bf6aeead2fb14eee791
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Bkigf.Properties.Resources.resources
Hkkxvc
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Bkigf.exe
Full Name

Bkigf.exe
EntryPoint

System.Void Bkigf.Vbxqvsxihvx::Main()
Scope Name

Bkigf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Bkigf
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Bkigf.Vbxqvsxihvx::Main()
Main IL Instruction Count

75
Main IL

nop <null> call System.Byte[] Bkigf.Vbxqvsxihvx::BsfmYTvGp() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_3 br IL_0058: ldc.i4.0 br IL_0025: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0025: ldloc V_0 br IL_00DE: ldloc.s V_3 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0084: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 br IL_0060: br IL_0084 br IL_0084: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_356a44fd1f0d4595ba34f4f9aacb11a7 brfalse IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 1 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00DE: ldloc.s V_3 ldc.i4 2 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_f223ea2192044f1bb38c920b93cc0654 brfalse IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 4 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) nop <null> ldloc.s V_2 ldstr GWbLrKL3Nb ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00C9: leave IL_004D leave IL_004D: ldloc.s V_1 pop <null> br IL_00D4: leave IL_004D leave IL_004D: ldloc.s V_1 br IL_004D: ldloc.s V_1 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 0 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_2c5a3b284f074c15991af9b09f6c31a6 brtrue IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 7 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) leave IL_0119: ret pop <null> br IL_010F: leave IL_0119 leave IL_0119: ret br IL_0119: ret ret <null>
Module Name

Bkigf.exe
Full Name

Bkigf.exe
EntryPoint

System.Void Bkigf.Vbxqvsxihvx::Main()
Scope Name

Bkigf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Bkigf
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Bkigf.Vbxqvsxihvx::Main()
Main IL Instruction Count

75
Main IL

nop <null> call System.Byte[] Bkigf.Vbxqvsxihvx::BsfmYTvGp() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_3 br IL_0058: ldc.i4.0 br IL_0025: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0025: ldloc V_0 br IL_00DE: ldloc.s V_3 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_0084: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 br IL_0060: br IL_0084 br IL_0084: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_356a44fd1f0d4595ba34f4f9aacb11a7 brfalse IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 1 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_00DE: ldloc.s V_3 ldc.i4 2 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_f223ea2192044f1bb38c920b93cc0654 brfalse IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 4 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) nop <null> ldloc.s V_2 ldstr GWbLrKL3Nb ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_00C9: leave IL_004D leave IL_004D: ldloc.s V_1 pop <null> br IL_00D4: leave IL_004D leave IL_004D: ldloc.s V_1 br IL_004D: ldloc.s V_1 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 ldc.i4 0 ldsfld <Module>{852fd373-cd22-4cc8-8d30-78830e456e75} <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_333eac35b0c94d629301e8f79c4c324a ldfld System.Int32 <Module>{852fd373-cd22-4cc8-8d30-78830e456e75}::m_2c5a3b284f074c15991af9b09f6c31a6 brtrue IL_0029: switch(IL_00AE,IL_00DE,IL_0104) pop <null> ldc.i4 7 br IL_0029: switch(IL_00AE,IL_00DE,IL_0104) leave IL_0119: ret pop <null> br IL_010F: leave IL_0119 leave IL_0119: ret br IL_0119: ret ret <null>
5a025a3a398e6bf6aeead2fb14eee791 (747.52 KB)
File Structure
5a025a3a398e6bf6aeead2fb14eee791
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Bkigf.Properties.Resources.resources
Hkkxvc
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙