Malicious
Malicious

5d6bd66a425dd270e72e63c6d150443c

PE Executable
|
MD5: 5d6bd66a425dd270e72e63c6d150443c
|
Size: 97.79 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
5d6bd66a425dd270e72e63c6d150443c
Sha1
42ef6983422db1622163e8866aac18856405bac8
Sha256
172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a
Sha384
834f954a67e136fa81118772d736b6e554fbefda0e80c2190d8ab94348fd340dd8e58099c01c41c5f1450120343ce7b7
Sha512
f2957fc6770d372423e1ed9801803a9d80dd27820fb7f17a67047b79ac9de5b091828359e6c89bd576fd1b8db68d8538e571d3c94529f86cc74eb5d11f8e94df
SSDeep
1536:ZGLooYeGApvIFUddd9ZQX9yk7H767neGd2V8PkhDVdE6nXt+3tlIz4cQmBaFMLFb:8oo/ZpvIaddd9ZQX9yk7H767neGd2V82
TLSH
9BA3070E37D48924D9FE8571D57290650B3AAC9A456AD21E1FC8B4EC2F7BA8009C7FD3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5d6bd66a425dd270e72e63c6d150443c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
CloudServices.Resources.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

CloudServices.exe
Full Name

CloudServices.exe
EntryPoint

System.Void CloudServices.UltraSpeed::Main()
Scope Name

CloudServices.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CloudServices
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

874
Main Method

System.Void CloudServices.UltraSpeed::Main()
Main IL Instruction Count

18
Main IL

nop <null> call System.Void CloudServices.UltraSpeed::isUserExpired() nop <null> call System.Void CloudServices.UltraSpeed::DisableWD() nop <null> call System.Void CloudServices.UltraSpeed::Taskmgr_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::CMD_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::Registeries_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::Start() nop <null> call System.Void CloudServices.UltraSpeed::StartView() nop <null> call System.Void System.Windows.Forms.Application::Run() nop <null> ret <null>
Module Name

CloudServices.exe
Full Name

CloudServices.exe
EntryPoint

System.Void CloudServices.UltraSpeed::Main()
Scope Name

CloudServices.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CloudServices
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

874
Main Method

System.Void CloudServices.UltraSpeed::Main()
Main IL Instruction Count

18
Main IL

nop <null> call System.Void CloudServices.UltraSpeed::isUserExpired() nop <null> call System.Void CloudServices.UltraSpeed::DisableWD() nop <null> call System.Void CloudServices.UltraSpeed::Taskmgr_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::CMD_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::Registeries_Disabler() nop <null> call System.Void CloudServices.UltraSpeed::Start() nop <null> call System.Void CloudServices.UltraSpeed::StartView() nop <null> call System.Void System.Windows.Forms.Application::Run() nop <null> ret <null>
5d6bd66a425dd270e72e63c6d150443c (97.79 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙