Malicious
Malicious

61630015ae24ce7364142a85647df7d1

PE Executable
|
MD5: 61630015ae24ce7364142a85647df7d1
|
Size: 580.61 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
61630015ae24ce7364142a85647df7d1
Sha1
cb4ea3d45b74af1a47414aa561fc834f8701f4a1
Sha256
e1965fb03cadd9aa65a5cab26848a443f5bbd200c177695df2ddaf45eb18dd20
Sha384
6ad58cc5a51c62180c17ed08bb304690a8b91a595e118bb73ea3d3117b6950393374900d2f23949c0731195ef9f61c40
Sha512
8e1aff9c919dde8b3a7880daebe1bd17ffb1f8a98532880c4b6e20ad1d25e7722a7fce01efe718a43054c6f9f5c0540b305d858259466d61fbbf69cd323da04d
SSDeep
12288:K8rUqDoeiMlVNS0C6rZ4uBh/nCGhrEFjIL17VJtS4xh7G:KtKZla0C6F5VnPhgjILvSj
TLSH
2DC4019675854F21CA5DA6B6C9E3812003F7F4C379F3D79A3E59138E0D807E4DA0AB89

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
61630015ae24ce7364142a85647df7d1
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
my0sCjAPX8TM1d2TxS.pSBsOX1TFWEs24UDFd
s5ha9K9jv3RbvWgbL7.wxFwPXLmZrDHoGoI7b
EdfcXsRvbD6XMP4YQN.1whDfbFHyII1Pi0W2J
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Afgjqz.exe
Full Name

Afgjqz.exe
EntryPoint

System.Void Uir83mUQYfd9lQCMVQ.WaDTRRDVCmqE6dEGSq::BB26OwmS7()
Scope Name

Afgjqz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Afgjqz
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void Uir83mUQYfd9lQCMVQ.WaDTRRDVCmqE6dEGSq::BB26OwmS7()
Main IL Instruction Count

129
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0031: ret ret <null> nop <null> ldsfld sFMOsBA2ekpT9PaI3qU sFMOsBA2ekpT9PaI3qU::yafAbDbsMr call System.Byte[] sFMOsBA2ekpT9PaI3qU::ym5AlDuWAa(sFMOsBA2ekpT9PaI3qU) stloc.s V_2 ldc.i4 7 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) br IL_0057: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 17 beq IL_0149: leave IL_0031 ldloc V_0 ldc.i4 997 beq IL_0057: ldloc V_0 br IL_016D: leave IL_0031 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brfalse IL_016D: leave IL_0031 ldc.i4 6 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_df21465389f74919af14c13d8b390d28 brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 4 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) br IL_01A3: ldloc.s V_2 ldc.i4 3 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld gCqrZlAoBdgIEJTW3gR gCqrZlAoBdgIEJTW3gR::hhYApduKLB call System.Void gCqrZlAoBdgIEJTW3gR::ym5AlDuWAa(System.Byte[],gCqrZlAoBdgIEJTW3gR) ldc.i4 8 br IL_0053: stloc V_0 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brtrue IL_018B: ldloc.s V_2 ldc.i4 17 br IL_0053: stloc V_0 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brtrue IL_00E8: ldloc.s V_2 ldc.i4 15 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_3d1f03f1f31d4c6c8d4800ac9221640f brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 2 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 4 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_b8481080bacb480397e2fefb75aee809 brfalse IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 0 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 9 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 5 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld pDFQCsAdGO2WlyZrg7T pDFQCsAdGO2WlyZrg7T::fQTAXG9CTb call System.Byte[] pDFQCsAdGO2WlyZrg7T::ym5AlDuWAa(System.Byte[],pDFQCsAdGO2WlyZrg7T) stloc.s V_2 ldc.i4 6 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld Ds6tgiAiOuVxKEIAJi4 Ds6tgiAiOuVxKEIAJi4::QBUAfyAGHe call System.Byte[] Ds6tgiAiOuVxKEIAJi4::ym5AlDuWAa(System.Byte[],Ds6tgiAiOuVxKEIAJi4) stloc.s V_2 ldc.i4 17 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_2a3cebc81a354d60aa73a2f4e69c4298 brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 1 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_eb774715b87b427cac0c832097bfb7c8 brfalse IL_0207: switch(IL_0223) pop <null> ldc.i4 0 br IL_0207: switch(IL_0223) br IL_0203: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_0203: ldloc V_1 br IL_0223: leave IL_0031 leave IL_0031: ret ldc.i4 1 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_aa801a3efd534e65b007bd7357513c40 brfalse IL_000D: switch(IL_0032,IL_0247,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_0247,IL_0031) ldsfld AXSkh0AtHrkR8A6q6T3 AXSkh0AtHrkR8A6q6T3::lY1AM0aJI6 call System.Void AXSkh0AtHrkR8A6q6T3::ym5AlDuWAa(AXSkh0AtHrkR8A6q6T3) ldc.i4 0 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_5c45f93adf484f9b8b55268225f5fc9f brtrue IL_000D: switch(IL_0032,IL_0247,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_0247,IL_0031)
Module Name

Afgjqz.exe
Full Name

Afgjqz.exe
EntryPoint

System.Void Uir83mUQYfd9lQCMVQ.WaDTRRDVCmqE6dEGSq::BB26OwmS7()
Scope Name

Afgjqz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Afgjqz
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void Uir83mUQYfd9lQCMVQ.WaDTRRDVCmqE6dEGSq::BB26OwmS7()
Main IL Instruction Count

129
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0031: ret ret <null> nop <null> ldsfld sFMOsBA2ekpT9PaI3qU sFMOsBA2ekpT9PaI3qU::yafAbDbsMr call System.Byte[] sFMOsBA2ekpT9PaI3qU::ym5AlDuWAa(sFMOsBA2ekpT9PaI3qU) stloc.s V_2 ldc.i4 7 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) br IL_0057: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 17 beq IL_0149: leave IL_0031 ldloc V_0 ldc.i4 997 beq IL_0057: ldloc V_0 br IL_016D: leave IL_0031 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brfalse IL_016D: leave IL_0031 ldc.i4 6 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_df21465389f74919af14c13d8b390d28 brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 4 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) br IL_01A3: ldloc.s V_2 ldc.i4 3 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld gCqrZlAoBdgIEJTW3gR gCqrZlAoBdgIEJTW3gR::hhYApduKLB call System.Void gCqrZlAoBdgIEJTW3gR::ym5AlDuWAa(System.Byte[],gCqrZlAoBdgIEJTW3gR) ldc.i4 8 br IL_0053: stloc V_0 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brtrue IL_018B: ldloc.s V_2 ldc.i4 17 br IL_0053: stloc V_0 ldloc.s V_2 ldsfld yAJfytATiGkDBfqXRGo yAJfytATiGkDBfqXRGo::Yd0AmrACax call System.Boolean yAJfytATiGkDBfqXRGo::ym5AlDuWAa(System.Byte[],yAJfytATiGkDBfqXRGo) brtrue IL_00E8: ldloc.s V_2 ldc.i4 15 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_3d1f03f1f31d4c6c8d4800ac9221640f brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 2 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 4 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_b8481080bacb480397e2fefb75aee809 brfalse IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 0 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 9 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret ldc.i4 5 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld pDFQCsAdGO2WlyZrg7T pDFQCsAdGO2WlyZrg7T::fQTAXG9CTb call System.Byte[] pDFQCsAdGO2WlyZrg7T::ym5AlDuWAa(System.Byte[],pDFQCsAdGO2WlyZrg7T) stloc.s V_2 ldc.i4 6 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) ldloc.s V_2 ldsfld Ds6tgiAiOuVxKEIAJi4 Ds6tgiAiOuVxKEIAJi4::QBUAfyAGHe call System.Byte[] Ds6tgiAiOuVxKEIAJi4::ym5AlDuWAa(System.Byte[],Ds6tgiAiOuVxKEIAJi4) stloc.s V_2 ldc.i4 17 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_2a3cebc81a354d60aa73a2f4e69c4298 brtrue IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) pop <null> ldc.i4 1 br IL_005B: switch(IL_018B,IL_00FE,IL_017C,IL_016D,IL_00D9,IL_00E8,IL_0119,IL_00A9,IL_01D0,IL_01A3) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_eb774715b87b427cac0c832097bfb7c8 brfalse IL_0207: switch(IL_0223) pop <null> ldc.i4 0 br IL_0207: switch(IL_0223) br IL_0203: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_0203: ldloc V_1 br IL_0223: leave IL_0031 leave IL_0031: ret ldc.i4 1 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_aa801a3efd534e65b007bd7357513c40 brfalse IL_000D: switch(IL_0032,IL_0247,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_0247,IL_0031) ldsfld AXSkh0AtHrkR8A6q6T3 AXSkh0AtHrkR8A6q6T3::lY1AM0aJI6 call System.Void AXSkh0AtHrkR8A6q6T3::ym5AlDuWAa(AXSkh0AtHrkR8A6q6T3) ldc.i4 0 ldsfld <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e} <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_1bb85a1b510a4e66b0cd5b40f506bb55 ldfld System.Int32 <Module>{a051dedc-213e-41d4-b5bb-8cd7a38a173e}::m_5c45f93adf484f9b8b55268225f5fc9f brtrue IL_000D: switch(IL_0032,IL_0247,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_0247,IL_0031)
61630015ae24ce7364142a85647df7d1 (580.61 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙