Malicious
Malicious

61a3768a8b437364330d417dbbe08e01

PE Executable
|
MD5: 61a3768a8b437364330d417dbbe08e01
|
Size: 679.94 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
61a3768a8b437364330d417dbbe08e01
Sha1
c17e5ba80f87f0db8e65fcb8cd1bf7cc653b15d4
Sha256
792669a6ea78e8d8b4d999ca7ced78b3e707300742be7f1231c59e3c14fba2a9
Sha384
e797e66502c0f3dcbb9e4b53349e988f296ae4d267a11d9b3e3129030ba9800a849fb6d665e60efdec15359e082382b3
Sha512
05c5efd45b57d73f85d05d9ea9eca9b9f28817e77bce722a930e9b96e1e344ea4eeef0c28d4522d3c4bead4088ce17066ba6b813003c42ae9c3822f2546f3283
SSDeep
12288:sd0TEGk3pnmMZa1W8oWre7i7QnCRXu/sJHeBnbO3Cb2DujhVHUQFp:sd0TSEBWcre7iu/sxe112DuNV0
TLSH
3DE4AE6B76478E20C2882337D5DB8901A3B565967563EB0F708813A526073FBDE5B3E3

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
61a3768a8b437364330d417dbbe08e01
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kpFQx89DWxolcdLDSa.mKZGyFt5qvB4RQKhmO
Xcsiwjha.g.resources
qfI9Ru8FwlStwdWWSw.vYSDK2A5ubUM9po5bX
Ao9Ntvp9t7NUAymuXG.Mbwyp1qFCsZ7Z5F65O
Nqdgvmi.Properties.Resources.resources
Ggelwvppox
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Xcsiwjha.exe
Full Name

Xcsiwjha.exe
EntryPoint

System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::bQxnX9pfO()
Scope Name

Xcsiwjha.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Xcsiwjha
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::bQxnX9pfO()
Main IL Instruction Count

122
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_021D: ret nop <null> nop <null> ldsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/<>O::jXg66isqX dup <null> brtrue IL_0105: call System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::l7nBMXiMH(System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>) pop <null> ldc.i4 2 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_88ac077e6c994f23badf4f84cbf266de brtrue IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 2 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) br IL_0068: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 10 beq IL_0129: leave IL_021D ldloc V_3 ldc.i4 990 beq IL_0068: ldloc V_3 br IL_009E: ldc.i4.0 ldc.i4.0 <null> stsfld System.Int32 UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::R9sCYY9pV ldc.i4 6 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_28842b384a714e809a56a0a54686b388 brtrue IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 1 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) ldsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::Atyg9EpZQ ldnull <null> ldc.i4.0 <null> newobj System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s::.ctor(System.Int32) callvirt System.Void System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>::Invoke(System.Object,UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s) ldc.i4 9 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_47823b72801b4f358310bc85fd30e58b brtrue IL_0064: stloc V_3 pop <null> ldc.i4 10 br IL_0064: stloc V_3 ldnull <null> ldftn System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::jwlk7HVis(System.Object,System.Object) newobj System.Void System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/<>O::jXg66isqX call System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::l7nBMXiMH(System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>) ldc.i4 7 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_edcccd2e30364ab4a4c7ee5db072d291 brfalse IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 0 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) leave IL_021D: ret pop <null> ldc.i4 0 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_5f2fbc0bd7fc45daa9b4e1701a95b53a brfalse IL_0160: switch(IL_017C) pop <null> ldc.i4 3 br IL_0160: switch(IL_017C) br IL_015C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_015C: ldloc V_1 br IL_017C: leave IL_021D leave IL_021D: ret ldnull <null> stsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::Atyg9EpZQ ldc.i4 3 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_b8b74316785a4041b96573654cf5c5ae brtrue IL_01B8: switch(IL_01FD,IL_01D8) pop <null> ldc.i4 1 br IL_01B8: switch(IL_01FD,IL_01D8) br IL_01B4: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_01B4: ldloc V_2 br IL_01D8: ldnull ldnull <null> stsfld System.Object UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::d2jm7qu4G ldc.i4 5 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_c0a5dfc79fd8491397ccd75d6f46124b brtrue IL_01B8: switch(IL_01FD,IL_01D8) pop <null> ldc.i4 0 br IL_01B8: switch(IL_01FD,IL_01D8) endfinally <null> ldc.i4 0 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_b1990bc4cc9a4745a918ef7caba416cf brtrue IL_000D: switch(IL_021D,IL_002D) pop <null> ldc.i4 2 br IL_000D: switch(IL_021D,IL_002D) ret <null>
Module Name

Xcsiwjha.exe
Full Name

Xcsiwjha.exe
EntryPoint

System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::bQxnX9pfO()
Scope Name

Xcsiwjha.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Xcsiwjha
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::bQxnX9pfO()
Main IL Instruction Count

122
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_021D: ret nop <null> nop <null> ldsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/<>O::jXg66isqX dup <null> brtrue IL_0105: call System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::l7nBMXiMH(System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>) pop <null> ldc.i4 2 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_88ac077e6c994f23badf4f84cbf266de brtrue IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 2 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) br IL_0068: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 10 beq IL_0129: leave IL_021D ldloc V_3 ldc.i4 990 beq IL_0068: ldloc V_3 br IL_009E: ldc.i4.0 ldc.i4.0 <null> stsfld System.Int32 UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::R9sCYY9pV ldc.i4 6 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_28842b384a714e809a56a0a54686b388 brtrue IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 1 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) ldsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::Atyg9EpZQ ldnull <null> ldc.i4.0 <null> newobj System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s::.ctor(System.Int32) callvirt System.Void System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>::Invoke(System.Object,UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s) ldc.i4 9 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_47823b72801b4f358310bc85fd30e58b brtrue IL_0064: stloc V_3 pop <null> ldc.i4 10 br IL_0064: stloc V_3 ldnull <null> ldftn System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::jwlk7HVis(System.Object,System.Object) newobj System.Void System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/<>O::jXg66isqX call System.Void UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::l7nBMXiMH(System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s>) ldc.i4 7 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_edcccd2e30364ab4a4c7ee5db072d291 brfalse IL_006C: switch(IL_009E,IL_00C3,IL_00F3) pop <null> ldc.i4 0 br IL_006C: switch(IL_009E,IL_00C3,IL_00F3) leave IL_021D: ret pop <null> ldc.i4 0 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_5f2fbc0bd7fc45daa9b4e1701a95b53a brfalse IL_0160: switch(IL_017C) pop <null> ldc.i4 3 br IL_0160: switch(IL_017C) br IL_015C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_015C: ldloc V_1 br IL_017C: leave IL_021D leave IL_021D: ret ldnull <null> stsfld System.EventHandler`1<UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX/EnkFoUw04SVQsVPp2s> UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::Atyg9EpZQ ldc.i4 3 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_b8b74316785a4041b96573654cf5c5ae brtrue IL_01B8: switch(IL_01FD,IL_01D8) pop <null> ldc.i4 1 br IL_01B8: switch(IL_01FD,IL_01D8) br IL_01B4: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_01B4: ldloc V_2 br IL_01D8: ldnull ldnull <null> stsfld System.Object UMxyDIswlLG3aEtonO.TL1w9AlqpIloXfrXfX::d2jm7qu4G ldc.i4 5 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_c0a5dfc79fd8491397ccd75d6f46124b brtrue IL_01B8: switch(IL_01FD,IL_01D8) pop <null> ldc.i4 0 br IL_01B8: switch(IL_01FD,IL_01D8) endfinally <null> ldc.i4 0 ldsfld <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a} <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_0fda99b1b4694908a1d9d720890a72e0 ldfld System.Int32 <Module>{e4d10101-03ed-4dbc-a434-9008ec11e53a}::m_b1990bc4cc9a4745a918ef7caba416cf brtrue IL_000D: switch(IL_021D,IL_002D) pop <null> ldc.i4 2 br IL_000D: switch(IL_021D,IL_002D) ret <null>
61a3768a8b437364330d417dbbe08e01 (679.94 KB)
File Structure
61a3768a8b437364330d417dbbe08e01
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kpFQx89DWxolcdLDSa.mKZGyFt5qvB4RQKhmO
Xcsiwjha.g.resources
qfI9Ru8FwlStwdWWSw.vYSDK2A5ubUM9po5bX
Ao9Ntvp9t7NUAymuXG.Mbwyp1qFCsZ7Z5F65O
Nqdgvmi.Properties.Resources.resources
Ggelwvppox
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙