633273345448ee416049dbb43a6f0785

PE Executable
|
MD5: 633273345448ee416049dbb43a6f0785
|
Size: 543.74 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	633273345448ee416049dbb43a6f0785
Sha1	48d1916a5c6d259fe84caa00783b796fc9b05d52
Sha256	7cafd62021af9fcffb0bbb10194e9c9decb6b58dfc673499672edc0186714064
Sha384	2d421e67ee78eefb30e68ad10850a42247d14e7573da561d38faecbf60f2188965d0d87690acfbdce368cf3bfc010e9e
Sha512	16fd05f5ae141ff7a674df623893b590a9bb11b7fc419d7a0f140e556aa8bf7c449d30551c4f00c2dcbcd7c3d42e9a3ccf29358b91b42f5d3857229c7f3b7377
SSDeep	6144:VkOmunR/SN5rvuA7Ou+DsFZy7W2F9BXRMeHkOcxVwEuHBBIs7COSa+EknuzVSXbL:vRKhwgkrv6uTIqCOSa2uzArJvaPOAs
TLSH	F1C4024AB7D01751C66455B6C0E3987443F2DE0B3AB3DB493F8947856E823E4CC9ABCA

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Jrpcgufk.exe
Full Name	Jrpcgufk.exe
EntryPoint	System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS::FgwvEfjkl()
Scope Name	Jrpcgufk.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Jrpcgufk
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS::FgwvEfjkl()
Main IL Instruction Count	89
Main IL	ldc.i4 3 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 991 beq IL_0009: ldloc V_0 br IL_005E: ret ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ call System.Void HQZevmpl404rPK2mopo::U2RpYQRv3E(HQZevmpl404rPK2mopo) ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_19234fb624e44165bfeb750374cd0335 brfalse IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 0 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) ret <null> ldsfld InSfZlpd2QXbkDBaDlZ InSfZlpd2QXbkDBaDlZ::Dc4pUB9n0i call System.Void InSfZlpd2QXbkDBaDlZ::U2RpYQRv3E(InSfZlpd2QXbkDBaDlZ) ldc.i4 2 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_889e2a40a2df47dbac5d9a566829821f brfalse IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 0 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) nop <null> ldsfld System.Threading.ThreadStart Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::Kn8YXFlcK dup <null> brtrue IL_00FC: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_3cd134978e9d4b00b64dc2f27016a049 brfalse IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 4 br IL_00C6: switch(IL_00E6,IL_012A) br IL_00C2: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_00C2: ldloc V_1 br IL_012A: leave IL_0035 ldsfld Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::nBXqVECCH ldftn System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::TRRHRofKJ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::Kn8YXFlcK newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld c3lpLipWBtAmiMfDkyu c3lpLipWBtAmiMfDkyu::T7kpXjckxW call System.Void c3lpLipWBtAmiMfDkyu::U2RpYQRv3E(System.Object,c3lpLipWBtAmiMfDkyu) ldc.i4 1 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_6a0f6cef7e824f93af8445efdb2a2814 brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 4 br IL_00C6: switch(IL_00E6,IL_012A) leave IL_0035: ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ pop <null> ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_db5d703271f644b09966dc4d7917d3c1 brtrue IL_0161: switch(IL_017D) pop <null> ldc.i4 5 br IL_0161: switch(IL_017D) br IL_015D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_015D: ldloc V_2 br IL_017D: leave IL_0035 leave IL_0035: ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ ldc.i4 1 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_64ab1b1f72e047a890e3e0ba26137528 brtrue IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 4 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F)
Module Name	Jrpcgufk.exe
Full Name	Jrpcgufk.exe
EntryPoint	System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS::FgwvEfjkl()
Scope Name	Jrpcgufk.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Jrpcgufk
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS::FgwvEfjkl()
Main IL Instruction Count	89
Main IL	ldc.i4 3 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 991 beq IL_0009: ldloc V_0 br IL_005E: ret ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ call System.Void HQZevmpl404rPK2mopo::U2RpYQRv3E(HQZevmpl404rPK2mopo) ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_19234fb624e44165bfeb750374cd0335 brfalse IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 0 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) ret <null> ldsfld InSfZlpd2QXbkDBaDlZ InSfZlpd2QXbkDBaDlZ::Dc4pUB9n0i call System.Void InSfZlpd2QXbkDBaDlZ::U2RpYQRv3E(InSfZlpd2QXbkDBaDlZ) ldc.i4 2 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_889e2a40a2df47dbac5d9a566829821f brfalse IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 0 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) nop <null> ldsfld System.Threading.ThreadStart Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::Kn8YXFlcK dup <null> brtrue IL_00FC: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_3cd134978e9d4b00b64dc2f27016a049 brfalse IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 4 br IL_00C6: switch(IL_00E6,IL_012A) br IL_00C2: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_00C2: ldloc V_1 br IL_012A: leave IL_0035 ldsfld Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::nBXqVECCH ldftn System.Void Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::TRRHRofKJ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Trr7Hu1FmGmRlUPcfV.qjAmo8eUrVWFn5OfTS/<>c::Kn8YXFlcK newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld c3lpLipWBtAmiMfDkyu c3lpLipWBtAmiMfDkyu::T7kpXjckxW call System.Void c3lpLipWBtAmiMfDkyu::U2RpYQRv3E(System.Object,c3lpLipWBtAmiMfDkyu) ldc.i4 1 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_6a0f6cef7e824f93af8445efdb2a2814 brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 4 br IL_00C6: switch(IL_00E6,IL_012A) leave IL_0035: ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ pop <null> ldc.i4 0 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_db5d703271f644b09966dc4d7917d3c1 brtrue IL_0161: switch(IL_017D) pop <null> ldc.i4 5 br IL_0161: switch(IL_017D) br IL_015D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_015D: ldloc V_2 br IL_017D: leave IL_0035 leave IL_0035: ldsfld HQZevmpl404rPK2mopo HQZevmpl404rPK2mopo::N30pSBFEPJ ldc.i4 1 ldsfld <Module>{31bd736b-dd6c-41af-a395-dca00c898b26} <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_12bf1d47d8554e1fa5c9fe18b04f68e4 ldfld System.Int32 <Module>{31bd736b-dd6c-41af-a395-dca00c898b26}::m_64ab1b1f72e047a890e3e0ba26137528 brtrue IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F) pop <null> ldc.i4 4 br IL_000D: switch(IL_005E,IL_0035,IL_0088,IL_005F)

633273345448ee416049dbb43a6f0785 (543.74 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

633273345448ee416049dbb43a6f0785

PE Executable | MD5: 633273345448ee416049dbb43a6f0785 | Size: 543.74 KB | application/x-dosexec

PE Executable
|
MD5: 633273345448ee416049dbb43a6f0785
|
Size: 543.74 KB
|
application/x-dosexec