Suspicious
Suspect

65ef3e6fa93935743a54a25a1c527284

PE Executable
|
MD5: 65ef3e6fa93935743a54a25a1c527284
|
Size: 81.41 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
65ef3e6fa93935743a54a25a1c527284
Sha1
e61666386767f504c369d173cb6d393f6c39e670
Sha256
1771408a61c9dceecfbbc2012621f5764d37e34cec21aee351260dcc78a9fab5
Sha384
480e3003fb5d423b14a7d799b9c929530e036f35b7d57fa8aceec7689ab06ff264b740ba148afa3e64490fae06081125
Sha512
a16502e75953693a72145cb0d892ee1b24c9a67ae07d6d4c8b6cc92880c29a5e46e217983de0534850de113124293b2f9b9ca61525fd26a635a47d8833016920
SSDeep
1536:FUNhMyvDqiOMM4r5kosC1kaKGb6fTyv9b8pQgWUs75HfyG6O86fOlE:KRsO1kaKs6Ov9b86VZlHfyG6OcS
TLSH
EC834AB2B6938967C06DDF70945BB1B0537FE2B35C62A31EC8C911D3EE5A740C90AE64

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
65ef3e6fa93935743a54a25a1c527284
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

OBFUSCATED
Full Name

OBFUSCATED
EntryPoint

System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::ewGmxGpHskYecFaMmVepZobAGohCRlUsKNsPEkGR()
Scope Name

OBFUSCATED
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XClient3en
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

133
Main Method

System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::ewGmxGpHskYecFaMmVepZobAGohCRlUsKNsPEkGR()
Main IL Instruction Count

54
Main IL

ldsfld System.Int32 QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::HhotXyKnsmpjsgBzWmsCjlEdWxjIPQHVPozdJJbc ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::SFdJYEGRFLVMhKQuZaIAKMtmcEZYsEXUioYAtQTX call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::SFdJYEGRFLVMhKQuZaIAKMtmcEZYsEXUioYAtQTX ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::zLXZHPHyWTQWqDHflRHtFHybNaETMpbihKbYOtFm call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::zLXZHPHyWTQWqDHflRHtFHybNaETMpbihKbYOtFm ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::XAczOaDFHSpBizsSnWmGkNMGSHPGCIrRmuweFZnN call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::XAczOaDFHSpBizsSnWmGkNMGSHPGCIrRmuweFZnN ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::xZlTazZHrjLShYbjOvGglXdZBxpOdomnJzilCSGs call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::xZlTazZHrjLShYbjOvGglXdZBxpOdomnJzilCSGs ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::NcvRZcVCXJppAdivDkwzpbxCFtueGyQmkqOhQMeT call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::NcvRZcVCXJppAdivDkwzpbxCFtueGyQmkqOhQMeT leave.s IL_008A: call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_008A: call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() brtrue.s IL_0097: call System.Void BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::aQFsSBYsEiFfWqUWLPfNGfLhjVOyDnWikRgwDiZe() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::aQFsSBYsEiFfWqUWLPfNGfLhjVOyDnWikRgwDiZe() ldnull <null> ldftn System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::tKrwesllXUNWolBPvgGjzNPgpGtpmkhbomVoWFvo() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::dWEWyYdylCuyExsGUlhxYWYNMLHbqmSPKrfCiSIq() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

OBFUSCATED
Full Name

OBFUSCATED
EntryPoint

System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::ewGmxGpHskYecFaMmVepZobAGohCRlUsKNsPEkGR()
Scope Name

OBFUSCATED
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XClient3en
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

133
Main Method

System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::ewGmxGpHskYecFaMmVepZobAGohCRlUsKNsPEkGR()
Main IL Instruction Count

54
Main IL

ldsfld System.Int32 QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::HhotXyKnsmpjsgBzWmsCjlEdWxjIPQHVPozdJJbc ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::SFdJYEGRFLVMhKQuZaIAKMtmcEZYsEXUioYAtQTX call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::SFdJYEGRFLVMhKQuZaIAKMtmcEZYsEXUioYAtQTX ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::zLXZHPHyWTQWqDHflRHtFHybNaETMpbihKbYOtFm call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::zLXZHPHyWTQWqDHflRHtFHybNaETMpbihKbYOtFm ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::XAczOaDFHSpBizsSnWmGkNMGSHPGCIrRmuweFZnN call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::XAczOaDFHSpBizsSnWmGkNMGSHPGCIrRmuweFZnN ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::xZlTazZHrjLShYbjOvGglXdZBxpOdomnJzilCSGs call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::xZlTazZHrjLShYbjOvGglXdZBxpOdomnJzilCSGs ldsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::NcvRZcVCXJppAdivDkwzpbxCFtueGyQmkqOhQMeT call System.Object aECRuPlSNVbLPEjbeEuZxAnKXQURIukOZteBMCVN::EQHftZdKBUYNzowzrSUDUtksLnMvAIoCIHuHThqX(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String QySkHoqfOEtjMHtVTmFQfwzRCgDDLCCOjNoPXYer::NcvRZcVCXJppAdivDkwzpbxCFtueGyQmkqOhQMeT leave.s IL_008A: call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_008A: call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() call System.Boolean BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::FsNIyQeTRHxaTUXauJoJchwDgXwRfqCkuLLyTMzQ() brtrue.s IL_0097: call System.Void BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::aQFsSBYsEiFfWqUWLPfNGfLhjVOyDnWikRgwDiZe() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void BOeJObwslLJFoUXDjsWzciPFbRlHdyWLdWACrhsW::aQFsSBYsEiFfWqUWLPfNGfLhjVOyDnWikRgwDiZe() ldnull <null> ldftn System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::tKrwesllXUNWolBPvgGjzNPgpGtpmkhbomVoWFvo() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void YIZDYrYIDcDYBylMKmoxmlweyJsKGdwoQYHZRsBB::dWEWyYdylCuyExsGUlhxYWYNMLHbqmSPKrfCiSIq() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
65ef3e6fa93935743a54a25a1c527284 (81.41 KB)
File Structure
65ef3e6fa93935743a54a25a1c527284
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙