6c7dc8d90ecbbf30ac991bde84c2ceb0

PE Executable
|
MD5: 6c7dc8d90ecbbf30ac991bde84c2ceb0
|
Size: 1.02 MB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	6c7dc8d90ecbbf30ac991bde84c2ceb0
Sha1	c031ca5b18ddfe763f7d471b5100882e08fe3072
Sha256	e23f8ba7bf289df08075b13c8957fa5d89583ed7d4e7cb52d14fe95b64143c2e
Sha384	10a71eb856b3c53fa687cb091e3787e491a443e857f5547eaf5afab9c791fe932ac7b5d637b414ebfb8ed947ff945636
Sha512	9e131059965dba3fa4e215d92490989b67b02a59c72dd2091292f3347bb0d841c3bc75084747646c26d6d19b1c8bd0bbee77e34919539ff52fde12d8a609dfb6
SSDeep	24576:odoK67R3Ts5Z6UuQAlm6OD2zvisDdks8G9h:/FjQZlu37tDdks8Eh
TLSH	0225E07732174E10D3A44373C1DB8A4593ACA683B6A7F70E7585239A14023FFDE5A2A7

PeID

HQR data file

Microsoft Visual C++ DLL

Microsoft Visual C++ v6.0

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Kltljq.exe
Full Name	Kltljq.exe
EntryPoint	System.Void Vwq56TaLlY5sdsQXgb.urwwa2BiiAoZuJKdA4::Bl4RdLoIr()
Scope Name	Kltljq.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Kltljq
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	43
Main Method	System.Void Vwq56TaLlY5sdsQXgb.urwwa2BiiAoZuJKdA4::Bl4RdLoIr()
Main IL Instruction Count	102
Main IL	ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0009: ldloc V_3 br IL_002E: nop ret <null> nop <null> newobj System.Void mh1yLCkAFgR0MQxbeV.GsPPamQ9U2wLtgRoP7::.ctor() stloc.s V_4 ldc.i4 2 br IL_0052: switch(IL_00AE,IL_0135,IL_0124,IL_0088) br IL_004E: ldloc V_5 ldc.i4 0 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 11 beq IL_0146: newobj System.Void System.InvalidOperationException::.ctor() ldloc V_5 ldc.i4 991 beq IL_004E: ldloc V_5 br IL_0088: newobj System.Void gigPLI8TRleyxYbK81.bP2N5rHhD23TwR4w4P::.ctor() newobj System.Void gigPLI8TRleyxYbK81.bP2N5rHhD23TwR4w4P::.ctor() stloc.s V_6 ldc.i4 11 ldsfld <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4} <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_4949eaeffc424e64b02b1ff5ff6a30eb ldfld System.Int32 <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_9b0ab5322b4e4d3b9b28b8424ebe0ccb brfalse IL_0052: switch(IL_00AE,IL_0135,IL_0124,IL_0088) pop <null> ldc.i4 0 br IL_0052: switch(IL_00AE,IL_0135,IL_0124,IL_0088) newobj System.Void FaVl4quhyHnuoKg44a.jRIBnprUNbQg7xQuW2::.ctor() dup <null> dup <null> ldsfld oXMpnEWTDxWhDHYGbO8 oXMpnEWTDxWhDHYGbO8::yAyWg6qybg call System.Void oXMpnEWTDxWhDHYGbO8::tiWWR7gbgZ(System.Object,FaVl4quhyHnuoKg44a.jRIBnprUNbQg7xQuW2,oXMpnEWTDxWhDHYGbO8) dup <null> ldloc.s V_6 ldsfld C274QoWyDNlSYdW3HMA C274QoWyDNlSYdW3HMA::stMWDumm93 call System.Void C274QoWyDNlSYdW3HMA::tiWWR7gbgZ(System.Object,gigPLI8TRleyxYbK81.bP2N5rHhD23TwR4w4P,C274QoWyDNlSYdW3HMA) ldloc.s V_6 ldloc.s V_2 ldsfld vZpQ7wW6HHFO3T57Q3F vZpQ7wW6HHFO3T57Q3F::ExDWh1q9gw call System.Void vZpQ7wW6HHFO3T57Q3F::tiWWR7gbgZ(System.Object,otdPKVN596VVSkI2Eh.ogPPB6xLtAwHLaui4r,vZpQ7wW6HHFO3T57Q3F) ldloc.s V_2 ldloc.s V_1 ldsfld lbdZgtWKuAUh9XchA3x lbdZgtWKuAUh9XchA3x::tS1Wdl92BN call System.Void lbdZgtWKuAUh9XchA3x::tiWWR7gbgZ(System.Object,iBfjcsdA3VGXPak1C6.uRF7REKWi70Xc8CTKY,lbdZgtWKuAUh9XchA3x) ldloc.s V_1 ldloc.s V_4 ldsfld IomukrWMINAm8vDEaPW IomukrWMINAm8vDEaPW::stjWVnD6sS call System.Void IomukrWMINAm8vDEaPW::tiWWR7gbgZ(System.Object,mh1yLCkAFgR0MQxbeV.GsPPamQ9U2wLtgRoP7,IomukrWMINAm8vDEaPW) ldsfld CTjMepWeUpyHi3vjxRb CTjMepWeUpyHi3vjxRb::t6MWPn1Cqe call System.Boolean CTjMepWeUpyHi3vjxRb::tiWWR7gbgZ(System.Object,CTjMepWeUpyHi3vjxRb) brtrue IL_014C: leave IL_002D ldc.i4 11 ldsfld <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4} <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_4949eaeffc424e64b02b1ff5ff6a30eb ldfld System.Int32 <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_46c396b077d84c6f97b46723354b5ebe brtrue IL_004A: stloc V_5 pop <null> ldc.i4 11 br IL_004A: stloc V_5 newobj System.Void iBfjcsdA3VGXPak1C6.uRF7REKWi70Xc8CTKY::.ctor() stloc.s V_1 ldc.i4 1 br IL_0052: switch(IL_00AE,IL_0135,IL_0124,IL_0088) newobj System.Void otdPKVN596VVSkI2Eh.ogPPB6xLtAwHLaui4r::.ctor() stloc.s V_2 ldc.i4 3 br IL_0052: switch(IL_00AE,IL_0135,IL_0124,IL_0088) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 5 ldsfld <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4} <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_4949eaeffc424e64b02b1ff5ff6a30eb ldfld System.Int32 <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_6b6933cb3d3c40e7b63769beb107644f brfalse IL_0183: switch(IL_019F) pop <null> ldc.i4 0 br IL_0183: switch(IL_019F) br IL_017F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_017F: ldloc V_0 br IL_019F: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4} <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_4949eaeffc424e64b02b1ff5ff6a30eb ldfld System.Int32 <Module>{949f95ef-c639-43cd-a0bd-2220284a88c4}::m_de99ea9db47a4d37a040377e0ae669e7 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 1 br IL_000D: switch(IL_002D,IL_002E)

6c7dc8d90ecbbf30ac991bde84c2ceb0 (1.02 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

6c7dc8d90ecbbf30ac991bde84c2ceb0

PE Executable | MD5: 6c7dc8d90ecbbf30ac991bde84c2ceb0 | Size: 1.02 MB | application/x-dosexec

PE Executable
|
MD5: 6c7dc8d90ecbbf30ac991bde84c2ceb0
|
Size: 1.02 MB
|
application/x-dosexec