Malicious
Malicious

6e891448cef259c3073c5fc978e498e8

PE Executable
|
MD5: 6e891448cef259c3073c5fc978e498e8
|
Size: 1.05 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
6e891448cef259c3073c5fc978e498e8
Sha1
d2860ddeaf3406f2d2f3fdf478e0d90b5547ba92
Sha256
4e86d71a19f7f69471776817dc67585064b4b60542bc60e9450739bca63226ee
Sha384
ab11fbf1ef02ebab7fe19aa6227dff01ac5e76066d8300027d81dbaaa9297e9e429993cc29bdf80f7d1b10e9196ed904
Sha512
ad4fc6bde019742755aacf84b084f586b6482ff6a93ce91fb7659331ee9660e65cfb91d01d21b91a43cafeb6cac8f01724c4b6cd6c8bf37628efcaa36a589eac
SSDeep
12288:afD+V+RvjAbXwxwd/6cgGeS6yEsfmLblhU9pVe:LgqAcgGWyEumLbDU9
TLSH
5225493632425D16C2464F3BC086852D93AD7D85F397FBCE32923EBE1805FAB9946252

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
6e891448cef259c3073c5fc978e498e8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
VWTEZOJG5y3KCsiGew.pQtHhyAhbioRTCbGZf
mEUYR5Ge5gBfe1AOoG.7k9x3Mk8plxHjN7dTj
SsIHDn5J8TGth586TV.8YKbMeXxu6ihHpTpBu
Mwupnx.g.resources
Ltgojmildqm.Properties.Resources.resources
Rvzlbynyjy
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Mwupnx.exe
Full Name

Mwupnx.exe
EntryPoint

System.Void bjy97TK4VvfnNgNRBU.YdSLPgp1pOLRFBZb1o::OOSwWuW6G()
Scope Name

Mwupnx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mwupnx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void bjy97TK4VvfnNgNRBU.YdSLPgp1pOLRFBZb1o::OOSwWuW6G()
Main IL Instruction Count

125
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: ret ret <null> nop <null> newobj System.Void JydYwfY0OEu8PHDdMB.MRvsuyjuxogLfFDlFP::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_320d0c28bc96490b9df648299e8fc505 brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 3 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) br IL_0063: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_00C7: newobj System.Void KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6::.ctor() ldloc V_2 ldc.i4 992 beq IL_0063: ldloc V_2 br IL_01AD: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void yaprjFSWXi05sr4Z8s.hipJ89CBr10xOxN5Pu::.ctor() stloc.s V_3 ldc.i4 1 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_2f78c1169ccb44f79c398beb0b53c28a brtrue IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 2 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6::.ctor() stloc.s V_5 ldc.i4 4 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_0798579e33cd4a06b9501da406812303 brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 5 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) br IL_01B3: leave IL_002D ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_8f4a87141ff2461f921dc0b8c814506b brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 2 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void QRj18RvIMA01dDwdJM.UhplmTnTUH4wtU4PXa::.ctor() dup <null> dup <null> ldsfld D9jw94AUmxxC7Q7R8tn D9jw94AUmxxC7Q7R8tn::D02AmI2MVa call System.Void D9jw94AUmxxC7Q7R8tn::qtUAwZ3kWx(System.Object,QRj18RvIMA01dDwdJM.UhplmTnTUH4wtU4PXa,D9jw94AUmxxC7Q7R8tn) dup <null> ldloc.s V_3 ldsfld nk0QhIA0X3G4JQ4aaZA nk0QhIA0X3G4JQ4aaZA::BpXAffThZe call System.Void nk0QhIA0X3G4JQ4aaZA::qtUAwZ3kWx(System.Object,yaprjFSWXi05sr4Z8s.hipJ89CBr10xOxN5Pu,nk0QhIA0X3G4JQ4aaZA) ldloc.s V_3 ldloc.s V_5 ldsfld V9LHPhATPqc1OceKHgy V9LHPhATPqc1OceKHgy::fxAAEa6F0g call System.Void V9LHPhATPqc1OceKHgy::qtUAwZ3kWx(System.Object,KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6,V9LHPhATPqc1OceKHgy) ldloc.s V_5 ldloc.s V_6 ldsfld G21MI1A1EsGFFD5el0O G21MI1A1EsGFFD5el0O::R2lAePrMAg call System.Void G21MI1A1EsGFFD5el0O::qtUAwZ3kWx(System.Object,jsD4MIe4DDs7QJcHpv.iZawlo1423YvT5upin,G21MI1A1EsGFFD5el0O) ldloc.s V_6 ldloc.s V_0 ldsfld LYEt9tAuCQH9yRVNAun LYEt9tAuCQH9yRVNAun::pXbAFa6gMO call System.Void LYEt9tAuCQH9yRVNAun::qtUAwZ3kWx(System.Object,JydYwfY0OEu8PHDdMB.MRvsuyjuxogLfFDlFP,LYEt9tAuCQH9yRVNAun) ldsfld UfL80IAspPOYFto9iFN UfL80IAspPOYFto9iFN::DeXAWLuhsR call System.Boolean UfL80IAspPOYFto9iFN::qtUAwZ3kWx(System.Object,UfL80IAspPOYFto9iFN) brfalse IL_01AD: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 1 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_3029c5cc75294664a71a59cb49c909cb brtrue IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 1 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void jsD4MIe4DDs7QJcHpv.iZawlo1423YvT5upin::.ctor() stloc.s V_6 ldc.i4 12 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_92a951034e104a9cbffcab72b97fa8f9 brtrue IL_005F: stloc V_2 pop <null> ldc.i4 5 br IL_005F: stloc V_2 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_31fcab32f242464384e4250d0ab52e03 brfalse IL_01EA: switch(IL_0206) pop <null> ldc.i4 0 br IL_01EA: switch(IL_0206) br IL_01E6: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 988 beq IL_01E6: ldloc V_4 br IL_0206: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_9ff8db59934e4bcf8817cbf9ff967369 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 3 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Mwupnx.exe
Full Name

Mwupnx.exe
EntryPoint

System.Void bjy97TK4VvfnNgNRBU.YdSLPgp1pOLRFBZb1o::OOSwWuW6G()
Scope Name

Mwupnx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mwupnx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void bjy97TK4VvfnNgNRBU.YdSLPgp1pOLRFBZb1o::OOSwWuW6G()
Main IL Instruction Count

125
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: ret ret <null> nop <null> newobj System.Void JydYwfY0OEu8PHDdMB.MRvsuyjuxogLfFDlFP::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_320d0c28bc96490b9df648299e8fc505 brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 3 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) br IL_0063: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_00C7: newobj System.Void KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6::.ctor() ldloc V_2 ldc.i4 992 beq IL_0063: ldloc V_2 br IL_01AD: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void yaprjFSWXi05sr4Z8s.hipJ89CBr10xOxN5Pu::.ctor() stloc.s V_3 ldc.i4 1 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_2f78c1169ccb44f79c398beb0b53c28a brtrue IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 2 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6::.ctor() stloc.s V_5 ldc.i4 4 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_0798579e33cd4a06b9501da406812303 brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 5 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) br IL_01B3: leave IL_002D ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_8f4a87141ff2461f921dc0b8c814506b brfalse IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 2 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void QRj18RvIMA01dDwdJM.UhplmTnTUH4wtU4PXa::.ctor() dup <null> dup <null> ldsfld D9jw94AUmxxC7Q7R8tn D9jw94AUmxxC7Q7R8tn::D02AmI2MVa call System.Void D9jw94AUmxxC7Q7R8tn::qtUAwZ3kWx(System.Object,QRj18RvIMA01dDwdJM.UhplmTnTUH4wtU4PXa,D9jw94AUmxxC7Q7R8tn) dup <null> ldloc.s V_3 ldsfld nk0QhIA0X3G4JQ4aaZA nk0QhIA0X3G4JQ4aaZA::BpXAffThZe call System.Void nk0QhIA0X3G4JQ4aaZA::qtUAwZ3kWx(System.Object,yaprjFSWXi05sr4Z8s.hipJ89CBr10xOxN5Pu,nk0QhIA0X3G4JQ4aaZA) ldloc.s V_3 ldloc.s V_5 ldsfld V9LHPhATPqc1OceKHgy V9LHPhATPqc1OceKHgy::fxAAEa6F0g call System.Void V9LHPhATPqc1OceKHgy::qtUAwZ3kWx(System.Object,KBO7XFD3VGs9TmL3S4.Vd04UOotPbCP9XvPK6,V9LHPhATPqc1OceKHgy) ldloc.s V_5 ldloc.s V_6 ldsfld G21MI1A1EsGFFD5el0O G21MI1A1EsGFFD5el0O::R2lAePrMAg call System.Void G21MI1A1EsGFFD5el0O::qtUAwZ3kWx(System.Object,jsD4MIe4DDs7QJcHpv.iZawlo1423YvT5upin,G21MI1A1EsGFFD5el0O) ldloc.s V_6 ldloc.s V_0 ldsfld LYEt9tAuCQH9yRVNAun LYEt9tAuCQH9yRVNAun::pXbAFa6gMO call System.Void LYEt9tAuCQH9yRVNAun::qtUAwZ3kWx(System.Object,JydYwfY0OEu8PHDdMB.MRvsuyjuxogLfFDlFP,LYEt9tAuCQH9yRVNAun) ldsfld UfL80IAspPOYFto9iFN UfL80IAspPOYFto9iFN::DeXAWLuhsR call System.Boolean UfL80IAspPOYFto9iFN::qtUAwZ3kWx(System.Object,UfL80IAspPOYFto9iFN) brfalse IL_01AD: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 1 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_3029c5cc75294664a71a59cb49c909cb brtrue IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) pop <null> ldc.i4 1 br IL_0067: switch(IL_01AD,IL_00ED,IL_0111,IL_0187,IL_00A1) newobj System.Void jsD4MIe4DDs7QJcHpv.iZawlo1423YvT5upin::.ctor() stloc.s V_6 ldc.i4 12 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_92a951034e104a9cbffcab72b97fa8f9 brtrue IL_005F: stloc V_2 pop <null> ldc.i4 5 br IL_005F: stloc V_2 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_31fcab32f242464384e4250d0ab52e03 brfalse IL_01EA: switch(IL_0206) pop <null> ldc.i4 0 br IL_01EA: switch(IL_0206) br IL_01E6: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 988 beq IL_01E6: ldloc V_4 br IL_0206: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61} <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_1f2b2661138b42eb9d7bec80a88cebad ldfld System.Int32 <Module>{0e2a71c8-afd4-4b85-949e-e650c716fc61}::m_9ff8db59934e4bcf8817cbf9ff967369 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 3 br IL_000D: switch(IL_002D,IL_002E)
6e891448cef259c3073c5fc978e498e8 (1.05 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙