7252bd7fed708066ad69b2754a465f41

PE Executable
|
MD5: 7252bd7fed708066ad69b2754a465f41
|
Size: 549.38 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	7252bd7fed708066ad69b2754a465f41
Sha1	cbbd5bd1bc61bfc9cfb9c080812cad587b6551ee
Sha256	da3fb304c21e2f7727b84a6b6a4627442225da41cb45bf939876172e048aa96c
Sha384	229b0c32f58927168f1ac22a1b76fb4a885c2383e1d5aa3487a96dca776f534f80279161ecb2d33e6777c7f47866d458
Sha512	2de57fe48aa32a43263c9797f08fa2491c2914c3bffe788ea80ddf07fae7b05a21032fbbe70e065b1091946534e5e6e1523c3f9a1cec06c1a36e039b80774b37
SSDeep	12288:4KdCJiY+qLYc6M7cJq1MfauKvp4L/J4RLEERcllCiOxt:42CJ6qkVMcyMfan4L/OSE6llClxt
TLSH	3DC402067EC41392DA94A5BDD0E7542403F2A9C73AF3DB8E3A4853D99E823E4CD17B49

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Cdnkjhhcog.exe
Full Name	Cdnkjhhcog.exe
EntryPoint	System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r::VRYqoZsxc()
Scope Name	Cdnkjhhcog.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Cdnkjhhcog
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r::VRYqoZsxc()
Main IL Instruction Count	85
Main IL	ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_017C: ldsfld C32rPqLZXVG0lDQXAW4 C32rPqLZXVG0lDQXAW4::OmKL4pEnt1 ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc call System.Void zgAUCmLGfPtGkeQuuW2::AM6Lv0wtub(zgAUCmLGfPtGkeQuuW2) ldc.i4 8 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_8dcc0d246ac04d86a2385bf195e62b25 brtrue IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) pop <null> ldc.i4 1 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) nop <null> ldsfld System.Threading.ThreadStart r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::QgqvZDNAZ dup <null> brfalse IL_006F: pop br IL_00D7: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 1 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_50a35ff5c17e4547a3be039b889a286c brfalse IL_00A1: switch(IL_00C1,IL_0105) pop <null> ldc.i4 0 br IL_00A1: switch(IL_00C1,IL_0105) br IL_009D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_009D: ldloc V_2 br IL_00C1: ldsfld r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::FmBTGVnRf ldsfld r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::FmBTGVnRf ldftn System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::hQrYLeXkQ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::QgqvZDNAZ newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld gOB6F6LBZomc6w3pvsi gOB6F6LBZomc6w3pvsi::HwELeVDRHY call System.Void gOB6F6LBZomc6w3pvsi::AM6Lv0wtub(System.Object,gOB6F6LBZomc6w3pvsi) ldc.i4 7 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_9cc1fc8f2a2a4d79b3971374fa881abd brtrue IL_00A1: switch(IL_00C1,IL_0105) pop <null> ldc.i4 1 br IL_00A1: switch(IL_00C1,IL_0105) leave IL_0035: ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc pop <null> ldc.i4 0 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_5336c4f36c4748e78cd9399d40c77c43 brtrue IL_013C: switch(IL_0158) pop <null> ldc.i4 0 br IL_013C: switch(IL_0158) br IL_0138: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0138: ldloc V_0 br IL_0158: leave IL_0035 leave IL_0035: ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc ldc.i4 0 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_a6a52b8c9b7948c39edf94b773469f3c brtrue IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) ldsfld C32rPqLZXVG0lDQXAW4 C32rPqLZXVG0lDQXAW4::OmKL4pEnt1 call System.Void C32rPqLZXVG0lDQXAW4::AM6Lv0wtub(C32rPqLZXVG0lDQXAW4) ldc.i4 2 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) ret <null>
Module Name	Cdnkjhhcog.exe
Full Name	Cdnkjhhcog.exe
EntryPoint	System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r::VRYqoZsxc()
Scope Name	Cdnkjhhcog.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Cdnkjhhcog
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	39
Main Method	System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r::VRYqoZsxc()
Main IL Instruction Count	85
Main IL	ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_017C: ldsfld C32rPqLZXVG0lDQXAW4 C32rPqLZXVG0lDQXAW4::OmKL4pEnt1 ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc call System.Void zgAUCmLGfPtGkeQuuW2::AM6Lv0wtub(zgAUCmLGfPtGkeQuuW2) ldc.i4 8 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_8dcc0d246ac04d86a2385bf195e62b25 brtrue IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) pop <null> ldc.i4 1 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) nop <null> ldsfld System.Threading.ThreadStart r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::QgqvZDNAZ dup <null> brfalse IL_006F: pop br IL_00D7: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 1 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_50a35ff5c17e4547a3be039b889a286c brfalse IL_00A1: switch(IL_00C1,IL_0105) pop <null> ldc.i4 0 br IL_00A1: switch(IL_00C1,IL_0105) br IL_009D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_009D: ldloc V_2 br IL_00C1: ldsfld r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::FmBTGVnRf ldsfld r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::FmBTGVnRf ldftn System.Void r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::hQrYLeXkQ() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart r0eXv2WNE5LUxBigoA.wajFGImSjGqPhLSC0r/<>c::QgqvZDNAZ newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld gOB6F6LBZomc6w3pvsi gOB6F6LBZomc6w3pvsi::HwELeVDRHY call System.Void gOB6F6LBZomc6w3pvsi::AM6Lv0wtub(System.Object,gOB6F6LBZomc6w3pvsi) ldc.i4 7 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_9cc1fc8f2a2a4d79b3971374fa881abd brtrue IL_00A1: switch(IL_00C1,IL_0105) pop <null> ldc.i4 1 br IL_00A1: switch(IL_00C1,IL_0105) leave IL_0035: ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc pop <null> ldc.i4 0 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_5336c4f36c4748e78cd9399d40c77c43 brtrue IL_013C: switch(IL_0158) pop <null> ldc.i4 0 br IL_013C: switch(IL_0158) br IL_0138: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0138: ldloc V_0 br IL_0158: leave IL_0035 leave IL_0035: ldsfld zgAUCmLGfPtGkeQuuW2 zgAUCmLGfPtGkeQuuW2::m2bLtGAXOc ldc.i4 0 ldsfld <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf} <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_507c2e9c148641b19bbc7b031c4660d5 ldfld System.Int32 <Module>{484db6f7-658e-4aef-b3da-8a3881b97bdf}::m_a6a52b8c9b7948c39edf94b773469f3c brtrue IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) ldsfld C32rPqLZXVG0lDQXAW4 C32rPqLZXVG0lDQXAW4::OmKL4pEnt1 call System.Void C32rPqLZXVG0lDQXAW4::AM6Lv0wtub(C32rPqLZXVG0lDQXAW4) ldc.i4 2 br IL_000D: switch(IL_0035,IL_0190,IL_005E,IL_017C) ret <null>

7252bd7fed708066ad69b2754a465f41 (549.38 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

7252bd7fed708066ad69b2754a465f41

PE Executable | MD5: 7252bd7fed708066ad69b2754a465f41 | Size: 549.38 KB | application/x-dosexec

PE Executable
|
MD5: 7252bd7fed708066ad69b2754a465f41
|
Size: 549.38 KB
|
application/x-dosexec