Malicious
Malicious

73d3a30675edff0224cfaeef1b578b66

PE Executable
MD5: 73d3a30675edff0224cfaeef1b578b66
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 73d3a30675edff0224cfaeef1b578b66
Sha1 125ce3384144e4475e652027623b0aa5d6da081b
Sha256 8365a58fe73a021c914e57868087df4299d61dfdfd34e00cc89e496aa18c0572
Sha384 440e7c21952b9ed1edc9975a86dac5a501fc58ebe2f98433c55a04d1af0d49c90ade7991282acdbec267bf959c12c39e
Sha512 5dd1bba9a8c2e7751ee3e8aabd1f2fd92680645d63308089261add6efd4804af4993ff703d8283741d4596fc54c0335773a7a172120bd996a67f9a6749ab736b
SSDeep 3072:7YrKayCK3qwf6i+L+5IkGTHo9rG8KaG5jnThhSoufzz:qKayCKaoZBssq8KaWTL
TLSH 68340F027F88EB15E1A97E3782EF2C2453B2B4C71733C60B6F49AB5524516826C7E72D
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙