Malicious
73d3a30675edff0224cfaeef1b578b66
PE Executable
MD5: 73d3a30675edff0224cfaeef1b578b66
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 73d3a30675edff0224cfaeef1b578b66 |
| Sha1 | 125ce3384144e4475e652027623b0aa5d6da081b |
| Sha256 | 8365a58fe73a021c914e57868087df4299d61dfdfd34e00cc89e496aa18c0572 |
| Sha384 | 440e7c21952b9ed1edc9975a86dac5a501fc58ebe2f98433c55a04d1af0d49c90ade7991282acdbec267bf959c12c39e |
| Sha512 | 5dd1bba9a8c2e7751ee3e8aabd1f2fd92680645d63308089261add6efd4804af4993ff703d8283741d4596fc54c0335773a7a172120bd996a67f9a6749ab736b |
| SSDeep | 3072:7YrKayCK3qwf6i+L+5IkGTHo9rG8KaG5jnThhSoufzz:qKayCKaoZBssq8KaWTL |
| TLSH | 68340F027F88EB15E1A97E3782EF2C2453B2B4C71733C60B6F49AB5524516826C7E72D |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.