Malicious
Malicious

75110dd666cc146385ee000125d2af56

PE Executable
|
MD5: 75110dd666cc146385ee000125d2af56
|
Size: 3.64 MB
|
application/x-msdownload

Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
.Net
SOS: 0.59
Print
General
Structural Analysis
Config.0
Yara Rules14
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
75110dd666cc146385ee000125d2af56
Sha1
76ad36d5f3cee14f458e222450a2b9f26ac195e8
Sha256
483c771e510e467ad2bf37f131bab5b9523ebec204434036216eaf324cb5ece2
Sha384
7678667551811497f363cfc957c24678c0deea6d5ab944d849774e8e2860ff931ef9df84b5adfb92916d9f549b7acaf9
Sha512
9d87536f71453df2f2b0e8498ed7baa2db60b29ea0cdcb300e5132ae55ceddc2d62a4bd5d5e15f7bd5b0ffc49df85784842fa22a763309de1e29e2ebe46a85bf
SSDeep
98304:INrHee2CHQNZDkWuGQuJcsklEKaFdoPmsiZes/:I9H2oQrDkWuGQuJrkgYics
TLSH
32F5F11A65D28E33E2605B368697013D9390E7263A52EF0B355F51D2B90BBF18E721F3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
75110dd666cc146385ee000125d2af56
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
.Net
SOS: 0.59
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
IwjqmenVOG8impPWIc.RqadTijOV3AoAup8KV
RIOyHjf6g7RtpqYBaZ.ki7DnoMvdPC0c0CXNq
h9j00XYB5f9vUpkpfy.arOcG1yO5JuAR42ncY
umk0NMV5y3VT0FFvmE.YUvwA2g5wPVcxxvDYx
35K3wF9nwqy4yKtsWc.cZjfLSBOYGx7ilwa54
ayYxR91r8gL4NmGOKy.HBLrxaHMPCOunBj1sb
Informations
Name
 Value
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void WHCe5oxMMe8pFZQyTTb.KBuFOMxfKlFF9atKhTf::Ym6xnud4MK()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void WHCe5oxMMe8pFZQyTTb.KBuFOMxfKlFF9atKhTf::Ym6xnud4MK()
Main IL Instruction Count

46
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A8: ldnull ldc.i4 -92251574 ldc.i4 -384027092 xor <null> ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_a9c7c6c20f174c8ea3636d39e869ff25 xor <null> call System.String wG1BYD8CTK0nNfZGtiO.SL7FsX8ND8473IivJbP::BpY82eDLBX(System.Int32) newobj System.Void Ist8eQy9MIJ9WH2xtUZ.WZNG5XygZcpIKDTJjJ3::.ctor(System.String) call System.Void Ist8eQy9MIJ9WH2xtUZ.WZNG5XygZcpIKDTJjJ3::SfLyBNGwNY() ldc.i4 4 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) call System.Void D7Vf84sGbsAmueJ0xxw.gGWCbXsCYUJaQCI1sG7::DfRHjSIu5KX() ldc.i4 2 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_593499836a7d405d9531cebaa17035b8 brtrue IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 2 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) newobj System.Void WdgSM6YgOJHpoRQWCXi.v2rwyjYVdX16LIcXfDX::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_afdfb7d2433446cda653f7afc16f768b brfalse IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) ldnull <null> ldnull <null> newobj System.Void HWIutXMmpbq6qMgLfey.lHIU7hMFirbQU29vNKu::.ctor(System.String,System.String) call System.Void NboVPZHwRgO7VNIIw1H.O0bGKAHxQvBw0Vj3kNv::x7FHDCRipR(HWIutXMmpbq6qMgLfey.lHIU7hMFirbQU29vNKu) ldc.i4 1 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_7ffe5a983d9d418cb34a06bf7bfc3821 brtrue IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 1 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) ret <null>
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void WHCe5oxMMe8pFZQyTTb.KBuFOMxfKlFF9atKhTf::Ym6xnud4MK()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void WHCe5oxMMe8pFZQyTTb.KBuFOMxfKlFF9atKhTf::Ym6xnud4MK()
Main IL Instruction Count

46
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A8: ldnull ldc.i4 -92251574 ldc.i4 -384027092 xor <null> ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_a9c7c6c20f174c8ea3636d39e869ff25 xor <null> call System.String wG1BYD8CTK0nNfZGtiO.SL7FsX8ND8473IivJbP::BpY82eDLBX(System.Int32) newobj System.Void Ist8eQy9MIJ9WH2xtUZ.WZNG5XygZcpIKDTJjJ3::.ctor(System.String) call System.Void Ist8eQy9MIJ9WH2xtUZ.WZNG5XygZcpIKDTJjJ3::SfLyBNGwNY() ldc.i4 4 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) call System.Void D7Vf84sGbsAmueJ0xxw.gGWCbXsCYUJaQCI1sG7::DfRHjSIu5KX() ldc.i4 2 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_593499836a7d405d9531cebaa17035b8 brtrue IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 2 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) newobj System.Void WdgSM6YgOJHpoRQWCXi.v2rwyjYVdX16LIcXfDX::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_afdfb7d2433446cda653f7afc16f768b brfalse IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) ldnull <null> ldnull <null> newobj System.Void HWIutXMmpbq6qMgLfey.lHIU7hMFirbQU29vNKu::.ctor(System.String,System.String) call System.Void NboVPZHwRgO7VNIIw1H.O0bGKAHxQvBw0Vj3kNv::x7FHDCRipR(HWIutXMmpbq6qMgLfey.lHIU7hMFirbQU29vNKu) ldc.i4 1 ldsfld <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90} <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_9456cafe138649c091590da6ecfe1e91 ldfld System.Int32 <Module>{6ee53d67-8d49-40ef-b28a-c1bd1e6a3e90}::m_7ffe5a983d9d418cb34a06bf7bfc3821 brtrue IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) pop <null> ldc.i4 1 br IL_0012: switch(IL_00A8,IL_0030,IL_0083,IL_005F,IL_00D3) ret <null>
Artefacts
Name
 Value
Embedded Resources

6
Suspicious Type Names (1-2 chars)

0
75110dd666cc146385ee000125d2af56 (3.64 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙