Malicious
Malicious

7994985f12d0779828101b75dddefb94

PE Executable
|
MD5: 7994985f12d0779828101b75dddefb94
|
Size: 1.87 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
7994985f12d0779828101b75dddefb94
Sha1
ab05bb72657c62de7ebd3c668f9eee73d722dbd9
Sha256
aa9c2d27050b02a8fc47d79e519aeaec6a94190abfc366cf684bf31cf59fbc0d
Sha384
602dc732fb96d4f2ceb24e9ceec1e39c90b55a17751b8a828b1ccbc9a32395530b468c0bc3cbbcea7fac66f208cde0a3
Sha512
d2c3714a191bb961fea549565ee9a3647881d134ecdba2323bf6b91a68b6f9668e3d056ef5f578a6172ee20b09b8a49f8865acef1feac0fd8292fb84dd7a2ee1
SSDeep
24576:5tlF4cCIRQ4NQOq817XiCuCGzCVxLIwf+AcZuN0EzHTyjRsrSFrZaOe:FCiQEQO94CuCGa4AFrzOjRKI
TLSH
7C857C07BB868BF1C66417F7C8BB051C936CE5867313DE5E398A235A1C837BA9941E07

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
7994985f12d0779828101b75dddefb94
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ztvamfbqmbb.Properties.Resources.resources
Kkxws
Informations
Name
 Value
Module Name

Gwffteuzw.exe
Full Name

Gwffteuzw.exe
EntryPoint

System.Void HidSharp.Elements.HiddenElement::AccessGroupedElement()
Scope Name

Gwffteuzw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gwffteuzw
Assembly Version

1.0.6759.23626
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

754
Main Method

System.Void HidSharp.Elements.HiddenElement::AccessGroupedElement()
Main IL Instruction Count

31
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0053: ret ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Elements.HiddenElement/<>c::efficientToken dup <null> brtrue IL_006A: call System.Void HidSharp.Elements.HiddenElement::ModifyScopeElement(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{3c82323f-8b76-414f-86ab-79515e95d744} <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_493e4920ae814076a883e2787eeed0ca ldfld System.Int32 <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_06e0fc6f40114531bada8e0c75a8b1cf brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_0053,IL_0054,IL_0028) ret <null> ldsfld HidSharp.Elements.HiddenElement/<>c HidSharp.Elements.HiddenElement/<>c::m_FinalizerSystem ldftn System.Void HidSharp.Elements.HiddenElement/<>c::UsePassiveRole(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Elements.HiddenElement/<>c::efficientToken call System.Void HidSharp.Elements.HiddenElement::ModifyScopeElement(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{3c82323f-8b76-414f-86ab-79515e95d744} <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_493e4920ae814076a883e2787eeed0ca ldfld System.Int32 <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_9d593d2744b542ecb2554ad74cebf7e4 brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028)
Module Name

Gwffteuzw.exe
Full Name

Gwffteuzw.exe
EntryPoint

System.Void HidSharp.Elements.HiddenElement::AccessGroupedElement()
Scope Name

Gwffteuzw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gwffteuzw
Assembly Version

1.0.6759.23626
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

754
Main Method

System.Void HidSharp.Elements.HiddenElement::AccessGroupedElement()
Main IL Instruction Count

31
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0053: ret ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Elements.HiddenElement/<>c::efficientToken dup <null> brtrue IL_006A: call System.Void HidSharp.Elements.HiddenElement::ModifyScopeElement(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{3c82323f-8b76-414f-86ab-79515e95d744} <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_493e4920ae814076a883e2787eeed0ca ldfld System.Int32 <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_06e0fc6f40114531bada8e0c75a8b1cf brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_0053,IL_0054,IL_0028) ret <null> ldsfld HidSharp.Elements.HiddenElement/<>c HidSharp.Elements.HiddenElement/<>c::m_FinalizerSystem ldftn System.Void HidSharp.Elements.HiddenElement/<>c::UsePassiveRole(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Elements.HiddenElement/<>c::efficientToken call System.Void HidSharp.Elements.HiddenElement::ModifyScopeElement(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{3c82323f-8b76-414f-86ab-79515e95d744} <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_493e4920ae814076a883e2787eeed0ca ldfld System.Int32 <Module>{3c82323f-8b76-414f-86ab-79515e95d744}::m_9d593d2744b542ecb2554ad74cebf7e4 brtrue IL_0012: switch(IL_0053,IL_0054,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0053,IL_0054,IL_0028)
7994985f12d0779828101b75dddefb94 (1.87 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙