Malicious
Malicious

81ace1ccb94bf75f40db64d3a685d695

PE Executable
|
MD5: 81ace1ccb94bf75f40db64d3a685d695
|
Size: 635.9 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
81ace1ccb94bf75f40db64d3a685d695
Sha1
647408698375891951a34ee4417b389a0d8e264d
Sha256
d2aa7cd8ec3ca9782b4ecffe1c2fc20b9ca6da3a999ade3c5df0d4b8b856d620
Sha384
1f910a6cb7a44c261ad6cc327e67d2d9e480b1f44ae3e052f91828045185c5df63529a4b0417190cb9577489140f99aa
Sha512
e01f70fb04a635ccc0ea52d4910e97eecc283bd06d899ffebf274806924a7dc68a2d1559385b370cc04b5852c935229464c16f012d42893ce5e025a1d8c163a1
SSDeep
12288:5JSke5/MkZmnUVl7YZDiyHRZ/s/wrUeRMn0gQu1X4G20DiBee1x:QVgiyHfdIwoNQul4G20Dbe1x
TLSH
C7D49D1B7644CE20C1486637C1CB450193F595E2B667E70ABAC9235A1E073FEDE0E7AB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
81ace1ccb94bf75f40db64d3a685d695
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
cE2pqCRVZCNTwX8yPX.yeUbEPusgYWbaXJOQ3
d7VksOc0qy0yd9O4uv.PKYaCk2RyTnmvRG9Yb
Effxndi.g.resources
Effxndi.Properties.Resources.resources
Wbopajdvy
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Effxndi.exe
Full Name

Effxndi.exe
EntryPoint

System.Void ehGMBTXfNgkjROF0IQ.E0Qm1SJS2S2v80aypI::x8B8GHsfp()
Scope Name

Effxndi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Effxndi
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ehGMBTXfNgkjROF0IQ.E0Qm1SJS2S2v80aypI::x8B8GHsfp()
Main IL Instruction Count

89
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: ret ret <null> nop <null> call System.Boolean TZexfXAfakBOhmlry6.vJnUoot1KrytWqbIlm::QXhlJuM2q() brfalse IL_00AE: ldc.i4 1448627763 ldc.i4 5 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_ab840a61e15b4760a2bf070e213a2708 brfalse IL_006A: switch(IL_00AE,IL_008A) pop <null> ldc.i4 1 br IL_006A: switch(IL_00AE,IL_008A) br IL_0066: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0066: ldloc V_1 br IL_00AE: ldc.i4 1448627763 br IL_00CF: leave IL_002D ldc.i4 0 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_37af348d8fc34dd1a33ac44a758ea1a1 brfalse IL_006A: switch(IL_00AE,IL_008A) pop <null> ldc.i4 6 br IL_006A: switch(IL_00AE,IL_008A) ldc.i4 1448627763 ldc.i4 899153766 xor <null> ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_94e5603fb9c84625811147d7b6b815f3 xor <null> call System.String O85UBZ3fEfZGWxH13x.XB0mdfK5jcr8uB86MP::XKWRN4ILKU(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_002D: ret stloc.s V_3 ldc.i4 1 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_e488e56850fa4f96b0b3ee3c58a1db58 brtrue IL_0107: switch(IL_0172,IL_0127) pop <null> ldc.i4 6 br IL_0107: switch(IL_0172,IL_0127) br IL_0103: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0103: ldloc V_2 br IL_0127: ldc.i4 -874249201 ldc.i4 -874249201 ldc.i4 -256000191 xor <null> ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_e430c11ce7344b83b37b17fa2d59d471 xor <null> call System.String O85UBZ3fEfZGWxH13x.XB0mdfK5jcr8uB86MP::XKWRN4ILKU(System.Int32) ldloc.s V_3 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 0 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_8c3a0dbf9cb74e7d857353e46ff28d7a brfalse IL_0107: switch(IL_0172,IL_0127) pop <null> ldc.i4 3 br IL_0107: switch(IL_0172,IL_0127) leave IL_002D: ret ldc.i4 5 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_b69b824559cc4cbd9f9c1551cfbc660f brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Effxndi.exe
Full Name

Effxndi.exe
EntryPoint

System.Void ehGMBTXfNgkjROF0IQ.E0Qm1SJS2S2v80aypI::x8B8GHsfp()
Scope Name

Effxndi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Effxndi
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void ehGMBTXfNgkjROF0IQ.E0Qm1SJS2S2v80aypI::x8B8GHsfp()
Main IL Instruction Count

89
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: ret ret <null> nop <null> call System.Boolean TZexfXAfakBOhmlry6.vJnUoot1KrytWqbIlm::QXhlJuM2q() brfalse IL_00AE: ldc.i4 1448627763 ldc.i4 5 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_ab840a61e15b4760a2bf070e213a2708 brfalse IL_006A: switch(IL_00AE,IL_008A) pop <null> ldc.i4 1 br IL_006A: switch(IL_00AE,IL_008A) br IL_0066: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0066: ldloc V_1 br IL_00AE: ldc.i4 1448627763 br IL_00CF: leave IL_002D ldc.i4 0 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_37af348d8fc34dd1a33ac44a758ea1a1 brfalse IL_006A: switch(IL_00AE,IL_008A) pop <null> ldc.i4 6 br IL_006A: switch(IL_00AE,IL_008A) ldc.i4 1448627763 ldc.i4 899153766 xor <null> ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_94e5603fb9c84625811147d7b6b815f3 xor <null> call System.String O85UBZ3fEfZGWxH13x.XB0mdfK5jcr8uB86MP::XKWRN4ILKU(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_002D: ret stloc.s V_3 ldc.i4 1 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_e488e56850fa4f96b0b3ee3c58a1db58 brtrue IL_0107: switch(IL_0172,IL_0127) pop <null> ldc.i4 6 br IL_0107: switch(IL_0172,IL_0127) br IL_0103: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0103: ldloc V_2 br IL_0127: ldc.i4 -874249201 ldc.i4 -874249201 ldc.i4 -256000191 xor <null> ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_e430c11ce7344b83b37b17fa2d59d471 xor <null> call System.String O85UBZ3fEfZGWxH13x.XB0mdfK5jcr8uB86MP::XKWRN4ILKU(System.Int32) ldloc.s V_3 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 0 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_8c3a0dbf9cb74e7d857353e46ff28d7a brfalse IL_0107: switch(IL_0172,IL_0127) pop <null> ldc.i4 3 br IL_0107: switch(IL_0172,IL_0127) leave IL_002D: ret ldc.i4 5 ldsfld <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e} <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_04ec96a780d84e59b84f3762ea74c89d ldfld System.Int32 <Module>{7cb24906-1ab5-4f9f-a9f3-48a08810d90e}::m_b69b824559cc4cbd9f9c1551cfbc660f brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
81ace1ccb94bf75f40db64d3a685d695 (635.9 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙