Suspicious
Suspect

Share on LinkedIn
Print
PE Executable
MD5: 839fa9038938d09b32fe75e26803c53d
Size: 464.38 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score High
MD5 839fa9038938d09b32fe75e26803c53d
Sha1 90a42ba4a31db88c75f4d9f69e258b2e54b78656
Sha256 3dcea9230c2846ace39008f70c062faa0688dba97e28b6bc2a77b4858a753f10
Sha384 96b6443422a6fd266bdeb776ea4eb09dc2bbea515e4ec37995fda2c35d01e78bf431986b16f882275ac42c4898af70c1
Sha512 95feba46c287839f12090e64713e1f75471dedb690ac85e8d15d1450cc977aa8b0bf0ac645766ebbc49dfc0403ad75bb819bcc3c3da6645ebb6081f536e5c5e1
SSDeep 12288:8BsaG8d0K73zzgRrEwHEBVzgA5vWw6kkTMP6iFKg:gsPKbzzgRNknzgA5J6k+yyg
TLSH 3DA4BE55DA82CD62DD582B75C57288741173BC6826F3F75BACCA78B627F33E1001A88B
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
server1.exe
Full Name
server1.exe
EntryPoint
System.Void server.Module2::main()
Scope Name
server1.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
server1
Assembly Version
3.8.7.9
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.8
Total Strings
32
Main Method
System.Void server.Module2::main()
Main IL Instruction Count
75
Main IL
nop <null>
ldc.i4 1709005696
stloc.3 <null>
ldloc.3 <null>
ldc.i4 2124514416
not <null>
ldc.i4 777813933
mul <null>
neg <null>
sub <null>
ldc.i4 1526900263
mul <null>
ldc.i4 -1028013457
ldc.i4 332093034
xor <null>
sub <null>
not <null>
dup <null>
stloc.2 <null>
ldc.i4.5 <null>
rem.un <null>
switch dnlib.DotNet.Emit.Instruction[]
br IL_00F6: ret
ldloc.1 <null>
ldsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_6E26C77D17874114_()
call System.Object server.Module2::_11BADF8758CB48C9_(System.Object)
call System.String server.Module2::_EC95653285B340BA_(System.Object)
call System.Boolean server.Module2::_F18C26F98AB84643_(System.Object,System.Byte[],System.String)
pop <null>
ldc.i4 2105556168
stloc.s V_6
ldloc.2 <null>
ldc.i4 -346102
mul <null>
ldloc.s V_6
xor <null>
br.s IL_0006: stloc.3
call System.Object server.Module2::_C62701E79C784365_()
stloc.1 <null>
ldc.i4 2075379477
stloc.s V_5
ldloc.2 <null>
ldc.i4 -239048
mul <null>
ldloc.s V_5
xor <null>
br IL_0006: stloc.3
call System.String server.Module2::_2AB0EFB353244532_()
ldc.i4 -1402117594
br.s IL_00A1: call System.String <Module>::_8F9B7FA9C9EA49DB_<System.String>(System.IntPtr)
call System.String <Module>::_8F9B7FA9C9EA49DB_<System.String>(System.IntPtr)
call System.String server.Module2::_2C7409B030174705_(System.String,System.String)
stsfld System.String server.Module2::Hex
ldsfld System.String server.Module2::Hex
call System.Byte[] server.Module2::_B12CB236B53546BD_(System.String)
stsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_8960DE7FA4D9449D_()
stloc.0 <null>
ldloc.0 <null>
ldsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_6E26C77D17874114_()
call System.Object server.Module2::_11BADF8758CB48C9_(System.Object)
call System.String server.Module2::_EC95653285B340BA_(System.Object)
call System.Boolean server.Module2::_8DBB8EB442E140EF_(System.Object,System.Byte[],System.String)
pop <null>
ldc.i4 -1476303576
stloc.s V_4
ldloc.2 <null>
ldc.i4 -40927
mul <null>
ldloc.s V_4
xor <null>
br IL_0006: stloc.3
ret <null>
Module Name
server1.exe
Full Name
server1.exe
EntryPoint
System.Void server.Module2::main()
Scope Name
server1.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
server1
Assembly Version
3.8.7.9
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.8
Total Strings
32
Main Method
System.Void server.Module2::main()
Main IL Instruction Count
75
Main IL
nop <null>
ldc.i4 1709005696
stloc.3 <null>
ldloc.3 <null>
ldc.i4 2124514416
not <null>
ldc.i4 777813933
mul <null>
neg <null>
sub <null>
ldc.i4 1526900263
mul <null>
ldc.i4 -1028013457
ldc.i4 332093034
xor <null>
sub <null>
not <null>
dup <null>
stloc.2 <null>
ldc.i4.5 <null>
rem.un <null>
switch dnlib.DotNet.Emit.Instruction[]
br IL_00F6: ret
ldloc.1 <null>
ldsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_6E26C77D17874114_()
call System.Object server.Module2::_11BADF8758CB48C9_(System.Object)
call System.String server.Module2::_EC95653285B340BA_(System.Object)
call System.Boolean server.Module2::_F18C26F98AB84643_(System.Object,System.Byte[],System.String)
pop <null>
ldc.i4 2105556168
stloc.s V_6
ldloc.2 <null>
ldc.i4 -346102
mul <null>
ldloc.s V_6
xor <null>
br.s IL_0006: stloc.3
call System.Object server.Module2::_C62701E79C784365_()
stloc.1 <null>
ldc.i4 2075379477
stloc.s V_5
ldloc.2 <null>
ldc.i4 -239048
mul <null>
ldloc.s V_5
xor <null>
br IL_0006: stloc.3
call System.String server.Module2::_2AB0EFB353244532_()
ldc.i4 -1402117594
br.s IL_00A1: call System.String <Module>::_8F9B7FA9C9EA49DB_<System.String>(System.IntPtr)
call System.String <Module>::_8F9B7FA9C9EA49DB_<System.String>(System.IntPtr)
call System.String server.Module2::_2C7409B030174705_(System.String,System.String)
stsfld System.String server.Module2::Hex
ldsfld System.String server.Module2::Hex
call System.Byte[] server.Module2::_B12CB236B53546BD_(System.String)
stsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_8960DE7FA4D9449D_()
stloc.0 <null>
ldloc.0 <null>
ldsfld System.Byte[] server.Module2::Bytes
call System.Object server.Module2::_6E26C77D17874114_()
call System.Object server.Module2::_11BADF8758CB48C9_(System.Object)
call System.String server.Module2::_EC95653285B340BA_(System.Object)
call System.Boolean server.Module2::_8DBB8EB442E140EF_(System.Object,System.Byte[],System.String)
pop <null>
ldc.i4 -1476303576
stloc.s V_4
ldloc.2 <null>
ldc.i4 -40927
mul <null>
ldloc.s V_4
xor <null>
br IL_0006: stloc.3
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙