Malicious
83aaec9b27ca20a5f1cdd75aa3c89d9a
PE Executable
MD5: 83aaec9b27ca20a5f1cdd75aa3c89d9a
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 83aaec9b27ca20a5f1cdd75aa3c89d9a |
| Sha1 | aad5448e55ecb42184fc171c6128d809a8396596 |
| Sha256 | 97b6c601828796cbb4b7f7d7dba3789a792816fdca70201e3965dc57694882a4 |
| Sha384 | cdc384d8de0e66aacc57ad1e88971b986b4964f3ab4ea08737bda4af45af8eaa3c923a844492c3ab6bda662cee52f873 |
| Sha512 | 2379a633a09eb75db4c227a632565ad0cfc7373fa3d51a97efeb20a68f604e52a370d3b4fbdd167e7ff3f8cce68ebef350b469b67700117903439323a1bafbc8 |
| SSDeep | 3072:Jcp6CyKaNWSKOzujU4nTHo9rG8KaG5jnThzqsufzz:i6CyKagDf9sq8KaWTR |
| TLSH | B5340F027F88E715E1A93E3782EF6C2453B2B4C71633C60BAF49AF5524516826C7E72D |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.