85e8abb0e0335b1b4453e84b9dd466b0

PE Executable
|
MD5: 85e8abb0e0335b1b4453e84b9dd466b0
|
Size: 499.2 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	85e8abb0e0335b1b4453e84b9dd466b0
Sha1	c0f3b5a6a994a97c8e2f274633e35dca8ea16db4
Sha256	bc02945d95bddaa8b73660f7b4d6fe84cf9a6f53ade99caad909d22203522af8
Sha384	eb7dcf0ae74ceac510838548e1c35e6d4aa102f9cd569bcddce6ca945744f28638edb5cfe20a9c35aecf2e94d1e6a625
Sha512	3cb645bb6285d513cc76dbfaaf59a280c82f87d70fcdfbe85d5c3eccc4dd3dc823dbb2c9151beb95b7d63ab4e3993d2c618709015d1933cff316793bfc5e06fe
SSDeep	6144:NVIom3zDD9VfprbbMp3GQCjdrTeE8/JIT70/5junpBtDE3tbYZMJNGxDQRP:sz3LpYMQMChInK5C1MqMc
TLSH	DCB4ADAF72CE4E13C2802AB5D09385244FA1BE763637E74E2F0836D91D72F752D99681

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	WindowsManagerClient.exe
Full Name	WindowsManagerClient.exe
EntryPoint	System.Void M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::<Main>(System.String[])
Scope Name	WindowsManagerClient.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	WindowsManagerClient
Assembly Version	28.33.10.1
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8
Total Strings	44
Main Method	System.Void M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::<Main>(System.String[])
Main IL Instruction Count	37
Main IL	br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_1 br IL_0015: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0033: ldarg.0 ldarg.0 <null> call System.Threading.Tasks.Task M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::xtTRwhEIFN(System.Object) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_0 ldc.i4 0 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_69b600924f994c378a7adbaa692cadcc brtrue IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 2 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) ret <null> call System.Void f76hwiOkTgQJy0y1hHf.beBN9IOfa8kUtNPZTTI::e2qP2vTQv4() ldc.i4 0 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_69b600924f994c378a7adbaa692cadcc brtrue IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 0 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 3 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_b94fd9be920e43e89f9b0d88b3140fad brfalse IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 3 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F)
Module Name	WindowsManagerClient.exe
Full Name	WindowsManagerClient.exe
EntryPoint	System.Void M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::<Main>(System.String[])
Scope Name	WindowsManagerClient.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	WindowsManagerClient
Assembly Version	28.33.10.1
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8
Total Strings	44
Main Method	System.Void M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::<Main>(System.String[])
Main IL Instruction Count	37
Main IL	br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_1 br IL_0015: ldloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_0033: ldarg.0 ldarg.0 <null> call System.Threading.Tasks.Task M62E9tzyoakbS0df5w.l9QUHg7cy6VAHvsip3::xtTRwhEIFN(System.Object) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_0 ldc.i4 0 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_69b600924f994c378a7adbaa692cadcc brtrue IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 2 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) ret <null> call System.Void f76hwiOkTgQJy0y1hHf.beBN9IOfa8kUtNPZTTI::e2qP2vTQv4() ldc.i4 0 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_69b600924f994c378a7adbaa692cadcc brtrue IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 0 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) ldloca.s V_0 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 3 ldsfld <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92} <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_87007c137fda429a91736b3672738de7 ldfld System.Int32 <Module>{dec4440b-b3d5-494a-b67c-6bc8d6787c92}::m_b94fd9be920e43e89f9b0d88b3140fad brfalse IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F) pop <null> ldc.i4 3 br IL_0019: switch(IL_0033,IL_0060,IL_0084,IL_005F)

85e8abb0e0335b1b4453e84b9dd466b0 (499.2 KB)

85e8abb0e0335b1b4453e84b9dd466b0

PE Executable | MD5: 85e8abb0e0335b1b4453e84b9dd466b0 | Size: 499.2 KB | application/x-dosexec

PE Executable
|
MD5: 85e8abb0e0335b1b4453e84b9dd466b0
|
Size: 499.2 KB
|
application/x-dosexec