Malicious
Malicious

893fa59d7b5eb2c36f270e40c1df64f1

PE Executable
|
MD5: 893fa59d7b5eb2c36f270e40c1df64f1
|
Size: 651.26 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
893fa59d7b5eb2c36f270e40c1df64f1
Sha1
223b6911a5fd511fb6068e2bac96510041a3b375
Sha256
b1963848120a2c7b31a6a816a09c0d7391b5cca1e3234a2f92adccb8bbeca2ed
Sha384
5a52f9e10ed35193efee7b7914791e7d8809a80c127fd94b782e6e3ddd8a8e612147f8b2718ee2ef856778704d6ed240
Sha512
9e0381941fd4545c967236c2524d90c620789fdabbb8ab7ee383ae229080a02455e3fe745fe4803cc7d5cab56f1a8cec8e93c7ada5ec61891280b1ae4729930e
SSDeep
6144:57L9gg/62WcaLDC02yzsXjCn8o0CC8OhrhajycWaMN+VO3YHlZWHEnlKS:kgGLex08oBLO2WaDnll
TLSH
34D46C91AE85CA53C9370EB547B6C33883B6DFB8BD534307A4BB7E2DBC366452901252

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
893fa59d7b5eb2c36f270e40c1df64f1
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
AFX_DIALOG_LAYOUT
ID:0065
ID:2048
RT_CURSOR
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_BITMAP
ID:009F
ID:2048
ID:00A9
ID:2048
ID:00AA
ID:2048
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
RT_MENU
ID:0080
ID:1024
RT_DIALOG
ID:0065
ID:2048
ID:0067
ID:2048
ID:0083
ID:2048
ID:008E
ID:2048
ID:0091
ID:2048
ID:0094
ID:2048
ID:009A
ID:2048
ID:009B
ID:2048
ID:009C
ID:2048
ID:00A0
ID:2048
RT_STRING
ID:0009
ID:1024
ID:0272
ID:1024
ID:0E11
ID:1024
ID:0E12
ID:1024
ID:0E15
ID:1024
RT_GROUP_CURSOR2
ID:0068
ID:0
ID:0095
ID:0
ID:0097
ID:0
ID:0098
ID:0
ID:00B2
ID:0
ID:00B3
ID:0
RT_GROUP_CURSOR4
ID:0080
ID:0
RT_VERSION
ID:0001
ID:0
ID:1033
RT_MANIFEST
ID:0001
ID:0
ID:1033
.Net Resources
Malicious
oirw.vbs
Malicious
oirw.vbs.deobfuscated.vbs
Malicious
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

698148781cc06.exe
Full Name

698148781cc06.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

698148781cc06.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

698148781cc06
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
Module Name

698148781cc06.exe
Full Name

698148781cc06.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

698148781cc06.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

698148781cc06
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
Artefacts
Name
 Value
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
893fa59d7b5eb2c36f270e40c1df64f1 (651.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙