Malicious
8951ce27300748d7b3d471020fbbd830
PE Executable
MD5: 8951ce27300748d7b3d471020fbbd830
Size: 245.25 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 8951ce27300748d7b3d471020fbbd830 |
| Sha1 | e96244a68e280ef833f34ee984557ac35deb2c57 |
| Sha256 | e3a7b527e98ba28056ccaf3c3504d067714782de35c5f5141781f12cb894c4b0 |
| Sha384 | b79e9dd838b913ac9fbce6d20410532ef2e4785ea66a73f1e3b143b0e3196af57f0fd8f8597a68bc3a69ac235d20e249 |
| Sha512 | f351aa3ffd67b845ad635cb3a6bd42f4ea17839a95f08f0533af86dba979139f8d6868ffee671ce6b247d12760999e4886e15f37c435a864ca6218da97c518e8 |
| SSDeep | 3072:BUxayCK6VGFwVasuFoIkTHo9rG8KaG5jnTheqEufzz:iayCK6UFyoesq8KaWTA |
| TLSH | 98340F027F88EB15E1A93E3782EF6C2453B2B4C71733C60B6F49AB5524516826C7E72D |
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.