Malicious
Malicious

8951ce27300748d7b3d471020fbbd830

Share on LinkedIn
Print
PE Executable
MD5: 8951ce27300748d7b3d471020fbbd830
Size: 245.25 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 8951ce27300748d7b3d471020fbbd830
Sha1 e96244a68e280ef833f34ee984557ac35deb2c57
Sha256 e3a7b527e98ba28056ccaf3c3504d067714782de35c5f5141781f12cb894c4b0
Sha384 b79e9dd838b913ac9fbce6d20410532ef2e4785ea66a73f1e3b143b0e3196af57f0fd8f8597a68bc3a69ac235d20e249
Sha512 f351aa3ffd67b845ad635cb3a6bd42f4ea17839a95f08f0533af86dba979139f8d6868ffee671ce6b247d12760999e4886e15f37c435a864ca6218da97c518e8
SSDeep 3072:BUxayCK6VGFwVasuFoIkTHo9rG8KaG5jnTheqEufzz:iayCK6UFyoesq8KaWTA
TLSH 98340F027F88EB15E1A93E3782EF6C2453B2B4C71733C60B6F49AB5524516826C7E72D
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙