Malicious
89a42088178e5c5778bcef4b02930b14
PE Executable
MD5: 89a42088178e5c5778bcef4b02930b14
Size: 245.25 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | 89a42088178e5c5778bcef4b02930b14 |
| Sha1 | 2b150301ee3c2b37c551fefb4bf2a291db3660ac |
| Sha256 | 0de09d55351a5e10c4f51dd12b0edb385eb56da86d54d80276915116a0c847ad |
| Sha384 | d0ca59c3dd0e9e1647bd9e43d0fa5e5692d946946e4a31e69b540cae9fd9a71c94229c6b44a916e0a0126bd81b8a4be5 |
| Sha512 | 067f7635110c502883c0e82f64c9a81cadab86aaa55f73a1f6d10f0e7bca632ec36e73295330dd5a63e8d9fd6f7e97b843bcde85f367c32e64920daab47063e1 |
| SSDeep | 3072:kYxZ6iyqa9PRn6sO+4YUTHo9rG8KaG5jnThpqcufzz:Z6iyqahhX+sq8KaWTD |
| TLSH | 563400027F88EB15E1A97E3782EF2C2453B2B4C71633C60BAF49AF5514516826C7E72D |
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.