Malicious
Malicious

89a42088178e5c5778bcef4b02930b14

Share on LinkedIn
Print
PE Executable
MD5: 89a42088178e5c5778bcef4b02930b14
Size: 245.25 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 89a42088178e5c5778bcef4b02930b14
Sha1 2b150301ee3c2b37c551fefb4bf2a291db3660ac
Sha256 0de09d55351a5e10c4f51dd12b0edb385eb56da86d54d80276915116a0c847ad
Sha384 d0ca59c3dd0e9e1647bd9e43d0fa5e5692d946946e4a31e69b540cae9fd9a71c94229c6b44a916e0a0126bd81b8a4be5
Sha512 067f7635110c502883c0e82f64c9a81cadab86aaa55f73a1f6d10f0e7bca632ec36e73295330dd5a63e8d9fd6f7e97b843bcde85f367c32e64920daab47063e1
SSDeep 3072:kYxZ6iyqa9PRn6sO+4YUTHo9rG8KaG5jnThpqcufzz:Z6iyqahhX+sq8KaWTD
TLSH 563400027F88EB15E1A97E3782EF2C2453B2B4C71633C60BAF49AF5514516826C7E72D
PeID
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙