Malicious
Malicious

portWebwin.exe

PE Executable
|
MD5: 8a4202a16c07c695263573334268537d
|
Size: 847.87 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
8a4202a16c07c695263573334268537d
Sha1
cc227585010c85d6cf43e177286b393a3c06798f
Sha256
ec699fa4b29083c2d0da8a87b589ebe130b195f022d6f0de2d43372409bdc34f
Sha384
35659caf4379c455bd8dcdf920787efa8c67c132414050cb176712ccd2a8e1fc9eec2b3a2da565ac8cebd8c6392c3aea
Sha512
e5dbc350335ec6d47c7b16786d1c7cd850f6683ef128e72b859e98bc0d0f3d1d0659a5d59981b74d055166cccf9f1e181d5476e0046e239952695c58f334f409
SSDeep
12288:rn8MPhTrYohQZewnf+MjCMGEG/p3p33qvE0DIS3Usw68oIlcXqSBocqkB:j8GkoQZeo+lMf+1JD0UqL8oIpeocqkB
TLSH
C205F7017E54CE12F0192233C2EF494867B49D516AAAE32B7DBA377D15123A73C2D9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
portWebwin.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
g1xl5lih2weF9qDbJM.XNKtZO6Stl7Hn4GJxC
LwIZli0mVT3WxNNGbS.NmXUH1OChmRqXlV8Gv
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
Full Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
EntryPoint

System.Void lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::ScFQmbdu8H()
Scope Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

E3gRO6kBfWinZb39fY61QZRbXilureFaqHvZQIgrSVSw
Assembly Version

2.2.3.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::ScFQmbdu8H()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void wljU8nGnMJmLvX2grEq.q9MqmUG7fpN0Obp9hYk::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::uvKQi7phsR callvirt System.Void dsjApBq7tsS0BgRsbU2.OoBc6xq4do2GSwRdoxi::paGIj1GH7B() nop <null> ret <null>
Module Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
Full Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
EntryPoint

System.Void lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::ScFQmbdu8H()
Scope Name

nNaNPRKJ1woGMGzSxZvn3XxIw1siYJRiqg
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

E3gRO6kBfWinZb39fY61QZRbXilureFaqHvZQIgrSVSw
Assembly Version

2.2.3.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::ScFQmbdu8H()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void wljU8nGnMJmLvX2grEq.q9MqmUG7fpN0Obp9hYk::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object lvtxy0qVsMVhbJPOyIg.c39wStqA4L3XPCInBXK::uvKQi7phsR callvirt System.Void dsjApBq7tsS0BgRsbU2.OoBc6xq4do2GSwRdoxi::paGIj1GH7B() nop <null> ret <null>
portWebwin.exe (847.87 KB)
File Structure
portWebwin.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
g1xl5lih2weF9qDbJM.XNKtZO6Stl7Hn4GJxC
LwIZli0mVT3WxNNGbS.NmXUH1OChmRqXlV8Gv
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙