Malicious
Malicious

PE Executable
MD5: 8f5ea11261122e563df25b1c4e031083
Size: 848.38 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very high
MD5 8f5ea11261122e563df25b1c4e031083
Sha1 2d897d6e4b85fd967bf242dc5a517887f34f598d
Sha256 1110bbb4f9ffdfda6352d875a371fefeaee87a15af44d5ac9ac37d1a1baf0f19
Sha384 afdc6e6504339ac9d14fa3b687e6a2c59a64b7729565d260297d2a47ce4344ec5461fcab03951d08bbd44f7f65e8aa46
Sha512 75effbfd2a9be538c4dad91011622e7a763a74eb853101cec19f4d1780aa7aca9dbef79ae422d5647332e1fbe24562071cab30035f6ac7f9657d6391c73cfe5d
SSDeep 12288:T7dh6vpz7PAzuta0htITqam/roQuSV8xSWap016DbxISlKt:t+pfPA0a0wTqN/rebM016DdISUt
TLSH 7805F602BE44CE51F0195233C2EF495887B4AC5166E6E32B7DBA376E15123AB7C0D9CB
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
TmTeLC9KaSwoMtoaMS.a6Lni3OM6Ws5W9EgnU
ifLOOpVeIkGTRqpKEB.75dvDJB6mKfxkQZPui
Name Value
Module Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
Full Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
EntryPoint
System.Void oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::dh3jB2DwMb()
Scope Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
2Phl2eOcCY8kGePxFYLjwXFsKrNALrUJzQ
Assembly Version
1.9.1.2
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
63
Main Method
System.Void oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::dh3jB2DwMb()
Main IL Instruction Count
14
Main IL
br.s IL_000B: ldc.i4.0
call <null>
ldnull <null>
ldc.i4.0 <null>
ldelem.ref <null>
pop <null>
ldc.i4.0 <null>
brtrue.s IL_0007: ldnull
call System.Void PYiwOOjlf4FpV5On0lI.x1SvKsjDhf1YDgBSMfm::kLjw4iIsCLsZtxc4lksN0j()
nop <null>
ldsfld System.Object oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::q0LjudVUve
callvirt System.Void zEyKxQ2DuCKpeGNQBgp.K81EQV2dLVfZkhYpCN4::aTkX9djsRt()
nop <null>
ret <null>
Module Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
Full Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
EntryPoint
System.Void oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::dh3jB2DwMb()
Scope Name
M6jGT9BPr2l5OhbuxOwBgAOP6d
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
2Phl2eOcCY8kGePxFYLjwXFsKrNALrUJzQ
Assembly Version
1.9.1.2
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
63
Main Method
System.Void oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::dh3jB2DwMb()
Main IL Instruction Count
14
Main IL
br.s IL_000B: ldc.i4.0
call <null>
ldnull <null>
ldc.i4.0 <null>
ldelem.ref <null>
pop <null>
ldc.i4.0 <null>
brtrue.s IL_0007: ldnull
call System.Void PYiwOOjlf4FpV5On0lI.x1SvKsjDhf1YDgBSMfm::kLjw4iIsCLsZtxc4lksN0j()
nop <null>
ldsfld System.Object oUVcC52wBL5R1rL8gTN.WwoyVw2cCidwCLQx89O::q0LjudVUve
callvirt System.Void zEyKxQ2DuCKpeGNQBgp.K81EQV2dLVfZkhYpCN4::aTkX9djsRt()
nop <null>
ret <null>
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
TmTeLC9KaSwoMtoaMS.a6Lni3OM6Ws5W9EgnU
ifLOOpVeIkGTRqpKEB.75dvDJB6mKfxkQZPui
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙