Suspicious
Suspect

91cbbf78d128fd29545bd282ad09b39a

PE Executable
|
MD5: 91cbbf78d128fd29545bd282ad09b39a
|
Size: 297.98 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
91cbbf78d128fd29545bd282ad09b39a
Sha1
13638dc20eb44f83d5d25abe8c6390254580b95c
Sha256
7f28fa61df8a5ceba363f7a0e1854238ff037264ff5535ed1dd52a8e15b113e7
Sha384
1355870626913b8d2980f9cab66ea9ac2514a3c006f4461ffe94b40fd2a3f1386d760aae785786c127e46d58af151aeb
Sha512
8520caed68c7424ce71f538bf263802d7d1976de9681bfdffeab1e0e8b8e6e494a51f9509363641aca54a5e79869ad869218401abe88f46303b06491d8bf235e
SSDeep
3072:rNLARHhrD8Mxr1JCddH2BFGpOk8krFQo/MAAqeYkeDxaXE9FSxY+NZWyzMPyZw8T:rNJirP7oQo/JVgXE9AJb7Z75k6e/iq
TLSH
FD54B6243BFE4419F1BBAF765BF475968E3EF6A32A03955D0491034B0A32E40DD91B3A

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
91cbbf78d128fd29545bd282ad09b39a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

cleintroda.exe
Full Name

cleintroda.exe
EntryPoint

System.Void NhmtoZu.CjdpLPg::Main(System.String[])
Scope Name

cleintroda.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cleintroda
Assembly Version

7.18.6079.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1572
Main Method

System.Void NhmtoZu.CjdpLPg::Main(System.String[])
Main IL Instruction Count

43
Main IL

call System.Boolean NhmtoZu.CjdpLPg::SetProcessDPIAware() pop <null> leave.s IL_000B: ldc.i4 4080 pop <null> leave.s IL_000B: ldc.i4 4080 ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_001A: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee pop <null> leave.s IL_001A: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee brtrue.s IL_0032: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldnull <null> ldftn System.Boolean NhmtoZu.CjdpLPg::<Main>b__d(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) leave.s IL_0041: ldc.i4.0 pop <null> leave.s IL_0041: ldc.i4.0 ldc.i4.0 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) leave.s IL_004C: ldc.i4.s 100 pop <null> leave.s IL_004C: ldc.i4.s 100 ldc.i4.s 100 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) leave.s IL_0058: ldnull pop <null> leave.s IL_0058: ldnull ldnull <null> call System.Void NhmtoZu.CjdpLPg::StartKeylogger(System.Net.Sockets.NetworkStream) leave.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb() pop <null> leave.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb() call System.Void NhmtoZu.CjdpLPg::MShUGOb() leave.s IL_006D: ldc.i4 4755 pop <null> leave.s IL_006D: ldc.i4 4755 ldc.i4 4755 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb()
Module Name

cleintroda.exe
Full Name

cleintroda.exe
EntryPoint

System.Void NhmtoZu.CjdpLPg::Main(System.String[])
Scope Name

cleintroda.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cleintroda
Assembly Version

7.18.6079.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1572
Main Method

System.Void NhmtoZu.CjdpLPg::Main(System.String[])
Main IL Instruction Count

43
Main IL

call System.Boolean NhmtoZu.CjdpLPg::SetProcessDPIAware() pop <null> leave.s IL_000B: ldc.i4 4080 pop <null> leave.s IL_000B: ldc.i4 4080 ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_001A: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee pop <null> leave.s IL_001A: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee brtrue.s IL_0032: ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldnull <null> ldftn System.Boolean NhmtoZu.CjdpLPg::<Main>b__d(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee ldsfld System.Net.Security.RemoteCertificateValidationCallback NhmtoZu.CjdpLPg::CS$<>9__CachedAnonymousMethodDelegatee call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) leave.s IL_0041: ldc.i4.0 pop <null> leave.s IL_0041: ldc.i4.0 ldc.i4.0 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) leave.s IL_004C: ldc.i4.s 100 pop <null> leave.s IL_004C: ldc.i4.s 100 ldc.i4.s 100 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) leave.s IL_0058: ldnull pop <null> leave.s IL_0058: ldnull ldnull <null> call System.Void NhmtoZu.CjdpLPg::StartKeylogger(System.Net.Sockets.NetworkStream) leave.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb() pop <null> leave.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb() call System.Void NhmtoZu.CjdpLPg::MShUGOb() leave.s IL_006D: ldc.i4 4755 pop <null> leave.s IL_006D: ldc.i4 4755 ldc.i4 4755 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0063: call System.Void NhmtoZu.CjdpLPg::MShUGOb()
91cbbf78d128fd29545bd282ad09b39a (297.98 KB)
File Structure
91cbbf78d128fd29545bd282ad09b39a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙