Malicious
Malicious

9274008a5c543d4c353437edee092a5f

PE Executable
|
MD5: 9274008a5c543d4c353437edee092a5f
|
Size: 1.96 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
9274008a5c543d4c353437edee092a5f
Sha1
3016381957336d92af710b99735f0a0184a19e52
Sha256
85286ae6c31c9afed288bd0da14abc5cd2a20042c07928ee7eb0039b6e784ca1
Sha384
f293ff71cfed53f2e18df98cffd2990ce820cef14d91b2fe2ad64d04d56df5bacbcf30e7979f1aff68a1dc3ccff67c2a
Sha512
ca3edd556be3f5d186898c0f669ce9d2da9391534dffaf0300ffa2cce3bcec864ea07a7ab241be99bd16b9554399b055863301797ec321c6f19e7ca69c5528d8
SSDeep
49152:lOx4Dh3sVCMVTS4mVGqrn7FmGJ//a2AwHW98MFVyKsPs:AxShsVCMdHmV9nFVQV998ORsPs
TLSH
EE95BE1765924E37C2706B319697523DA390C7763522EF4B3A0F60D6AD0BBF18A721B3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9274008a5c543d4c353437edee092a5f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
8pspeiDeNA6wqpG7Jd.3ANhJqwa4vFAyAEqru
dje5gsfgiNInvZfoJ8.ZZEWu33wJ4Gt4sbPsr
GZoHmU0fYDIb8AY7me.NaIkcT1RVqY9OSDSBd
XfLPCDPjy9EA6sWGNs.kEvVw5tKE5iydPZqsl
BRICwmRxEalX1aUeon.VWSIDObb5n1MEU1HeP
aCkJv2dJe6JcJcnReh.r5yTq4xYJWBhAj2h5I
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void hAHaqdZ18CZ0TXGFQDg.Wxyqi4Z0lwdL1e3TF3y::qmCZDbjR4Z()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void hAHaqdZ18CZ0TXGFQDg.Wxyqi4Z0lwdL1e3TF3y::qmCZDbjR4Z()
Main IL Instruction Count

48
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_008F: ldc.i4 -699928097 call System.Void fDiZmdn6GTZnKDGJTsV.UFGqv6n4Nq8toeaLIUL::sKdxffkKyfi() ldc.i4 3 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) newobj System.Void ID4kDMftleXjXssg3rB.mG6gk4fPDDTPl4scttN::.ctor() pop <null> ldc.i4 1 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_d43cc86002824c30a673b1ed3e984543 brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ldnull <null> ldnull <null> newobj System.Void HHDIcE1UiIU72E0sHhr.PxliTh1keHyIMpS0pEK::.ctor(System.String,System.String) call System.Void xfiP3nxV1f4SDv6h7px.PgxITnxZRxr26dZ4HE7::MoWxoiZVuu(HHDIcE1UiIU72E0sHhr.PxliTh1keHyIMpS0pEK) ldc.i4 0 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_4ed06d4f86f244e68a7cc060d90d4af1 brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ldc.i4 -699928097 ldc.i4 976647254 sub <null> ldc.i4 -675233009 xor <null> ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_64dcc7ffbc884bf7a6d7d094da74115b xor <null> call System.String xXJHi2a4N3jn4k2jRZC.coRSpiaN9BkoMCjqxw1::Mt8acDyA6h(System.Int32) newobj System.Void FdytT03RoByxS806goQ.AyOMHQ3t4Zt1TqMnN33::.ctor(System.String) call System.Void FdytT03RoByxS806goQ.AyOMHQ3t4Zt1TqMnN33::iq63btcKuR() ldc.i4 2 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_6e1db042f31049569362dd4318c8931e brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 1 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ret <null>
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void hAHaqdZ18CZ0TXGFQDg.Wxyqi4Z0lwdL1e3TF3y::qmCZDbjR4Z()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void hAHaqdZ18CZ0TXGFQDg.Wxyqi4Z0lwdL1e3TF3y::qmCZDbjR4Z()
Main IL Instruction Count

48
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_008F: ldc.i4 -699928097 call System.Void fDiZmdn6GTZnKDGJTsV.UFGqv6n4Nq8toeaLIUL::sKdxffkKyfi() ldc.i4 3 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) newobj System.Void ID4kDMftleXjXssg3rB.mG6gk4fPDDTPl4scttN::.ctor() pop <null> ldc.i4 1 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_d43cc86002824c30a673b1ed3e984543 brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ldnull <null> ldnull <null> newobj System.Void HHDIcE1UiIU72E0sHhr.PxliTh1keHyIMpS0pEK::.ctor(System.String,System.String) call System.Void xfiP3nxV1f4SDv6h7px.PgxITnxZRxr26dZ4HE7::MoWxoiZVuu(HHDIcE1UiIU72E0sHhr.PxliTh1keHyIMpS0pEK) ldc.i4 0 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_4ed06d4f86f244e68a7cc060d90d4af1 brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ldc.i4 -699928097 ldc.i4 976647254 sub <null> ldc.i4 -675233009 xor <null> ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_64dcc7ffbc884bf7a6d7d094da74115b xor <null> call System.String xXJHi2a4N3jn4k2jRZC.coRSpiaN9BkoMCjqxw1::Mt8acDyA6h(System.Int32) newobj System.Void FdytT03RoByxS806goQ.AyOMHQ3t4Zt1TqMnN33::.ctor(System.String) call System.Void FdytT03RoByxS806goQ.AyOMHQ3t4Zt1TqMnN33::iq63btcKuR() ldc.i4 2 ldsfld <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9} <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_e0231cf1cade499399ccf693f4a7a5d2 ldfld System.Int32 <Module>{045ee5c4-a55b-4282-bd71-b54408ab48a9}::m_6e1db042f31049569362dd4318c8931e brtrue IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) pop <null> ldc.i4 1 br IL_0012: switch(IL_008F,IL_0064,IL_00D9,IL_003F,IL_0030) ret <null>
9274008a5c543d4c353437edee092a5f (1.96 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙