937c0a09cb717d775df9c50633a2b016

PE Executable
|
MD5: 937c0a09cb717d775df9c50633a2b016
|
Size: 862.72 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	937c0a09cb717d775df9c50633a2b016
Sha1	af3a35ab5dc1813652743495a29d2d23a1e4062f
Sha256	22e20c87b8a58256ba2d789c04fa52c109cd991dd82f270e4c4da5b72f057b77
Sha384	a98bd072b8997df696f3a139577020909fe70d4125de8f1c736956d31e464eef0b1d75a4ab9f6125fc0765ea6347ed33
Sha512	be18fcf5fe71d6187548d62b26f8f769e535739611c22f593b91249e6684ce966c8da6f0a0b37ec5e3151a6f6fb59d5f29fa0118198c7b867b60dedffbdf7ae0
SSDeep	12288:s4YMuM9GUK1dpwyT8PqPN6GOYF8n+oEr4ObwIxFIB/VcT02NWwYGMLIKi6L/2+Dt:sDdgFkdprgPFz+82xFIBiFtYVL9tDI
TLSH	4505124A73D41B04C95A65F8D5E3463903F25AC732B6E3A43A940AE71E823F49CDA7CD

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	ffCK.exe
Full Name	ffCK.exe
EntryPoint	System.Void lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::HRtUJh1k8()
Scope Name	ffCK.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	ffCK
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	40
Main Method	System.Void lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::HRtUJh1k8()
Main IL Instruction Count	46
Main IL	br.s IL_0007: ldc.i4 2 call <null> ldc.i4 2 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0094: nop call System.Void rnUGjW2L7wOK2Mhm3F.yKLm0gs6670nxuIL6W::e4f1FQMDVcNyG() ldc.i4 1 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> ldsfld sIKMDthoydl3PHgUJWO sIKMDthoydl3PHgUJWO::GcLhcU3Rgs call System.Void sIKMDthoydl3PHgUJWO::L5whTjtjN(sIKMDthoydl3PHgUJWO) ldc.i4 4 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> ldc.i4 4 br IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) call System.Void tq8WTIrWFjb3V0bqIp.aHr74uglY9F7nsGuNs::veTxBWhzcBOgs() ldc.i4 0 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> newobj System.Void AtmosphericNetwork.Form1::.ctor() ldsfld Ujarjmh3mO8H1RTwsB8 Ujarjmh3mO8H1RTwsB8::Oc0hXNm00G call System.Void Ujarjmh3mO8H1RTwsB8::L5whTjtjN(System.Windows.Forms.Form,Ujarjmh3mO8H1RTwsB8) ldc.i4 5 call System.Boolean lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::VEWNsVtrYN6hOPRyaj() brtrue IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> ldc.i4.0 <null> ldsfld cqKhF8hF36q1OXLtBsI cqKhF8hF36q1OXLtBsI::vHthvHutlB call System.Void cqKhF8hF36q1OXLtBsI::L5whTjtjN(System.Boolean,cqKhF8hF36q1OXLtBsI) ldc.i4 3 br IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) nop <null> ret <null>
Module Name	ffCK.exe
Full Name	ffCK.exe
EntryPoint	System.Void lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::HRtUJh1k8()
Scope Name	ffCK.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	ffCK
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	40
Main Method	System.Void lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::HRtUJh1k8()
Main IL Instruction Count	46
Main IL	br.s IL_0007: ldc.i4 2 call <null> ldc.i4 2 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0094: nop call System.Void rnUGjW2L7wOK2Mhm3F.yKLm0gs6670nxuIL6W::e4f1FQMDVcNyG() ldc.i4 1 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> ldsfld sIKMDthoydl3PHgUJWO sIKMDthoydl3PHgUJWO::GcLhcU3Rgs call System.Void sIKMDthoydl3PHgUJWO::L5whTjtjN(sIKMDthoydl3PHgUJWO) ldc.i4 4 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> ldc.i4 4 br IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) call System.Void tq8WTIrWFjb3V0bqIp.aHr74uglY9F7nsGuNs::veTxBWhzcBOgs() ldc.i4 0 call lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::FlrpU3EHZQLHYsbRCs() brfalse IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> newobj System.Void AtmosphericNetwork.Form1::.ctor() ldsfld Ujarjmh3mO8H1RTwsB8 Ujarjmh3mO8H1RTwsB8::Oc0hXNm00G call System.Void Ujarjmh3mO8H1RTwsB8::L5whTjtjN(System.Windows.Forms.Form,Ujarjmh3mO8H1RTwsB8) ldc.i4 5 call System.Boolean lPGaJ2Ke1PRcm8Pi35.m4fbyj4DnVcCJc6arN::VEWNsVtrYN6hOPRyaj() brtrue IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) pop <null> br IL_0015: ldloc V_0 nop <null> ldc.i4.0 <null> ldsfld cqKhF8hF36q1OXLtBsI cqKhF8hF36q1OXLtBsI::vHthvHutlB call System.Void cqKhF8hF36q1OXLtBsI::L5whTjtjN(System.Boolean,cqKhF8hF36q1OXLtBsI) ldc.i4 3 br IL_0019: switch(IL_0094,IL_0055,IL_003B,IL_007A,IL_00B9,IL_00CF) nop <null> ret <null>

937c0a09cb717d775df9c50633a2b016 (862.72 KB)

937c0a09cb717d775df9c50633a2b016

PE Executable | MD5: 937c0a09cb717d775df9c50633a2b016 | Size: 862.72 KB | application/x-dosexec

PE Executable
|
MD5: 937c0a09cb717d775df9c50633a2b016
|
Size: 862.72 KB
|
application/x-dosexec