Malicious
Malicious

939e59f171f99c3da46548e4904060f3

PE Executable
|
MD5: 939e59f171f99c3da46548e4904060f3
|
Size: 3.74 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
939e59f171f99c3da46548e4904060f3
Sha1
09c743726e3dcc50ba55af8ff37aa7f70fcdd4db
Sha256
79fde4d613c119474f53e088f2ebcb8fe979cadf48099a8de0237de52b9615fe
Sha384
68011338616f53fa9d419033d912e4ac3cf6ddcfc7421c2780b939ec3963300a4e58fce141224debde235c6c6d48affa
Sha512
47c308ae227a44c12c6ad4c4951136c9b132a5ee5f00b8dff63f530bcc8fd115d6af8c08673e64d0a6de7d2b75b19112d66db5d1a485667d3b914383e7d2ba84
SSDeep
49152:ptPbnFKlrTLbjdRqDSgHxQ236Xh68nFCcwed3mHp6P7MmXaOqu0SUCLdHxWb0/V:phb0L2nu23teFk6PQmqOLzU6RWqV
TLSH
A406F11A56D24E3BC26027329067483D82A4C7393972EB5E351F60E6AD037B5CB761FB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
939e59f171f99c3da46548e4904060f3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
1xTeLaAKeqOivbh2tt.DRovYrF9nd137hNWIM
kaIOQGXs3vhsc1mPVP.qa3YQ6xw3Ugo9Tp5RF
sFLynj8tWUgqFJ8FTE.838EIqB8PAOBsL2b75
pg6HtGcAR89krRAIUf.2fq8DxKKGrRtxH2cUO
pmund9W7kJL77VasKo.VGW6W79kN6Fs5iVka1
04jfEQiDso7eK25RNt.JS36qZt5kDXD7wOnAb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void eyn0N7o9UTVO1gNvv3S.wCjuUUoWkej3ejAhfTk::jqFoAIhFhq()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void eyn0N7o9UTVO1gNvv3S.wCjuUUoWkej3ejAhfTk::jqFoAIhFhq()
Main IL Instruction Count

44
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_007F: ldc.i4 1936576367 newobj System.Void EWFF65cBpx1PdWnXWBs.VhwS1rc8gRLHWBblZmi::.ctor() pop <null> ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldnull <null> ldnull <null> newobj System.Void B5mgTC9kQhFWNmHJKtg.QMtdfN9ET4COZsYCDHa::.ctor(System.String,System.String) call System.Void SkbNZytCgN00Y94HT0J.ycRldUtoSse9dOXSYSC::MW8thJbwQc(B5mgTC9kQhFWNmHJKtg.QMtdfN9ET4COZsYCDHa) ldc.i4 0 ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_bdf6fdba3d39469ea7b115ff877b53ae brfalse IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) ret <null> call System.Void wVZEKgH6ClhdndYae0a.XkhoL7HVtYLCF0XpLNj::lgttFPyqCmA() ldc.i4 2 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) ldc.i4 1936576367 ldc.i4 3 shr <null> ldc.i4 1022409696 xor <null> ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_52fb4d3740a845fb890c5e56cf0125d9 xor <null> call System.String GwG1mvQVAajS2sRuFM3.U3OXPxQJh8gfUI9NAhX::qTXQabFyBr(System.Int32) newobj System.Void R6OhXpKX0tXi00eTNXq.vI6hvPKBXJfCUFKhgTn::.ctor(System.String) call System.Void R6OhXpKX0tXi00eTNXq.vI6hvPKBXJfCUFKhgTn::q8RKxYtI0v() ldc.i4 1 ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_87d1f9c1bd0e4d40aef85e372496137c brfalse IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) pop <null> ldc.i4 1 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void eyn0N7o9UTVO1gNvv3S.wCjuUUoWkej3ejAhfTk::jqFoAIhFhq()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void eyn0N7o9UTVO1gNvv3S.wCjuUUoWkej3ejAhfTk::jqFoAIhFhq()
Main IL Instruction Count

44
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_007F: ldc.i4 1936576367 newobj System.Void EWFF65cBpx1PdWnXWBs.VhwS1rc8gRLHWBblZmi::.ctor() pop <null> ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldnull <null> ldnull <null> newobj System.Void B5mgTC9kQhFWNmHJKtg.QMtdfN9ET4COZsYCDHa::.ctor(System.String,System.String) call System.Void SkbNZytCgN00Y94HT0J.ycRldUtoSse9dOXSYSC::MW8thJbwQc(B5mgTC9kQhFWNmHJKtg.QMtdfN9ET4COZsYCDHa) ldc.i4 0 ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_bdf6fdba3d39469ea7b115ff877b53ae brfalse IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) pop <null> ldc.i4 0 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) ret <null> call System.Void wVZEKgH6ClhdndYae0a.XkhoL7HVtYLCF0XpLNj::lgttFPyqCmA() ldc.i4 2 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) ldc.i4 1936576367 ldc.i4 3 shr <null> ldc.i4 1022409696 xor <null> ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_52fb4d3740a845fb890c5e56cf0125d9 xor <null> call System.String GwG1mvQVAajS2sRuFM3.U3OXPxQJh8gfUI9NAhX::qTXQabFyBr(System.Int32) newobj System.Void R6OhXpKX0tXi00eTNXq.vI6hvPKBXJfCUFKhgTn::.ctor(System.String) call System.Void R6OhXpKX0tXi00eTNXq.vI6hvPKBXJfCUFKhgTn::q8RKxYtI0v() ldc.i4 1 ldsfld <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7} <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_4bb52b85f4e34d34bfac2391f4ba8c02 ldfld System.Int32 <Module>{fc8a64a0-8215-4ce8-973d-c182391fa7e7}::m_87d1f9c1bd0e4d40aef85e372496137c brfalse IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044) pop <null> ldc.i4 1 br IL_0012: switch(IL_007F,IL_006F,IL_0030,IL_0070,IL_0044)
939e59f171f99c3da46548e4904060f3 (3.74 MB)
File Structure
939e59f171f99c3da46548e4904060f3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
1xTeLaAKeqOivbh2tt.DRovYrF9nd137hNWIM
kaIOQGXs3vhsc1mPVP.qa3YQ6xw3Ugo9Tp5RF
sFLynj8tWUgqFJ8FTE.838EIqB8PAOBsL2b75
pg6HtGcAR89krRAIUf.2fq8DxKKGrRtxH2cUO
pmund9W7kJL77VasKo.VGW6W79kN6Fs5iVka1
04jfEQiDso7eK25RNt.JS36qZt5kDXD7wOnAb
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙