Malicious
Malicious

9427dfc7a513b0af9e3d8ad4975d3376

PE Executable
|
MD5: 9427dfc7a513b0af9e3d8ad4975d3376
|
Size: 121.34 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
9427dfc7a513b0af9e3d8ad4975d3376
Sha1
203999d2e42fddc7100b9cc1cdc62d12718b1f42
Sha256
2b7815a4a008a0b48efdadf557286f7363386864e763ca77e3461c1ece141c45
Sha384
177dcba2d3ceccd62f1634c87bdd524253655b35d54ea0d0f10286d89b698262837da8167c08da2ae793b3381a45028a
Sha512
ad315c91f5a551a28c12f41e672494d75e9e7887066b3fa358719970bae57fe6196ef2fd78700e98af426b8f3db42099a286495b023f4b58d4f68d581dcbcfb6
SSDeep
1536:ui5bhhhEPtEYT4w3F93M4zKWPhA3XhrdBX5XbOIRM/JdlYBlWO:H6PNb19FGW+3XhrjQIRMNYBlWO
TLSH
23C35C07F9DCD6D0D5325032BF53CAA0D6686E357964A11E73C9BF1E2B39662DA003E2

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
File Structure
9427dfc7a513b0af9e3d8ad4975d3376
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0-preview.png
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
RT_MESSAGETABLE
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
ID:1033
RT_MANIFEST
ID:0001
ID:0
ID:1033
.Net Resources
Malicious
ndwj.vbs
Malicious
ndwj.vbs.deobfuscated.vbs
Malicious
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

697f917243534.exe
Full Name

697f917243534.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

697f917243534.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

697f917243534
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
Module Name

697f917243534.exe
Full Name

697f917243534.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

697f917243534.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

697f917243534
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
9427dfc7a513b0af9e3d8ad4975d3376 (121.34 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙