Malicious
Malicious

94fb0f8b08bb4f1fb94244d69c3d0661

PE Executable
|
MD5: 94fb0f8b08bb4f1fb94244d69c3d0661
|
Size: 607.23 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
94fb0f8b08bb4f1fb94244d69c3d0661
Sha1
e09d46e94c205263301b139518d3145091d5f544
Sha256
d94cc4755317e3c1d46cf05baeb2cf1c2590550e59f5771d3388a957dba2beb4
Sha384
79700b0a12b58f9af77b17683f3f34a09cd6a0e27a22a7259e622314ea9f029fdd6d87fbe854998deaa38e548f58bc06
Sha512
099c9b6803e08730351a8005778e28f0905ff78403b9bbd76c4d3628f0339ca9dfad64d0796e617d80cbab6c1186827a49fac86e86f26dff1b6277f7f23088ec
SSDeep
12288:g4i7p7lI8n6Ql45DDDDDDDDpZDHHHH8yD333DD8DD8DD8y3O3yDDD8ZD8OfDDyVr:12pW3Ql45DDDDDDDDpZDHHHH8yD333DB
TLSH
4CD48D6776965E50C3854333C0CB494097B89686B6A7F70FB6453396180A3FFEE0A3A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
94fb0f8b08bb4f1fb94244d69c3d0661
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
YyRbktqK57RY4oXSFE.1cJ0OpZdbWlQdAAuic
Tpspgghtior.g.resources
2j1GherdiAWgnZfpJx.g058ohQ15JMNiEwX46
7Cexgt2U3lsyjx99iP.UrsVkeIA34KBlKL15l
Xcpnuavz.Properties.Resources.resources
Nwgujfpv
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Tpspgghtior.exe
Full Name

Tpspgghtior.exe
EntryPoint

System.Void WVVaWbs596MW0cENuH.jtuYNLh9j7SSA9VxtN::BwMD0Fbsp()
Scope Name

Tpspgghtior.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Tpspgghtior
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void WVVaWbs596MW0cENuH.jtuYNLh9j7SSA9VxtN::BwMD0Fbsp()
Main IL Instruction Count

112
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002E: nop ret <null> nop <null> newobj System.Void S6xcsGjKBGmWMjZsp2.wR9Dx8YdmAqbD7AoEL::.ctor() stloc.s V_0 ldc.i4 10 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_466c7d72a4144541af4a48e8bf5c9f43 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 0 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) br IL_0063: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 11 beq IL_014A: newobj System.Void YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp::.ctor() ldloc V_4 ldc.i4 991 beq IL_0063: ldloc V_4 br IL_0170: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void lmwEY3xD81tuUrUJlR.ig6w1haSU3Ql6jWSjx::.ctor() dup <null> dup <null> ldsfld LZUxwMQAAxr5WIx5lTR LZUxwMQAAxr5WIx5lTR::U7FQy0KpRb call System.Void LZUxwMQAAxr5WIx5lTR::uhNQDXiaVv(System.Object,lmwEY3xD81tuUrUJlR.ig6w1haSU3Ql6jWSjx,LZUxwMQAAxr5WIx5lTR) dup <null> ldloc.s V_3 ldsfld XmfEMIQ0XmKc7os7kK1 XmfEMIQ0XmKc7os7kK1::lJ0Qm7gTbJ call System.Void XmfEMIQ0XmKc7os7kK1::uhNQDXiaVv(System.Object,YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp,XmfEMIQ0XmKc7os7kK1) ldloc.s V_3 ldloc.s V_5 ldsfld sfejRxQMg1UWvcvAwUN sfejRxQMg1UWvcvAwUN::ky4QiqXjKE call System.Void sfejRxQMg1UWvcvAwUN::uhNQDXiaVv(System.Object,FBqCRb8lBhhHhlUyLK.C8C5Yfk6LAOPlQS3l6,sfejRxQMg1UWvcvAwUN) ldloc.s V_5 ldloc.s V_6 ldsfld x7dgQoQtD5veoRVXUcd x7dgQoQtD5veoRVXUcd::ohGQBBLREZ call System.Void x7dgQoQtD5veoRVXUcd::uhNQDXiaVv(System.Object,waEgcmBTs0HZZyhlvk.t8tnTAthItQtavlc5i,x7dgQoQtD5veoRVXUcd) ldloc.s V_6 ldloc.s V_0 ldsfld P1Mm9tQPstKqvCniab2 P1Mm9tQPstKqvCniab2::LkKQfJEEp3 call System.Void P1Mm9tQPstKqvCniab2::uhNQDXiaVv(System.Object,S6xcsGjKBGmWMjZsp2.wR9Dx8YdmAqbD7AoEL,P1Mm9tQPstKqvCniab2) ldsfld Y2RX6UQd4vLCYGXpDIw Y2RX6UQd4vLCYGXpDIw::aS0QRne2mB call System.Boolean Y2RX6UQd4vLCYGXpDIw::uhNQDXiaVv(System.Object,Y2RX6UQd4vLCYGXpDIw) brtrue IL_0176: leave IL_002D ldc.i4 3 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_e55e3c2f9ef84b89abd4ef11148f7c87 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 5 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) newobj System.Void waEgcmBTs0HZZyhlvk.t8tnTAthItQtavlc5i::.ctor() stloc.s V_6 ldc.i4 2 br IL_005F: stloc V_4 newobj System.Void FBqCRb8lBhhHhlUyLK.C8C5Yfk6LAOPlQS3l6::.ctor() stloc.s V_5 ldc.i4 11 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_858e2121388341e9a48a036fcb043587 brtrue IL_005F: stloc V_4 pop <null> ldc.i4 1 br IL_005F: stloc V_4 newobj System.Void YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp::.ctor() stloc.s V_3 ldc.i4 5 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_4491da1cdaf1481f8c48aefadee89550 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 1 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_aee7fe37cb4b4b0abcbd368606e66185 brtrue IL_01AD: switch(IL_01C9) pop <null> ldc.i4 3 br IL_01AD: switch(IL_01C9) br IL_01A9: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_01A9: ldloc V_2 br IL_01C9: leave IL_002D leave IL_002D: ret ldc.i4 6 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_986ac4156c89403595cb77bfb13dd8e1 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Tpspgghtior.exe
Full Name

Tpspgghtior.exe
EntryPoint

System.Void WVVaWbs596MW0cENuH.jtuYNLh9j7SSA9VxtN::BwMD0Fbsp()
Scope Name

Tpspgghtior.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Tpspgghtior
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void WVVaWbs596MW0cENuH.jtuYNLh9j7SSA9VxtN::BwMD0Fbsp()
Main IL Instruction Count

112
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002E: nop ret <null> nop <null> newobj System.Void S6xcsGjKBGmWMjZsp2.wR9Dx8YdmAqbD7AoEL::.ctor() stloc.s V_0 ldc.i4 10 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_466c7d72a4144541af4a48e8bf5c9f43 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 0 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) br IL_0063: ldloc V_4 ldc.i4 0 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 11 beq IL_014A: newobj System.Void YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp::.ctor() ldloc V_4 ldc.i4 991 beq IL_0063: ldloc V_4 br IL_0170: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void lmwEY3xD81tuUrUJlR.ig6w1haSU3Ql6jWSjx::.ctor() dup <null> dup <null> ldsfld LZUxwMQAAxr5WIx5lTR LZUxwMQAAxr5WIx5lTR::U7FQy0KpRb call System.Void LZUxwMQAAxr5WIx5lTR::uhNQDXiaVv(System.Object,lmwEY3xD81tuUrUJlR.ig6w1haSU3Ql6jWSjx,LZUxwMQAAxr5WIx5lTR) dup <null> ldloc.s V_3 ldsfld XmfEMIQ0XmKc7os7kK1 XmfEMIQ0XmKc7os7kK1::lJ0Qm7gTbJ call System.Void XmfEMIQ0XmKc7os7kK1::uhNQDXiaVv(System.Object,YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp,XmfEMIQ0XmKc7os7kK1) ldloc.s V_3 ldloc.s V_5 ldsfld sfejRxQMg1UWvcvAwUN sfejRxQMg1UWvcvAwUN::ky4QiqXjKE call System.Void sfejRxQMg1UWvcvAwUN::uhNQDXiaVv(System.Object,FBqCRb8lBhhHhlUyLK.C8C5Yfk6LAOPlQS3l6,sfejRxQMg1UWvcvAwUN) ldloc.s V_5 ldloc.s V_6 ldsfld x7dgQoQtD5veoRVXUcd x7dgQoQtD5veoRVXUcd::ohGQBBLREZ call System.Void x7dgQoQtD5veoRVXUcd::uhNQDXiaVv(System.Object,waEgcmBTs0HZZyhlvk.t8tnTAthItQtavlc5i,x7dgQoQtD5veoRVXUcd) ldloc.s V_6 ldloc.s V_0 ldsfld P1Mm9tQPstKqvCniab2 P1Mm9tQPstKqvCniab2::LkKQfJEEp3 call System.Void P1Mm9tQPstKqvCniab2::uhNQDXiaVv(System.Object,S6xcsGjKBGmWMjZsp2.wR9Dx8YdmAqbD7AoEL,P1Mm9tQPstKqvCniab2) ldsfld Y2RX6UQd4vLCYGXpDIw Y2RX6UQd4vLCYGXpDIw::aS0QRne2mB call System.Boolean Y2RX6UQd4vLCYGXpDIw::uhNQDXiaVv(System.Object,Y2RX6UQd4vLCYGXpDIw) brtrue IL_0176: leave IL_002D ldc.i4 3 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_e55e3c2f9ef84b89abd4ef11148f7c87 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 5 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) newobj System.Void waEgcmBTs0HZZyhlvk.t8tnTAthItQtavlc5i::.ctor() stloc.s V_6 ldc.i4 2 br IL_005F: stloc V_4 newobj System.Void FBqCRb8lBhhHhlUyLK.C8C5Yfk6LAOPlQS3l6::.ctor() stloc.s V_5 ldc.i4 11 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_858e2121388341e9a48a036fcb043587 brtrue IL_005F: stloc V_4 pop <null> ldc.i4 1 br IL_005F: stloc V_4 newobj System.Void YfMlQ14YIN6R18Cb4K.CRKF5MJPhF6ERAqSQp::.ctor() stloc.s V_3 ldc.i4 5 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_4491da1cdaf1481f8c48aefadee89550 brtrue IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) pop <null> ldc.i4 1 br IL_0067: switch(IL_0113,IL_009D,IL_0124,IL_0170) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_aee7fe37cb4b4b0abcbd368606e66185 brtrue IL_01AD: switch(IL_01C9) pop <null> ldc.i4 3 br IL_01AD: switch(IL_01C9) br IL_01A9: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_01A9: ldloc V_2 br IL_01C9: leave IL_002D leave IL_002D: ret ldc.i4 6 ldsfld <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173} <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_5155f5e9c7ff4ca9ba50344a49f97ab1 ldfld System.Int32 <Module>{f5f245c3-f98a-486a-9673-d71f37c4b173}::m_986ac4156c89403595cb77bfb13dd8e1 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
94fb0f8b08bb4f1fb94244d69c3d0661 (607.23 KB)
File Structure
94fb0f8b08bb4f1fb94244d69c3d0661
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
YyRbktqK57RY4oXSFE.1cJ0OpZdbWlQdAAuic
Tpspgghtior.g.resources
2j1GherdiAWgnZfpJx.g058ohQ15JMNiEwX46
7Cexgt2U3lsyjx99iP.UrsVkeIA34KBlKL15l
Xcpnuavz.Properties.Resources.resources
Nwgujfpv
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙