Malicious
Malicious

951fff0b670fb331a844bcba782e0c30

PE Executable
|
MD5: 951fff0b670fb331a844bcba782e0c30
|
Size: 1.37 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
951fff0b670fb331a844bcba782e0c30
Sha1
fa2622cb6686529e1b0030fb770a9f15fcbdcd84
Sha256
15715270d2827100b8baf79cd19cf824b18c650d8f83fdc271d4e999ac4174e4
Sha384
84e848a2b5634dc30db27542db220ea566257f174c4b6ec7e012a3e5333fa881fc1b15e599af46ad92b13854d12d9473
Sha512
fc0b632c850c64ff2abbdbc4f63206e07d2b3068127ecaecc8dc9269e19aa87fb4b9c766dea8569a3509361e9af3135bb83c84eb6a4212f56bd2183ffab44f2c
SSDeep
24576:Bnpkc8YpBJHXNSCOfe3rFiAFPsrFvES6zezN6BOeLTczt23a:Bic3pz9SCz3wAFUL6zeZv8czF
TLSH
CA55027DE2E54F41D6A93E31C8EF1A1547B2F9A12233F70E261419AAFC437A59DC21E0

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
951fff0b670fb331a844bcba782e0c30
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
6y7fTTBAQRn7LHPkf7.7wxogTdHBqtgNTJhgy
uwH89IqQNJjxVFZHPc.LmoqWIo2bNUDgJxIR7
BNg8gm2R9cUbWmGMLZ.LULd8WYoQTRUBY9dci
2KleFSHLVdQ8dkqaTl.U0LUlG5Tfkqb6EtxyK
CuW7NoEW56WvX793WL.BCdiXQWexVcUShpED8
GttrMVNTlBdygElI3x.kXTH4rh5rqWeH4DDS0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

mYmG.exe
Full Name

mYmG.exe
EntryPoint

System.Void feWtunh1mMhPLSK8gXf.Oxi055hUOs7kKmmKdrJ::UiOhSRU3p0()
Scope Name

mYmG.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

mYmG
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

44
Main Method

System.Void feWtunh1mMhPLSK8gXf.Oxi055hUOs7kKmmKdrJ::UiOhSRU3p0()
Main IL Instruction Count

48
Main IL

br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A6: nop nop <null> ldc.i4.0 <null> ldsfld sPaRM0pdkwVSXugB01W sPaRM0pdkwVSXugB01W::zaHp2iaKU3 call System.Void sPaRM0pdkwVSXugB01W::WyOlGyaLT3(System.Boolean,sPaRM0pdkwVSXugB01W) ldc.i4 3 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) nop <null> newobj System.Void VirtualBioprinter.Form1::.ctor() ldsfld vkruZupYfmPvEVT7qHE vkruZupYfmPvEVT7qHE::tDTpH0qprB call System.Void vkruZupYfmPvEVT7qHE::WyOlGyaLT3(System.Windows.Forms.Form,vkruZupYfmPvEVT7qHE) ldc.i4 5 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_87e5722946654457a0d6ce98c2423235 brtrue IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 4 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) call System.Void iBYpB9BpA2I0Fsc3kFf.ayexumByfq6BJOpQDPs::U3tKl9bLq1() ldc.i4 0 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_0558daa6b3c84f98b9f51fcafb756990 brtrue IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 0 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) nop <null> ret <null> nop <null> ldsfld oxAgijpWCAgr2bvoRZG oxAgijpWCAgr2bvoRZG::D4rpBdXSP4 call System.Void oxAgijpWCAgr2bvoRZG::WyOlGyaLT3(oxAgijpWCAgr2bvoRZG) ldc.i4 2 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_38a6a3b2d4b6449ca4f7d1cff5de9307 brfalse IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 2 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) call System.Void S5xj8ZBfyOrl45Pm1je.pNeoDXBoHRrjB8pTOM7::WDrxgdOTEW() ldc.i4 4 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4)
Module Name

mYmG.exe
Full Name

mYmG.exe
EntryPoint

System.Void feWtunh1mMhPLSK8gXf.Oxi055hUOs7kKmmKdrJ::UiOhSRU3p0()
Scope Name

mYmG.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

mYmG
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

44
Main Method

System.Void feWtunh1mMhPLSK8gXf.Oxi055hUOs7kKmmKdrJ::UiOhSRU3p0()
Main IL Instruction Count

48
Main IL

br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A6: nop nop <null> ldc.i4.0 <null> ldsfld sPaRM0pdkwVSXugB01W sPaRM0pdkwVSXugB01W::zaHp2iaKU3 call System.Void sPaRM0pdkwVSXugB01W::WyOlGyaLT3(System.Boolean,sPaRM0pdkwVSXugB01W) ldc.i4 3 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) nop <null> newobj System.Void VirtualBioprinter.Form1::.ctor() ldsfld vkruZupYfmPvEVT7qHE vkruZupYfmPvEVT7qHE::tDTpH0qprB call System.Void vkruZupYfmPvEVT7qHE::WyOlGyaLT3(System.Windows.Forms.Form,vkruZupYfmPvEVT7qHE) ldc.i4 5 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_87e5722946654457a0d6ce98c2423235 brtrue IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 4 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) call System.Void iBYpB9BpA2I0Fsc3kFf.ayexumByfq6BJOpQDPs::U3tKl9bLq1() ldc.i4 0 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_0558daa6b3c84f98b9f51fcafb756990 brtrue IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 0 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) nop <null> ret <null> nop <null> ldsfld oxAgijpWCAgr2bvoRZG oxAgijpWCAgr2bvoRZG::D4rpBdXSP4 call System.Void oxAgijpWCAgr2bvoRZG::WyOlGyaLT3(oxAgijpWCAgr2bvoRZG) ldc.i4 2 ldsfld <Module>{8657a840-38a6-425f-9395-6a97539d14f4} <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_ebb640685d2b42c58d214b341f04d5d7 ldfld System.Int32 <Module>{8657a840-38a6-425f-9395-6a97539d14f4}::m_38a6a3b2d4b6449ca4f7d1cff5de9307 brfalse IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) pop <null> ldc.i4 2 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4) call System.Void S5xj8ZBfyOrl45Pm1je.pNeoDXBoHRrjB8pTOM7::WDrxgdOTEW() ldc.i4 4 br IL_0019: switch(IL_00A6,IL_0080,IL_003B,IL_00D0,IL_0051,IL_00A4)
951fff0b670fb331a844bcba782e0c30 (1.37 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙