Malicious
Malicious

9b67af8a40bc7b64ef8cccd10307a68c

PE Executable
|
MD5: 9b67af8a40bc7b64ef8cccd10307a68c
|
Size: 1.37 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
9b67af8a40bc7b64ef8cccd10307a68c
Sha1
8ff2886880a06f800d72910317cb909b0833f3d2
Sha256
e558f5933da137aada6e4743c99da665e9bd70e93e87b0dc6de33f2a31eb7b56
Sha384
fc9cadc38ac9464e40b144c62773bb20fb219b1f0a2a5238bb8c2bd61131e1f2b487d92e3652fed485ce32393e888f4b
Sha512
80af0bbb365dc907e31eebd0efe889e615edeba7186c368e928a6ef419299987c22b34fc1d44a0b3f55bb65d40a356e9f1102341e010b8ddad03c6c850439a86
SSDeep
24576:kDr58NmG10jrgWQrIP3MJ9cGkfWba7iv5I3s3MfQtZ+4ZpZ:SrDG1kQrIPcTNane/ug
TLSH
C6556B067E84CE91F0191233C2FF454847B4A9516AA6E72B7DBA376E25123A37C0DDCB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9b67af8a40bc7b64ef8cccd10307a68c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:1033
.Net Resources
QfLbHJwBmwQWt69sud.ZFWXCa1BQlVJ8ggQCV
QOs5bfKEySXPGboipu.bg5UWm41DCo5chIwbc
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
Full Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
EntryPoint

System.Void t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::b2ahravNol()
Scope Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JaRL6jKL5GcrjGNgHDiutgdCkxk
Assembly Version

6.1.5.4
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::b2ahravNol()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void tmQ5mohHBBjbf7TmRc8.mdMeadhsQHYOsdgnkZS::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::blbhfKOYE7 callvirt System.Void gmwwqT0s2wlyDNaDKnZ.NDN9m50ZXCFnmDRRPb8::boB9aFUMaA() nop <null> ret <null>
Module Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
Full Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
EntryPoint

System.Void t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::b2ahravNol()
Scope Name

nIHAymWHdG9qFGIMyU25M3ZlhwCigx4dOzU
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JaRL6jKL5GcrjGNgHDiutgdCkxk
Assembly Version

6.1.5.4
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::b2ahravNol()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void tmQ5mohHBBjbf7TmRc8.mdMeadhsQHYOsdgnkZS::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object t06Fv30ybpKmd4iDIP8.UFVwd90e94iKRNQ5K1c::blbhfKOYE7 callvirt System.Void gmwwqT0s2wlyDNaDKnZ.NDN9m50ZXCFnmDRRPb8::boB9aFUMaA() nop <null> ret <null>
9b67af8a40bc7b64ef8cccd10307a68c (1.37 MB)
File Structure
9b67af8a40bc7b64ef8cccd10307a68c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:1033
.Net Resources
QfLbHJwBmwQWt69sud.ZFWXCa1BQlVJ8ggQCV
QOs5bfKEySXPGboipu.bg5UWm41DCo5chIwbc
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙