Malicious
Malicious

9d802c970a2a0fddb70ae05ea1364126

PE Executable
|
MD5: 9d802c970a2a0fddb70ae05ea1364126
|
Size: 848.9 KB
|
application/x-dosexec

Print
General
Structural Analysis
Config.0
Yara Rules32
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
9d802c970a2a0fddb70ae05ea1364126
Sha1
79de97766c5e49f01dde2709585e81eb734da091
Sha256
31527e5f926552869b994bda9317be3bfb4433d7c0346cf6825f1ffbb119cd52
Sha384
d932ef4c17fbb4c7fc8cf94a92f59c5164faf6f46790d11b540e46037e5b3e92870d5cff177cb143a9a9ef72215480b6
Sha512
803b7474b4fe8e47e87ac7fda4ec37b3745110297a27e74c40c12c73dd287d64f65f4ffbc9ef0ebab48391754ea52de7ee3223549661282f296a78251ec30b8b
SSDeep
12288:OOY/58rKfoDT/kEYEBzuDBZ6996sOvYQy3+d02M/8j6qw:A5QKfoDT9TJuDBk98W34m8jlw
TLSH
8C05E6027E44CA01F01D1233C2EF494847B4A9516AE6E36B7DBA376D19123A77E2D9CF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9d802c970a2a0fddb70ae05ea1364126
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
Y5LPivshTc5FtmtMgZ.l0UlG9hMByGm3wqwGZ
NxHUsGP7lFe1l0WF53.Wg4ZOm1cqjBp9Gefen
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

12RhCgdrzLgHcCrTmCksFUNZ
Full Name

12RhCgdrzLgHcCrTmCksFUNZ
EntryPoint

System.Void dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::HGc4TYtDYb()
Scope Name

12RhCgdrzLgHcCrTmCksFUNZ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

uCm3rjUMg7drk9UP
Assembly Version

3.0.7.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::HGc4TYtDYb()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void b6wsAN4LLl1ECs08k00.hiUQWy4Bo4eXmoXEFuB::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::yIr4I3eflv callvirt System.Void LiDMwROBBJyFSLN2VWB.Ibe0fOOoTkDaJ7L8pXy::NrIrcwX7qT() nop <null> ret <null>
Module Name

12RhCgdrzLgHcCrTmCksFUNZ
Full Name

12RhCgdrzLgHcCrTmCksFUNZ
EntryPoint

System.Void dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::HGc4TYtDYb()
Scope Name

12RhCgdrzLgHcCrTmCksFUNZ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

uCm3rjUMg7drk9UP
Assembly Version

3.0.7.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::HGc4TYtDYb()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void b6wsAN4LLl1ECs08k00.hiUQWy4Bo4eXmoXEFuB::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object dTGGUgOmv5kDE6K3Bf2.EmZyVjOa39di5rLuFaH::yIr4I3eflv callvirt System.Void LiDMwROBBJyFSLN2VWB.Ibe0fOOoTkDaJ7L8pXy::NrIrcwX7qT() nop <null> ret <null>
9d802c970a2a0fddb70ae05ea1364126 (848.9 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙