Malicious
Malicious

9e649c7ca5e9480b42c8731203c074e9

PE Executable
|
MD5: 9e649c7ca5e9480b42c8731203c074e9
|
Size: 457.22 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
9e649c7ca5e9480b42c8731203c074e9
Sha1
a31a2938cff70a82797858fbe7800ee29336d2ac
Sha256
5f61676739173cbc4d8b3307dc2e1084454481a793f6890b0f25d290b13a9ecd
Sha384
6a947c73303226f1038594ebf3d9e1078f044a3f24482e41ae4d8411cfe546a1b27934e8fc92ff4a3f3328e50b9bcd65
Sha512
1b267e904fedd18a47565c588ce13b7f778857a7ad06b474d8dd482be517fb024fc01168198328cd3224b36a0f48a92464144e51caafced3ad35d76ebd307d1b
SSDeep
12288:lMz/5dgqNHwU1eET56GDHqAHA51cu8iO:lMz/5dTN/p5bDVHYcDi
TLSH
0FA40146B6C05B02C16145B9D0F7893413E6E1C73B73CB553B9427EA0E823B5DDAAB8D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9e649c7ca5e9480b42c8731203c074e9
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
dn0yeqYOKZWkOGYGh0.yPigYPQIwxhgIdHONs
3Q3vTvCgcTA78XX46U.M02T5Z13wMLEc8H6Yq
pHJfB80tU4LvaIUowU.Xhx0GJormwlu7uHqLd
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Jjuklx.exe
Full Name

Jjuklx.exe
EntryPoint

System.Void r384REgHMwWuDiM8B7.UftxFDRpslLslp9X7S::XkjLbcaa7()
Scope Name

Jjuklx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jjuklx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void r384REgHMwWuDiM8B7.UftxFDRpslLslp9X7S::XkjLbcaa7()
Main IL Instruction Count

94
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_005B: nop ret <null> ldsfld MUpwAyYVvnOF0pHSjEg MUpwAyYVvnOF0pHSjEg::IWnYndVGKw call System.Void MUpwAyYVvnOF0pHSjEg::MHpYZ0inkI(MUpwAyYVvnOF0pHSjEg) ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_e68e448852284ee0b91e93fe929ce305 brfalse IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 4 br IL_000D: switch(IL_005B,IL_0032,IL_0031) nop <null> ldsfld qkjVVuY7IhCgkWM8Aln qkjVVuY7IhCgkWM8Aln::Fh0YvY4w3V call System.Byte[] qkjVVuY7IhCgkWM8Aln::MHpYZ0inkI(qkjVVuY7IhCgkWM8Aln) stloc.s V_3 ldc.i4 2 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) br IL_0080: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 11 beq IL_013C: leave IL_0031 ldloc V_2 ldc.i4 991 beq IL_0080: ldloc V_2 br IL_0114: ldloc.s V_3 ldloc.s V_3 ldsfld PCrF56YBgMDE8SumgRI PCrF56YBgMDE8SumgRI::EaDYDsW1Wj call System.Byte[] PCrF56YBgMDE8SumgRI::MHpYZ0inkI(System.Byte[],PCrF56YBgMDE8SumgRI) stloc.s V_3 ldc.i4 9 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6f461c53c3a841298dbbd1f3b8d1d0fe brfalse IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) pop <null> ldc.i4 1 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) ldloc.s V_3 ldsfld wojmEBYyNP44WtrdmAY wojmEBYyNP44WtrdmAY::OwcYpPdPOb call System.Byte[] wojmEBYyNP44WtrdmAY::MHpYZ0inkI(System.Byte[],wojmEBYyNP44WtrdmAY) stloc.s V_3 ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_0d6d9973bb75422bad880af70ecfc9c2 brtrue IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) pop <null> ldc.i4 8 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) ldloc.s V_3 ldsfld QAmfILYAT7Mei9q2VYh QAmfILYAT7Mei9q2VYh::zAtY3JUpBh call System.Void QAmfILYAT7Mei9q2VYh::MHpYZ0inkI(System.Byte[],QAmfILYAT7Mei9q2VYh) ldc.i4 11 br IL_007C: stloc V_2 ldloc.s V_3 ldlen <null> brfalse IL_013C: leave IL_0031 ldc.i4 3 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_cca91b4405fe41d3b4263dd7a06c73ab brtrue IL_0173: switch(IL_018F) pop <null> ldc.i4 0 br IL_0173: switch(IL_018F) br IL_016F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_016F: ldloc V_1 br IL_018F: leave IL_0031 leave IL_0031: ret ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_d9d2e09eb8c04848a8e088d11faf7434 brfalse IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_005B,IL_0032,IL_0031)
Module Name

Jjuklx.exe
Full Name

Jjuklx.exe
EntryPoint

System.Void r384REgHMwWuDiM8B7.UftxFDRpslLslp9X7S::XkjLbcaa7()
Scope Name

Jjuklx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jjuklx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void r384REgHMwWuDiM8B7.UftxFDRpslLslp9X7S::XkjLbcaa7()
Main IL Instruction Count

94
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_005B: nop ret <null> ldsfld MUpwAyYVvnOF0pHSjEg MUpwAyYVvnOF0pHSjEg::IWnYndVGKw call System.Void MUpwAyYVvnOF0pHSjEg::MHpYZ0inkI(MUpwAyYVvnOF0pHSjEg) ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_e68e448852284ee0b91e93fe929ce305 brfalse IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 4 br IL_000D: switch(IL_005B,IL_0032,IL_0031) nop <null> ldsfld qkjVVuY7IhCgkWM8Aln qkjVVuY7IhCgkWM8Aln::Fh0YvY4w3V call System.Byte[] qkjVVuY7IhCgkWM8Aln::MHpYZ0inkI(qkjVVuY7IhCgkWM8Aln) stloc.s V_3 ldc.i4 2 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) br IL_0080: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 11 beq IL_013C: leave IL_0031 ldloc V_2 ldc.i4 991 beq IL_0080: ldloc V_2 br IL_0114: ldloc.s V_3 ldloc.s V_3 ldsfld PCrF56YBgMDE8SumgRI PCrF56YBgMDE8SumgRI::EaDYDsW1Wj call System.Byte[] PCrF56YBgMDE8SumgRI::MHpYZ0inkI(System.Byte[],PCrF56YBgMDE8SumgRI) stloc.s V_3 ldc.i4 9 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6f461c53c3a841298dbbd1f3b8d1d0fe brfalse IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) pop <null> ldc.i4 1 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) ldloc.s V_3 ldsfld wojmEBYyNP44WtrdmAY wojmEBYyNP44WtrdmAY::OwcYpPdPOb call System.Byte[] wojmEBYyNP44WtrdmAY::MHpYZ0inkI(System.Byte[],wojmEBYyNP44WtrdmAY) stloc.s V_3 ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_0d6d9973bb75422bad880af70ecfc9c2 brtrue IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) pop <null> ldc.i4 8 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) ldloc.s V_3 ldsfld QAmfILYAT7Mei9q2VYh QAmfILYAT7Mei9q2VYh::zAtY3JUpBh call System.Void QAmfILYAT7Mei9q2VYh::MHpYZ0inkI(System.Byte[],QAmfILYAT7Mei9q2VYh) ldc.i4 11 br IL_007C: stloc V_2 ldloc.s V_3 ldlen <null> brfalse IL_013C: leave IL_0031 ldc.i4 3 br IL_0084: switch(IL_012A,IL_00E7,IL_00BA,IL_0114) leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_cca91b4405fe41d3b4263dd7a06c73ab brtrue IL_0173: switch(IL_018F) pop <null> ldc.i4 0 br IL_0173: switch(IL_018F) br IL_016F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_016F: ldloc V_1 br IL_018F: leave IL_0031 leave IL_0031: ret ldc.i4 0 ldsfld <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b} <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_6be82904dcac4d88be160f9c72c4719d ldfld System.Int32 <Module>{29bf81d5-577c-41b3-9037-3e2b1b6def5b}::m_d9d2e09eb8c04848a8e088d11faf7434 brfalse IL_000D: switch(IL_005B,IL_0032,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_005B,IL_0032,IL_0031)
9e649c7ca5e9480b42c8731203c074e9 (457.22 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙