Malicious
Malicious

a0b4085cf946ec17dfc382a16f873405

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: a0b4085cf946ec17dfc382a16f873405
Size: 783.36 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
a0b4085cf946ec17dfc382a16f873405
Sha1
cdaf10e2379a3cd341e1b9aed793fb372c4e274b
Sha256
56865486886b3755cdf0b29a53d0d599d100565a609f8217e18b3983359b8e7f
Sha384
a6281f090f0176a45b3375020e7a0d51d713e20bb0a8fb647fac2d75d6543854dd43eee864ff1eebba876dea00948a9f
Sha512
4fac107358d06415d8c6225616a79b9c4b8acdfa94cd1dd830da7e47e2eb74ca9d7e2d400310757d31ff85e5f4647484a3e90b6f5916a545199755cef5c0ab9a
SSDeep
12288:q7w9G/YgmDYe3OCcizJZuEfmDKmD53gc+mTmQ1YUeo7wlMGW7tQu:wwjg+3mmLL+DhD53+0YUV7EMGyx
TLSH
D1F4BE1B72528F21D2881232C1DB151193F0644B7A77E71E7A8527DA29033FBEE4B79B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a0b4085cf946ec17dfc382a16f873405
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
R5xnIebIgKPyHg40R1.6oyVSdlZ7d97F9ijRp
Z4wxhwkKiMh5PAiIjU.wCNDwUL0AOgSKSZBAU
PiWJkhidMKYVhoBM8o.mI0g7MNpFG5yljNnoR
QPGnRgqNTFXUw45TRy.IBjfpUJKiRgGC4acGE
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Heyynxph.exe
Full Name

Heyynxph.exe
EntryPoint

System.Void pN9kEjKYd9x5rIYyBm.ziAtxES1LS7Do14VWx::uf0nrP9Jt()
Scope Name

Heyynxph.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Heyynxph
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void pN9kEjKYd9x5rIYyBm.ziAtxES1LS7Do14VWx::uf0nrP9Jt()
Main IL Instruction Count

63
Main IL

ldc.i4 2 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 990 beq IL_0009: ldloc V_2 br IL_0032: call System.Void MZN7QOJOudjMoVRQDh1.fmyxsNJc5OhGVdgbW6U::kLjw4iIsCLsZtxc4lksN0j() ret <null> call System.Void MZN7QOJOudjMoVRQDh1.fmyxsNJc5OhGVdgbW6U::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 6 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_cfeae103cb344ffcaaa0df0dc9b9a3bc brtrue IL_000D: switch(IL_0031,IL_0056,IL_0032) pop <null> ldc.i4 1 br IL_000D: switch(IL_0031,IL_0056,IL_0032) nop <null> newobj System.Void QAtSpTw1Us8Pb5nqfe.OA3fohxjMERCAp7wvn::.ctor() call System.Byte[] Tgzaghcw.Properties.Ihtvmsvdww::get_Kpjatu() callvirt System.Void QAtSpTw1Us8Pb5nqfe.OA3fohxjMERCAp7wvn::rZ0jCNQgp(System.Byte[]) ldc.i4 0 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_08a7949e487f4685a5de789ccaa67244 brtrue IL_0097: switch(IL_00B3) pop <null> ldc.i4 3 br IL_0097: switch(IL_00B3) br IL_0093: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0093: ldloc V_0 br IL_00B3: leave IL_0031 leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_62b0c02826c24f6c8dbcaf9fe7e34149 brtrue IL_00EA: switch(IL_0106) pop <null> ldc.i4 0 br IL_00EA: switch(IL_0106) br IL_00E6: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_00E6: ldloc V_1 br IL_0106: leave IL_0031 leave IL_0031: ret ldc.i4 0 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_0ce0a8fa983349a286a8a9c02d0bf006 brfalse IL_000D: switch(IL_0031,IL_0056,IL_0032) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0056,IL_0032)
Module Name

Heyynxph.exe
Full Name

Heyynxph.exe
EntryPoint

System.Void pN9kEjKYd9x5rIYyBm.ziAtxES1LS7Do14VWx::uf0nrP9Jt()
Scope Name

Heyynxph.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Heyynxph
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void pN9kEjKYd9x5rIYyBm.ziAtxES1LS7Do14VWx::uf0nrP9Jt()
Main IL Instruction Count

63
Main IL

ldc.i4 2 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 990 beq IL_0009: ldloc V_2 br IL_0032: call System.Void MZN7QOJOudjMoVRQDh1.fmyxsNJc5OhGVdgbW6U::kLjw4iIsCLsZtxc4lksN0j() ret <null> call System.Void MZN7QOJOudjMoVRQDh1.fmyxsNJc5OhGVdgbW6U::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 6 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_cfeae103cb344ffcaaa0df0dc9b9a3bc brtrue IL_000D: switch(IL_0031,IL_0056,IL_0032) pop <null> ldc.i4 1 br IL_000D: switch(IL_0031,IL_0056,IL_0032) nop <null> newobj System.Void QAtSpTw1Us8Pb5nqfe.OA3fohxjMERCAp7wvn::.ctor() call System.Byte[] Tgzaghcw.Properties.Ihtvmsvdww::get_Kpjatu() callvirt System.Void QAtSpTw1Us8Pb5nqfe.OA3fohxjMERCAp7wvn::rZ0jCNQgp(System.Byte[]) ldc.i4 0 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_08a7949e487f4685a5de789ccaa67244 brtrue IL_0097: switch(IL_00B3) pop <null> ldc.i4 3 br IL_0097: switch(IL_00B3) br IL_0093: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0093: ldloc V_0 br IL_00B3: leave IL_0031 leave IL_0031: ret pop <null> ldc.i4 1 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_62b0c02826c24f6c8dbcaf9fe7e34149 brtrue IL_00EA: switch(IL_0106) pop <null> ldc.i4 0 br IL_00EA: switch(IL_0106) br IL_00E6: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_00E6: ldloc V_1 br IL_0106: leave IL_0031 leave IL_0031: ret ldc.i4 0 ldsfld <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38} <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_28d1f381ba6249edb0287930d944334b ldfld System.Int32 <Module>{fb2c3d95-441f-40b9-ba52-ceb346831e38}::m_0ce0a8fa983349a286a8a9c02d0bf006 brfalse IL_000D: switch(IL_0031,IL_0056,IL_0032) pop <null> ldc.i4 0 br IL_000D: switch(IL_0031,IL_0056,IL_0032)
a0b4085cf946ec17dfc382a16f873405 (783.36 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙