Suspicious
Suspect

PE Executable
MD5: a28e53f4c28d651275400342368bea7e
Size: 1.85 MB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 a28e53f4c28d651275400342368bea7e
Sha1 edb263e94446397edd1c5450567a5d03405e1582
Sha256 4d2c089e16f83ff8b02cd60907278e5651b158595d6556d48847b4a184fded9c
Sha384 16a30950f788f702d2bb7b8c9f6fe7f9786a615866178cfe8d4f8127f0474eac4d55437e103431255829037ff5584450
Sha512 e0e827e888a347066b05da3106c6841a9a4177ea1775fa6c2536435d68011d2ef0985e6425195c314831e741adbf11eb0a3afe18d4ec9302002350647e8ce157
SSDeep 49152:d3do8dS3S2ZDrS71rE6gS1A2cOPrSTqS:dFAjZDr+1rE6F8OjSX
TLSH 188533A4B853D685C772AFBFABAB9CC7234007C30726D48BE31B21EF9892585C95D15C
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
Name Value
Module Name
temploader.exe
Full Name
temploader.exe
EntryPoint
System.Void a.a::Main()
Scope Name
temploader.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
temploader
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
3
Main Method
System.Void a.a::Main()
Main IL Instruction Count
37
Main IL
call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly()
ldstr Px4Rw514Fqb1rXXh8oUthQ==
ldstr KQYWH/CTT6t3Wl1W1xOJX4sYrYrBRqIndk3fLIDI7As=
ldstr u3mGxubi9EdJXc3k9SMoLg==
call System.String 讻஘뫃ྻﳻ栤騭땞旞䋁::萭Ⴞ퀺皍윕賄㧙볝颖(System.String,System.String,System.String)
callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String)
stloc.0 <null>
newobj System.Void System.IO.MemoryStream::.ctor()
stloc.1 <null>
ldloc.0 <null>
ldc.i4.0 <null>
newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode)
stloc.2 <null>
ldloc.2 <null>
ldloc.1 <null>
callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream)
leave IL_0046: ldloc.1
ldloc.2 <null>
brfalse IL_0045: endfinally
ldloc.2 <null>
callvirt System.Void System.IDisposable::Dispose()
endfinally <null>
ldloc.1 <null>
callvirt System.Byte[] System.IO.MemoryStream::ToArray()
call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint()
ldnull <null>
ldnull <null>
callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[])
pop <null>
leave IL_0070: ret
ldloc.0 <null>
brfalse IL_006F: endfinally
ldloc.0 <null>
callvirt System.Void System.IDisposable::Dispose()
endfinally <null>
ret <null>
Module Name
temploader.exe
Full Name
temploader.exe
EntryPoint
System.Void a.a::Main()
Scope Name
temploader.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
temploader
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
3
Main Method
System.Void a.a::Main()
Main IL Instruction Count
37
Main IL
call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly()
ldstr Px4Rw514Fqb1rXXh8oUthQ==
ldstr KQYWH/CTT6t3Wl1W1xOJX4sYrYrBRqIndk3fLIDI7As=
ldstr u3mGxubi9EdJXc3k9SMoLg==
call System.String 讻஘뫃ྻﳻ栤騭땞旞䋁::萭Ⴞ퀺皍윕賄㧙볝颖(System.String,System.String,System.String)
callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String)
stloc.0 <null>
newobj System.Void System.IO.MemoryStream::.ctor()
stloc.1 <null>
ldloc.0 <null>
ldc.i4.0 <null>
newobj System.Void System.IO.Compression.DeflateStream::.ctor(System.IO.Stream,System.IO.Compression.CompressionMode)
stloc.2 <null>
ldloc.2 <null>
ldloc.1 <null>
callvirt System.Void System.IO.Stream::CopyTo(System.IO.Stream)
leave IL_0046: ldloc.1
ldloc.2 <null>
brfalse IL_0045: endfinally
ldloc.2 <null>
callvirt System.Void System.IDisposable::Dispose()
endfinally <null>
ldloc.1 <null>
callvirt System.Byte[] System.IO.MemoryStream::ToArray()
call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint()
ldnull <null>
ldnull <null>
callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[])
pop <null>
leave IL_0070: ret
ldloc.0 <null>
brfalse IL_006F: endfinally
ldloc.0 <null>
callvirt System.Void System.IDisposable::Dispose()
endfinally <null>
ret <null>
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
a
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙