Malicious
Malicious

a3a7353d3d067b66f9d918bb9c7cd952

PE Executable
|
MD5: a3a7353d3d067b66f9d918bb9c7cd952
|
Size: 558.08 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
a3a7353d3d067b66f9d918bb9c7cd952
Sha1
140456b65becf90fd16389743cef11db1569007f
Sha256
2c6f16b5868f5e059d3e54d18fd6042e77448c6783e3a85646d6c632803c958f
Sha384
27eb8e48fcf820da4c907c933178be000f565039bbcb4bc89b89dd61e535270d80850b1b0b70936493ca215009e8e04d
Sha512
d3c9b9f77265405e8792bfd84218326a2ffb8ab17f723d76b981fc521d6e8f9eb88a91ab05d67d6613621cf8df577711fec7d52e0f5fdd771c71b8a79b4cebdf
SSDeep
12288:BXGHsJtECqBLHD90i4KNCUBXW6N/FA8IsXWH1OsKVtP+Xw2IifJF3pOG:9GHsJi/J0i4KNH1/FyEg1OsKVtWXbIiA
TLSH
45C401C276A44F22C15066B2C8E7482917F9FAC73AB3C7463E4913461E413E5CE9BBC9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a3a7353d3d067b66f9d918bb9c7cd952
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
NWV1jNQnuA0P2ealpr.i6qRdwmI1nhWGqXmGO
9RuecVRlCdkbaMtgNy.Zd4lfTFo6TTPj1xhZI
538iymTRbX0QPCinVR.0waDbfEvE2Tahrhb3k
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Mpwwzhrpdl.exe
Full Name

Mpwwzhrpdl.exe
EntryPoint

System.Void rVKRagfOUIvCNl5m66.jKK3Janq2i553cPYLV::wMOp7eeXl()
Scope Name

Mpwwzhrpdl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mpwwzhrpdl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void rVKRagfOUIvCNl5m66.jKK3Janq2i553cPYLV::wMOp7eeXl()
Main IL Instruction Count

147
Main IL

ldc.i4 2 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0299: ldsfld B9SOCYRrFx1H1D2hTVo B9SOCYRrFx1H1D2hTVo::yibRymJsbu nop <null> ldsfld mHfNElRjHBknQAJKF0d mHfNElRjHBknQAJKF0d::DX9RetGO5H call System.Byte[] mHfNElRjHBknQAJKF0d::cR3R0fNv7E(mHfNElRjHBknQAJKF0d) stloc.s V_1 ldc.i4 7 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_23f4def44d0e4deb8ce1132cd419d838 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_006B: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 18 beq IL_0221: leave IL_0298 ldloc V_2 ldc.i4 998 beq IL_006B: ldloc V_2 br IL_0191: ldloc.s V_1 ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brtrue IL_01EE: ldloc.s V_1 ldc.i4 10 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_c768f9f503ac436391a1ba688e291d16 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 0 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_0157: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5dd34a69b64d4c76bbc4e60e035d7811 brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret ldc.i4 3 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_01C1: ldloc.s V_1 ldc.i4 10 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret ldc.i4 5 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_87f941e26a75436aba70af5d69cd343b brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld XFBar3RHtQ8VkmpeY2R XFBar3RHtQ8VkmpeY2R::N2fRx8bteR call System.Void XFBar3RHtQ8VkmpeY2R::cR3R0fNv7E(System.Byte[],XFBar3RHtQ8VkmpeY2R) ldc.i4 18 br IL_0067: stloc V_2 leave IL_0298: ret ldc.i4 7 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_88032ecd59e44626aae5d5abb0da3f6e brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 13 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brfalse IL_016D: leave IL_0298 ldc.i4 13 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_c24e0fa5857f4e358681300b474f56b3 brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 8 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld JQmmr2RamUDXy0xJvPT JQmmr2RamUDXy0xJvPT::FchRkpP5Hh call System.Byte[] JQmmr2RamUDXy0xJvPT::cR3R0fNv7E(System.Byte[],JQmmr2RamUDXy0xJvPT) stloc.s V_1 ldc.i4 2 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_429f5fdbd0a84619b4ab6639b37f9ce3 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 11 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld yMU3ovR5boCxXZxONwy yMU3ovR5boCxXZxONwy::l5OR6HSoHL call System.Byte[] yMU3ovR5boCxXZxONwy::cR3R0fNv7E(System.Byte[],yMU3ovR5boCxXZxONwy) stloc.s V_1 ldc.i4 6 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brfalse IL_0133: leave IL_0298 ldc.i4 9 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret pop <null> ldc.i4 5 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_21b8dfff120c413caa71dd49a37f73af brfalse IL_0258: switch(IL_0274) pop <null> ldc.i4 0 br IL_0258: switch(IL_0274) br IL_0254: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0254: ldloc V_0 br IL_0274: leave IL_0298 leave IL_0298: ret ldc.i4 2 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_239f95e434394f6fbcfa5f8b0d92b920 brtrue IL_000D: switch(IL_0298,IL_0031,IL_0299) pop <null> ldc.i4 0 br IL_000D: switch(IL_0298,IL_0031,IL_0299) ret <null> ldsfld B9SOCYRrFx1H1D2hTVo B9SOCYRrFx1H1D2hTVo::yibRymJsbu call System.Void B9SOCYRrFx1H1D2hTVo::cR3R0fNv7E(B9SOCYRrFx1H1D2hTVo) ldc.i4 1 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_caed41272dad425f82249e03d5035bb1 brtrue IL_000D: switch(IL_0298,IL_0031,IL_0299) pop <null> ldc.i4 0 br IL_000D: switch(IL_0298,IL_0031,IL_0299)
Module Name

Mpwwzhrpdl.exe
Full Name

Mpwwzhrpdl.exe
EntryPoint

System.Void rVKRagfOUIvCNl5m66.jKK3Janq2i553cPYLV::wMOp7eeXl()
Scope Name

Mpwwzhrpdl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Mpwwzhrpdl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void rVKRagfOUIvCNl5m66.jKK3Janq2i553cPYLV::wMOp7eeXl()
Main IL Instruction Count

147
Main IL

ldc.i4 2 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 990 beq IL_0009: ldloc V_3 br IL_0299: ldsfld B9SOCYRrFx1H1D2hTVo B9SOCYRrFx1H1D2hTVo::yibRymJsbu nop <null> ldsfld mHfNElRjHBknQAJKF0d mHfNElRjHBknQAJKF0d::DX9RetGO5H call System.Byte[] mHfNElRjHBknQAJKF0d::cR3R0fNv7E(mHfNElRjHBknQAJKF0d) stloc.s V_1 ldc.i4 7 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_23f4def44d0e4deb8ce1132cd419d838 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_006B: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 18 beq IL_0221: leave IL_0298 ldloc V_2 ldc.i4 998 beq IL_006B: ldloc V_2 br IL_0191: ldloc.s V_1 ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brtrue IL_01EE: ldloc.s V_1 ldc.i4 10 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_c768f9f503ac436391a1ba688e291d16 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 0 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_0157: ldloc.s V_1 ldc.i4 1 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5dd34a69b64d4c76bbc4e60e035d7811 brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret ldc.i4 3 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) br IL_01C1: ldloc.s V_1 ldc.i4 10 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret ldc.i4 5 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_87f941e26a75436aba70af5d69cd343b brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld XFBar3RHtQ8VkmpeY2R XFBar3RHtQ8VkmpeY2R::N2fRx8bteR call System.Void XFBar3RHtQ8VkmpeY2R::cR3R0fNv7E(System.Byte[],XFBar3RHtQ8VkmpeY2R) ldc.i4 18 br IL_0067: stloc V_2 leave IL_0298: ret ldc.i4 7 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_88032ecd59e44626aae5d5abb0da3f6e brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 13 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brfalse IL_016D: leave IL_0298 ldc.i4 13 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_c24e0fa5857f4e358681300b474f56b3 brfalse IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 8 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld JQmmr2RamUDXy0xJvPT JQmmr2RamUDXy0xJvPT::FchRkpP5Hh call System.Byte[] JQmmr2RamUDXy0xJvPT::cR3R0fNv7E(System.Byte[],JQmmr2RamUDXy0xJvPT) stloc.s V_1 ldc.i4 2 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_429f5fdbd0a84619b4ab6639b37f9ce3 brtrue IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) pop <null> ldc.i4 11 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld yMU3ovR5boCxXZxONwy yMU3ovR5boCxXZxONwy::l5OR6HSoHL call System.Byte[] yMU3ovR5boCxXZxONwy::cR3R0fNv7E(System.Byte[],yMU3ovR5boCxXZxONwy) stloc.s V_1 ldc.i4 6 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) ldloc.s V_1 ldsfld QTNn70RVeo1Pdp8usW1 QTNn70RVeo1Pdp8usW1::xrJRM8YAsM call System.Boolean QTNn70RVeo1Pdp8usW1::cR3R0fNv7E(System.Byte[],QTNn70RVeo1Pdp8usW1) brfalse IL_0133: leave IL_0298 ldc.i4 9 br IL_006F: switch(IL_0115,IL_016D,IL_0191,IL_01EE,IL_01C1,IL_00C1,IL_0206,IL_0157,IL_00F1,IL_0124,IL_0133) leave IL_0298: ret pop <null> ldc.i4 5 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_21b8dfff120c413caa71dd49a37f73af brfalse IL_0258: switch(IL_0274) pop <null> ldc.i4 0 br IL_0258: switch(IL_0274) br IL_0254: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0254: ldloc V_0 br IL_0274: leave IL_0298 leave IL_0298: ret ldc.i4 2 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_239f95e434394f6fbcfa5f8b0d92b920 brtrue IL_000D: switch(IL_0298,IL_0031,IL_0299) pop <null> ldc.i4 0 br IL_000D: switch(IL_0298,IL_0031,IL_0299) ret <null> ldsfld B9SOCYRrFx1H1D2hTVo B9SOCYRrFx1H1D2hTVo::yibRymJsbu call System.Void B9SOCYRrFx1H1D2hTVo::cR3R0fNv7E(B9SOCYRrFx1H1D2hTVo) ldc.i4 1 ldsfld <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4} <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_5cfe16b44ba94151baa9bd67a7439393 ldfld System.Int32 <Module>{b33e21b3-5666-41af-95ff-4a97b8667ab4}::m_caed41272dad425f82249e03d5035bb1 brtrue IL_000D: switch(IL_0298,IL_0031,IL_0299) pop <null> ldc.i4 0 br IL_000D: switch(IL_0298,IL_0031,IL_0299)
a3a7353d3d067b66f9d918bb9c7cd952 (558.08 KB)
File Structure
a3a7353d3d067b66f9d918bb9c7cd952
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
NWV1jNQnuA0P2ealpr.i6qRdwmI1nhWGqXmGO
9RuecVRlCdkbaMtgNy.Zd4lfTFo6TTPj1xhZI
538iymTRbX0QPCinVR.0waDbfEvE2Tahrhb3k
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙