Malicious
Malicious

a5bfe315a405a766848f24e17201dc2e

PE Executable
|
MD5: a5bfe315a405a766848f24e17201dc2e
|
Size: 1.19 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a5bfe315a405a766848f24e17201dc2e
Sha1
daadfc1a18f063e2e5cb966b829399e7f960b917
Sha256
8f007c143c969158f00b6d71d656abaf7843ca93a99b97b8728677d92e3b3d5d
Sha384
fb88a101f5a674515642797da66017ffa055dce5ec1ac5f9e1ed68770fa86542284e5a102996f13a1c548ba52f05bdba
Sha512
8e57e23980b3c49e99afa7681df6f339b4e02cffd797a8a4988a1703743a0d1ce53f8b6118bd19b0e36de7798500b0c10ed18efa1dfcd1ad787d54eef988bac2
SSDeep
24576:F6eZu+91hUVHZ2s7htm18lb2bM+Rfgpnhkn:Fk+PEHrllhn
TLSH
5B4549017E46CA11F4191233C2EF858847B1995166E6F72B7DBE376DA5223A33C0E9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a5bfe315a405a766848f24e17201dc2e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Informations
Name
 Value
Module Name

ba3erGYZ1bovZYxqGmZXO4cL4N
Full Name

ba3erGYZ1bovZYxqGmZXO4cL4N
EntryPoint

System.Void NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::rZOlGjqvSM()
Scope Name

ba3erGYZ1bovZYxqGmZXO4cL4N
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

HhxS17sB83v938gDYJsnQRrfY76S
Assembly Version

5.9.7.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::rZOlGjqvSM()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void DeKLmsl2VFWag1ZDFlB.aRMkLOlggxLfdSwsGDt::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::Ut9lPgmrMy callvirt System.Void xDPrbrDgOkNuD0MjqqE.tKgkEFDM5n8FyrgMude::b1bKjlbOuH() nop <null> ret <null>
Module Name

ba3erGYZ1bovZYxqGmZXO4cL4N
Full Name

ba3erGYZ1bovZYxqGmZXO4cL4N
EntryPoint

System.Void NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::rZOlGjqvSM()
Scope Name

ba3erGYZ1bovZYxqGmZXO4cL4N
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

HhxS17sB83v938gDYJsnQRrfY76S
Assembly Version

5.9.7.5
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::rZOlGjqvSM()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void DeKLmsl2VFWag1ZDFlB.aRMkLOlggxLfdSwsGDt::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object NHkyAND4AOdC8BIXAar.KIALNKDpZjZpiCVToOJ::Ut9lPgmrMy callvirt System.Void xDPrbrDgOkNuD0MjqqE.tKgkEFDM5n8FyrgMude::b1bKjlbOuH() nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
a5bfe315a405a766848f24e17201dc2e (1.19 MB)
File Structure
a5bfe315a405a766848f24e17201dc2e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

2

a5bfe315a405a766848f24e17201dc2e
Suspicious Type Names (1-2 chars)

0

a5bfe315a405a766848f24e17201dc2e
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙