Malicious
Malicious

a63e78f27cb65893b5b01cf16b0bfeb1

PE Executable
|
MD5: a63e78f27cb65893b5b01cf16b0bfeb1
|
Size: 806.4 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a63e78f27cb65893b5b01cf16b0bfeb1
Sha1
911026c6e4ce5d4de453b39a6622e206beb9ac7e
Sha256
fc5c91700fb838ff8b8c95de4589abb550f4dad3699ff599fe27377f287a9c30
Sha384
2726b5c341d931aee980d50eab29c895b6ede251830d1a46661c89583323d35250fa26197ca16b84f3615df51a80befb
Sha512
6a4c96e384ea3ceff13c30a7f305e681b7627da4d741732044a75ed15adf27f667c29ce5c952fff2078a9c5249a1ee43a7092f2cfad2e1da114768c0421fed03
SSDeep
12288:z7c9rJOR4QwLVTA9rV7j8cQ4DQINWi7a8sFoFw7:z7c9rq4Hxsr7pQMHWWa8LF
TLSH
9B051B077D478EA0C2065B32C4A71450976C96823323D70F7EAB1365FBB33BE654A6A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a63e78f27cb65893b5b01cf16b0bfeb1
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
76uZJ5FS8qiDYBTDWB.9WGIRPGRtsVgiBWR7W
MFrfabDjqo9TDAVhS5.wxRoZGE5uc4QaaQ0xB
QE8gPoL5lUqwnw7YG0.kvWW9qMhq3DWt0McGU
iZtIQ9JLe2M1MKi2CP.vpsndNKWEReIFo0TPo
ZiNxYeBJ5wTHdXIAru.970YdGCkHmpSXOhIoM
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

E7BF2D111328635459
Full Name

E7BF2D111328635459
EntryPoint

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Scope Name

E7BF2D111328635459
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

B1692F1A28B51316084818
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

47
Main Method

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Main IL Instruction Count

37
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_005D: ret ldarg.0 <null> ldsfld EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK::BLEIIEGKIIAPDGMFJCECHKDMJHMCMOKPPOBI call System.Threading.Tasks.Task EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK::OCHLGMNAHFPMFFMCCEGDNFOLGPFBABHFGOFM(System.String[],EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_1 ldc.i4 3 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_0a8bd244aa7f419c921420edf4888aae brtrue IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 3 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) ret <null> ldloca.s V_1 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 0 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_34bc95f4a0d84aecbe0f89161cab8b85 brfalse IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) ldsfld ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM::BLEIIEGKIIAPDGMFJCECHKDMJHMCMOKPPOBI call System.Void ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM::OCHLGMNAHFPMFFMCCEGDNFOLGPFBABHFGOFM(ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM) ldc.i4 0 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_f956c6700c624e249466223cb43607f1 brtrue IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 1 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E)
Module Name

E7BF2D111328635459
Full Name

E7BF2D111328635459
EntryPoint

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Scope Name

E7BF2D111328635459
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

B1692F1A28B51316084818
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

47
Main Method

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Main IL Instruction Count

37
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_005D: ret ldarg.0 <null> ldsfld EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK::BLEIIEGKIIAPDGMFJCECHKDMJHMCMOKPPOBI call System.Threading.Tasks.Task EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK::OCHLGMNAHFPMFFMCCEGDNFOLGPFBABHFGOFM(System.String[],EDNBMKGODLCCJEHBLOMMCHJEBMBOJAJHMBFK) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_1 ldc.i4 3 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_0a8bd244aa7f419c921420edf4888aae brtrue IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 3 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) ret <null> ldloca.s V_1 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 0 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_34bc95f4a0d84aecbe0f89161cab8b85 brfalse IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 0 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) ldsfld ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM::BLEIIEGKIIAPDGMFJCECHKDMJHMCMOKPPOBI call System.Void ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM::OCHLGMNAHFPMFFMCCEGDNFOLGPFBABHFGOFM(ICOAEBBJCBNFIKAIOMLGPDLPGOBAOAECKDDM) ldc.i4 0 ldsfld <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4} <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_55752ddce8764345acc7057cd2020dc0 ldfld System.Int32 <Module>{de88e8ff-76db-4d5d-870c-06f2a9e5ffa4}::m_f956c6700c624e249466223cb43607f1 brtrue IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E) pop <null> ldc.i4 1 br IL_0012: switch(IL_005D,IL_002C,IL_0084,IL_005E)
a63e78f27cb65893b5b01cf16b0bfeb1 (806.4 KB)
File Structure
a63e78f27cb65893b5b01cf16b0bfeb1
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
76uZJ5FS8qiDYBTDWB.9WGIRPGRtsVgiBWR7W
MFrfabDjqo9TDAVhS5.wxRoZGE5uc4QaaQ0xB
QE8gPoL5lUqwnw7YG0.kvWW9qMhq3DWt0McGU
iZtIQ9JLe2M1MKi2CP.vpsndNKWEReIFo0TPo
ZiNxYeBJ5wTHdXIAru.970YdGCkHmpSXOhIoM
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙