a6dc975f4298f25dfeb66794032d4f80

PE Executable
|
MD5: a6dc975f4298f25dfeb66794032d4f80
|
Size: 47.1 KB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	a6dc975f4298f25dfeb66794032d4f80
Sha1	443409df2da0b232d60aff5603a75c6b02dfecf3
Sha256	9a26897e1061fb4e54e78b427a4b605aba58e30243c3c72fc4d3d32fe58a703a
Sha384	87c32d53e5749b16af48d6621c4f8380764b0228aa016eda2efa4dc9921d556747df78d7b719059ebf84e6501fca7a08
Sha512	04d44178e0deb25421986fcbd3bd11f0884af491fd2e901deb57ca42c4c2566a151aa57a6ed1a7d873f4db622f02f7b8aa1ec6c9130c960a016f12f74bf3b4d4
SSDeep	768:bBjWX2Exr65oNAHCOQF21Chp2mSXrOrOKX+NaZA9ij:pKZ65UAHrQI1ip2prOv+NaZA4j
TLSH	6323E009A5DCD827E7BE0BBC9DD2EA8543E65A390292F39FBC40B5C4285E3511462B13

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	XClient.exe
Full Name	XClient.exe
EntryPoint	System.Int32 <Module>::Main(System.String[])
Scope Name	XClient.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XClient
Assembly Version	11.0.19041.4355
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1
Main Method	System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count	100
Main IL	ldc.i4 8287 pop <null> ldc.i4 8287 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.1 <null> ldloc.1 <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.2 <null> ldloc.0 <null> ldc.i4 -883985033 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.3 <null> ldloca.s V_3 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.s V_4 ldloc.1 <null> ldstr koi ldloc.s V_4 callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) stloc.s V_5 ldloc.s V_4 ldc.i4.0 <null> ldloc.s V_4 ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_3 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.2 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) ldloc.s V_5 ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) stloc.s V_6 ldloc.s V_6 callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_7 ldloc.s V_7 ldlen <null> conv.i4 <null> brfalse.s IL_00E0: ldloc.s V_6 ldloc.s V_7 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldloc.s V_6 ldnull <null> ldloc.s V_7 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_8 ldloc.s V_8 isinst System.Int32 brfalse.s IL_00FD: ldc.i4.0 ldloc.s V_8 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>
Module Name	XClient.exe
Full Name	XClient.exe
EntryPoint	System.Int32 <Module>::Main(System.String[])
Scope Name	XClient.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XClient
Assembly Version	11.0.19041.4355
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1
Main Method	System.Int32 <Module>::Main(System.String[])
Main IL Instruction Count	100
Main IL	ldc.i4 8287 pop <null> ldc.i4 8287 newarr System.UInt32 dup <null> ldtoken <Module>/DataType <Module>::DataField call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.0 <null> call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.1 <null> ldloc.1 <null> callvirt System.Reflection.Module System.Reflection.Assembly::get_ManifestModule() stloc.2 <null> ldloc.0 <null> ldc.i4 -883985033 call System.Runtime.InteropServices.GCHandle <Module>::Decrypt(System.UInt32[],System.UInt32) stloc.3 <null> ldloca.s V_3 call System.Object System.Runtime.InteropServices.GCHandle::get_Target() castclass System.Byte[] stloc.s V_4 ldloc.1 <null> ldstr koi ldloc.s V_4 callvirt System.Reflection.Module System.Reflection.Assembly::LoadModule(System.String,System.Byte[]) stloc.s V_5 ldloc.s V_4 ldc.i4.0 <null> ldloc.s V_4 ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloca.s V_3 call System.Void System.Runtime.InteropServices.GCHandle::Free() ldloc.0 <null> ldc.i4.0 <null> ldloc.0 <null> ldlen <null> conv.i4 <null> call System.Void System.Array::Clear(System.Array,System.Int32,System.Int32) ldloc.2 <null> ldc.i4 285212673 callvirt System.Byte[] System.Reflection.Module::ResolveSignature(System.Int32) stsfld System.Byte[] <Module>::key call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Reflection.Assembly <Module>::Resolve(System.Object,System.ResolveEventArgs) newobj System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler) ldloc.s V_5 ldsfld System.Byte[] <Module>::key ldc.i4.0 <null> ldelem.u1 <null> ldsfld System.Byte[] <Module>::key ldc.i4.1 <null> ldelem.u1 <null> ldc.i4.8 <null> shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.2 <null> ldelem.u1 <null> ldc.i4.s 16 shl <null> or <null> ldsfld System.Byte[] <Module>::key ldc.i4.3 <null> ldelem.u1 <null> ldc.i4.s 24 shl <null> or <null> callvirt System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32) stloc.s V_6 ldloc.s V_6 callvirt System.Reflection.ParameterInfo[] System.Reflection.MethodBase::GetParameters() ldlen <null> conv.i4 <null> newarr System.Object stloc.s V_7 ldloc.s V_7 ldlen <null> conv.i4 <null> brfalse.s IL_00E0: ldloc.s V_6 ldloc.s V_7 ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> ldloc.s V_6 ldnull <null> ldloc.s V_7 callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) stloc.s V_8 ldloc.s V_8 isinst System.Int32 brfalse.s IL_00FD: ldc.i4.0 ldloc.s V_8 unbox.any System.Int32 ret <null> ldc.i4.0 <null> ret <null>

a6dc975f4298f25dfeb66794032d4f80 (47.1 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

a6dc975f4298f25dfeb66794032d4f80

PE Executable | MD5: a6dc975f4298f25dfeb66794032d4f80 | Size: 47.1 KB | application/x-dosexec

PE Executable
|
MD5: a6dc975f4298f25dfeb66794032d4f80
|
Size: 47.1 KB
|
application/x-dosexec