a76608659475c564b9109baa32cfb909

PE Executable
|
MD5: a76608659475c564b9109baa32cfb909
|
Size: 786.43 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	a76608659475c564b9109baa32cfb909
Sha1	7730561ef93d1e21317c2626c48074a3cdcc45ac
Sha256	0bc82bb26cb3d406af76d32000082138a09381c2bd2c26039590f694fba5fb18
Sha384	98b6bb504b253b92ab96a3d0b9be2b7e1dea5c8723664427f981d8e500d4b5fc5117d24cbd6ab38f6c7f3e5bbe262ab9
Sha512	5075b65dfa0415b9d384f4b9b3489f2315ba3e9bacb3b2adc30c139df1f8b38f80115fe2b32686c5c43964f113ca2c2a5e124b9d0146b6699675a0be2779612d
SSDeep	12288:sM0Vc43ZyN4g4J7Zhgviexziw5pmTloSiCbf:RH4Jkn4Jle5xziw54eOb
TLSH	A3F41BC6D59190E0F97E8474A0771C36A6573CBED7A82A9F2288B1012E735D3643BF1B

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	4.Scr
Full Name	4.Scr
EntryPoint	System.Void Bound.Open::Main()
Scope Name	4.Scr
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	4
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	7
Main Method	System.Void Bound.Open::Main()
Main IL Instruction Count	43
Main IL	ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr RwozeECDRk.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr aXIDHDNJaq callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr RwozeECDRk.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr T_bkZNGTsj.docx call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr bcqqADJxOB callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr T_bkZNGTsj.docx call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>
Module Name	4.Scr
Full Name	4.Scr
EntryPoint	System.Void Bound.Open::Main()
Scope Name	4.Scr
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	4
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	7
Main Method	System.Void Bound.Open::Main()
Main IL Instruction Count	43
Main IL	ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr RwozeECDRk.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr aXIDHDNJaq callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr RwozeECDRk.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr T_bkZNGTsj.docx call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr bcqqADJxOB callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr T_bkZNGTsj.docx call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>

a76608659475c564b9109baa32cfb909 (786.43 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

a76608659475c564b9109baa32cfb909

PE Executable | MD5: a76608659475c564b9109baa32cfb909 | Size: 786.43 KB | application/x-dosexec

PE Executable
|
MD5: a76608659475c564b9109baa32cfb909
|
Size: 786.43 KB
|
application/x-dosexec