Malicious
a985c254ed2d791688736f83ee2befde
PE Executable
MD5: a985c254ed2d791688736f83ee2befde
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Medium
| MD5 | a985c254ed2d791688736f83ee2befde |
| Sha1 | 397819924ee78628c50f09b86a88b10ce6eb4299 |
| Sha256 | 6e00f52072b251d58ce01eecd95aa6022db7ba161e7d68d2c224091392f6c832 |
| Sha384 | 262d7809a441f8d1d97a0b88740a98a68bc273a12efd35ae44fe191f63fe5f2292a5b322881803673457013751d8c613 |
| Sha512 | 94f19d14da9c7c4722adef337b7e946181a44104c0ff0bb6d23c1b7f91d74b3d193d066d211e0ca2adc2b60234bc3f2b8331e4044b24d6d5757bc92663a7b022 |
| SSDeep | 3072:LPLdNyKayCB+FI18Gy4gETHo9rG8KaG5jnThSqwufzz:LDPyKayC0+C+sq8KaWTc |
| TLSH | 3F340F027F88E715E1A93E3782EF6C2453B2B4C71633C60BAF49AF5524516826C7E72D |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
| Module Name | 8N57q4CivJ |
| Full Name | 8N57q4CivJ |
| EntryPoint | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Scope Name | 8N57q4CivJ |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | f45b853c-c9d3-495e-9acb-d41a4a90029f |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 1093 |
| Main Method | System.Void HezT.lgBKovGgL::CsvxrnfLmFv() |
| Main IL Instruction Count | 62 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.