Malicious
Malicious

a985c254ed2d791688736f83ee2befde

Share on LinkedIn
Print
PE Executable
MD5: a985c254ed2d791688736f83ee2befde
Size: 245.76 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 a985c254ed2d791688736f83ee2befde
Sha1 397819924ee78628c50f09b86a88b10ce6eb4299
Sha256 6e00f52072b251d58ce01eecd95aa6022db7ba161e7d68d2c224091392f6c832
Sha384 262d7809a441f8d1d97a0b88740a98a68bc273a12efd35ae44fe191f63fe5f2292a5b322881803673457013751d8c613
Sha512 94f19d14da9c7c4722adef337b7e946181a44104c0ff0bb6d23c1b7f91d74b3d193d066d211e0ca2adc2b60234bc3f2b8331e4044b24d6d5757bc92663a7b022
SSDeep 3072:LPLdNyKayCB+FI18Gy4gETHo9rG8KaG5jnThSqwufzz:LDPyKayC0+C+sq8KaWTc
TLSH 3F340F027F88E715E1A93E3782EF6C2453B2B4C71633C60BAF49AF5524516826C7E72D
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
Module Name
8N57q4CivJ
Full Name
8N57q4CivJ
EntryPoint
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name
8N57q4CivJ
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
1093
Main Method
System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count
62
Main IL
ldc.i4 0
stloc V_0
br IL_00EF: br IL_000E
nop <null>
ldloc V_0
ldc.i4 3
ceq <null>
brfalse IL_002D: nop
call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4()
ldc.i4 4
stloc V_0
nop <null>
ldloc V_0
ldc.i4 1
ceq <null>
brfalse IL_0051: nop
ldc.i4 4080
call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType)
ldc.i4 2
stloc V_0
nop <null>
ldloc V_0
ldc.i4 4
ceq <null>
brfalse IL_0070: nop
call System.Void System.Windows.Forms.Application::Run()
ldc.i4 5
stloc V_0
nop <null>
ldloc V_0
ldc.i4 2
ceq <null>
brfalse IL_00BE: nop
call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback()
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldnull <null>
ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors)
newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr)
stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1
call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate)
castclass System.Net.Security.RemoteCertificateValidationCallback
call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback)
ldc.i4 3
stloc V_0
nop <null>
ldloc V_0
ldc.i4 0
ceq <null>
brfalse IL_00D9: nop
nop <null>
ldc.i4 1
stloc V_0
nop <null>
ldloc V_0
ldc.i4 5
ceq <null>
brfalse IL_00EF: br IL_000E
br IL_00F4: ret
br IL_000E: nop
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙