Suspicious
Suspect

adaa52701d30a2cb5f092218fef8948b

PE Executable
|
MD5: adaa52701d30a2cb5f092218fef8948b
|
Size: 1 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
adaa52701d30a2cb5f092218fef8948b
Sha1
876229cbde628167578eb2cd7c15fe7104cc52fc
Sha256
8e7ea1546b86935573d6ebcb6017b10557cedf8bc168243fdfcecf84b02f15d3
Sha384
13fd3f840c139bdec65988445568b23742e311e2118eefbd65c4775b76120cec9623310c3e93e61129fef7cd4170fd35
Sha512
3459b31e35ac8d87a36d85bb4a01e8d64b5763c00b41c764d450517b6ecc0f568270309b6e465c6adcfccf643a13753c89f0f1b661c71d4da3eb5b89879a22af
SSDeep
24576:IrCwluXZC6DnaABg/dw9yUJPrEBXFKyt66aIRx1n9xoSMP9dO:I0ZC4aAqdw9jJPwZ2nIRxV9xoVI
TLSH
1D250187C15812D5EC8A5F76A4375C6811AB7FAEFC7C685F622A71620B732C7102AC1F

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
File Structure
adaa52701d30a2cb5f092218fef8948b
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Iqzjlkyerue.Properties.Resources.resources
Miyor
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xF1800 size 11896 bytes
Module Name

simat-.exe
Full Name

simat-.exe
EntryPoint

System.Void simat-.Services.RandomService::ReflectService()
Scope Name

simat-.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

simat-
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void simat-.Services.RandomService::ReflectService()
Main IL Instruction Count

38
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0057: ret newobj System.Void simat-.Services.ServiceHandler::.ctor() call System.Byte[] simat-.Services.ServiceHandler::IdleControllableService() stloc.s V_2 ldc.i4 1 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_6d58e90bcf9b45379403162627796657 brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 1 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) ret <null> newobj System.Void simat-.Services.ServiceFunction::.ctor() ldloc.s V_1 call System.Void simat-.Services.ServiceFunction::RunMonoService(System.Byte[]) ldc.i4 0 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_8be6ac8dda5a46379da58a1ce100165c brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 0 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) newobj System.Void Iqzjlkyerue.Monitoring.WatcherDistributor::.ctor() ldloc.s V_2 call System.Byte[] Iqzjlkyerue.Monitoring.WatcherDistributor::CancelWatcher(System.Byte[]) stloc.s V_1 ldc.i4 3 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_3b28ca66ed124d8eb1e83135abf4c709 brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 3 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058)
Module Name

simat-.exe
Full Name

simat-.exe
EntryPoint

System.Void simat-.Services.RandomService::ReflectService()
Scope Name

simat-.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

simat-
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void simat-.Services.RandomService::ReflectService()
Main IL Instruction Count

38
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0057: ret newobj System.Void simat-.Services.ServiceHandler::.ctor() call System.Byte[] simat-.Services.ServiceHandler::IdleControllableService() stloc.s V_2 ldc.i4 1 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_6d58e90bcf9b45379403162627796657 brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 1 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) ret <null> newobj System.Void simat-.Services.ServiceFunction::.ctor() ldloc.s V_1 call System.Void simat-.Services.ServiceFunction::RunMonoService(System.Byte[]) ldc.i4 0 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_8be6ac8dda5a46379da58a1ce100165c brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 0 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) newobj System.Void Iqzjlkyerue.Monitoring.WatcherDistributor::.ctor() ldloc.s V_2 call System.Byte[] Iqzjlkyerue.Monitoring.WatcherDistributor::CancelWatcher(System.Byte[]) stloc.s V_1 ldc.i4 3 ldsfld <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5} <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_d866261a3b6b4c678ef6c36f69b8c25e ldfld System.Int32 <Module>{6e5cfd45-e56a-42a7-bfdc-64f207c94ff5}::m_3b28ca66ed124d8eb1e83135abf4c709 brtrue IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058) pop <null> ldc.i4 3 br IL_0012: switch(IL_0057,IL_0083,IL_002C,IL_0058)
Artefacts
Name
 Value
URLs in VB Code - #1

http://ocsp.globalsign.com/codesigningrootr450F
URLs in VB Code - #2

http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
URLs in VB Code - #3

http://crl.globalsign.com/codesigningrootr45.crl0U
URLs in VB Code - #4

https://www.globalsign.com/repository/0
URLs in VB Code - #5

http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0
URLs in VB Code - #6

http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
URLs in VB Code - #7

http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
URLs in VB Code - #8

http://ocsp.globalsign.com/ca/gstsacasha384g40C
URLs in VB Code - #9

http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
URLs in VB Code - #10

http://crl.globalsign.com/ca/gstsacasha384g4.crl0
URLs in VB Code - #11

http://ocsp2.globalsign.com/rootr606
URLs in VB Code - #12

http://crl.globalsign.com/root-r6.crl0G
adaa52701d30a2cb5f092218fef8948b (1 MB)
File Structure
adaa52701d30a2cb5f092218fef8948b
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Iqzjlkyerue.Properties.Resources.resources
Miyor
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://ocsp.globalsign.com/codesigningrootr450F

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #2

http://secure.globalsign.com/cacert/codesigningrootr45.crt0A

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #3

http://crl.globalsign.com/codesigningrootr45.crl0U

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #4

https://www.globalsign.com/repository/0

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #5

http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #6

http://ocsp.globalsign.com/gsgccr45evcodesignca20200U

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #7

http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #8

http://ocsp.globalsign.com/ca/gstsacasha384g40C

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #9

http://secure.globalsign.com/cacert/gstsacasha384g4.crt0

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #10

http://crl.globalsign.com/ca/gstsacasha384g4.crl0

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #11

http://ocsp2.globalsign.com/rootr606

adaa52701d30a2cb5f092218fef8948b
URLs in VB Code - #12

http://crl.globalsign.com/root-r6.crl0G

adaa52701d30a2cb5f092218fef8948b
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙