af896fe25eb9b9cae25f12947756d5e7

PE Executable
|
MD5: af896fe25eb9b9cae25f12947756d5e7
|
Size: 1.99 MB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	af896fe25eb9b9cae25f12947756d5e7
Sha1	a3e86fc8d52521b07abbf89739534dfdb28c0124
Sha256	60f044a9155db76cb1da5d910e976654e4998828647e6ec0ff8e6b09776e94ac
Sha384	f714e55b7f7c2373e49e11e5bf31faa270705a5c46fd85dfad6a48940094b452137db5b5a48d26ad4ee86c3e6931e2de
Sha512	c5c398240e2f47b998dc37193ab22944e5d18ef2d6b61fe38c37394fde1eba14906f4efe255212fa9e118ef259d584ca5be01bc14e4f96b1b16c8acb5f7c7d0d
SSDeep	49152:V+D08za7anKy1S9/aOHRn1ovgncO3JVO71O7t:V+DFa7im/aOYgnRJK4
TLSH	3195F00B76854870D169A63EC5EB5105E3F6B9456323E78F398813964E233E9ED3E383

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	PDB Path: Syntex Spoofer.pdb
Module Name	Syntex Spoofer.exe
Full Name	Syntex Spoofer.exe
EntryPoint	System.Void baoeie1xLcCbjuofKL.yho3MspQ2kGxSFOLQf::wBUfRrfL0()
Scope Name	Syntex Spoofer.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Syntex Spoofer
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8
Total Strings	44
Main Method	System.Void baoeie1xLcCbjuofKL.yho3MspQ2kGxSFOLQf::wBUfRrfL0()
Main IL Instruction Count	36
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A2: ldc.i4.0 newobj System.Void Syntex_Spoofer.Menu::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 1 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_11197ba3bc8c47d9be07d6c8059867fe brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 2 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 0 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_e346e59651df46b09085ed6af18cc158 brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) call System.Void XxeIh73wG8B1j9S7hfO.CYmpGe3feZejbHvoXBo::FEiEXqQW74() ldc.i4 4 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_bde45f59c52e49cda4645728cea9c714 brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 3 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) ret <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 3 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030)
Module Name	Syntex Spoofer.exe
Full Name	Syntex Spoofer.exe
EntryPoint	System.Void baoeie1xLcCbjuofKL.yho3MspQ2kGxSFOLQf::wBUfRrfL0()
Scope Name	Syntex Spoofer.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Syntex Spoofer
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8
Total Strings	44
Main Method	System.Void baoeie1xLcCbjuofKL.yho3MspQ2kGxSFOLQf::wBUfRrfL0()
Main IL Instruction Count	36
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_00A2: ldc.i4.0 newobj System.Void Syntex_Spoofer.Menu::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ldc.i4 1 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_11197ba3bc8c47d9be07d6c8059867fe brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 2 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 0 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_e346e59651df46b09085ed6af18cc158 brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 0 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) call System.Void XxeIh73wG8B1j9S7hfO.CYmpGe3feZejbHvoXBo::FEiEXqQW74() ldc.i4 4 ldsfld <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627} <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_76cfe2f3d3d548939745cbca9569d0e0 ldfld System.Int32 <Module>{abd187fc-ac70-4db7-a966-3798bd8e9627}::m_bde45f59c52e49cda4645728cea9c714 brtrue IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) pop <null> ldc.i4 3 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030) ret <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) ldc.i4 3 br IL_0012: switch(IL_00A2,IL_0059,IL_00A1,IL_007D,IL_0030)

af896fe25eb9b9cae25f12947756d5e7 (1.99 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

af896fe25eb9b9cae25f12947756d5e7

PE Executable | MD5: af896fe25eb9b9cae25f12947756d5e7 | Size: 1.99 MB | application/x-dosexec

PE Executable
|
MD5: af896fe25eb9b9cae25f12947756d5e7
|
Size: 1.99 MB
|
application/x-dosexec