Malicious
Malicious

b33930fe1219a659f154d7c341c806aa

PE Executable
|
MD5: b33930fe1219a659f154d7c341c806aa
|
Size: 2.8 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
b33930fe1219a659f154d7c341c806aa
Sha1
43bfc31a6008ac71bb7015c81e0876553124448b
Sha256
d3b9e22ed2c64a01688b73c9c654357270e1f8defb2702816b03749507c29b21
Sha384
f5034570e5df175f696212c7863b20201ffa9e9420cafc1802b61e9ca26b5714bc40df64110d8798bb9de9458c781c8e
Sha512
524ef65f40c38af2aa38b83f2117f4844bf76a0d4222763225acb01d3c8a262a058810ae8eb181253cff9db646e5614113ab707fa5abf7ee928a99bee2c920e4
SSDeep
49152:bntmBQInOYCYoO6IOq7gjOEDkGoFBvNZ8pe9YHd0WI6/ct9nkv6cJQND/:beQILf6I77YOEKFpNms8yocvcJ
TLSH
77D5DF027E44CE11F0181633D2EF458897B0A9517AEAE71B7DBA376E65123A73C0D9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b33930fe1219a659f154d7c341c806aa
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
GGQjulBeuoutCsgUwn.pXo60h7jlxPDc5Lyj0
WwO5DXq46cbNpSHb4I.JxtY4e6gI3HOW5Q87T
Informations
Name
 Value
Module Name

nnENDWY
Full Name

nnENDWY
EntryPoint

System.Void bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::yu913O9Z53()
Scope Name

nnENDWY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

hVwLUdAYNTWzvbTmraM
Assembly Version

3.2.4.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::yu913O9Z53()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void jJlZx0DqfalCi6PHX25.rEOYiiDTmXXURqI0u4d::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::KMW10V13Sw callvirt System.Void aUJbEVlTQXBJbhQAUPh.DHWvO7lEF7OIeVkCuno::WB6rauIssL() nop <null> ret <null>
Module Name

nnENDWY
Full Name

nnENDWY
EntryPoint

System.Void bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::yu913O9Z53()
Scope Name

nnENDWY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

hVwLUdAYNTWzvbTmraM
Assembly Version

3.2.4.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::yu913O9Z53()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void jJlZx0DqfalCi6PHX25.rEOYiiDTmXXURqI0u4d::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object bptfyjlUXxXja4mNFjw.UcN6oBlH4mg2lsjX5ZO::KMW10V13Sw callvirt System.Void aUJbEVlTQXBJbhQAUPh.DHWvO7lEF7OIeVkCuno::WB6rauIssL() nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
b33930fe1219a659f154d7c341c806aa (2.8 MB)
File Structure
b33930fe1219a659f154d7c341c806aa
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
GGQjulBeuoutCsgUwn.pXo60h7jlxPDc5Lyj0
WwO5DXq46cbNpSHb4I.JxtY4e6gI3HOW5Q87T
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

2

b33930fe1219a659f154d7c341c806aa
Suspicious Type Names (1-2 chars)

0

b33930fe1219a659f154d7c341c806aa
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙