b7226d0ed1acfc1830e300948cdf432d

PE Executable
|
MD5: b7226d0ed1acfc1830e300948cdf432d
|
Size: 6.5 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	b7226d0ed1acfc1830e300948cdf432d
Sha1	dfffa18c5d8af0388f85c6aa63dfe4c6de65f7ee
Sha256	4cf46903b22a7c767238431d7bebf8109a3ee11e2be9aa6c2f72500a34075661
Sha384	65bf09c43b7aadf989e07d12c074def7db2e41f98c6fa52c059437e891066c45cb9ca0788b44cfb800a00222930f9932
Sha512	4b1ea8f90373db757edae5ef205cf289b2e51f52be11e2e2b1931a1f3d98148c57bdef7f19ce517dbe8cbf1bdce3068df6eca4794dffdf46d29347f67476f372
SSDeep	49152:r3PGFjJHufIZ2mca4klgbzxuL+47noG1tIJUbChvv7nwYVetiV3RFCx7Hitu3AeI:r3uFjTuxxtEoaCJVhT0scEuQpA1
TLSH	7166900CFD92F809DE2A3DB7CFE510045FB125C1AE1284562119AFFD97AA3B255E263C

PeID

.NET executable

HQR data file

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Nursultan_Loader.exe
Full Name	Nursultan_Loader.exe
EntryPoint	System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Scope Name	Nursultan_Loader.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Nursultan_Loader
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	20648
Main Method	System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Main IL Instruction Count	55
Main IL	ldc.r8 7516 stloc.0 <null> br IL_00D6: br IL_000F nop <null> ldloc.0 <null> ldc.r8 7534 ceq <null> brfalse IL_0030: nop call System.Void omLqXVLKMFR.DeeWPbkVWgkZmu::VkbdCOhGOy() ldc.r8 7543 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7528 ceq <null> brfalse IL_0081: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.i4 1650801543 ldc.i4 1650797815 xor <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 7534 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7521 ceq <null> brfalse IL_00A2: nop call System.Void omLqXVLKMFR.LLzFayfDoIU::PfrGOCQPjhb() ldc.r8 7528 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7516 ceq <null> brfalse IL_00BF: nop nop <null> ldc.r8 7521 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7543 ceq <null> brfalse IL_00D6: br IL_000F br IL_00DB: ret br IL_000F: nop ret <null>
Module Name	Nursultan_Loader.exe
Full Name	Nursultan_Loader.exe
EntryPoint	System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Scope Name	Nursultan_Loader.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Nursultan_Loader
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	20648
Main Method	System.Void omLqXVLKMFR.LLzFayfDoIU::kEEsXgAcysk(System.String[])
Main IL Instruction Count	55
Main IL	ldc.r8 7516 stloc.0 <null> br IL_00D6: br IL_000F nop <null> ldloc.0 <null> ldc.r8 7534 ceq <null> brfalse IL_0030: nop call System.Void omLqXVLKMFR.DeeWPbkVWgkZmu::VkbdCOhGOy() ldc.r8 7543 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7528 ceq <null> brfalse IL_0081: nop newobj System.Void System.Random::.ctor() nop <null> ldc.r8 2 ldc.r8 2000 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) nop <null> ldc.i4 1650801543 ldc.i4 1650797815 xor <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.r8 7534 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7521 ceq <null> brfalse IL_00A2: nop call System.Void omLqXVLKMFR.LLzFayfDoIU::PfrGOCQPjhb() ldc.r8 7528 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7516 ceq <null> brfalse IL_00BF: nop nop <null> ldc.r8 7521 stloc.0 <null> nop <null> ldloc.0 <null> ldc.r8 7543 ceq <null> brfalse IL_00D6: br IL_000F br IL_00DB: ret br IL_000F: nop ret <null>

b7226d0ed1acfc1830e300948cdf432d (6.5 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

b7226d0ed1acfc1830e300948cdf432d

PE Executable | MD5: b7226d0ed1acfc1830e300948cdf432d | Size: 6.5 MB | application/x-dosexec

PE Executable
|
MD5: b7226d0ed1acfc1830e300948cdf432d
|
Size: 6.5 MB
|
application/x-dosexec