b74a53d12a1401d707be693a7285beed

PE Executable
|
MD5: b74a53d12a1401d707be693a7285beed
|
Size: 592.9 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	b74a53d12a1401d707be693a7285beed
Sha1	33f5fba74e9d451ca959e22171063718ef9e1e70
Sha256	2ebe789f6c34a6e27c8ba379fdcc7b8d30ae0997b5564d3a844c5f2f30039340
Sha384	e0d2c553f46b03faade7b450256609673968b6d7bd1b43aa3e42481546f9400a5c6cd193478c174b2ee950d36f9e767c
Sha512	78b123d3735a45021840e0942fa508f6a5b529cec99654cbd4371a2e4e3300b6e2333c59a363268f59994b9442dbcee2a6294b42f736a2ab3f334ad724bf114f
SSDeep	12288:NkvhAFzoqXpCPVUGGfV2G3l2mCtGWoWF:jNjZCuFVxgh
TLSH	81C49D7776538E20C29A0337D2C78A4193B8978676B7F74E7195239614023EFDE0A3A7

PeID

.NET executable

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Gpelrfcdna.exe
Full Name	Gpelrfcdna.exe
EntryPoint	System.Void jyiK9UH3vu5FK4pT7j.VwyMVQINihBi9vbKDf::wXwOVwrei()
Scope Name	Gpelrfcdna.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Gpelrfcdna
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	43
Main Method	System.Void jyiK9UH3vu5FK4pT7j.VwyMVQINihBi9vbKDf::wXwOVwrei()
Main IL Instruction Count	102
Main IL	ldc.i4 1 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 989 beq IL_0009: ldloc V_5 br IL_002E: nop ret <null> nop <null> newobj System.Void FsKE0ySG5Xsw1SxvFx.FscIoWYGW9mp1LrMyw::.ctor() stloc.s V_6 ldc.i4 7 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_7a1043f90ba749d9b099daca57c75766 brtrue IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) pop <null> ldc.i4 0 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) br IL_0063: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 11 beq IL_009D: newobj System.Void AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb::.ctor() ldloc V_0 ldc.i4 991 beq IL_0063: ldloc V_0 br IL_0146: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb::.ctor() dup <null> dup <null> ldsfld w1KIh1tTMKS0H4x0VJm w1KIh1tTMKS0H4x0VJm::i79t2m18Rh call System.Void w1KIh1tTMKS0H4x0VJm::xEAtOxLi8Y(System.Object,AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb,w1KIh1tTMKS0H4x0VJm) dup <null> ldloc.s V_4 ldsfld dbP6m1tXZNqyOpZVXuO dbP6m1tXZNqyOpZVXuO::ISmtLra88p call System.Void dbP6m1tXZNqyOpZVXuO::xEAtOxLi8Y(System.Object,kTmjZgn59FiiYv9dyo.JuLdFYP8E0SMTdKtgM,dbP6m1tXZNqyOpZVXuO) ldloc.s V_4 ldloc.s V_2 ldsfld VsZaTNts2Lub60ShjVE VsZaTNts2Lub60ShjVE::gB5tvKobZ9 call System.Void VsZaTNts2Lub60ShjVE::xEAtOxLi8Y(System.Object,I6rF0XC9mSpdPGZof3.EbCkwhNdAilmXgdr6M,VsZaTNts2Lub60ShjVE) ldloc.s V_2 ldloc.s V_1 ldsfld paDmtYt9jIETqrICAoG paDmtYt9jIETqrICAoG::DgHtpwo5j3 call System.Void paDmtYt9jIETqrICAoG::xEAtOxLi8Y(System.Object,FCqCPUpsKOg1tw5oky.T3D5029jjcSeBeW0UT,paDmtYt9jIETqrICAoG) ldloc.s V_1 ldloc.s V_6 ldsfld fSaGPHtaZd01daROBf8 fSaGPHtaZd01daROBf8::l1wt3aoQ9R call System.Void fSaGPHtaZd01daROBf8::xEAtOxLi8Y(System.Object,FsKE0ySG5Xsw1SxvFx.FscIoWYGW9mp1LrMyw,fSaGPHtaZd01daROBf8) ldsfld r7qIeStmW1ttPGauwwG r7qIeStmW1ttPGauwwG::cObtK3uKC4 call System.Boolean r7qIeStmW1ttPGauwwG::xEAtOxLi8Y(System.Object,r7qIeStmW1ttPGauwwG) brtrue IL_014C: leave IL_002D ldc.i4 2 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void kTmjZgn59FiiYv9dyo.JuLdFYP8E0SMTdKtgM::.ctor() stloc.s V_4 ldc.i4 11 br IL_005F: stloc V_0 newobj System.Void I6rF0XC9mSpdPGZof3.EbCkwhNdAilmXgdr6M::.ctor() stloc.s V_2 ldc.i4 4 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_5e93cd0b4f7d442b9644eb705f363849 brfalse IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) pop <null> ldc.i4 1 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void FCqCPUpsKOg1tw5oky.T3D5029jjcSeBeW0UT::.ctor() stloc.s V_1 ldc.i4 3 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 1 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_3530c54b27dc49acbb728c07f8d01e7a brfalse IL_0183: switch(IL_019F) pop <null> ldc.i4 0 br IL_0183: switch(IL_019F) br IL_017F: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_017F: ldloc V_3 br IL_019F: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_cfa654d6a51d4a1bad1eb5350e936757 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 4 br IL_000D: switch(IL_002D,IL_002E)
Module Name	Gpelrfcdna.exe
Full Name	Gpelrfcdna.exe
EntryPoint	System.Void jyiK9UH3vu5FK4pT7j.VwyMVQINihBi9vbKDf::wXwOVwrei()
Scope Name	Gpelrfcdna.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Gpelrfcdna
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	43
Main Method	System.Void jyiK9UH3vu5FK4pT7j.VwyMVQINihBi9vbKDf::wXwOVwrei()
Main IL Instruction Count	102
Main IL	ldc.i4 1 stloc V_5 ldloc V_5 switch dnlib.DotNet.Emit.Instruction[] ldloc V_5 ldc.i4 989 beq IL_0009: ldloc V_5 br IL_002E: nop ret <null> nop <null> newobj System.Void FsKE0ySG5Xsw1SxvFx.FscIoWYGW9mp1LrMyw::.ctor() stloc.s V_6 ldc.i4 7 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_7a1043f90ba749d9b099daca57c75766 brtrue IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) pop <null> ldc.i4 0 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) br IL_0063: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 11 beq IL_009D: newobj System.Void AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb::.ctor() ldloc V_0 ldc.i4 991 beq IL_0063: ldloc V_0 br IL_0146: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb::.ctor() dup <null> dup <null> ldsfld w1KIh1tTMKS0H4x0VJm w1KIh1tTMKS0H4x0VJm::i79t2m18Rh call System.Void w1KIh1tTMKS0H4x0VJm::xEAtOxLi8Y(System.Object,AB4JDKjpL94ZKMJIqg.douVu7Gv9I7RZx2YAb,w1KIh1tTMKS0H4x0VJm) dup <null> ldloc.s V_4 ldsfld dbP6m1tXZNqyOpZVXuO dbP6m1tXZNqyOpZVXuO::ISmtLra88p call System.Void dbP6m1tXZNqyOpZVXuO::xEAtOxLi8Y(System.Object,kTmjZgn59FiiYv9dyo.JuLdFYP8E0SMTdKtgM,dbP6m1tXZNqyOpZVXuO) ldloc.s V_4 ldloc.s V_2 ldsfld VsZaTNts2Lub60ShjVE VsZaTNts2Lub60ShjVE::gB5tvKobZ9 call System.Void VsZaTNts2Lub60ShjVE::xEAtOxLi8Y(System.Object,I6rF0XC9mSpdPGZof3.EbCkwhNdAilmXgdr6M,VsZaTNts2Lub60ShjVE) ldloc.s V_2 ldloc.s V_1 ldsfld paDmtYt9jIETqrICAoG paDmtYt9jIETqrICAoG::DgHtpwo5j3 call System.Void paDmtYt9jIETqrICAoG::xEAtOxLi8Y(System.Object,FCqCPUpsKOg1tw5oky.T3D5029jjcSeBeW0UT,paDmtYt9jIETqrICAoG) ldloc.s V_1 ldloc.s V_6 ldsfld fSaGPHtaZd01daROBf8 fSaGPHtaZd01daROBf8::l1wt3aoQ9R call System.Void fSaGPHtaZd01daROBf8::xEAtOxLi8Y(System.Object,FsKE0ySG5Xsw1SxvFx.FscIoWYGW9mp1LrMyw,fSaGPHtaZd01daROBf8) ldsfld r7qIeStmW1ttPGauwwG r7qIeStmW1ttPGauwwG::cObtK3uKC4 call System.Boolean r7qIeStmW1ttPGauwwG::xEAtOxLi8Y(System.Object,r7qIeStmW1ttPGauwwG) brtrue IL_014C: leave IL_002D ldc.i4 2 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void kTmjZgn59FiiYv9dyo.JuLdFYP8E0SMTdKtgM::.ctor() stloc.s V_4 ldc.i4 11 br IL_005F: stloc V_0 newobj System.Void I6rF0XC9mSpdPGZof3.EbCkwhNdAilmXgdr6M::.ctor() stloc.s V_2 ldc.i4 4 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_5e93cd0b4f7d442b9644eb705f363849 brfalse IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) pop <null> ldc.i4 1 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void FCqCPUpsKOg1tw5oky.T3D5029jjcSeBeW0UT::.ctor() stloc.s V_1 ldc.i4 3 br IL_0067: switch(IL_0135,IL_00FE,IL_0146,IL_010F) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 1 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_3530c54b27dc49acbb728c07f8d01e7a brfalse IL_0183: switch(IL_019F) pop <null> ldc.i4 0 br IL_0183: switch(IL_019F) br IL_017F: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_017F: ldloc V_3 br IL_019F: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{3fee78b0-b324-4991-80cd-f966c2351778} <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_e275cc4b70ed42db8cea37d635ec9586 ldfld System.Int32 <Module>{3fee78b0-b324-4991-80cd-f966c2351778}::m_cfa654d6a51d4a1bad1eb5350e936757 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 4 br IL_000D: switch(IL_002D,IL_002E)

b74a53d12a1401d707be693a7285beed (592.9 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

b74a53d12a1401d707be693a7285beed

PE Executable | MD5: b74a53d12a1401d707be693a7285beed | Size: 592.9 KB | application/x-dosexec

PE Executable
|
MD5: b74a53d12a1401d707be693a7285beed
|
Size: 592.9 KB
|
application/x-dosexec