35ddf752787b35e35bc54c66274381d4f7ab1648b5[...]f1b

PE Executable
|
MD5: b8865e349bb383f87b789f28c7d332cb
|
Size: 245.76 KB
|
application/x-msdownload

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	b8865e349bb383f87b789f28c7d332cb
Sha1	f0d2894044ab5dcf13b36d758636ad3bc7b39261
Sha256	35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b
Sha384	5a627eed2862c6915f1802df97edca07d2230d89721196c01af3ff085ce21c3e4022d7c4a1451e29515b27ef042f8ef9
Sha512	ef736f6dce7609e705fa3ff123535b5eac2d7a060e0166d3f496e1380133c8e311aaecae858bb804d14e40259b51ce16413ec619385a38d61011d5ba19001b19
SSDeep	3072:IdBayiq6lMAY19sOW1IkTHo9rG8KaG5jnTqnq0ufzz:Iayiq6Ty+Zsq8KaWT4
TLSH	683400027F88E715E1A93E3782EF6C2453B2B4C71733C60B6F49AB6524516826C7E72D

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	8N57q4CivJ
Full Name	8N57q4CivJ
EntryPoint	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name	8N57q4CivJ
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1093
Main Method	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count	62
Main IL	ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Module Name	8N57q4CivJ
Full Name	8N57q4CivJ
EntryPoint	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name	8N57q4CivJ
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1093
Main Method	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count	62
Main IL	ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Module Name	8N57q4CivJ
Full Name	8N57q4CivJ
EntryPoint	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name	8N57q4CivJ
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	1093
Main Method	System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count	62
Main IL	ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>

Artefacts

Name0	Value
Embedded Resources	0
Suspicious Type Names (1-2 chars)	0

35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b (245.76 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
Embedded Resources	0	35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b
Suspicious Type Names (1-2 chars)	0	35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b

You must be signed in to post a comment.

35ddf752787b35e35bc54c66274381d4f7ab1648b5[...]f1b

PE Executable | MD5: b8865e349bb383f87b789f28c7d332cb | Size: 245.76 KB | application/x-msdownload

PE Executable
|
MD5: b8865e349bb383f87b789f28c7d332cb
|
Size: 245.76 KB
|
application/x-msdownload