Malicious
Malicious

b93b16f19cf612cb0e5a85f82c83c2c1

PE Executable
|
MD5: b93b16f19cf612cb0e5a85f82c83c2c1
|
Size: 791.04 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
b93b16f19cf612cb0e5a85f82c83c2c1
Sha1
351a8752ed0f7fe72601270ff8e539390568ab39
Sha256
730ebab239774a3efa19746a887c8ac39c2e17841bbbe38caf07df9e6b82bb47
Sha384
e83e8d3d8ebdfc85f9f29ed0ad6f8b47e6e093716e2bbd4c61023876c3a31cb040eba62aa3cb4493d1be89e3cfe25450
Sha512
53d9bd599099e621b86349e3182b2f29d3efef91935c8c2d39251a026994528ad6cc092fc0c2e250b2886dd5a82dd84d85905a1ae912a78c4140cc13410cee55
SSDeep
12288:FS10xluYNxM1AIk8EWBqHHNV7pwH5IRS/gr2aSLk/cd2liaEwgYkB1R:Y10lxu1EHtppwZIYYvliaEvYU1R
TLSH
F1F4F1D0B951868AEC1B43F258AA886012B2EF9E44F2C50D34D53F2B76F335325A7D4E

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b93b16f19cf612cb0e5a85f82c83c2c1
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_ICON
ID:0002
ID:0
ID:0003
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
3P05gwBv1dffFVODfB.6h2semVnFjrQ5COv13
order1.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

order1.exe
Full Name

order1.exe
EntryPoint

System.Void ProcessInjectionUtility.EntryPoint::Main(System.String[])
Scope Name

order1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

order1
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

22
Main Method

System.Void ProcessInjectionUtility.EntryPoint::Main(System.String[])
Main IL Instruction Count

15
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull ldc.i4 0 call System.String vJiGl01UUJfXfNWas3.DyyVDbaRvM1YfIq9il::KX0HrYNeb(System.Int32) call System.Void ProcessInjectionUtility.EntryPoint::ExecutePayload(System.String) leave IL_0028: ret pop <null> leave IL_0028: ret ret <null>
Module Name

order1.exe
Full Name

order1.exe
EntryPoint

System.Void ProcessInjectionUtility.EntryPoint::Main(System.String[])
Scope Name

order1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

order1
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

22
Main Method

System.Void ProcessInjectionUtility.EntryPoint::Main(System.String[])
Main IL Instruction Count

15
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull ldc.i4 0 call System.String vJiGl01UUJfXfNWas3.DyyVDbaRvM1YfIq9il::KX0HrYNeb(System.Int32) call System.Void ProcessInjectionUtility.EntryPoint::ExecutePayload(System.String) leave IL_0028: ret pop <null> leave IL_0028: ret ret <null>
b93b16f19cf612cb0e5a85f82c83c2c1 (791.04 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙