Malicious
Malicious

Blockport.exe

PE Executable
|
MD5: ba3308fdd43d350a003f06feb193672d
|
Size: 3.83 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
ba3308fdd43d350a003f06feb193672d
Sha1
d89029dc67ea032099e21f25cc33b7fd37e57536
Sha256
21c2931a57611bb4c8633ec1f75424c271a98629703eee05dfa8f46ef4715536
Sha384
010f1d38e44491c39477872980e6d9c2ea3e168f95ab01239ddceeac5d07160481057942561f4650fc337131db55efa0
Sha512
273efc46a1c4e81110678e69237e84583ec932fe2ad8c341cf80e3c7a4d86165d160532979ffced79434828ec08e522794592e6a5f7678b2d16c1f2ca6d370cc
SSDeep
98304:GThaFWfRNRWC7Q+mKzV5PMqiWnmRJGBXew8DqVaBXAjn5dz:GThaFijQ+ldimm4OrqV8XA95
TLSH
2206F11A65D24E73C2A45B3145A7023E5390E7623512FB0BB91F60D2A81BBF18B779F3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
Blockport.exe
Malicious
Overlay_c99a74c5.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
pukCOiDXcX4LFF8YMu.WjfdxM85BcNmRTauKN
DGGPFJ3smMUu23fagR.vd69i25SPamlXK3r1R
O4ikINfLkqJvi9ibhJ.fR6JhrLkSG3u4BQHmh
IcqDZHTjAKBwEBwylc.AWCHV5jskZ3PRHijj3
sPh4lRYxsB4MRBSXmh.ZAO3JwGGxiZ7mnnFLC
UEA04ZhYKrm9XnGHgB.OAAYyJtG0Nq6URTcym
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_c99a74c5.bin (2048 bytes)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void KrRVkovGv4opbrVhaoq.DnP1EHvYucko93Xn1Ld::FiJvDMTQK5()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void KrRVkovGv4opbrVhaoq.DnP1EHvYucko93Xn1Ld::FiJvDMTQK5()
Main IL Instruction Count

46
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0090: ldc.i4 -1974596195 ldnull <null> ldnull <null> newobj System.Void asK1XQGuIXOsoNPwDo7.fp3dDhGKaTIZ2WYAAuU::.ctor(System.String,System.String) call System.Void gIPNbutkO1P3QIAFYM0.li7xsjtvIfNQxqOkxkF::BNHt7Ko6Et(asK1XQGuIXOsoNPwDo7.fp3dDhGKaTIZ2WYAAuU) ldc.i4 0 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_fab66c9c962847a58a29b0feb56efbf6 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) call System.Void G2sfgBZ4g2yNKOcWBd9.OFAtvhZAu8vlcYQbj9Q::k4Xt89tHLAY() ldc.i4 3 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) ret <null> newobj System.Void T5fwn4f5pSP6wIXaCW7.NebsbFf35D3Qx5isqUg::.ctor() pop <null> ldc.i4 2 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_614d08ec620149f1b72e586d2e46ede4 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 2 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) ldc.i4 -1974596195 ldc.i4 -783730085 xor <null> ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_1a2cf002ac21436a84bdc168d293478e xor <null> call System.String PSLvAOIAcJPqKB3Npso.yjfkhSIEKkx1K7d0obE::LuuIssEV5d(System.Int32) newobj System.Void B7dF8ELTDmlI4XDwMIo.X8y7B4L59HjB6wMwnMW::.ctor(System.String) call System.Void B7dF8ELTDmlI4XDwMIo.X8y7B4L59HjB6wMwnMW::Ni4LjoVrx6() ldc.i4 0 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_b402c6399a91419b900d9ed20d6853d6 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 1 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void KrRVkovGv4opbrVhaoq.DnP1EHvYucko93Xn1Ld::FiJvDMTQK5()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void KrRVkovGv4opbrVhaoq.DnP1EHvYucko93Xn1Ld::FiJvDMTQK5()
Main IL Instruction Count

46
Main IL

ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0090: ldc.i4 -1974596195 ldnull <null> ldnull <null> newobj System.Void asK1XQGuIXOsoNPwDo7.fp3dDhGKaTIZ2WYAAuU::.ctor(System.String,System.String) call System.Void gIPNbutkO1P3QIAFYM0.li7xsjtvIfNQxqOkxkF::BNHt7Ko6Et(asK1XQGuIXOsoNPwDo7.fp3dDhGKaTIZ2WYAAuU) ldc.i4 0 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_fab66c9c962847a58a29b0feb56efbf6 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) call System.Void G2sfgBZ4g2yNKOcWBd9.OFAtvhZAu8vlcYQbj9Q::k4Xt89tHLAY() ldc.i4 3 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) ret <null> newobj System.Void T5fwn4f5pSP6wIXaCW7.NebsbFf35D3Qx5isqUg::.ctor() pop <null> ldc.i4 2 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_614d08ec620149f1b72e586d2e46ede4 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 2 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) ldc.i4 -1974596195 ldc.i4 -783730085 xor <null> ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_1a2cf002ac21436a84bdc168d293478e xor <null> call System.String PSLvAOIAcJPqKB3Npso.yjfkhSIEKkx1K7d0obE::LuuIssEV5d(System.Int32) newobj System.Void B7dF8ELTDmlI4XDwMIo.X8y7B4L59HjB6wMwnMW::.ctor(System.String) call System.Void B7dF8ELTDmlI4XDwMIo.X8y7B4L59HjB6wMwnMW::Ni4LjoVrx6() ldc.i4 0 ldsfld <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11} <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_41c5d3917e3b4b929166da1f43fcf562 ldfld System.Int32 <Module>{5fea3f0c-bc07-4586-b19a-4b6d4b778b11}::m_b402c6399a91419b900d9ed20d6853d6 brtrue IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B) pop <null> ldc.i4 1 br IL_0012: switch(IL_0090,IL_006A,IL_0030,IL_006B,IL_005B)
Blockport.exe (3.83 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙