Malicious
Malicious

bd8290f6811c575389f8df0c227149f5

PE Executable
|
MD5: bd8290f6811c575389f8df0c227149f5
|
Size: 636.42 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
bd8290f6811c575389f8df0c227149f5
Sha1
f96c41444f929c9eea06f710808a056c0f81c0ce
Sha256
c82d78c32bc597ab034b2440a9e666569ca3e635163f73aaed066dbccd573c6b
Sha384
c5107b5fdc349861a2b2e3b7a167c7d5f0781099377f5edcce4852d5d8ca693c7b39fd05584122b82da6d1a3cb384a2e
Sha512
5bdf3819cd8093ee407612c8eac346fa600a297fe98577eb97e75d83b7c57dc16955746b03f73c75b8d7d237c4b5a48be456eddff03e680b0e48d53612edfb12
SSDeep
12288:ccFSdQpPZq9vESk7NTktGW6uBgyprmqpYLmCtQ+/U:8yXqVExwsKL5p2mqj8
TLSH
4DD4AF1B72458D60C1486637D1CB8400E3F169A6B667E70FBAC923560A473FEDE4E39B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
bd8290f6811c575389f8df0c227149f5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hF0NpuhibXkOQ6RejD.DuTgopTZBJiNOcOMkS
X8VDfNagcZkpyUrDal.FCU6y3SIbHalnatjpP
Nsfthjzyize.g.resources
Nsfthjzyize.Properties.Resources.resources
Kpmrxcqjxkb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Nsfthjzyize.exe
Full Name

Nsfthjzyize.exe
EntryPoint

System.Void vcB9s9rlFvwEN8k36r.MZrVZONgukw9WGfiDa::yfM1CBPtA()
Scope Name

Nsfthjzyize.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nsfthjzyize
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void vcB9s9rlFvwEN8k36r.MZrVZONgukw9WGfiDa::yfM1CBPtA()
Main IL Instruction Count

93
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0009: ldloc V_3 br IL_01A1: ret nop <null> call System.Boolean CTrxhHJcHHanXijgi4.UIJYKyXprUEOB0WQil::sjKvHS5u9() brfalse IL_00AD: ldc.i4 -825984330 ldc.i4 4 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_a743985c38a24d019ea3ba39056796ca brfalse IL_0069: switch(IL_0089,IL_00AD) pop <null> ldc.i4 0 br IL_0069: switch(IL_0089,IL_00AD) br IL_0065: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0065: ldloc V_2 br IL_0089: br IL_00D4 br IL_00D4: leave IL_01A1 ldc.i4 1 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_7077464c0483417284d4a309e038a6c3 brtrue IL_0069: switch(IL_0089,IL_00AD) pop <null> ldc.i4 0 br IL_0069: switch(IL_0089,IL_00AD) ldc.i4 -825984330 ldc.i4 3 shl <null> ldc.i4 816978232 xor <null> ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_9cb48db765074483853e1eeb7886774d xor <null> call System.String A0TEyWZWDOGEu5ySU2.UamyBDBHgcUAh0fUGo::AM8aeOFLCU(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_01A1: ret stloc.s V_1 ldc.i4 0 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_c9049ca777a14a3baace539f52cbd29e brtrue IL_010C: switch(IL_012C,IL_017D) pop <null> ldc.i4 5 br IL_010C: switch(IL_012C,IL_017D) br IL_0108: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0108: ldloc V_0 br IL_017D: leave IL_01A1 ldc.i4 -82171694 ldc.i4 2 shr <null> ldc.i4 -1363100525 xor <null> ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_7077464c0483417284d4a309e038a6c3 xor <null> call System.String A0TEyWZWDOGEu5ySU2.UamyBDBHgcUAh0fUGo::AM8aeOFLCU(System.Int32) ldloc.s V_1 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 1 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_3480f19759b04549844258f1b84cb39f brtrue IL_010C: switch(IL_012C,IL_017D) pop <null> ldc.i4 3 br IL_010C: switch(IL_012C,IL_017D) leave IL_01A1: ret ldc.i4 0 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_2db6004481e9433cb9c21ca15aa9c0e1 brtrue IL_000D: switch(IL_01A1,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_01A1,IL_002D) ret <null>
Module Name

Nsfthjzyize.exe
Full Name

Nsfthjzyize.exe
EntryPoint

System.Void vcB9s9rlFvwEN8k36r.MZrVZONgukw9WGfiDa::yfM1CBPtA()
Scope Name

Nsfthjzyize.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nsfthjzyize
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void vcB9s9rlFvwEN8k36r.MZrVZONgukw9WGfiDa::yfM1CBPtA()
Main IL Instruction Count

93
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0009: ldloc V_3 br IL_01A1: ret nop <null> call System.Boolean CTrxhHJcHHanXijgi4.UIJYKyXprUEOB0WQil::sjKvHS5u9() brfalse IL_00AD: ldc.i4 -825984330 ldc.i4 4 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_a743985c38a24d019ea3ba39056796ca brfalse IL_0069: switch(IL_0089,IL_00AD) pop <null> ldc.i4 0 br IL_0069: switch(IL_0089,IL_00AD) br IL_0065: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_0065: ldloc V_2 br IL_0089: br IL_00D4 br IL_00D4: leave IL_01A1 ldc.i4 1 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_7077464c0483417284d4a309e038a6c3 brtrue IL_0069: switch(IL_0089,IL_00AD) pop <null> ldc.i4 0 br IL_0069: switch(IL_0089,IL_00AD) ldc.i4 -825984330 ldc.i4 3 shl <null> ldc.i4 816978232 xor <null> ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_9cb48db765074483853e1eeb7886774d xor <null> call System.String A0TEyWZWDOGEu5ySU2.UamyBDBHgcUAh0fUGo::AM8aeOFLCU(System.Int32) newobj System.Void System.Exception::.ctor(System.String) throw <null> leave IL_01A1: ret stloc.s V_1 ldc.i4 0 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_c9049ca777a14a3baace539f52cbd29e brtrue IL_010C: switch(IL_012C,IL_017D) pop <null> ldc.i4 5 br IL_010C: switch(IL_012C,IL_017D) br IL_0108: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0108: ldloc V_0 br IL_017D: leave IL_01A1 ldc.i4 -82171694 ldc.i4 2 shr <null> ldc.i4 -1363100525 xor <null> ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_7077464c0483417284d4a309e038a6c3 xor <null> call System.String A0TEyWZWDOGEu5ySU2.UamyBDBHgcUAh0fUGo::AM8aeOFLCU(System.Int32) ldloc.s V_1 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4 1 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_3480f19759b04549844258f1b84cb39f brtrue IL_010C: switch(IL_012C,IL_017D) pop <null> ldc.i4 3 br IL_010C: switch(IL_012C,IL_017D) leave IL_01A1: ret ldc.i4 0 ldsfld <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c} <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_09ad0caa076d482f92a86bc6a87c687c ldfld System.Int32 <Module>{67aac17e-2fcd-42e4-ad18-1a43b25e576c}::m_2db6004481e9433cb9c21ca15aa9c0e1 brtrue IL_000D: switch(IL_01A1,IL_002D) pop <null> ldc.i4 0 br IL_000D: switch(IL_01A1,IL_002D) ret <null>
bd8290f6811c575389f8df0c227149f5 (636.42 KB)
File Structure
bd8290f6811c575389f8df0c227149f5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
hF0NpuhibXkOQ6RejD.DuTgopTZBJiNOcOMkS
X8VDfNagcZkpyUrDal.FCU6y3SIbHalnatjpP
Nsfthjzyize.g.resources
Nsfthjzyize.Properties.Resources.resources
Kpmrxcqjxkb
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙