Malicious
Malicious

beabd44477127263e542d90702285eaf

PE Executable
|
MD5: beabd44477127263e542d90702285eaf
|
Size: 602.11 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
beabd44477127263e542d90702285eaf
Sha1
5770e07504762fd005a0876ec02e10234fed20aa
Sha256
6d52c6798065aca2f2e8349ec10701790bbd299481cd0fd671d9d49aab73356c
Sha384
ffe92154bd6cfe19552ece2b51d5b9f7e519d20d8cd7909ab817c108232fa749cafe9a9362393a9f93554d2326dcdb44
Sha512
5dce0e1fa1c410360a533a93fcdef6503943255647b7f7b56023fdf128af276a2fa3fcbd195c84e1d6874c61db97760f62e53542a42614d964eec2e98b4801a7
SSDeep
12288:QfE0iJOaH29MjyBjG4OeE4mMDn8Xdc0EMTBgoCFU00tJ+:Q1hMew4Oe3gtcULCFT0tJ+
TLSH
57D49D2E6B50CF27C7DA1B71B2A399210762F257A32BE7CB171915642EC337A5D013CA

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
beabd44477127263e542d90702285eaf
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
esNEDo6tKaPjJIumII.IlFKOlLc763GQ1WWP1
22S4VAK4BDG6KIP0jj.jX3OK49W7fTBs4fTIx
j9h6L7ddtFfZdm9ACL.qdg7qtuZJpXqU5CHab
hDXsfq2oqHxyLpi18S.UIntGmhXA3eYZyHiDJ
r5ZCDRD3GB1EmSWKKT.9qLf55goe8sH9A7w3G
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void xClient.Program::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

49
Main Method

System.Void xClient.Program::Main(System.String[])
Main IL Instruction Count

21
Main IL

call System.Void EJsBjqD3uVy8IwCD9w.G7JZLAxiZym8sY748W::gxuddIYZv4() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void UWxvxUSU2ZrCqT9K8B.gttro5yuWySr2hbdEM::WQVDvh6Alv() call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void xClient.Program::HandleUnhandledException(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean xClient.Config.Settings::Initialize() brfalse IL_0053: call System.Void xClient.Program::Cleanup() call System.Boolean xClient.Program::Initialize() brfalse IL_0053: call System.Void xClient.Program::Cleanup() call System.Boolean xClient.Core.Networking.QuasarClient::get_Exiting() brtrue IL_0053: call System.Void xClient.Program::Cleanup() ldsfld xClient.Core.Networking.QuasarClient xClient.Program::ConnectClient callvirt System.Void xClient.Core.Networking.QuasarClient::Connect() call System.Void xClient.Program::Cleanup() call System.Void xClient.Program::Exit() ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void xClient.Program::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

49
Main Method

System.Void xClient.Program::Main(System.String[])
Main IL Instruction Count

21
Main IL

call System.Void EJsBjqD3uVy8IwCD9w.G7JZLAxiZym8sY748W::gxuddIYZv4() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void UWxvxUSU2ZrCqT9K8B.gttro5yuWySr2hbdEM::WQVDvh6Alv() call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void xClient.Program::HandleUnhandledException(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean xClient.Config.Settings::Initialize() brfalse IL_0053: call System.Void xClient.Program::Cleanup() call System.Boolean xClient.Program::Initialize() brfalse IL_0053: call System.Void xClient.Program::Cleanup() call System.Boolean xClient.Core.Networking.QuasarClient::get_Exiting() brtrue IL_0053: call System.Void xClient.Program::Cleanup() ldsfld xClient.Core.Networking.QuasarClient xClient.Program::ConnectClient callvirt System.Void xClient.Core.Networking.QuasarClient::Connect() call System.Void xClient.Program::Cleanup() call System.Void xClient.Program::Exit() ret <null>
beabd44477127263e542d90702285eaf (602.11 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙