Malicious
Malicious

c05baf1f365887eabbaa5432bbb0f73a

PE Executable
|
MD5: c05baf1f365887eabbaa5432bbb0f73a
|
Size: 643.58 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
c05baf1f365887eabbaa5432bbb0f73a
Sha1
541b592eb3032326ee15d1d863c370444d1e3eb9
Sha256
83b5c8aa802986507b5bc678c4839256df06f5fc71a155fb164e2a09c0b22fd5
Sha384
e77eb3c2275b38058792e41e52340d97d94498216fd316264e335ffd6776ad93d70ac4a83204f6e87bed024f72a3951c
Sha512
c71a08c13a12cd7eccbb0bf31bca8f9df51ab343db1f8155bc3fdeb1404427b46357276e0197765f07e2c999469c0800bea9cca80265fbe4d3b428b6848f98c5
SSDeep
12288:6waJH3htpQ9jQ4xOV3KTXvLISHHcPIC8BaGiDyU:8ftpQ9jQ4xOV3KDjIGcPIPBhOy
TLSH
D8D4AEBB76534E22D2840337C5C7484193BDD78676A7F30E748413A66A033BADE4B6A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c05baf1f365887eabbaa5432bbb0f73a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
q6GrljIonYek2K3Wwo.2PNHL9qPtjRdy63iU7
YDGOJQxRZw0VkNh03o.sXZ2RKXUhxnthteDmh
Stuil.g.resources
Fa2p2J0HRGqFA57L2v.asajc4OoPUeduPBHNb
Qfkgpa.Properties.Resources.resources
Tljasdi
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stuil.exe
Full Name

Stuil.exe
EntryPoint

System.Void Vo323bDpBjThsmGSMC.lkXoYZLQOFLKbsrKpx::di9H6f9vu()
Scope Name

Stuil.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stuil
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void Vo323bDpBjThsmGSMC.lkXoYZLQOFLKbsrKpx::di9H6f9vu()
Main IL Instruction Count

118
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: nop nop <null> newobj System.Void KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M::.ctor() stloc.s V_4 ldc.i4 4 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) br IL_004D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_008B: newobj System.Void W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR::.ctor() ldloc V_2 ldc.i4 992 beq IL_004D: ldloc V_2 br IL_0178: newobj System.Void PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9::.ctor() newobj System.Void W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR::.ctor() stloc.s V_3 ldc.i4 0 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_00bf8f9f638f45dab21d89331bf27fa7 brtrue IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 1 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void vB7gwT1IsUJ7ZkOY9M.FLjTN25LVqClU24ORT::.ctor() dup <null> dup <null> ldsfld m8xqBYOBLDvE07HsawJ m8xqBYOBLDvE07HsawJ::yMTOPBcm2P call System.Void m8xqBYOBLDvE07HsawJ::X29OuWhbsD(System.Object,vB7gwT1IsUJ7ZkOY9M.FLjTN25LVqClU24ORT,m8xqBYOBLDvE07HsawJ) dup <null> ldloc.s V_3 ldsfld WHhMD4OYADLDl8HoCdb WHhMD4OYADLDl8HoCdb::wGbOvtdr16 call System.Void WHhMD4OYADLDl8HoCdb::X29OuWhbsD(System.Object,W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR,WHhMD4OYADLDl8HoCdb) ldloc.s V_3 ldloc.s V_4 ldsfld l8QxlcOyY7HjEIVgfRS l8QxlcOyY7HjEIVgfRS::FU9OQ6cima call System.Void l8QxlcOyY7HjEIVgfRS::X29OuWhbsD(System.Object,KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M,l8QxlcOyY7HjEIVgfRS) ldloc.s V_3 ldloc.s V_6 ldsfld TR7PvFOl8PhuSc0N6mL TR7PvFOl8PhuSc0N6mL::iaqOedE2CK call System.Void TR7PvFOl8PhuSc0N6mL::X29OuWhbsD(System.Object,SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1,TR7PvFOl8PhuSc0N6mL) ldloc.s V_3 ldloc.s V_5 ldsfld RGh3NAOZiSJ08hTjDcx RGh3NAOZiSJ08hTjDcx::tKROWrOnI4 call System.Void RGh3NAOZiSJ08hTjDcx::X29OuWhbsD(System.Object,PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9,RGh3NAOZiSJ08hTjDcx) ldloc.s V_5 ldloc.s V_6 ldsfld zOROKFOFOcrFX1QTyp9 zOROKFOFOcrFX1QTyp9::bwHOijhWpy call System.Void zOROKFOFOcrFX1QTyp9::X29OuWhbsD(System.Object,SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1,zOROKFOFOcrFX1QTyp9) ldloc.s V_6 ldloc.s V_4 ldsfld NNhbJhOGKUwJcoYUBxc NNhbJhOGKUwJcoYUBxc::BOyOU9nGtv call System.Void NNhbJhOGKUwJcoYUBxc::X29OuWhbsD(System.Object,KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M,NNhbJhOGKUwJcoYUBxc) ldsfld MPRf1KO786obWp4tiSs MPRf1KO786obWp4tiSs::mvNOT8mxHP call System.Boolean MPRf1KO786obWp4tiSs::X29OuWhbsD(System.Object,MPRf1KO786obWp4tiSs) brfalse IL_0189: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 1 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_6a2b79f2d26f48829988099cb7dcc1d5 brfalse IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 6 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1::.ctor() stloc.s V_6 ldc.i4 11 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_983ed78a19c14852b1701dc60bcde325 brtrue IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 3 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) br IL_018F: leave IL_0206 ldc.i4 2 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9::.ctor() stloc.s V_5 ldc.i4 12 br IL_0049: stloc V_2 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0206: ret pop <null> ldc.i4 1 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_7f90c1a25d7a4f769bba576eac579df9 brtrue IL_01C6: switch(IL_01E2) pop <null> ldc.i4 0 br IL_01C6: switch(IL_01E2) br IL_01C2: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_01C2: ldloc V_0 br IL_01E2: leave IL_0206 leave IL_0206: ret ldc.i4 0 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_fe4c0c479322443fabb2828b05707036 brtrue IL_000D: switch(IL_0206,IL_002D) pop <null> ldc.i4 4 br IL_000D: switch(IL_0206,IL_002D) ret <null>
Module Name

Stuil.exe
Full Name

Stuil.exe
EntryPoint

System.Void Vo323bDpBjThsmGSMC.lkXoYZLQOFLKbsrKpx::di9H6f9vu()
Scope Name

Stuil.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stuil
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void Vo323bDpBjThsmGSMC.lkXoYZLQOFLKbsrKpx::di9H6f9vu()
Main IL Instruction Count

118
Main IL

ldc.i4 1 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_0009: ldloc V_1 br IL_002D: nop nop <null> newobj System.Void KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M::.ctor() stloc.s V_4 ldc.i4 4 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) br IL_004D: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_008B: newobj System.Void W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR::.ctor() ldloc V_2 ldc.i4 992 beq IL_004D: ldloc V_2 br IL_0178: newobj System.Void PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9::.ctor() newobj System.Void W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR::.ctor() stloc.s V_3 ldc.i4 0 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_00bf8f9f638f45dab21d89331bf27fa7 brtrue IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 1 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void vB7gwT1IsUJ7ZkOY9M.FLjTN25LVqClU24ORT::.ctor() dup <null> dup <null> ldsfld m8xqBYOBLDvE07HsawJ m8xqBYOBLDvE07HsawJ::yMTOPBcm2P call System.Void m8xqBYOBLDvE07HsawJ::X29OuWhbsD(System.Object,vB7gwT1IsUJ7ZkOY9M.FLjTN25LVqClU24ORT,m8xqBYOBLDvE07HsawJ) dup <null> ldloc.s V_3 ldsfld WHhMD4OYADLDl8HoCdb WHhMD4OYADLDl8HoCdb::wGbOvtdr16 call System.Void WHhMD4OYADLDl8HoCdb::X29OuWhbsD(System.Object,W71knVGZsQT9CZYlJI.CbCXnUikyNC2r20PxR,WHhMD4OYADLDl8HoCdb) ldloc.s V_3 ldloc.s V_4 ldsfld l8QxlcOyY7HjEIVgfRS l8QxlcOyY7HjEIVgfRS::FU9OQ6cima call System.Void l8QxlcOyY7HjEIVgfRS::X29OuWhbsD(System.Object,KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M,l8QxlcOyY7HjEIVgfRS) ldloc.s V_3 ldloc.s V_6 ldsfld TR7PvFOl8PhuSc0N6mL TR7PvFOl8PhuSc0N6mL::iaqOedE2CK call System.Void TR7PvFOl8PhuSc0N6mL::X29OuWhbsD(System.Object,SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1,TR7PvFOl8PhuSc0N6mL) ldloc.s V_3 ldloc.s V_5 ldsfld RGh3NAOZiSJ08hTjDcx RGh3NAOZiSJ08hTjDcx::tKROWrOnI4 call System.Void RGh3NAOZiSJ08hTjDcx::X29OuWhbsD(System.Object,PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9,RGh3NAOZiSJ08hTjDcx) ldloc.s V_5 ldloc.s V_6 ldsfld zOROKFOFOcrFX1QTyp9 zOROKFOFOcrFX1QTyp9::bwHOijhWpy call System.Void zOROKFOFOcrFX1QTyp9::X29OuWhbsD(System.Object,SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1,zOROKFOFOcrFX1QTyp9) ldloc.s V_6 ldloc.s V_4 ldsfld NNhbJhOGKUwJcoYUBxc NNhbJhOGKUwJcoYUBxc::BOyOU9nGtv call System.Void NNhbJhOGKUwJcoYUBxc::X29OuWhbsD(System.Object,KYWWi4vmia8LG3aCM7.Yuo1UpYJXOuFXtNt9M,NNhbJhOGKUwJcoYUBxc) ldsfld MPRf1KO786obWp4tiSs MPRf1KO786obWp4tiSs::mvNOT8mxHP call System.Boolean MPRf1KO786obWp4tiSs::X29OuWhbsD(System.Object,MPRf1KO786obWp4tiSs) brfalse IL_0189: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 1 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_6a2b79f2d26f48829988099cb7dcc1d5 brfalse IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 6 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void SWrO7L6oiN60FZTx3i.UNvAIKw3IYqT5vG0d1::.ctor() stloc.s V_6 ldc.i4 11 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_983ed78a19c14852b1701dc60bcde325 brtrue IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) pop <null> ldc.i4 3 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) br IL_018F: leave IL_0206 ldc.i4 2 br IL_0051: switch(IL_00B1,IL_0169,IL_0189,IL_0178,IL_0143) newobj System.Void PoSBA1KQ64M6JtvpVN.OBnO8o2ohi2pYLlMx9::.ctor() stloc.s V_5 ldc.i4 12 br IL_0049: stloc V_2 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_0206: ret pop <null> ldc.i4 1 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_7f90c1a25d7a4f769bba576eac579df9 brtrue IL_01C6: switch(IL_01E2) pop <null> ldc.i4 0 br IL_01C6: switch(IL_01E2) br IL_01C2: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_01C2: ldloc V_0 br IL_01E2: leave IL_0206 leave IL_0206: ret ldc.i4 0 ldsfld <Module>{805e079b-3595-49f3-bd11-502acefbee91} <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_8ff1711a3f0d474fb0bb063f69bdc1c3 ldfld System.Int32 <Module>{805e079b-3595-49f3-bd11-502acefbee91}::m_fe4c0c479322443fabb2828b05707036 brtrue IL_000D: switch(IL_0206,IL_002D) pop <null> ldc.i4 4 br IL_000D: switch(IL_0206,IL_002D) ret <null>
c05baf1f365887eabbaa5432bbb0f73a (643.58 KB)
File Structure
c05baf1f365887eabbaa5432bbb0f73a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
q6GrljIonYek2K3Wwo.2PNHL9qPtjRdy63iU7
YDGOJQxRZw0VkNh03o.sXZ2RKXUhxnthteDmh
Stuil.g.resources
Fa2p2J0HRGqFA57L2v.asajc4OoPUeduPBHNb
Qfkgpa.Properties.Resources.resources
Tljasdi
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙