Suspicious
Suspect

c38a7666d8dede8260cb220f1ad4348e

PE Executable
MD5: c38a7666d8dede8260cb220f1ad4348e
Size: 207.36 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very high
MD5 c38a7666d8dede8260cb220f1ad4348e
Sha1 0c3975e594ca4037d387d6565b30e67255f9928f
Sha256 d5fb06d1399ffd954b8d1dc1bd81521c4010acc244cb8bf99a8f9c83697e332f
Sha384 33b821d3179d7e12c1f33561138d5c3c8f518f71418d281e5a4f9914931a410d56cea1a1e49f0a9cbc6fc5feb4e79475
Sha512 00493ba22a60d5c8f4cf67506c11e311e1c40cd69a442c2b2f31f4c0b4df6876c842f8750f734ae4fdb8c2db472290371cb1e137c38c3d1f2fb22c1c7457b3dd
SSDeep 6144:QLV6Bta6dtJmakIM5ZxDEPb5g48KTDubBL:QLV6BtpmkYxD+b5g4/DubBL
TLSH 3D14C0657BB84A2FE2DE867D612212529378C2E3A8C3F3DE28D455B75F167E4060B0D3
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙