Malicious
Malicious

c3f810f91be1f447befc0a3ca5fc552a

PE Executable
|
MD5: c3f810f91be1f447befc0a3ca5fc552a
|
Size: 645.63 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
c3f810f91be1f447befc0a3ca5fc552a
Sha1
4ca5046100cdd0b0f2245da6574e4e4aaf48f651
Sha256
788fd090e31d7978c2e10bd20393d621c693b48c45028809e6263b8687eda68e
Sha384
d4f1d09753b89ac778c38bba021fa6291f5a5e4a3c403ea3183bf02efdb62b9610d58ade281fbba22f9c49ea274d5e08
Sha512
f85296027c42f59b4c3d077806eb4ec8d2024171f9ed6daeb0ea454158a9287b198338431b1d5b0325efb8117c6689364878a4a3306976bb3064c6cf66d33524
SSDeep
12288:QFd+gecvvjVWiUjfYcOLEcQII5OGiAff/WYeB:jOx+kYcQH3eY
TLSH
BBD43A0BBA4E9E90D2486733C59B110457B4D6823357DE0F3DCE27A519433BBED8A68B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c3f810f91be1f447befc0a3ca5fc552a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
8uj4IaBmABRR4Fo1mW.Zm5r3AClX6fjbur2CL
8DE024687CA91630712016.g.resources
NbKPIWJbblQAM2GeDO.91LGMvKgw4Z57XDCDk
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Informations
Name
 Value
Module Name

D6DBCE590800113
Full Name

D6DBCE590800113
EntryPoint

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Scope Name

D6DBCE590800113
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8DE024687CA91630712016
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

46
Main Method

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Main IL Instruction Count

25
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0028: ldloca.s V_1 ldloca.s V_1 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 2 ldsfld System.Int32 <Module>{6655140a-70e8-4c46-af62-ad3eb954f5a8}::m_614d8847ad5341bbb181b19388732cc2 brtrue IL_0012: switch(IL_0028,IL_004A,IL_0049) pop <null> ldc.i4 1 br IL_0012: switch(IL_0028,IL_004A,IL_0049) ret <null> ldarg.0 <null> call System.Threading.Tasks.Task IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::JMCCOOPHNCFNEHPADILOIKGCFNHNAEBKLCAJ(System.Object) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_1 ldc.i4 0 ldsfld System.Int32 <Module>{6655140a-70e8-4c46-af62-ad3eb954f5a8}::m_90509cee2fe1499cb77f5557f03bb0c3 brfalse IL_0012: switch(IL_0028,IL_004A,IL_0049) pop <null> ldc.i4 0 br IL_0012: switch(IL_0028,IL_004A,IL_0049)
Module Name

D6DBCE590800113
Full Name

D6DBCE590800113
EntryPoint

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Scope Name

D6DBCE590800113
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

8DE024687CA91630712016
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

46
Main Method

System.Void IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::<Main>(System.String[])
Main IL Instruction Count

25
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0028: ldloca.s V_1 ldloca.s V_1 call System.Void System.Runtime.CompilerServices.TaskAwaiter::GetResult() ldc.i4 2 ldsfld System.Int32 <Module>{6655140a-70e8-4c46-af62-ad3eb954f5a8}::m_614d8847ad5341bbb181b19388732cc2 brtrue IL_0012: switch(IL_0028,IL_004A,IL_0049) pop <null> ldc.i4 1 br IL_0012: switch(IL_0028,IL_004A,IL_0049) ret <null> ldarg.0 <null> call System.Threading.Tasks.Task IEJAEJKFGOACAMHDNODBLDHPKADLKKOHCDHE.NOBLNNELCIHHEAONHHCLHLMHNPAOMKMELCAN::JMCCOOPHNCFNEHPADILOIKGCFNHNAEBKLCAJ(System.Object) callvirt System.Runtime.CompilerServices.TaskAwaiter System.Threading.Tasks.Task::GetAwaiter() stloc.s V_1 ldc.i4 0 ldsfld System.Int32 <Module>{6655140a-70e8-4c46-af62-ad3eb954f5a8}::m_90509cee2fe1499cb77f5557f03bb0c3 brfalse IL_0012: switch(IL_0028,IL_004A,IL_0049) pop <null> ldc.i4 0 br IL_0012: switch(IL_0028,IL_004A,IL_0049)
Artefacts
Name
 Value
Embedded Resources

4
Suspicious Type Names (1-2 chars)

0
c3f810f91be1f447befc0a3ca5fc552a (645.63 KB)
File Structure
c3f810f91be1f447befc0a3ca5fc552a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
8uj4IaBmABRR4Fo1mW.Zm5r3AClX6fjbur2CL
8DE024687CA91630712016.g.resources
NbKPIWJbblQAM2GeDO.91LGMvKgw4Z57XDCDk
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

4

c3f810f91be1f447befc0a3ca5fc552a
Suspicious Type Names (1-2 chars)

0

c3f810f91be1f447befc0a3ca5fc552a
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙