Malicious
Malicious

c6d4affa96d04de99b07b8651af49212

PE Executable
|
MD5: c6d4affa96d04de99b07b8651af49212
|
Size: 2.92 MB
|
application/x-msdownload

Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
.Net
SOS: 0.90
Print
General
Structural Analysis
Config.0
Yara Rules55
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
c6d4affa96d04de99b07b8651af49212
Sha1
94f65bf8d2bafaa0e93f354aeb4bc12512138b45
Sha256
639434ab2249f233c5b191405f19dfa09d6d87b4939049fe60c6b4d1715afa1d
Sha384
3a9c182d852bc39ac1450c5ed0f220fc4af5883095c9786e52a4db9695f492213bd19b99ceb6d0eb74221e0e2ca98a85
Sha512
3a5f252cca518323295dfbc4de3524d27b9ee25639cbd91ed6ff5e0cda5af820f372265e64fa64208f5e69d1f50cb1e96212451f3f2b2c40bcf4b628dfc48823
SSDeep
49152:6Z7PzooHCQ6p1qZq5cjETlwNkxSsyptV9Q7f/660X:69PzoPVqZuwNvlR9Wf/660
TLSH
CED5D0057E48CE01F0291233C2EF454487B8AD526AE6E32B7DBA77AD65113A73C0D9DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c6d4affa96d04de99b07b8651af49212
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
.Net
SOS: 0.90
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:1033
.Net Resources
hhuRhfTOBuXNj7rQKy.UX2hPxBL1jgAMpc68K
FgyeNT7CuS9gxA2ZeP.Yrd32jrQxsAPDhJLi6
Informations
Name
 Value
Module Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
Full Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
EntryPoint

System.Void fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::tcS4ZdKsHL()
Scope Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VSu8SmnREeWxQUziPaMp3NwKziC8DBBt
Assembly Version

6.3.9.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::tcS4ZdKsHL()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void BNZZcNLJ16sBQedhgKy.Rpsv0OLi377jVHGDqgG::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::yUT4EyWSlN callvirt System.Void eMJWTDwiASKo4uRyyDg.HEwZMkwqcruVqis4e7J::CtBgj2tU7h() nop <null> ret <null>
Module Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
Full Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
EntryPoint

System.Void fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::tcS4ZdKsHL()
Scope Name

GCedrn7sIqlawtDUZCy0jbIRrgyYpJnkYCC
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VSu8SmnREeWxQUziPaMp3NwKziC8DBBt
Assembly Version

6.3.9.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::tcS4ZdKsHL()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void BNZZcNLJ16sBQedhgKy.Rpsv0OLi377jVHGDqgG::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object fraymGw3iBCwEpHLgot.lBMPiawKOlxanWtoUJa::yUT4EyWSlN callvirt System.Void eMJWTDwiASKo4uRyyDg.HEwZMkwqcruVqis4e7J::CtBgj2tU7h() nop <null> ret <null>
c6d4affa96d04de99b07b8651af49212 (2.92 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙