Malicious
Malicious

cbe251dd8587553dec38bd393cf49847

PE Executable
|
MD5: cbe251dd8587553dec38bd393cf49847
|
Size: 780.29 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
cbe251dd8587553dec38bd393cf49847
Sha1
ac4a86978788a7a03eeb6aa0b582e3962685befb
Sha256
c8336e84c4a44b42ffc0f6cb57cf573b42cb46fa4ef9e553a9bb398dccee0ca2
Sha384
92efffd7dcc5bb7168c626d6dcb58ea4c42a081c91993beef0bd8b8c43747f423a28905c7fdce074095c6e213930a965
Sha512
05bc99be13cc3c7fb2f6a57b30e0e39861417319fe6c4f325b78f11c6bc06795506594660212ac66e0f050daec5888e2507c36c6b1387d8faa5917f9265b6344
SSDeep
12288:9GIbvq9pmhFGL1ct0t/8/8uFQ8BLs5rI5AIoy8o0RA:+pSGL1cM8/x6S02
TLSH
F7F4BF1F72528E12D2C85637C1C75A04A3E4D6823637DB0E768827965E0B3EBDE4B397

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
cbe251dd8587553dec38bd393cf49847
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
TsylW4LtYJpuO85KVv.mx49dJAlYrGpGZGtu5
XiIHEX94NNJw28vXyb.HZcmemR8RwRcn5AXm9
HBtyjRejIiXHYiL0k6.8drYp4r3br9KMaeQOu
99qXMIMindivgjgml7.adSlL4iEyKRhqJiJwi
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Rqrukdqwhk.exe
Full Name

Rqrukdqwhk.exe
EntryPoint

System.Void RGW197QaiVNkvV4kbl.aGbEW4JmlhE8KCg11b::KkPKP4Cwi()
Scope Name

Rqrukdqwhk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rqrukdqwhk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void RGW197QaiVNkvV4kbl.aGbEW4JmlhE8KCg11b::KkPKP4Cwi()
Main IL Instruction Count

62
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 990 beq IL_0009: ldloc V_1 br IL_0031: nop nop <null> call System.Byte[] Oifgu.Properties.Rmilas::get_Ebcnt() call System.Void qdLcrelSHwvmTwFEUr.BK2sa4SOUYUwQjnSTk::wrD44YXQP(System.Object) ldc.i4 1 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_86b73042a91b496fa2ddc5d450ca596f brfalse IL_006D: switch(IL_0089) pop <null> ldc.i4 0 br IL_006D: switch(IL_0089) br IL_0069: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0069: ldloc V_0 br IL_0089: leave IL_0124 leave IL_0124: ret pop <null> ldc.i4 0 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_4c86175d70634e67811351a603dcbf65 brtrue IL_00C0: switch(IL_00DC) pop <null> ldc.i4 6 br IL_00C0: switch(IL_00DC) br IL_00BC: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00BC: ldloc V_2 br IL_00DC: leave IL_0124 leave IL_0124: ret ldc.i4 7 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_6f35110edcb64cff8553eaf8a1bb0bf3 brtrue IL_000D: switch(IL_0124,IL_0031,IL_0100) pop <null> ldc.i4 0 br IL_000D: switch(IL_0124,IL_0031,IL_0100) call System.Void No0IcZivN0lm4MAGLco.TUUY3NiYud7MAQdPLNh::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 1 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_cde4b45111cd41bcb9b764290a30a491 brtrue IL_000D: switch(IL_0124,IL_0031,IL_0100) pop <null> ldc.i4 4 br IL_000D: switch(IL_0124,IL_0031,IL_0100) ret <null>
Module Name

Rqrukdqwhk.exe
Full Name

Rqrukdqwhk.exe
EntryPoint

System.Void RGW197QaiVNkvV4kbl.aGbEW4JmlhE8KCg11b::KkPKP4Cwi()
Scope Name

Rqrukdqwhk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rqrukdqwhk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

41
Main Method

System.Void RGW197QaiVNkvV4kbl.aGbEW4JmlhE8KCg11b::KkPKP4Cwi()
Main IL Instruction Count

62
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 990 beq IL_0009: ldloc V_1 br IL_0031: nop nop <null> call System.Byte[] Oifgu.Properties.Rmilas::get_Ebcnt() call System.Void qdLcrelSHwvmTwFEUr.BK2sa4SOUYUwQjnSTk::wrD44YXQP(System.Object) ldc.i4 1 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_86b73042a91b496fa2ddc5d450ca596f brfalse IL_006D: switch(IL_0089) pop <null> ldc.i4 0 br IL_006D: switch(IL_0089) br IL_0069: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_0069: ldloc V_0 br IL_0089: leave IL_0124 leave IL_0124: ret pop <null> ldc.i4 0 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_4c86175d70634e67811351a603dcbf65 brtrue IL_00C0: switch(IL_00DC) pop <null> ldc.i4 6 br IL_00C0: switch(IL_00DC) br IL_00BC: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_00BC: ldloc V_2 br IL_00DC: leave IL_0124 leave IL_0124: ret ldc.i4 7 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_6f35110edcb64cff8553eaf8a1bb0bf3 brtrue IL_000D: switch(IL_0124,IL_0031,IL_0100) pop <null> ldc.i4 0 br IL_000D: switch(IL_0124,IL_0031,IL_0100) call System.Void No0IcZivN0lm4MAGLco.TUUY3NiYud7MAQdPLNh::kLjw4iIsCLsZtxc4lksN0j() ldc.i4 1 ldsfld <Module>{27dcb213-9747-4aea-96cb-9506f6726559} <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_5efd737bcfbb48a3b3d8d5211090043f ldfld System.Int32 <Module>{27dcb213-9747-4aea-96cb-9506f6726559}::m_cde4b45111cd41bcb9b764290a30a491 brtrue IL_000D: switch(IL_0124,IL_0031,IL_0100) pop <null> ldc.i4 4 br IL_000D: switch(IL_0124,IL_0031,IL_0100) ret <null>
cbe251dd8587553dec38bd393cf49847 (780.29 KB)
File Structure
cbe251dd8587553dec38bd393cf49847
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
TsylW4LtYJpuO85KVv.mx49dJAlYrGpGZGtu5
XiIHEX94NNJw28vXyb.HZcmemR8RwRcn5AXm9
HBtyjRejIiXHYiL0k6.8drYp4r3br9KMaeQOu
99qXMIMindivgjgml7.adSlL4iEyKRhqJiJwi
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙