Suspect
PE Executable
MD5: cc7c147c91c8238580b23baa0c3139ca
Size: 3.42 MB
application/x-dosexec
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Very low
| MD5 | cc7c147c91c8238580b23baa0c3139ca |
| Sha1 | 476457c5fd2158ee115d784bcd832bde960901e1 |
| Sha256 | 8fdbe3eb5aa9b8f3c7e4fe9cbceb821027e881df32e1192c5b62695e27b78067 |
| Sha384 | aa5c6edb0fcf1d2d299a8628f489904c188f7a625830aae3fb237cb9991ee682bd6917f9d5c66b0da2b102b1a4ea6881 |
| Sha512 | dbe02e905f6bd3a0e43b9e20850fd38998455126356e7d75433b09a98913519a1fb41fee25e618e1388c6be675b0f946e0b5370518372142fa36f5f6089b0554 |
| SSDeep | 49152:UOcSDbYm45//1yfY1QIAU/EZuG3S5tAO0+r42ddM72rKl3GQHS5gWTX1Pw35IuZX:dbY51yfY1AKSSsl+U2A72+9OmW5u5I+ |
| TLSH | E0F5237B6BB89522C2FA25F8F07155240BB4D4427743CF4FAB8495EA1847B64CE02BB7 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NETUPolyX 0.3 -> delikon
| Name | Value |
|---|---|
| Module Name | ADCB Client SOA Clearance.exe |
| Full Name | ADCB Client SOA Clearance.exe |
| EntryPoint | System.Void Yvqkxtwk.Qgolvnrrva::Main() |
| Scope Name | ADCB Client SOA Clearance.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ADCB Client SOA Clearance |
| Assembly Version | 1.0.9137.2002 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 629 |
| Main Method | System.Void Yvqkxtwk.Qgolvnrrva::Main() |
| Main IL Instruction Count | 2 |
| Main IL | |
| Module Name | ADCB Client SOA Clearance.exe |
| Full Name | ADCB Client SOA Clearance.exe |
| EntryPoint | System.Void Yvqkxtwk.Qgolvnrrva::Main() |
| Scope Name | ADCB Client SOA Clearance.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ADCB Client SOA Clearance |
| Assembly Version | 1.0.9137.2002 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 629 |
| Main Method | System.Void Yvqkxtwk.Qgolvnrrva::Main() |
| Main IL Instruction Count | 2 |
| Main IL | |
Embedded Resources
UNKNWOWNsuspect
1huhuhuhu
Suspicious Type Names (1-2 chars)
UNKNWOWN
0huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
No malware configuration was found at this point.
Embedded Resources
UNKNWOWNsuspect
1huhuhuhu
cc7c147c91c8238580b23baa0c3139ca
Suspicious Type Names (1-2 chars)
UNKNWOWN
0huhuhuhu
cc7c147c91c8238580b23baa0c3139ca
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.