Suspicious
Suspect

PE Executable
MD5: cc7c147c91c8238580b23baa0c3139ca
Size: 3.42 MB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very low
MD5 cc7c147c91c8238580b23baa0c3139ca
Sha1 476457c5fd2158ee115d784bcd832bde960901e1
Sha256 8fdbe3eb5aa9b8f3c7e4fe9cbceb821027e881df32e1192c5b62695e27b78067
Sha384 aa5c6edb0fcf1d2d299a8628f489904c188f7a625830aae3fb237cb9991ee682bd6917f9d5c66b0da2b102b1a4ea6881
Sha512 dbe02e905f6bd3a0e43b9e20850fd38998455126356e7d75433b09a98913519a1fb41fee25e618e1388c6be675b0f946e0b5370518372142fa36f5f6089b0554
SSDeep 49152:UOcSDbYm45//1yfY1QIAU/EZuG3S5tAO0+r42ddM72rKl3GQHS5gWTX1Pw35IuZX:dbY51yfY1AKSSsl+U2A72+9OmW5u5I+
TLSH E0F5237B6BB89522C2FA25F8F07155240BB4D4427743CF4FAB8495EA1847B64CE02BB7
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NETUPolyX 0.3 -> delikon
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Yvqkxtwk.Properties.Resources.resources
Ojjcwezxuuo
Name Value
Module Name
ADCB Client SOA Clearance.exe
Full Name
ADCB Client SOA Clearance.exe
EntryPoint
System.Void Yvqkxtwk.Qgolvnrrva::Main()
Scope Name
ADCB Client SOA Clearance.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
ADCB Client SOA Clearance
Assembly Version
1.0.9137.2002
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.6
Total Strings
629
Main Method
System.Void Yvqkxtwk.Qgolvnrrva::Main()
Main IL Instruction Count
2
Main IL
call System.Void Yvqkxtwk.Nantptuz::Nrckjtzxduz()
ret <null>
Module Name
ADCB Client SOA Clearance.exe
Full Name
ADCB Client SOA Clearance.exe
EntryPoint
System.Void Yvqkxtwk.Qgolvnrrva::Main()
Scope Name
ADCB Client SOA Clearance.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
ADCB Client SOA Clearance
Assembly Version
1.0.9137.2002
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.6
Total Strings
629
Main Method
System.Void Yvqkxtwk.Qgolvnrrva::Main()
Main IL Instruction Count
2
Main IL
call System.Void Yvqkxtwk.Nantptuz::Nrckjtzxduz()
ret <null>
Embedded Resources UNKNWOWNsuspect
1huhuhuhu
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Yvqkxtwk.Properties.Resources.resources
Ojjcwezxuuo
No malware configuration was found at this point.
Embedded Resources UNKNWOWNsuspect
1huhuhuhu
cc7c147c91c8238580b23baa0c3139ca
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
cc7c147c91c8238580b23baa0c3139ca
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙