Suspicious
Suspect

cd9104f4a3fefeb45d0fd9bf00a2c446

PE Executable
|
MD5: cd9104f4a3fefeb45d0fd9bf00a2c446
|
Size: 513.54 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
cd9104f4a3fefeb45d0fd9bf00a2c446
Sha1
75ab77e83d8e614c138deb966530749c08c35371
Sha256
e329a29546eb5d2d57e3c21a1b2753a6ba13e2693894c00a0d44c09c0312a11c
Sha384
9b27092b92452e204ee41a6ac29921de7d0664b37de3a318e5eb92f61303630ecc9dddcc675d4a283bc6f7695d13e6cf
Sha512
af367782d0b4cd7fe7c9d201af9206e0d9d8f9ebc9354c4fb08a98fad28056efae83fd839f8b7f70a6cab4476e6ca7d6f946df05069c41286dde67178fb7b0bf
SSDeep
12288:UasHEuYLGmNPw9HxktXBt/VSQVLEtwa6:rspYLxNPw9atxtt7VIKa
TLSH
93B4CF1563E95F94EABE8B7A5570210103F2B85BD332DB3E6E8860DD1E327C18926773

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
cd9104f4a3fefeb45d0fd9bf00a2c446
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Kr0ykjQ7t.Resources.resources
565c91f30f0434.Resources.resources
690ced510
[NBF]root.Data
690ced511
[NBF]root.Data
690ced5110
[NBF]root.Data
690ced5111
[NBF]root.Data
690ced5112
[NBF]root.Data
690ced512
[NBF]root.Data
690ced513
[NBF]root.Data
690ced514
[NBF]root.Data
690ced515
[NBF]root.Data
690ced516
[NBF]root.Data
690ced517
[NBF]root.Data
690ced518
[NBF]root.Data
690ced519
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Kr0ykjQ7t
Full Name

Kr0ykjQ7t
EntryPoint

System.Void Kr0ykjQ7t.2ajAQo7m0z_D::9tmZoYf()
Scope Name

Kr0ykjQ7t
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Kr0ykjQ7t
Assembly Version

11.8.33.170
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

758
Main Method

System.Void Kr0ykjQ7t.2ajAQo7m0z_D::9tmZoYf()
Main IL Instruction Count

79
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.0 <null> call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Qpi3d9n() call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Collections.Generic.List`1<System.Byte> Kr0ykjQ7t.2ajAQo7m0z_D::sa4Nf5KnWt0q(System.Object) stloc.1 <null> ldloc.1 <null> callvirt System.Byte[] System.Collections.Generic.List`1<System.Byte>::ToArray() stloc.2 <null> ldc.i4.s 9 newarr System.String dup <null> ldc.i4.0 <null> ldstr 115 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr 101 stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr 100 stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr 105 stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr 97 stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr 112 stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr 110 stelem.ref <null> dup <null> ldc.i4.7 <null> ldstr 114 stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr 109 stelem.ref <null> stloc.3 <null> ldloc.2 <null> ldloc.3 <null> ldsfld System.Int32 Kr0ykjQ7t.2ajAQo7m0z_D::iw3Tn call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Kjc0b5Y(System.Byte[],System.String[],System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_4 ldloc.s V_4 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Mie97SkwE(System.Object) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_5 leave.s IL_00C1: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 nop <null> ldloc.s V_6 callvirt System.String System.Exception::ToString() ldc.i4.0 <null> ldnull <null> call Microsoft.VisualBasic.MsgBoxResult Microsoft.VisualBasic.Interaction::MsgBox(System.Object,Microsoft.VisualBasic.MsgBoxStyle,System.Object) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00C1: nop nop <null> ret <null>
Module Name

Kr0ykjQ7t
Full Name

Kr0ykjQ7t
EntryPoint

System.Void Kr0ykjQ7t.2ajAQo7m0z_D::9tmZoYf()
Scope Name

Kr0ykjQ7t
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Kr0ykjQ7t
Assembly Version

11.8.33.170
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

758
Main Method

System.Void Kr0ykjQ7t.2ajAQo7m0z_D::9tmZoYf()
Main IL Instruction Count

79
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldstr Application newobj System.Void System.Diagnostics.EventLog::.ctor(System.String) stloc.0 <null> call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Qpi3d9n() call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Collections.Generic.List`1<System.Byte> Kr0ykjQ7t.2ajAQo7m0z_D::sa4Nf5KnWt0q(System.Object) stloc.1 <null> ldloc.1 <null> callvirt System.Byte[] System.Collections.Generic.List`1<System.Byte>::ToArray() stloc.2 <null> ldc.i4.s 9 newarr System.String dup <null> ldc.i4.0 <null> ldstr 115 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr 101 stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr 100 stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr 105 stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr 97 stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr 112 stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr 110 stelem.ref <null> dup <null> ldc.i4.7 <null> ldstr 114 stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr 109 stelem.ref <null> stloc.3 <null> ldloc.2 <null> ldloc.3 <null> ldsfld System.Int32 Kr0ykjQ7t.2ajAQo7m0z_D::iw3Tn call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Kjc0b5Y(System.Byte[],System.String[],System.Int32) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_4 ldloc.s V_4 call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) call System.Object Kr0ykjQ7t.2ajAQo7m0z_D::Mie97SkwE(System.Object) call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) stloc.s V_5 leave.s IL_00C1: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 nop <null> ldloc.s V_6 callvirt System.String System.Exception::ToString() ldc.i4.0 <null> ldnull <null> call Microsoft.VisualBasic.MsgBoxResult Microsoft.VisualBasic.Interaction::MsgBox(System.Object,Microsoft.VisualBasic.MsgBoxStyle,System.Object) pop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00C1: nop nop <null> ret <null>
cd9104f4a3fefeb45d0fd9bf00a2c446 (513.54 KB)
File Structure
cd9104f4a3fefeb45d0fd9bf00a2c446
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Kr0ykjQ7t.Resources.resources
565c91f30f0434.Resources.resources
690ced510
[NBF]root.Data
690ced511
[NBF]root.Data
690ced5110
[NBF]root.Data
690ced5111
[NBF]root.Data
690ced5112
[NBF]root.Data
690ced512
[NBF]root.Data
690ced513
[NBF]root.Data
690ced514
[NBF]root.Data
690ced515
[NBF]root.Data
690ced516
[NBF]root.Data
690ced517
[NBF]root.Data
690ced518
[NBF]root.Data
690ced519
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙