General
Structural Analysis
Config.0
Yara Rules68
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Very high
|
Hash | Hash Value |
|---|---|
| MD5 | d07eab5407938ba904ca2b21d358ef75
|
| Sha1 | 0ab1a8f3ada6d3b05d9e41ab632bc2a475b13b0f
|
| Sha256 | 60999b203b7b939b578c65860d5eda81453c03c191aead0e00b2e22325514103
|
| Sha384 | 30b4392cc2da404692a604f4903009710a12fbb3fd9454050e32157e5daee95803b8e3910dd0ecc10016d1ae7cb7cfa3
|
| Sha512 | a86a9e87e92844c07711c34a69f934f97159097f4862caebd64dd9e170122bd0b0f0769563ae2980b8179d2c6100f7dcf96746085527a805f414a250341c1996
|
| SSDeep | 49152:8efOlRQkqXfd+/9AS12b73Vu5G8HoU2mF3iB:8eERQkqXf0Fz12bZuA80mi
|
| TLSH | 0275029A36E4219EC52A97B68E691C3075273477173E8A07746F11CC8F5F8C2CA163FA
|
PeID
Microsoft Visual C# / Basic .NET
File Structure
d07eab5407938ba904ca2b21d358ef75
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
+6+]4HU
.text
.rsrc
က
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
FWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA..resources
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.metadata
AWJR0IASJI0DFSJAJDFA..CWJR0IASJI0DFSJAJDFA..resources
guna2CirclePictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
costura.guna.ui2.dll.compressed
costura.guna.ui2.dll
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
G22190F0D5B1120504B3E00280003060D0F0F4F38724F222206070B01020F0F27012B0C.resources
icon.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna.UI2.Properties.Resources.resources
CheckedCheckbox_20px
[NBF]root.Data
[NBF]root.Data-preview.png
CheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
FullImage_64px
[NBF]root.Data
[NBF]root.Data-preview.png
ImageCalendar
[NBF]root.Data
[NBF]root.Data-preview.png
UncheckedCheckbox_20px
UncheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
ce_48px
[NBF]root.Data
[NBF]root.Data-preview.png
curv3
[NBF]root.Data
[NBF]root.Data-preview.png
curv3_w
[NBF]root.Data
[NBF]root.Data-preview.png
error
[NBF]root.Data
[NBF]root.Data-preview.png
info
[NBF]root.Data
[NBF]root.Data-preview.png
logo
[NBF]root.Data
[NBF]root.Data-preview.png
logo_w
[NBF]root.Data
[NBF]root.Data-preview.png
miring
[NBF]root.Data
[NBF]root.Data-preview.png
question
[NBF]root.Data
[NBF]root.Data-preview.png
warning
[NBF]root.Data
[NBF]root.Data-preview.png
G22190F0D5B1120504B250025230207091246250F300029390C06331B0E163B151735041C232100000E0B.resources
btDown.Image
btUp.Image
imageList1.ImageStream
[NBF]root.Data
XVM.Runtime.dll
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Spoofer.exe |
| Full Name | Spoofer.exe |
| EntryPoint | System.Void EWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA.::DWJR0IASJI0DFSJAJDFA.() |
| Scope Name | Spoofer.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Spoofer |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 7 |
| Main Method | System.Void EWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA.::DWJR0IASJI0DFSJAJDFA.() |
| Main IL Instruction Count | 0 |
| Main IL | |
| Module Name | Spoofer.exe |
| Full Name | Spoofer.exe |
| EntryPoint | System.Void EWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA.::DWJR0IASJI0DFSJAJDFA.() |
| Scope Name | Spoofer.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Spoofer |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 7 |
| Main Method | System.Void EWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA.::DWJR0IASJI0DFSJAJDFA.() |
| Main IL Instruction Count | 0 |
| Main IL | |
d07eab5407938ba904ca2b21d358ef75 (1.7 MB)
File Structure
d07eab5407938ba904ca2b21d358ef75
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
+6+]4HU
.text
.rsrc
က
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
FWJR0IASJI0DFSJAJDFA..BWJR0IASJI0DFSJAJDFA..resources
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.metadata
AWJR0IASJI0DFSJAJDFA..CWJR0IASJI0DFSJAJDFA..resources
guna2CirclePictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
costura.guna.ui2.dll.compressed
costura.guna.ui2.dll
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
G22190F0D5B1120504B3E00280003060D0F0F4F38724F222206070B01020F0F27012B0C.resources
icon.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna.UI2.Properties.Resources.resources
CheckedCheckbox_20px
[NBF]root.Data
[NBF]root.Data-preview.png
CheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
FullImage_64px
[NBF]root.Data
[NBF]root.Data-preview.png
ImageCalendar
[NBF]root.Data
[NBF]root.Data-preview.png
UncheckedCheckbox_20px
UncheckedRadioButton_20px
[NBF]root.Data
[NBF]root.Data-preview.png
ce_48px
[NBF]root.Data
[NBF]root.Data-preview.png
curv3
[NBF]root.Data
[NBF]root.Data-preview.png
curv3_w
[NBF]root.Data
[NBF]root.Data-preview.png
error
[NBF]root.Data
[NBF]root.Data-preview.png
info
[NBF]root.Data
[NBF]root.Data-preview.png
logo
[NBF]root.Data
[NBF]root.Data-preview.png
logo_w
[NBF]root.Data
[NBF]root.Data-preview.png
miring
[NBF]root.Data
[NBF]root.Data-preview.png
question
[NBF]root.Data
[NBF]root.Data-preview.png
warning
[NBF]root.Data
[NBF]root.Data-preview.png
G22190F0D5B1120504B250025230207091246250F300029390C06331B0E163B151735041C232100000E0B.resources
btDown.Image
btUp.Image
imageList1.ImageStream
[NBF]root.Data
XVM.Runtime.dll
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.