Malicious
Malicious

d1106ebcf384f22577348f6a7ccea42d

PE Executable
|
MD5: d1106ebcf384f22577348f6a7ccea42d
|
Size: 617.47 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d1106ebcf384f22577348f6a7ccea42d
Sha1
860e677b2ec615947ccc70397de5129cf741e4f7
Sha256
ca1bdc88420ca628f2f29fb4e32e3b3a3cda6b93a6e060f626eae5b6a3cc57e1
Sha384
4cbdc6a6f571f312d60666dea33a0e999459683cd5a5e3adc7b5a3927180f6f5efaed87b2420b2ce88cb10278af981bf
Sha512
5a9935706b5505cc24a16f0758f1abd735e49e21b43a79793c8f79ec8fa16059cd2ef9ce5f89b254254bfc58fa88140c1d67d63678eb3837a3e1cb0534546116
SSDeep
12288:C6DF/kIQ+6iYU2BZvjtclgvqGUI6iTXnl/A4T:5F/kl+6iYU2BxjMbdIDXW4
TLSH
4CD4AE253BEA4D37F3A99CB1E5B294200663BA1934E3C1FD25CC134A56227E399F065F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d1106ebcf384f22577348f6a7ccea42d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PZRORyQW2eAUjtIMmA.hibD42oT4kBkCvGuPf
Pa1epcsoKiCcuom9Xh.c71J5bpk2dwNmd17e7
rm9FAMFQ9NKS4QaL1I.boh5ybVcXNkwx0DAnH
Install.g.resources
VIP.Form1.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Install.exe
Full Name

Install.exe
EntryPoint

System.Void WpfApp1.App::Main()
Scope Name

Install.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Install
Assembly Version

9.2.0.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

45
Main Method

System.Void WpfApp1.App::Main()
Main IL Instruction Count

33
Main IL

br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_006D: ldloc.s V_1 nop <null> ldloc.s V_1 ldsfld N3gp5h8UV9hhK7gNSQq N3gp5h8UV9hhK7gNSQq::FTl8Qq5xOK call System.Int32 N3gp5h8UV9hhK7gNSQq::da5vaPWo6I(System.Object,N3gp5h8UV9hhK7gNSQq) pop <null> ldc.i4 3 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) nop <null> newobj System.Void WpfApp1.App::.ctor() stloc.s V_1 ldc.i4 0 ldsfld System.Int32 <Module>{999202de-7000-4685-bb23-770f64870ca8}::m_0f6ae63e862e450cbb0a633e3af276dd brfalse IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) pop <null> ldc.i4 0 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) ldloc.s V_1 callvirt System.Void WpfApp1.App::InitializeComponent() ldc.i4 2 ldsfld System.Int32 <Module>{999202de-7000-4685-bb23-770f64870ca8}::m_c4afcac6bda14934abfb3827e6408e9d brtrue IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) pop <null> ldc.i4 1 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) ret <null>
Module Name

Install.exe
Full Name

Install.exe
EntryPoint

System.Void WpfApp1.App::Main()
Scope Name

Install.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Install
Assembly Version

9.2.0.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

45
Main Method

System.Void WpfApp1.App::Main()
Main IL Instruction Count

33
Main IL

br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_006D: ldloc.s V_1 nop <null> ldloc.s V_1 ldsfld N3gp5h8UV9hhK7gNSQq N3gp5h8UV9hhK7gNSQq::FTl8Qq5xOK call System.Int32 N3gp5h8UV9hhK7gNSQq::da5vaPWo6I(System.Object,N3gp5h8UV9hhK7gNSQq) pop <null> ldc.i4 3 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) nop <null> newobj System.Void WpfApp1.App::.ctor() stloc.s V_1 ldc.i4 0 ldsfld System.Int32 <Module>{999202de-7000-4685-bb23-770f64870ca8}::m_0f6ae63e862e450cbb0a633e3af276dd brfalse IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) pop <null> ldc.i4 0 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) ldloc.s V_1 callvirt System.Void WpfApp1.App::InitializeComponent() ldc.i4 2 ldsfld System.Int32 <Module>{999202de-7000-4685-bb23-770f64870ca8}::m_c4afcac6bda14934abfb3827e6408e9d brtrue IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) pop <null> ldc.i4 1 br IL_0019: switch(IL_006D,IL_004B,IL_0033,IL_008E) ret <null>
d1106ebcf384f22577348f6a7ccea42d (617.47 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙