Malicious
Malicious

d1992ddbd65fd431e55d16f71a848129

PE Executable
|
MD5: d1992ddbd65fd431e55d16f71a848129
|
Size: 643.07 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
d1992ddbd65fd431e55d16f71a848129
Sha1
9ed5d0e79b16a2d8087c338a068dbe2cc4063fa4
Sha256
363c13183a809554474b8286e02a0b62c6a864be56c40d134799a072fce87e88
Sha384
f15988c0a35cd681a42ab9bbdefcf040b2f90fec8bb63cfb0ab4a07fa4fb426aeb725be41bdff360f621209d0e8cfa42
Sha512
d0bbc4b9cb400b2b83e904fa7ff2dfaac939e20028ef8e790047249e8b94100ef1815b61e5293d76d4c648263050c310ffc2f6b761a36d2987f6d7ff6db0f137
SSDeep
12288:JkucQD8YRBgDqhq+9Mu4gqgtlJjtcXsLqM+koGZeEJT5+O:o4NBrP96ZkoGZeE
TLSH
F1D4AF7732674E22D2854373C1CB4E4197B99686B6A7F70E7181339A24063EFDE0A397

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d1992ddbd65fd431e55d16f71a848129
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ioADaUVPIjdn3CobAK.iaocHxcAydvXBm7IqW
BepM4VXgoXeXyPMwIG.vr6sk3akAO1qoeJ63H
Nvwxqwdd.g.resources
QqwqI9qbkrYWToWaG6.3s038yldN7CDdNwG32
Ivxhxdye.Properties.Resources.resources
Ckcbpf
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Nvwxqwdd.exe
Full Name

Nvwxqwdd.exe
EntryPoint

System.Void E3OevPodIWpIxKIvcu.zfVP8HtjL64QtHdUre::nqP9UZI3C()
Scope Name

Nvwxqwdd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nvwxqwdd
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void E3OevPodIWpIxKIvcu.zfVP8HtjL64QtHdUre::nqP9UZI3C()
Main IL Instruction Count

115
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: ret ret <null> nop <null> newobj System.Void JYI8mefQkLpidDj4Yw.UHhwP0bT7T5D4Q2rBY::.ctor() stloc.s V_6 ldc.i4 4 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) br IL_004E: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 12 beq IL_015D: newobj System.Void OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj::.ctor() ldloc V_3 ldc.i4 992 beq IL_004E: ldloc V_3 br IL_00FC: newobj System.Void XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR::.ctor() newobj System.Void OI6op2w8CBtTa0qQWc.O6HhXvuEu3UIBZga7P::.ctor() stloc.s V_4 ldc.i4 0 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_11a9b9ae799c462b93a56a18a6e9166c brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 12 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) br IL_0189: leave IL_002D ldc.i4 1 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_e4be7f60984548e28d54e7188ce2b35e brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 9 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void UlMPpqKUkpPq4lEVqS.wNAuexjKMM0CcEuIKR::.ctor() stloc.s V_2 ldc.i4 12 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_3b45d9ec64c949ac83141694551d5349 brtrue IL_004A: stloc V_3 pop <null> ldc.i4 5 br IL_004A: stloc V_3 newobj System.Void XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR::.ctor() dup <null> dup <null> ldsfld FHDNTpaTdWWkKeou7dv FHDNTpaTdWWkKeou7dv::Qrnadh4qB9 call System.Void FHDNTpaTdWWkKeou7dv::SJ0a9uRVN0(System.Object,XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR,FHDNTpaTdWWkKeou7dv) dup <null> ldloc.s V_5 ldsfld aMVZ3QaGm3XM9SXY75O aMVZ3QaGm3XM9SXY75O::cONa1kVJbW call System.Void aMVZ3QaGm3XM9SXY75O::SJ0a9uRVN0(System.Object,OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj,aMVZ3QaGm3XM9SXY75O) ldloc.s V_5 ldloc.s V_2 ldsfld GB1uNyaY47KF621xn4S GB1uNyaY47KF621xn4S::KdTa6bGkE0 call System.Void GB1uNyaY47KF621xn4S::SJ0a9uRVN0(System.Object,UlMPpqKUkpPq4lEVqS.wNAuexjKMM0CcEuIKR,GB1uNyaY47KF621xn4S) ldloc.s V_2 ldloc.s V_4 ldsfld LCjP2rauFqd1Gj3Mu8G LCjP2rauFqd1Gj3Mu8G::DrhawfBrNV call System.Void LCjP2rauFqd1Gj3Mu8G::SJ0a9uRVN0(System.Object,OI6op2w8CBtTa0qQWc.O6HhXvuEu3UIBZga7P,LCjP2rauFqd1Gj3Mu8G) ldloc.s V_4 ldloc.s V_6 ldsfld tk3TK1aCOHmaM9eaY0V tk3TK1aCOHmaM9eaY0V::vseaWmq35R call System.Void tk3TK1aCOHmaM9eaY0V::SJ0a9uRVN0(System.Object,JYI8mefQkLpidDj4Yw.UHhwP0bT7T5D4Q2rBY,tk3TK1aCOHmaM9eaY0V) ldsfld i7KbATaEmWDA2Dv6kx8 i7KbATaEmWDA2Dv6kx8::AQ9aH6rQWB call System.Boolean i7KbATaEmWDA2Dv6kx8::SJ0a9uRVN0(System.Object,i7KbATaEmWDA2Dv6kx8) brfalse IL_0183: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 3 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj::.ctor() stloc.s V_5 ldc.i4 4 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_a67df2a9e38342e3ae9cdf586a890bfc brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 2 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 2 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_7d5f3a54826242b198ddbc6ba4bb202a brtrue IL_01C0: switch(IL_01DC) pop <null> ldc.i4 0 br IL_01C0: switch(IL_01DC) br IL_01BC: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_01BC: ldloc V_1 br IL_01DC: leave IL_002D leave IL_002D: ret ldc.i4 3 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_8526f396e36f4f89a8db91a884e0098c brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Nvwxqwdd.exe
Full Name

Nvwxqwdd.exe
EntryPoint

System.Void E3OevPodIWpIxKIvcu.zfVP8HtjL64QtHdUre::nqP9UZI3C()
Scope Name

Nvwxqwdd.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nvwxqwdd
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void E3OevPodIWpIxKIvcu.zfVP8HtjL64QtHdUre::nqP9UZI3C()
Main IL Instruction Count

115
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0009: ldloc V_0 br IL_002D: ret ret <null> nop <null> newobj System.Void JYI8mefQkLpidDj4Yw.UHhwP0bT7T5D4Q2rBY::.ctor() stloc.s V_6 ldc.i4 4 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) br IL_004E: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 12 beq IL_015D: newobj System.Void OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj::.ctor() ldloc V_3 ldc.i4 992 beq IL_004E: ldloc V_3 br IL_00FC: newobj System.Void XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR::.ctor() newobj System.Void OI6op2w8CBtTa0qQWc.O6HhXvuEu3UIBZga7P::.ctor() stloc.s V_4 ldc.i4 0 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_11a9b9ae799c462b93a56a18a6e9166c brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 12 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) br IL_0189: leave IL_002D ldc.i4 1 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_e4be7f60984548e28d54e7188ce2b35e brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 9 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void UlMPpqKUkpPq4lEVqS.wNAuexjKMM0CcEuIKR::.ctor() stloc.s V_2 ldc.i4 12 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_3b45d9ec64c949ac83141694551d5349 brtrue IL_004A: stloc V_3 pop <null> ldc.i4 5 br IL_004A: stloc V_3 newobj System.Void XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR::.ctor() dup <null> dup <null> ldsfld FHDNTpaTdWWkKeou7dv FHDNTpaTdWWkKeou7dv::Qrnadh4qB9 call System.Void FHDNTpaTdWWkKeou7dv::SJ0a9uRVN0(System.Object,XSOUgFFyhbNiNprNLk.SSAaQRkFSVbsbuL5lR,FHDNTpaTdWWkKeou7dv) dup <null> ldloc.s V_5 ldsfld aMVZ3QaGm3XM9SXY75O aMVZ3QaGm3XM9SXY75O::cONa1kVJbW call System.Void aMVZ3QaGm3XM9SXY75O::SJ0a9uRVN0(System.Object,OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj,aMVZ3QaGm3XM9SXY75O) ldloc.s V_5 ldloc.s V_2 ldsfld GB1uNyaY47KF621xn4S GB1uNyaY47KF621xn4S::KdTa6bGkE0 call System.Void GB1uNyaY47KF621xn4S::SJ0a9uRVN0(System.Object,UlMPpqKUkpPq4lEVqS.wNAuexjKMM0CcEuIKR,GB1uNyaY47KF621xn4S) ldloc.s V_2 ldloc.s V_4 ldsfld LCjP2rauFqd1Gj3Mu8G LCjP2rauFqd1Gj3Mu8G::DrhawfBrNV call System.Void LCjP2rauFqd1Gj3Mu8G::SJ0a9uRVN0(System.Object,OI6op2w8CBtTa0qQWc.O6HhXvuEu3UIBZga7P,LCjP2rauFqd1Gj3Mu8G) ldloc.s V_4 ldloc.s V_6 ldsfld tk3TK1aCOHmaM9eaY0V tk3TK1aCOHmaM9eaY0V::vseaWmq35R call System.Void tk3TK1aCOHmaM9eaY0V::SJ0a9uRVN0(System.Object,JYI8mefQkLpidDj4Yw.UHhwP0bT7T5D4Q2rBY,tk3TK1aCOHmaM9eaY0V) ldsfld i7KbATaEmWDA2Dv6kx8 i7KbATaEmWDA2Dv6kx8::AQ9aH6rQWB call System.Boolean i7KbATaEmWDA2Dv6kx8::SJ0a9uRVN0(System.Object,i7KbATaEmWDA2Dv6kx8) brfalse IL_0183: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 3 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void OAwPM4JFWLohQQlggp.gSeJhb2rhpQ3q6PAVj::.ctor() stloc.s V_5 ldc.i4 4 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_a67df2a9e38342e3ae9cdf586a890bfc brtrue IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) pop <null> ldc.i4 2 br IL_0052: switch(IL_00D6,IL_0183,IL_00FC,IL_00B2,IL_008C) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 2 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_7d5f3a54826242b198ddbc6ba4bb202a brtrue IL_01C0: switch(IL_01DC) pop <null> ldc.i4 0 br IL_01C0: switch(IL_01DC) br IL_01BC: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 988 beq IL_01BC: ldloc V_1 br IL_01DC: leave IL_002D leave IL_002D: ret ldc.i4 3 ldsfld <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250} <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_bec6fb9ac1a642cc9bda2dcf1c641e0a ldfld System.Int32 <Module>{846541db-7b71-4f88-a7cb-ac14fb52c250}::m_8526f396e36f4f89a8db91a884e0098c brtrue IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
d1992ddbd65fd431e55d16f71a848129 (643.07 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙