Suspicious
Suspect

d2da50a1eec2697d89cfaef88a049ad5

PE Executable
|
MD5: d2da50a1eec2697d89cfaef88a049ad5
|
Size: 587.26 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d2da50a1eec2697d89cfaef88a049ad5
Sha1
d48c88a933f7a4b1571ea8e141112e2d25e2765f
Sha256
e548e4d662498e099d9e3a6dc60bd99d3ac615411d0a8e716e75edee6f8d62bb
Sha384
35480b3e0f65dffef252801b146428242b55a904f7b6dbe44793c20af3f987ef7865a7b97f1ad21acc34c4e3c1944732
Sha512
6166dbc87885dcffc87087c3694cc8965600e102050fe1ffb8aaf2cec6442e2cf59bfdd6dad43c538e7cd02d5b4d430d7bfa37ece10c5fbcb48b2927d5d60da9
SSDeep
12288:MGdykdT6FrGI2Vmi4vsJU1hovKlIWYwrrubAMXmkr:9dyGuegUAhlxv+AMZ
TLSH
C7C423826F3CC332EEA29A7BE5E75A0806A5F9D00173D51A3B4E27441FAF7D8C711246

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
d2da50a1eec2697d89cfaef88a049ad5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Emnefed.Properties.Resources.resources
Trivoast
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Emnefed.exe
Full Name

Emnefed.exe
EntryPoint

System.Void Emnefed.Wsukvnpoa::Main()
Scope Name

Emnefed.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Emnefed
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Emnefed.Wsukvnpoa::Main()
Main IL Instruction Count

75
Main IL

nop <null> call System.Byte[] Emnefed.Wsukvnpoa::Yxivwvn0m() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_3 ldc.i4 0 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_7341bd1e9f164f1aadbb03a05d38a2c3 brtrue IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 1 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) br IL_003F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_003F: ldloc V_0 br IL_00FA: br IL_00D0 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00D0: ldloc.s V_1 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_007E: nop nop <null> ldloc.s V_2 ldstr k1vc1ScJ7 ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0099: leave IL_0067 leave IL_0067: ldloc.s V_1 pop <null> br IL_00A4: leave IL_0067 leave IL_0067: ldloc.s V_1 br IL_0067: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 ldc.i4 5 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_9679408fe81848f3a44aaddb3e11f6ca brtrue IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 2 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_0072: ldloc.s V_3 ldc.i4 1 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_1738e590e83b4638bba49857368d4dd4 brfalse IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 1 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) br IL_00D0: ldloc.s V_1 br IL_0072: ldloc.s V_3 leave IL_0119: ret pop <null> br IL_010F: leave IL_0119 leave IL_0119: ret br IL_0119: ret ret <null>
Module Name

Emnefed.exe
Full Name

Emnefed.exe
EntryPoint

System.Void Emnefed.Wsukvnpoa::Main()
Scope Name

Emnefed.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Emnefed
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

5
Main Method

System.Void Emnefed.Wsukvnpoa::Main()
Main IL Instruction Count

75
Main IL

nop <null> call System.Byte[] Emnefed.Wsukvnpoa::Yxivwvn0m() call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Type[] System.Reflection.Assembly::GetExportedTypes() stloc.s V_3 ldc.i4 0 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_7341bd1e9f164f1aadbb03a05d38a2c3 brtrue IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 1 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) br IL_003F: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_003F: ldloc V_0 br IL_00FA: br IL_00D0 ldloc.s V_1 ldc.i4.1 <null> add <null> stloc.s V_1 br IL_00D0: ldloc.s V_1 ldloc.s V_3 ldloc.s V_1 ldelem.ref <null> stloc.s V_2 br IL_007E: nop nop <null> ldloc.s V_2 ldstr k1vc1ScJ7 ldc.i4 256 ldnull <null> ldnull <null> ldnull <null> callvirt System.Object System.Type::InvokeMember(System.String,System.Reflection.BindingFlags,System.Reflection.Binder,System.Object,System.Object[]) pop <null> br IL_0099: leave IL_0067 leave IL_0067: ldloc.s V_1 pop <null> br IL_00A4: leave IL_0067 leave IL_0067: ldloc.s V_1 br IL_0067: ldloc.s V_1 ldc.i4.0 <null> stloc.s V_1 ldc.i4 5 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_9679408fe81848f3a44aaddb3e11f6ca brtrue IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 2 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) ldloc.s V_1 ldloc.s V_3 ldlen <null> conv.i4 <null> blt IL_0072: ldloc.s V_3 ldc.i4 1 ldsfld <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff} <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_65474af2f8624621929a3b0614eaf77b ldfld System.Int32 <Module>{cd32276e-d08f-4c5f-9c76-884d70b473ff}::m_1738e590e83b4638bba49857368d4dd4 brfalse IL_0043: switch(IL_00AE,IL_0104,IL_00FA) pop <null> ldc.i4 1 br IL_0043: switch(IL_00AE,IL_0104,IL_00FA) br IL_00D0: ldloc.s V_1 br IL_0072: ldloc.s V_3 leave IL_0119: ret pop <null> br IL_010F: leave IL_0119 leave IL_0119: ret br IL_0119: ret ret <null>
d2da50a1eec2697d89cfaef88a049ad5 (587.26 KB)
File Structure
d2da50a1eec2697d89cfaef88a049ad5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Emnefed.Properties.Resources.resources
Trivoast
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙