Malicious
Malicious

d4a9b34284fb647f66e7cf5e0f712011

PE Executable
|
MD5: d4a9b34284fb647f66e7cf5e0f712011
|
Size: 580.1 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
d4a9b34284fb647f66e7cf5e0f712011
Sha1
1b3fee004971a87c17af876d1ae24636a524e7ca
Sha256
c7719798648f65f855df5b7afaa9f82121f1ad5828234b326a8feff4df73e081
Sha384
ccf3b7e8ef1c6e70d3345310125921eb077c082d66bfe9ddb12ad671e851be35faaab6778a125f0224ab8dd7106b9765
Sha512
3dc4fc7940804256ec629a0c138d55cd1ae8df2eec8fa3d0478794b9a5bd726a33c839ee5535a05a4c62848ce8bc2d509f1496b6ea0997c9ff2d44860ea6a4e9
SSDeep
12288:FZwe+hHTKnmxRQRYJJL2327fSleg+EdwJ0nUMIMKNdHMI72bA:FZQTUmxiRY24SlekwJ8US+dd2b
TLSH
38C4018776D08B43D15066B6C4E7882143E6EAC73EB3C3463B4912A71D51BF2CE99B8D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d4a9b34284fb647f66e7cf5e0f712011
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
5cMwjvSoYhfXS8oxk1.HtjwHryk4VQPVC6kly
kEIDvTYTv3dymT17Gj.HKjHNrdQmI3H2WL5Tc
K1j0QXmQrOlNaECo2U.haeWZJg67uSjb0Vqmb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Umfytl.exe
Full Name

Umfytl.exe
EntryPoint

System.Void FCJDckKCsNQHIyhslv.OlttAvv6X2yh8Exk25::ELK1iWIZc()
Scope Name

Umfytl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Umfytl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void FCJDckKCsNQHIyhslv.OlttAvv6X2yh8Exk25::ELK1iWIZc()
Main IL Instruction Count

155
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_0032: nop ret <null> nop <null> ldsfld YSZmJ2YGee2XZHyVjvD YSZmJ2YGee2XZHyVjvD::q9dYZ41Er2 call System.Byte[] YSZmJ2YGee2XZHyVjvD::jidYXEssv3(YSZmJ2YGee2XZHyVjvD) stloc.s V_2 ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_4ef5be15afc74fb08b02ed22043bd194 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_006C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 19 beq IL_00D5: br IL_01DE ldloc V_1 ldc.i4 999 beq IL_006C: ldloc V_1 br IL_023B: br IL_0133 leave IL_0031: ret ldc.i4 6 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_01DE: ldloc.s V_2 ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_5fda0a6f091642fdb9353a3f4af960d0 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 1 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld jAoNLgYCQ5AaOTM8jiR jAoNLgYCQ5AaOTM8jiR::QDhYrgiW1W call System.Void jAoNLgYCQ5AaOTM8jiR::jidYXEssv3(System.Byte[],jAoNLgYCQ5AaOTM8jiR) ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_9045e115c5ae40e590ac166a80cae45f brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 12 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_00F9: ldloc.s V_2 ldc.i4 7 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld Dwu7M5YfCEqwVWbOuVY Dwu7M5YfCEqwVWbOuVY::YAmYHgxwhi call System.Byte[] Dwu7M5YfCEqwVWbOuVY::jidYXEssv3(System.Byte[],Dwu7M5YfCEqwVWbOuVY) stloc.s V_2 ldc.i4 14 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_bc34f7f4df86492baa6b20243fb03230 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_00C6: leave IL_0031 ldc.i4 19 br IL_0068: stloc V_1 ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_01CF: leave IL_0031 ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_fef624db6ac44465bad5c4cdbeeec1b4 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 10 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret ldc.i4 6 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_b1b561e80b694dde979d8dffe3f5cc72 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 11 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret ldc.i4 3 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld DY2M34Y0RLijZqHP4Yc DY2M34Y0RLijZqHP4Yc::bIuYPkq6sT call System.Byte[] DY2M34Y0RLijZqHP4Yc::jidYXEssv3(System.Byte[],DY2M34Y0RLijZqHP4Yc) stloc.s V_2 ldc.i4 8 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_4c7cab3791634aecab32edd9b14f1aa5 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 7 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_01AB: leave IL_0031 ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_446faa98ad2243b4af87239ac3287dd1 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_0133: ldloc.s V_2 ldc.i4 9 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_567c89131dca49e891d5ea55df609f7c brfalse IL_0281: switch(IL_029D) pop <null> ldc.i4 0 br IL_0281: switch(IL_029D) br IL_027D: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_027D: ldloc V_3 br IL_029D: leave IL_0031 leave IL_0031: ret ldc.i4 6 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_c6e1aab46c2643068eb60691a8613684 brtrue IL_000D: switch(IL_0032,IL_02C1,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_02C1,IL_0031) ldsfld jxIuojYVnSgGlAMoZZ7 jxIuojYVnSgGlAMoZZ7::MP8Yul6y8V call System.Void jxIuojYVnSgGlAMoZZ7::jidYXEssv3(jxIuojYVnSgGlAMoZZ7) ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_79172f3cac964eb69ba427913a738ed5 brtrue IL_000D: switch(IL_0032,IL_02C1,IL_0031) pop <null> ldc.i4 0 br IL_000D: switch(IL_0032,IL_02C1,IL_0031)
Module Name

Umfytl.exe
Full Name

Umfytl.exe
EntryPoint

System.Void FCJDckKCsNQHIyhslv.OlttAvv6X2yh8Exk25::ELK1iWIZc()
Scope Name

Umfytl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Umfytl
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void FCJDckKCsNQHIyhslv.OlttAvv6X2yh8Exk25::ELK1iWIZc()
Main IL Instruction Count

155
Main IL

ldc.i4 1 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 990 beq IL_0009: ldloc V_0 br IL_0032: nop ret <null> nop <null> ldsfld YSZmJ2YGee2XZHyVjvD YSZmJ2YGee2XZHyVjvD::q9dYZ41Er2 call System.Byte[] YSZmJ2YGee2XZHyVjvD::jidYXEssv3(YSZmJ2YGee2XZHyVjvD) stloc.s V_2 ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_4ef5be15afc74fb08b02ed22043bd194 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_006C: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 19 beq IL_00D5: br IL_01DE ldloc V_1 ldc.i4 999 beq IL_006C: ldloc V_1 br IL_023B: br IL_0133 leave IL_0031: ret ldc.i4 6 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_01DE: ldloc.s V_2 ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_5fda0a6f091642fdb9353a3f4af960d0 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 1 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld jAoNLgYCQ5AaOTM8jiR jAoNLgYCQ5AaOTM8jiR::QDhYrgiW1W call System.Void jAoNLgYCQ5AaOTM8jiR::jidYXEssv3(System.Byte[],jAoNLgYCQ5AaOTM8jiR) ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_9045e115c5ae40e590ac166a80cae45f brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 12 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_00F9: ldloc.s V_2 ldc.i4 7 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld Dwu7M5YfCEqwVWbOuVY Dwu7M5YfCEqwVWbOuVY::YAmYHgxwhi call System.Byte[] Dwu7M5YfCEqwVWbOuVY::jidYXEssv3(System.Byte[],Dwu7M5YfCEqwVWbOuVY) stloc.s V_2 ldc.i4 14 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_bc34f7f4df86492baa6b20243fb03230 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 5 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_00C6: leave IL_0031 ldc.i4 19 br IL_0068: stloc V_1 ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_01CF: leave IL_0031 ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_fef624db6ac44465bad5c4cdbeeec1b4 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 10 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret ldc.i4 6 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_b1b561e80b694dde979d8dffe3f5cc72 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 11 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret ldc.i4 3 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld DY2M34Y0RLijZqHP4Yc DY2M34Y0RLijZqHP4Yc::bIuYPkq6sT call System.Byte[] DY2M34Y0RLijZqHP4Yc::jidYXEssv3(System.Byte[],DY2M34Y0RLijZqHP4Yc) stloc.s V_2 ldc.i4 8 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_4c7cab3791634aecab32edd9b14f1aa5 brfalse IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 7 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) ldloc.s V_2 ldsfld vdWPnOYJ65tLfXwQmCq vdWPnOYJ65tLfXwQmCq::AUiYLJMrOD call System.Boolean vdWPnOYJ65tLfXwQmCq::jidYXEssv3(System.Byte[],vdWPnOYJ65tLfXwQmCq) brfalse IL_01AB: leave IL_0031 ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_446faa98ad2243b4af87239ac3287dd1 brtrue IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) pop <null> ldc.i4 4 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) br IL_0133: ldloc.s V_2 ldc.i4 9 br IL_0070: switch(IL_0160,IL_00C6,IL_024A,IL_00F9,IL_023B,IL_017B,IL_01DE,IL_01CF,IL_020B,IL_01AB,IL_0124,IL_0133) leave IL_0031: ret pop <null> ldc.i4 0 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_567c89131dca49e891d5ea55df609f7c brfalse IL_0281: switch(IL_029D) pop <null> ldc.i4 0 br IL_0281: switch(IL_029D) br IL_027D: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_027D: ldloc V_3 br IL_029D: leave IL_0031 leave IL_0031: ret ldc.i4 6 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_c6e1aab46c2643068eb60691a8613684 brtrue IL_000D: switch(IL_0032,IL_02C1,IL_0031) pop <null> ldc.i4 2 br IL_000D: switch(IL_0032,IL_02C1,IL_0031) ldsfld jxIuojYVnSgGlAMoZZ7 jxIuojYVnSgGlAMoZZ7::MP8Yul6y8V call System.Void jxIuojYVnSgGlAMoZZ7::jidYXEssv3(jxIuojYVnSgGlAMoZZ7) ldc.i4 2 ldsfld <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d} <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_f5d7b942f1ec465ea566e6d9adf36142 ldfld System.Int32 <Module>{699d4ead-2e9b-43ea-afb2-3e842a68b48d}::m_79172f3cac964eb69ba427913a738ed5 brtrue IL_000D: switch(IL_0032,IL_02C1,IL_0031) pop <null> ldc.i4 0 br IL_000D: switch(IL_0032,IL_02C1,IL_0031)
d4a9b34284fb647f66e7cf5e0f712011 (580.1 KB)
File Structure
d4a9b34284fb647f66e7cf5e0f712011
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
5cMwjvSoYhfXS8oxk1.HtjwHryk4VQPVC6kly
kEIDvTYTv3dymT17Gj.HKjHNrdQmI3H2WL5Tc
K1j0QXmQrOlNaECo2U.haeWZJg67uSjb0Vqmb
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙