Malicious
Malicious

d6ce91d88ab1618d4763fe5021556d7a

PE Executable
|
MD5: d6ce91d88ab1618d4763fe5021556d7a
|
Size: 121.34 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
d6ce91d88ab1618d4763fe5021556d7a
Sha1
2ace27cda1b6eeca86bc3861ce3f2ba5b1a6c1be
Sha256
ac334daeb361ab4ddeae09de2740f5969aea3056f7305618551fe825832831d6
Sha384
d4db09e5f8801e71335412dfd7cd462f27ef71a09715379294960b426d6e97d72f27aaf65572425d4122f6f904df1211
Sha512
0fb7c2032de75752286bfba6779acc6e2e2e6b6e9bac9be99c618e7d19a704bbe2749ff36681a1513762f1611699c97db02b1e9664ba96bce65379288078a3d8
SSDeep
1536:QFzIq5Z76jfE4gDXDLkbeQd9yM4zKWPhA3XhrdBX5XbOIRM/JdNABlWO:PAZGDyXkbeK9CGW+3XhrjQIRMlABlWO
TLSH
25C35D07F9DCD6E0D53511327F63C970D6686E257960A11E73C9BF2E2B39662AA003E2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d6ce91d88ab1618d4763fe5021556d7a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0-preview.png
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
RT_MESSAGETABLE
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
ID:1033
RT_MANIFEST
ID:0001
ID:0
ID:1033
.Net Resources
Malicious
ndwj.vbs
Malicious
ndwj.vbs.deobfuscated.vbs
Malicious
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

697fac13ecfd4.exe
Full Name

697fac13ecfd4.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

697fac13ecfd4.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

697fac13ecfd4
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
Module Name

697fac13ecfd4.exe
Full Name

697fac13ecfd4.exe
EntryPoint

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Scope Name

697fac13ecfd4.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

697fac13ecfd4
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

10
Main Method

System.Void Microsoft.CLR.Hosting.RuntimeBootstrap::Main()
Main IL Instruction Count

7
Main IL

nop <null> call System.Int32 Microsoft.CLR.Hosting.RuntimeBootstrap::InitializeComponent() stloc.0 <null> ldloc.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ret <null>
d6ce91d88ab1618d4763fe5021556d7a (121.34 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙