d7aa250086373b06280ad19ff661403d

PE Executable
|
MD5: d7aa250086373b06280ad19ff661403d
|
Size: 1.94 MB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	d7aa250086373b06280ad19ff661403d
Sha1	418a9ef9722d10e877d12d2305a3eca1880dbb3d
Sha256	7dcd9c9ac48b728b9e13d2d15c6c91d6c1d47b8c8fc1c5b3cb86cfe262f8fa2a
Sha384	844668fe0faccc3304505ba3543982e36b175b4a5eecd1b153e905183757999e09231144e23f405537dca438b699b3d5
Sha512	5db6b45530bf6b4c55b0ea47980251cd65f855017c51028c8b333fc86fdb675543dd3026f0f1c57f0c076e2b346b7a729a659c2cbbe2ebbd588d4d859aaa8d9c
SSDeep	24576:5pLYxIgMM4xXKUFLEO1vECYM2BrkBPTwO9zQZo0VcoNCV1vhEE09YHck8HLm:SIMCXKUFpvEChW45R9zFogHvhxh8kWm
TLSH	39958D07BB8F87B1C2655777C5AB891CD364E582F233DF1A398A231A5CC37BA9940607

PeID

.NET executable

HQR data file

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	Xvttcleosch.exe
Full Name	Xvttcleosch.exe
EntryPoint	System.Void HidSharp.Strategies.RequestProxy::ReflectStrategy()
Scope Name	Xvttcleosch.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Xvttcleosch
Assembly Version	1.0.9108.3457
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	754
Main Method	System.Void HidSharp.Strategies.RequestProxy::ReflectStrategy()
Main IL Instruction Count	32
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0059: ldsfld HidSharp.Strategies.RequestProxy/<>c HidSharp.Strategies.RequestProxy/<>c::sortedGateway ret <null> ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Strategies.RequestProxy/<>c::_CommonCompiler dup <null> brfalse IL_0039: pop br IL_006F: call System.Void HidSharp.Strategies.RequestProxy::CheckStrategy(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 0 ldsfld <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2} <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_86fd85fa9c074095936060c462307358 ldfld System.Int32 <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_c6ec505ebd744b0bbeb77b1f8bca744c brtrue IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0059,IL_0029,IL_0028) ldsfld HidSharp.Strategies.RequestProxy/<>c HidSharp.Strategies.RequestProxy/<>c::sortedGateway ldftn System.Void HidSharp.Strategies.RequestProxy/<>c::DecompressAdapter(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Strategies.RequestProxy/<>c::_CommonCompiler call System.Void HidSharp.Strategies.RequestProxy::CheckStrategy(System.Action`1<System.IO.MemoryStream>) ldc.i4 2 ldsfld <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2} <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_86fd85fa9c074095936060c462307358 ldfld System.Int32 <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_53e54827259c41da9ccd8251d75e8371 brfalse IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_0059,IL_0029,IL_0028)
Module Name	Xvttcleosch.exe
Full Name	Xvttcleosch.exe
EntryPoint	System.Void HidSharp.Strategies.RequestProxy::ReflectStrategy()
Scope Name	Xvttcleosch.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Xvttcleosch
Assembly Version	1.0.9108.3457
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.6
Total Strings	754
Main Method	System.Void HidSharp.Strategies.RequestProxy::ReflectStrategy()
Main IL Instruction Count	32
Main IL	ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0059: ldsfld HidSharp.Strategies.RequestProxy/<>c HidSharp.Strategies.RequestProxy/<>c::sortedGateway ret <null> ldsfld System.Action`1<System.IO.MemoryStream> HidSharp.Strategies.RequestProxy/<>c::_CommonCompiler dup <null> brfalse IL_0039: pop br IL_006F: call System.Void HidSharp.Strategies.RequestProxy::CheckStrategy(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 0 ldsfld <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2} <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_86fd85fa9c074095936060c462307358 ldfld System.Int32 <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_c6ec505ebd744b0bbeb77b1f8bca744c brtrue IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 0 br IL_0012: switch(IL_0059,IL_0029,IL_0028) ldsfld HidSharp.Strategies.RequestProxy/<>c HidSharp.Strategies.RequestProxy/<>c::sortedGateway ldftn System.Void HidSharp.Strategies.RequestProxy/<>c::DecompressAdapter(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> HidSharp.Strategies.RequestProxy/<>c::_CommonCompiler call System.Void HidSharp.Strategies.RequestProxy::CheckStrategy(System.Action`1<System.IO.MemoryStream>) ldc.i4 2 ldsfld <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2} <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_86fd85fa9c074095936060c462307358 ldfld System.Int32 <Module>{b7380e37-04a6-44de-b7d1-acfd27585ee2}::m_53e54827259c41da9ccd8251d75e8371 brfalse IL_0012: switch(IL_0059,IL_0029,IL_0028) pop <null> ldc.i4 1 br IL_0012: switch(IL_0059,IL_0029,IL_0028)

d7aa250086373b06280ad19ff661403d (1.94 MB)

d7aa250086373b06280ad19ff661403d

PE Executable | MD5: d7aa250086373b06280ad19ff661403d | Size: 1.94 MB | application/x-dosexec

PE Executable
|
MD5: d7aa250086373b06280ad19ff661403d
|
Size: 1.94 MB
|
application/x-dosexec