Malicious
Malicious

dca6484b5b25c17d82da6cfe2e4a59b2

PE Executable
|
MD5: dca6484b5b25c17d82da6cfe2e4a59b2
|
Size: 651.78 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
dca6484b5b25c17d82da6cfe2e4a59b2
Sha1
bbd71785a5a9b0f6522b9b752f49a99cb96b0629
Sha256
04b306e1feed13839b1322c097bbb66bd6702b484090e8070965fc2bec977888
Sha384
f973951cf00041d5b8342ce437277821e85c33d5c63b7acbc157250ed6ea7e67cef688285a6a5fedbab49d10e84ab6a3
Sha512
3d60c5ea4db0e045f4285c2367c17b57d8d8e8a6056471a236ce0ff7d070fc6527ac619f4f4e28a93ebdb08d1c414498104a65cfc8dfc8c7e92ddb00d4d07e86
SSDeep
12288:Pnge1h9BU9Yk/TIRW8gJhCFZ7GttRfyKR6p+QJn:xaJIBZCZOJ
TLSH
C4D49E677A374E12C2980333D5CB494197A89685B6EBF70E7281739614073FFDE0A2A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
dca6484b5b25c17d82da6cfe2e4a59b2
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
1p2JdSsSoJir65kxdx.5HSfi6g1a8ehxZEsLj
QGiLFqIrGldyo9XUQe.KrsZinXd60KHLW7exk
Jaxmhyqzvh.g.resources
IGGx3ht9fw6b7ayv45.Zi9CDp1mKlQakqwq75
Cmjtx.Properties.Resources.resources
Ojoembvdh
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Jaxmhyqzvh.exe
Full Name

Jaxmhyqzvh.exe
EntryPoint

System.Void VgGFxMvC97ekoflg21.yjp9HqwBLLhVF7UlyA::j9vJUObyO()
Scope Name

Jaxmhyqzvh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jaxmhyqzvh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void VgGFxMvC97ekoflg21.yjp9HqwBLLhVF7UlyA::j9vJUObyO()
Main IL Instruction Count

105
Main IL

ldc.i4 1 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 989 beq IL_0009: ldloc V_4 br IL_002D: nop nop <null> newobj System.Void Oy2Twy3tlcoKewhWgm.INWyldUehDlvtRc1BX::.ctor() stloc.s V_0 ldc.i4 2 br IL_0049: stloc V_6 br IL_004D: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 12 beq IL_00B1: br IL_015E ldloc V_6 ldc.i4 992 beq IL_004D: ldloc V_6 br IL_0158: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void tDVeYkpXTaw359c86n.AZIUSbV4glHF6AgVG5::.ctor() stloc.s V_5 ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_8eeae00b94494694af05dfcb30e76efd brtrue IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) pop <null> ldc.i4 5 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) br IL_015E: leave IL_01D5 ldc.i4 4 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) newobj System.Void IV5cTA4oJtfK6qL4uS.NlZeo8oLs3WDBQtJAI::.ctor() stloc.s V_1 ldc.i4 3 br IL_0049: stloc V_6 newobj System.Void rE3GO1F6QCNnJaMMlt.TF78r6yqbnnu3tVuWG::.ctor() dup <null> dup <null> ldsfld N0vdXsXHdiqNX8Y34TM N0vdXsXHdiqNX8Y34TM::WFdXlsJ4U3 call System.Void N0vdXsXHdiqNX8Y34TM::Q2NXJVB2Fx(System.Object,rE3GO1F6QCNnJaMMlt.TF78r6yqbnnu3tVuWG,N0vdXsXHdiqNX8Y34TM) dup <null> ldloc.s V_5 ldsfld aVIkerXWiSAPsRZpSvK aVIkerXWiSAPsRZpSvK::fUOXPb8QDx call System.Void aVIkerXWiSAPsRZpSvK::Q2NXJVB2Fx(System.Object,tDVeYkpXTaw359c86n.AZIUSbV4glHF6AgVG5,aVIkerXWiSAPsRZpSvK) ldloc.s V_5 ldloc.s V_2 ldsfld JsEC55X6vAHViNDqltx JsEC55X6vAHViNDqltx::KrGXrpMyEH call System.Void JsEC55X6vAHViNDqltx::Q2NXJVB2Fx(System.Object,fKCfNDESBWEH3RJueG.W4LTCLnrZohslaW7Sf,JsEC55X6vAHViNDqltx) ldloc.s V_2 ldloc.s V_1 ldsfld h1hvCtXoZRjbqnwZHpr h1hvCtXoZRjbqnwZHpr::xLEX4JFEAM call System.Void h1hvCtXoZRjbqnwZHpr::Q2NXJVB2Fx(System.Object,IV5cTA4oJtfK6qL4uS.NlZeo8oLs3WDBQtJAI,h1hvCtXoZRjbqnwZHpr) ldloc.s V_1 ldloc.s V_0 ldsfld fHWlYmXRQtixmWSaT7P fHWlYmXRQtixmWSaT7P::ynjXYUMEXZ call System.Void fHWlYmXRQtixmWSaT7P::Q2NXJVB2Fx(System.Object,Oy2Twy3tlcoKewhWgm.INWyldUehDlvtRc1BX,fHWlYmXRQtixmWSaT7P) ldsfld AUwVtEXThupEj8REsqE AUwVtEXThupEj8REsqE::RGOXj2eIrv call System.Boolean AUwVtEXThupEj8REsqE::Q2NXJVB2Fx(System.Object,AUwVtEXThupEj8REsqE) brfalse IL_0158: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 12 br IL_0049: stloc V_6 newobj System.Void fKCfNDESBWEH3RJueG.W4LTCLnrZohslaW7Sf::.ctor() stloc.s V_2 ldc.i4 1 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_1d36e1100b0c4fd2869b34fa4f29c65b brtrue IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) pop <null> ldc.i4 7 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_01D5: ret pop <null> ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_976faf88884d4b748c2c1893f4c91312 brtrue IL_0195: switch(IL_01B1) pop <null> ldc.i4 6 br IL_0195: switch(IL_01B1) br IL_0191: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_0191: ldloc V_3 br IL_01B1: leave IL_01D5 leave IL_01D5: ret ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_1f22803a13eb44f4aa784b9b30f7990e brfalse IL_000D: switch(IL_01D5,IL_002D) pop <null> ldc.i4 5 br IL_000D: switch(IL_01D5,IL_002D) ret <null>
Module Name

Jaxmhyqzvh.exe
Full Name

Jaxmhyqzvh.exe
EntryPoint

System.Void VgGFxMvC97ekoflg21.yjp9HqwBLLhVF7UlyA::j9vJUObyO()
Scope Name

Jaxmhyqzvh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Jaxmhyqzvh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void VgGFxMvC97ekoflg21.yjp9HqwBLLhVF7UlyA::j9vJUObyO()
Main IL Instruction Count

105
Main IL

ldc.i4 1 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 989 beq IL_0009: ldloc V_4 br IL_002D: nop nop <null> newobj System.Void Oy2Twy3tlcoKewhWgm.INWyldUehDlvtRc1BX::.ctor() stloc.s V_0 ldc.i4 2 br IL_0049: stloc V_6 br IL_004D: ldloc V_6 ldc.i4 0 stloc V_6 ldloc V_6 switch dnlib.DotNet.Emit.Instruction[] ldloc V_6 ldc.i4 12 beq IL_00B1: br IL_015E ldloc V_6 ldc.i4 992 beq IL_004D: ldloc V_6 br IL_0158: newobj System.Void System.InvalidOperationException::.ctor() newobj System.Void tDVeYkpXTaw359c86n.AZIUSbV4glHF6AgVG5::.ctor() stloc.s V_5 ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_8eeae00b94494694af05dfcb30e76efd brtrue IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) pop <null> ldc.i4 5 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) br IL_015E: leave IL_01D5 ldc.i4 4 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) newobj System.Void IV5cTA4oJtfK6qL4uS.NlZeo8oLs3WDBQtJAI::.ctor() stloc.s V_1 ldc.i4 3 br IL_0049: stloc V_6 newobj System.Void rE3GO1F6QCNnJaMMlt.TF78r6yqbnnu3tVuWG::.ctor() dup <null> dup <null> ldsfld N0vdXsXHdiqNX8Y34TM N0vdXsXHdiqNX8Y34TM::WFdXlsJ4U3 call System.Void N0vdXsXHdiqNX8Y34TM::Q2NXJVB2Fx(System.Object,rE3GO1F6QCNnJaMMlt.TF78r6yqbnnu3tVuWG,N0vdXsXHdiqNX8Y34TM) dup <null> ldloc.s V_5 ldsfld aVIkerXWiSAPsRZpSvK aVIkerXWiSAPsRZpSvK::fUOXPb8QDx call System.Void aVIkerXWiSAPsRZpSvK::Q2NXJVB2Fx(System.Object,tDVeYkpXTaw359c86n.AZIUSbV4glHF6AgVG5,aVIkerXWiSAPsRZpSvK) ldloc.s V_5 ldloc.s V_2 ldsfld JsEC55X6vAHViNDqltx JsEC55X6vAHViNDqltx::KrGXrpMyEH call System.Void JsEC55X6vAHViNDqltx::Q2NXJVB2Fx(System.Object,fKCfNDESBWEH3RJueG.W4LTCLnrZohslaW7Sf,JsEC55X6vAHViNDqltx) ldloc.s V_2 ldloc.s V_1 ldsfld h1hvCtXoZRjbqnwZHpr h1hvCtXoZRjbqnwZHpr::xLEX4JFEAM call System.Void h1hvCtXoZRjbqnwZHpr::Q2NXJVB2Fx(System.Object,IV5cTA4oJtfK6qL4uS.NlZeo8oLs3WDBQtJAI,h1hvCtXoZRjbqnwZHpr) ldloc.s V_1 ldloc.s V_0 ldsfld fHWlYmXRQtixmWSaT7P fHWlYmXRQtixmWSaT7P::ynjXYUMEXZ call System.Void fHWlYmXRQtixmWSaT7P::Q2NXJVB2Fx(System.Object,Oy2Twy3tlcoKewhWgm.INWyldUehDlvtRc1BX,fHWlYmXRQtixmWSaT7P) ldsfld AUwVtEXThupEj8REsqE AUwVtEXThupEj8REsqE::RGOXj2eIrv call System.Boolean AUwVtEXThupEj8REsqE::Q2NXJVB2Fx(System.Object,AUwVtEXThupEj8REsqE) brfalse IL_0158: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 12 br IL_0049: stloc V_6 newobj System.Void fKCfNDESBWEH3RJueG.W4LTCLnrZohslaW7Sf::.ctor() stloc.s V_2 ldc.i4 1 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_1d36e1100b0c4fd2869b34fa4f29c65b brtrue IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) pop <null> ldc.i4 7 br IL_0051: switch(IL_00D1,IL_008B,IL_00C0,IL_0132,IL_0158) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_01D5: ret pop <null> ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_976faf88884d4b748c2c1893f4c91312 brtrue IL_0195: switch(IL_01B1) pop <null> ldc.i4 6 br IL_0195: switch(IL_01B1) br IL_0191: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_0191: ldloc V_3 br IL_01B1: leave IL_01D5 leave IL_01D5: ret ldc.i4 0 ldsfld <Module>{0646a938-8a5c-4781-8953-57bf24d58daa} <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_06b15d9f15594d0d9b40db868047f98a ldfld System.Int32 <Module>{0646a938-8a5c-4781-8953-57bf24d58daa}::m_1f22803a13eb44f4aa784b9b30f7990e brfalse IL_000D: switch(IL_01D5,IL_002D) pop <null> ldc.i4 5 br IL_000D: switch(IL_01D5,IL_002D) ret <null>
dca6484b5b25c17d82da6cfe2e4a59b2 (651.78 KB)
File Structure
dca6484b5b25c17d82da6cfe2e4a59b2
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
1p2JdSsSoJir65kxdx.5HSfi6g1a8ehxZEsLj
QGiLFqIrGldyo9XUQe.KrsZinXd60KHLW7exk
Jaxmhyqzvh.g.resources
IGGx3ht9fw6b7ayv45.Zi9CDp1mKlQakqwq75
Cmjtx.Properties.Resources.resources
Ojoembvdh
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙