de87459bc44e810e6ed06673d5fbac33

PE Executable
|
MD5: de87459bc44e810e6ed06673d5fbac33
|
Size: 2.11 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	de87459bc44e810e6ed06673d5fbac33
Sha1	91a3604624a98174a8e784a9ffe8b8e426908f70
Sha256	4508a5522b6a945353331f74eb1d0f23e06ed69424e7c0a6db610be052175e22
Sha384	487ceef8dae153032eb3c2444eb81cb46a0368d16f4f2e37d76616752aeb0d668a7ae026500c997b24cd8cfeeea19dca
Sha512	4efede302bae618cd5a095c121266fc4f2be91830a2c8342922c3e86d7dc51164bb3ced138e366e73c9b9a59f5743f2162a5153afdae812d336ec7b0525d1dd1
SSDeep	24576:bpPmJhz/zDwhADM5L9Y7MWQiPJ5onzVxihFj+p:bpehPDwhVOGu5K/mcp
TLSH	17A54B346F51C802D15A267889B9D7BAEA146FC0A416A307B3F2BCD77D1A19BFC41DE0

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	Authenticode present at 0x1FFE00 size 11520 bytes
Module Name	Dropper.exe
Full Name	Dropper.exe
EntryPoint	System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::QmxrJpjLaySzK(System.String[])
Scope Name	Dropper.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Dropper
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	398
Main Method	System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::QmxrJpjLaySzK(System.String[])
Main IL Instruction Count	58
Main IL	ldc.r8 3530 stloc V_1 br IL_0109: br IL_0012 nop <null> ldloc V_1 ldc.r8 3540 ceq <null> brfalse IL_0048: nop ldsfld System.String uiGOnMOulfYIcf.fpdZHmnaZbYrH::ovalbUOeGHbD call System.String uiGOnMOulfYIcf.MZFvQMZguiDRYydTHXtpP::ZdOMXJsWwBGraXNNVYgUOL() call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse IL_005D: call System.String System.IO.Path::GetTempFileName() ldc.r8 3548 stloc V_1 nop <null> ldloc V_1 ldc.r8 3556 ceq <null> brfalse IL_00A5: nop call System.String System.IO.Path::GetTempFileName() call System.String uiGOnMOulfYIcf.MZFvQMZguiDRYydTHXtpP::FAtoXyeGNbJXALWe() call System.String gIUhbSNQyupry.aQpRGLRriSMuTUGWgzkeN::hqICfVdZklpbX(System.String) call System.String System.String::Concat(System.String,System.String) ldsfld System.String uiGOnMOulfYIcf.fpdZHmnaZbYrH::JIINhTkAbJjWMnBCXyjO call System.String gIUhbSNQyupry.aQpRGLRriSMuTUGWgzkeN::hqICfVdZklpbX(System.String) call System.Drawing.Bitmap aewMFOEBvuQtjOLyZC.VoAUxCGjVHdZxTZgbUvDVIuA::gjldDbhAhiOL(System.String) call System.Byte[] gIUhbSNQyupry.YxSNHZuOvLHimpfipGtFfx::ryTYGNfMhFJQGuoCkw(System.Drawing.Bitmap) stloc V_0 dup <null> ldloc V_0 call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) call System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::rQSPdaqgmViaTXYYwuBbV(System.String) ldc.r8 3559 stloc V_1 nop <null> ldloc V_1 ldc.r8 3548 ceq <null> brfalse IL_00CC: nop call System.Void uiGOnMOulfYIcf.lrOPgMcjIsoBh::TRADGIrIaNseR() ldc.r8 3556 stloc V_1 nop <null> ldloc V_1 ldc.r8 3530 ceq <null> brfalse IL_00EF: nop nop <null> ldc.r8 3540 stloc V_1 nop <null> ldloc V_1 ldc.r8 3559 ceq <null> brfalse IL_0109: br IL_0012 br IL_010E: ret br IL_0012: nop ret <null>
Module Name	Dropper.exe
Full Name	Dropper.exe
EntryPoint	System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::QmxrJpjLaySzK(System.String[])
Scope Name	Dropper.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Dropper
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	398
Main Method	System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::QmxrJpjLaySzK(System.String[])
Main IL Instruction Count	58
Main IL	ldc.r8 3530 stloc V_1 br IL_0109: br IL_0012 nop <null> ldloc V_1 ldc.r8 3540 ceq <null> brfalse IL_0048: nop ldsfld System.String uiGOnMOulfYIcf.fpdZHmnaZbYrH::ovalbUOeGHbD call System.String uiGOnMOulfYIcf.MZFvQMZguiDRYydTHXtpP::ZdOMXJsWwBGraXNNVYgUOL() call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse IL_005D: call System.String System.IO.Path::GetTempFileName() ldc.r8 3548 stloc V_1 nop <null> ldloc V_1 ldc.r8 3556 ceq <null> brfalse IL_00A5: nop call System.String System.IO.Path::GetTempFileName() call System.String uiGOnMOulfYIcf.MZFvQMZguiDRYydTHXtpP::FAtoXyeGNbJXALWe() call System.String gIUhbSNQyupry.aQpRGLRriSMuTUGWgzkeN::hqICfVdZklpbX(System.String) call System.String System.String::Concat(System.String,System.String) ldsfld System.String uiGOnMOulfYIcf.fpdZHmnaZbYrH::JIINhTkAbJjWMnBCXyjO call System.String gIUhbSNQyupry.aQpRGLRriSMuTUGWgzkeN::hqICfVdZklpbX(System.String) call System.Drawing.Bitmap aewMFOEBvuQtjOLyZC.VoAUxCGjVHdZxTZgbUvDVIuA::gjldDbhAhiOL(System.String) call System.Byte[] gIUhbSNQyupry.YxSNHZuOvLHimpfipGtFfx::ryTYGNfMhFJQGuoCkw(System.Drawing.Bitmap) stloc V_0 dup <null> ldloc V_0 call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) call System.Void uiGOnMOulfYIcf.fpdZHmnaZbYrH::rQSPdaqgmViaTXYYwuBbV(System.String) ldc.r8 3559 stloc V_1 nop <null> ldloc V_1 ldc.r8 3548 ceq <null> brfalse IL_00CC: nop call System.Void uiGOnMOulfYIcf.lrOPgMcjIsoBh::TRADGIrIaNseR() ldc.r8 3556 stloc V_1 nop <null> ldloc V_1 ldc.r8 3530 ceq <null> brfalse IL_00EF: nop nop <null> ldc.r8 3540 stloc V_1 nop <null> ldloc V_1 ldc.r8 3559 ceq <null> brfalse IL_0109: br IL_0012 br IL_010E: ret br IL_0012: nop ret <null>

de87459bc44e810e6ed06673d5fbac33 (2.11 MB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

de87459bc44e810e6ed06673d5fbac33

PE Executable | MD5: de87459bc44e810e6ed06673d5fbac33 | Size: 2.11 MB | application/x-dosexec

PE Executable
|
MD5: de87459bc44e810e6ed06673d5fbac33
|
Size: 2.11 MB
|
application/x-dosexec