Malicious
Malicious

dee76e47298d2836ef2cb662d3f70a21

PE Executable
|
MD5: dee76e47298d2836ef2cb662d3f70a21
|
Size: 620.03 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
dee76e47298d2836ef2cb662d3f70a21
Sha1
1b738eceebaf369810c0621171fe0adf121615b5
Sha256
0266ac5b68036849f1bdb5575ed7b9f4ba4ba6a28205999e6a80970e04b3675c
Sha384
a4f286e46fd670f4d83bdcf883975294a640bebd307145246f1c2f4827133ebca34ce6f6fbe649e12d5a4c74f43780d4
Sha512
765b2c104ba85a00a3ec66ca0905dd8483f8b0ae6bcbade7c5b916930c0adc69c7cb396e0d68d8d7e4063a4470cc20f11c23ce20d110f3c9eab0b59a6d6556cb
SSDeep
12288:xKdyxh7CDhhwwZiZm2hFxnRsa4IBV+LGcs0oK+Kd2:xUrXEm4F1uNIGGcWK+a
TLSH
95D4AEB677624E22D2881337C4CB590097B496C676A7F30E7584139659033FAFE4BAE3

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
dee76e47298d2836ef2cb662d3f70a21
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
McxIXtjm5FRL98FhSE.cYZZeSWU6b3laTjFwp
hbbinfdOR2maJwxyo3.2GAV9g3akwkGwKUZEb
Adrbltnvk.g.resources
G6ZlcJD5MYvCL0Q01V.he1Iw8tPuoNU2JDXt2
Shekylhkla.Properties.Resources.resources
Tpkqws
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Adrbltnvk.exe
Full Name

Adrbltnvk.exe
EntryPoint

System.Void jUvJc0gHaoMyO0y94e.r5cv9YVXOiQg2ZbAKa::pmx852gKy()
Scope Name

Adrbltnvk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Adrbltnvk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void jUvJc0gHaoMyO0y94e.r5cv9YVXOiQg2ZbAKa::pmx852gKy()
Main IL Instruction Count

123
Main IL

ldc.i4 1 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 989 beq IL_0009: ldloc V_4 br IL_002E: nop ret <null> nop <null> newobj System.Void CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_234a6f80404c4134b7e517efa05f021b brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 12 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) br IL_0063: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_0190: br IL_01A5 ldloc V_2 ldc.i4 992 beq IL_0063: ldloc V_2 br IL_017F: newobj System.Void F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2::.ctor() newobj System.Void ccGbgmLJdgtlFcTPbQ.w3N9fUc6dPuYk4avxn::.ctor() dup <null> dup <null> ldsfld y78S3y308MEqoOhT0ZH y78S3y308MEqoOhT0ZH::hyw3ZCMOn6 call System.Void y78S3y308MEqoOhT0ZH::axH3w1jFwa(System.Object,ccGbgmLJdgtlFcTPbQ.w3N9fUc6dPuYk4avxn,y78S3y308MEqoOhT0ZH) dup <null> ldloc.s V_6 ldsfld YZw9wH3BI6fx7D11C1J YZw9wH3BI6fx7D11C1J::mcV3Myrtfl call System.Void YZw9wH3BI6fx7D11C1J::axH3w1jFwa(System.Object,F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2,YZw9wH3BI6fx7D11C1J) ldloc.s V_6 ldloc.s V_0 ldsfld mypmTe3xPBJkEECBd2k mypmTe3xPBJkEECBd2k::AO23y2qNHr call System.Void mypmTe3xPBJkEECBd2k::axH3w1jFwa(System.Object,CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP,mypmTe3xPBJkEECBd2k) ldloc.s V_6 ldloc.s V_1 ldsfld AFVeuy3QRWa1uHyMgPP AFVeuy3QRWa1uHyMgPP::P5T36KFuA4 call System.Void AFVeuy3QRWa1uHyMgPP::axH3w1jFwa(System.Object,mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ,AFVeuy3QRWa1uHyMgPP) ldloc.s V_6 ldloc.s V_5 ldsfld nBS2oj3eevTEmbkbsSn nBS2oj3eevTEmbkbsSn::eCm3R4xX9c call System.Void nBS2oj3eevTEmbkbsSn::axH3w1jFwa(System.Object,MJfAw17FUZLVdq1FsO.kdkIesm60YlpTWSMU5,nBS2oj3eevTEmbkbsSn) ldloc.s V_5 ldloc.s V_1 ldsfld rCnDDa3AW0b9ykkoGOh rCnDDa3AW0b9ykkoGOh::ido3EffWPJ call System.Void rCnDDa3AW0b9ykkoGOh::axH3w1jFwa(System.Object,mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ,rCnDDa3AW0b9ykkoGOh) ldloc.s V_1 ldloc.s V_0 ldsfld u312jx3lFXMqUhlDEAG u312jx3lFXMqUhlDEAG::S1q3IrjFbv call System.Void u312jx3lFXMqUhlDEAG::axH3w1jFwa(System.Object,CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP,u312jx3lFXMqUhlDEAG) ldsfld rmokhE3GJyU5mZbs1XQ rmokhE3GJyU5mZbs1XQ::c6I3Jf6fxG call System.Boolean rmokhE3GJyU5mZbs1XQ::axH3w1jFwa(System.Object,rmokhE3GJyU5mZbs1XQ) brfalse IL_019F: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 4 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cc49234045d94fa29bf3b59a0fa03870 brfalse IL_005F: stloc V_2 pop <null> ldc.i4 12 br IL_005F: stloc V_2 newobj System.Void mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ::.ctor() stloc.s V_1 ldc.i4 3 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_dfc0ba45f0c44d7f9a5ed9b9da53a25b brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 2 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void MJfAw17FUZLVdq1FsO.kdkIesm60YlpTWSMU5::.ctor() stloc.s V_5 ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cb266ad58f3442ff816fbace01071347 brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 6 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2::.ctor() stloc.s V_6 ldc.i4 1 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) br IL_01A5: leave IL_002D ldc.i4 4 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cb2c60ee528e4d77bc61917e68f56ad7 brtrue IL_01DC: switch(IL_01F8) pop <null> ldc.i4 5 br IL_01DC: switch(IL_01F8) br IL_01D8: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_01D8: ldloc V_3 br IL_01F8: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_17cd119d5cd8447ea2ad35ccd5ed4a02 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 3 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Adrbltnvk.exe
Full Name

Adrbltnvk.exe
EntryPoint

System.Void jUvJc0gHaoMyO0y94e.r5cv9YVXOiQg2ZbAKa::pmx852gKy()
Scope Name

Adrbltnvk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Adrbltnvk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void jUvJc0gHaoMyO0y94e.r5cv9YVXOiQg2ZbAKa::pmx852gKy()
Main IL Instruction Count

123
Main IL

ldc.i4 1 stloc V_4 ldloc V_4 switch dnlib.DotNet.Emit.Instruction[] ldloc V_4 ldc.i4 989 beq IL_0009: ldloc V_4 br IL_002E: nop ret <null> nop <null> newobj System.Void CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP::.ctor() stloc.s V_0 ldc.i4 3 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_234a6f80404c4134b7e517efa05f021b brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 12 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) br IL_0063: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 12 beq IL_0190: br IL_01A5 ldloc V_2 ldc.i4 992 beq IL_0063: ldloc V_2 br IL_017F: newobj System.Void F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2::.ctor() newobj System.Void ccGbgmLJdgtlFcTPbQ.w3N9fUc6dPuYk4avxn::.ctor() dup <null> dup <null> ldsfld y78S3y308MEqoOhT0ZH y78S3y308MEqoOhT0ZH::hyw3ZCMOn6 call System.Void y78S3y308MEqoOhT0ZH::axH3w1jFwa(System.Object,ccGbgmLJdgtlFcTPbQ.w3N9fUc6dPuYk4avxn,y78S3y308MEqoOhT0ZH) dup <null> ldloc.s V_6 ldsfld YZw9wH3BI6fx7D11C1J YZw9wH3BI6fx7D11C1J::mcV3Myrtfl call System.Void YZw9wH3BI6fx7D11C1J::axH3w1jFwa(System.Object,F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2,YZw9wH3BI6fx7D11C1J) ldloc.s V_6 ldloc.s V_0 ldsfld mypmTe3xPBJkEECBd2k mypmTe3xPBJkEECBd2k::AO23y2qNHr call System.Void mypmTe3xPBJkEECBd2k::axH3w1jFwa(System.Object,CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP,mypmTe3xPBJkEECBd2k) ldloc.s V_6 ldloc.s V_1 ldsfld AFVeuy3QRWa1uHyMgPP AFVeuy3QRWa1uHyMgPP::P5T36KFuA4 call System.Void AFVeuy3QRWa1uHyMgPP::axH3w1jFwa(System.Object,mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ,AFVeuy3QRWa1uHyMgPP) ldloc.s V_6 ldloc.s V_5 ldsfld nBS2oj3eevTEmbkbsSn nBS2oj3eevTEmbkbsSn::eCm3R4xX9c call System.Void nBS2oj3eevTEmbkbsSn::axH3w1jFwa(System.Object,MJfAw17FUZLVdq1FsO.kdkIesm60YlpTWSMU5,nBS2oj3eevTEmbkbsSn) ldloc.s V_5 ldloc.s V_1 ldsfld rCnDDa3AW0b9ykkoGOh rCnDDa3AW0b9ykkoGOh::ido3EffWPJ call System.Void rCnDDa3AW0b9ykkoGOh::axH3w1jFwa(System.Object,mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ,rCnDDa3AW0b9ykkoGOh) ldloc.s V_1 ldloc.s V_0 ldsfld u312jx3lFXMqUhlDEAG u312jx3lFXMqUhlDEAG::S1q3IrjFbv call System.Void u312jx3lFXMqUhlDEAG::axH3w1jFwa(System.Object,CFpDhFMZ1Sk5oicCpg.ktHuWEBh0iDA0XOWxP,u312jx3lFXMqUhlDEAG) ldsfld rmokhE3GJyU5mZbs1XQ rmokhE3GJyU5mZbs1XQ::c6I3Jf6fxG call System.Boolean rmokhE3GJyU5mZbs1XQ::axH3w1jFwa(System.Object,rmokhE3GJyU5mZbs1XQ) brfalse IL_019F: newobj System.Void System.InvalidOperationException::.ctor() ldc.i4 4 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cc49234045d94fa29bf3b59a0fa03870 brfalse IL_005F: stloc V_2 pop <null> ldc.i4 12 br IL_005F: stloc V_2 newobj System.Void mZqtYpufUvC8ixLdrp.dntSwQC8qMZtxCKHrQ::.ctor() stloc.s V_1 ldc.i4 3 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_dfc0ba45f0c44d7f9a5ed9b9da53a25b brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 2 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void MJfAw17FUZLVdq1FsO.kdkIesm60YlpTWSMU5::.ctor() stloc.s V_5 ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cb266ad58f3442ff816fbace01071347 brfalse IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) pop <null> ldc.i4 6 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void F1lyUulxb390ip7hD1.b0Qe9xEpgY9dMlx6s2::.ctor() stloc.s V_6 ldc.i4 1 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) br IL_01A5: leave IL_002D ldc.i4 4 br IL_0067: switch(IL_017F,IL_00A1,IL_0159,IL_0133,IL_019F) newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_cb2c60ee528e4d77bc61917e68f56ad7 brtrue IL_01DC: switch(IL_01F8) pop <null> ldc.i4 5 br IL_01DC: switch(IL_01F8) br IL_01D8: ldloc V_3 ldc.i4 0 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 988 beq IL_01D8: ldloc V_3 br IL_01F8: leave IL_002D leave IL_002D: ret ldc.i4 0 ldsfld <Module>{848bf36d-dc18-45a3-82d4-b922948330f1} <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_df3320e7206e4a77a5e4d75abc9a0a30 ldfld System.Int32 <Module>{848bf36d-dc18-45a3-82d4-b922948330f1}::m_17cd119d5cd8447ea2ad35ccd5ed4a02 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 3 br IL_000D: switch(IL_002D,IL_002E)
dee76e47298d2836ef2cb662d3f70a21 (620.03 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙