Suspicious
Suspect

e153360dabfdb3511bac69a28242889e

PE Executable
|
MD5: e153360dabfdb3511bac69a28242889e
|
Size: 555.77 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
e153360dabfdb3511bac69a28242889e
Sha1
11f698ffefe6d1b9c15e758b2f187d07bffb6331
Sha256
f7c073a96fdd57dc1a3f18e2e8ebb59c562c31037918e8dae7fc36c55eb1f49b
Sha384
557c09178828eac578b981e4107f0e296e8a3961b9cb0a4170334f3de07fcdd70019914decf6df73dafd671a4590fb5f
Sha512
be599aad99ab81caca742808ef1f0884b58faf9e140d5b7d95f17297f3978608f1c6ada61896c6d8bc643b3110f6b9804dad61c3f5f96a270f2ddaff4e1c044f
SSDeep
12288:7ecCgQEeDuUllXq5TM5XbLp0F5IfzBZOML:7DTiXq5+wIPOML
TLSH
5BC4E7D0DED7C405D0AA12FAD0AD925D4A34EE579347DF0A2684B7A8087234DEDC62FB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e153360dabfdb3511bac69a28242889e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

Csrfnvpoio.exe
Full Name

Csrfnvpoio.exe
EntryPoint

System.Void Hfnjft.Cvufnlnubs::Main()
Scope Name

Csrfnvpoio.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Csrfnvpoio
Assembly Version

18.1.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1144
Main Method

System.Void Hfnjft.Cvufnlnubs::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Hfnjft.Flanxmpqmvt::Nzhex() stloc.0 <null> newobj System.Void Hfnjft.Pgfaapgn::.ctor() ldloc.0 <null> call System.Reflection.Assembly Hfnjft.Pgfaapgn::Oaijdq(System.Byte[]) stloc.1 <null> newobj System.Void Hfnjft.Krpfzqcj::.ctor() ldloc.1 <null> call System.Type Hfnjft.Krpfzqcj::Ubtxa(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Hfnjft.Lcxzvehq::.ctor() ldloc.2 <null> call System.Void Hfnjft.Lcxzvehq::Pnipqyri(System.Type) ret <null>
Module Name

Csrfnvpoio.exe
Full Name

Csrfnvpoio.exe
EntryPoint

System.Void Hfnjft.Cvufnlnubs::Main()
Scope Name

Csrfnvpoio.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Csrfnvpoio
Assembly Version

18.1.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1144
Main Method

System.Void Hfnjft.Cvufnlnubs::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Hfnjft.Flanxmpqmvt::Nzhex() stloc.0 <null> newobj System.Void Hfnjft.Pgfaapgn::.ctor() ldloc.0 <null> call System.Reflection.Assembly Hfnjft.Pgfaapgn::Oaijdq(System.Byte[]) stloc.1 <null> newobj System.Void Hfnjft.Krpfzqcj::.ctor() ldloc.1 <null> call System.Type Hfnjft.Krpfzqcj::Ubtxa(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Hfnjft.Lcxzvehq::.ctor() ldloc.2 <null> call System.Void Hfnjft.Lcxzvehq::Pnipqyri(System.Type) ret <null>
Artefacts
Name
 Value
Embedded Resources

7
Suspicious Type Names (1-2 chars)

0
e153360dabfdb3511bac69a28242889e (555.77 KB)
File Structure
e153360dabfdb3511bac69a28242889e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

7

e153360dabfdb3511bac69a28242889e
Suspicious Type Names (1-2 chars)

0

e153360dabfdb3511bac69a28242889e
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙