Suspicious
Suspect

PE Executable
MD5: e3561e89795f9f04f13b850db7c3d292
Size: 207.36 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 e3561e89795f9f04f13b850db7c3d292
Sha1 ee33430bb0744a41d74bd4315e0632738a52d511
Sha256 6bf1d4c59a3f39d888bd56464c6fbe1b3c3710abc01fa375351e5175f2b9fa45
Sha384 ad5f5246e6f9d232b6371e3c1e12ad85aef5cb64c43d4fe45db5d4141c61d29887327b54d7ffe4d32cb5f7203116aeb0
Sha512 93146e1bdbb47f105fd331ebe35b9a602411abc841b8ae7de4673d83af98c8e4b100efc3d3d7caceddfb88fcd8345380228140475a54ca1b307c87e5953cb0e7
SSDeep 6144:QLV6Bta6dtJmakIM5JjaSdHlHMLHLpnN5F:QLV6BtpmkS3FmHLpnN5F
TLSH 4314CF567BA84A3FE2DE857C601252139779C2E39CC3F3DE18D865B69B263E00A071D7
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NETUPolyX 0.3 -> delikon
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
Name Value
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Embedded Resources UNKNWOWNsuspect
2huhuhuhu
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
No malware configuration was found at this point.
Embedded Resources UNKNWOWNsuspect
2huhuhuhu
e3561e89795f9f04f13b850db7c3d292
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
e3561e89795f9f04f13b850db7c3d292
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙