Suspicious
Suspect

Share on LinkedIn
Print
PE Executable
MD5: e3561e89795f9f04f13b850db7c3d292
Size: 207.36 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 e3561e89795f9f04f13b850db7c3d292
Sha1 ee33430bb0744a41d74bd4315e0632738a52d511
Sha256 6bf1d4c59a3f39d888bd56464c6fbe1b3c3710abc01fa375351e5175f2b9fa45
Sha384 ad5f5246e6f9d232b6371e3c1e12ad85aef5cb64c43d4fe45db5d4141c61d29887327b54d7ffe4d32cb5f7203116aeb0
Sha512 93146e1bdbb47f105fd331ebe35b9a602411abc841b8ae7de4673d83af98c8e4b100efc3d3d7caceddfb88fcd8345380228140475a54ca1b307c87e5953cb0e7
SSDeep 6144:QLV6Bta6dtJmakIM5JjaSdHlHMLHLpnN5F:QLV6BtpmkS3FmHLpnN5F
TLSH 4314CF567BA84A3FE2DE857C601252139779C2E39CC3F3DE18D865B69B263E00A071D7
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NETUPolyX 0.3 -> delikon
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
Name Value
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Module Name
NanoCore Client.exe
Full Name
NanoCore Client.exe
EntryPoint
System.Void ClientLoaderForm::Main()
Scope Name
NanoCore Client.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
NanoCore Client
Assembly Version
1.2.2.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
2
Main Method
System.Void ClientLoaderForm::Main()
Main IL Instruction Count
4
Main IL
call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==()
callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Embedded Resources UNKNWOWNsuspect
2huhuhuhu
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙