Suspicious
Suspect

PE Executable
MD5: e36ae29791d3b4fd2ffe442b4bbddfe2
Size: 586.24 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score High
MD5 e36ae29791d3b4fd2ffe442b4bbddfe2
Sha1 ae8bcd96082b7afddf54516357653e3af0ca7ce7
Sha256 602d5c38320b020a7608dd6bbb672d80284d3b34e1b799b284df6ecb28de93fd
Sha384 5c96a04ef1abf72a598f6398b0fb66d9e05b0a7920910fd1e0d37770065ad3e401b86e7bc6c15f2f166a0ea6407d6d28
Sha512 187b54aabe8ec24143346eb32af57689e8f94bd98c4b99e395a2488e57d81bb2dc9cb89471187a85eefc67bc47e059bf5fcf2366d6a74c93dadacb005664081e
SSDeep 12288:vO7XKiVUmRI506SXGACgZwZpzYb5/uS+uMqjx7:GBBKK1MgCTziX+PqjJ
TLSH 11C42308A15FD926EBD8CD7BAD96CC051F1BF5959A02DB6F90AD43020EC73368739235
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Buddmvxej.Properties.Resources.resources
Irvrsvlh
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
Buddmvxej.exe
Full Name
Buddmvxej.exe
EntryPoint
System.Void Buddmvxej.Fnhblm::Main()
Scope Name
Buddmvxej.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Buddmvxej
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
12
Main Method
System.Void Buddmvxej.Fnhblm::Main()
Main IL Instruction Count
19
Main IL
br IL_0006: newobj System.Void Buddmvxej.Xvdhxdywz::.ctor()
ret <null>
newobj System.Void Buddmvxej.Xvdhxdywz::.ctor()
stloc.s V_0
br IL_0012: nop
nop <null>
ldloc.s V_0
call System.Byte[] Buddmvxej.Properties.Jfkpnwvbie::get_Irvrsvlh()
ldsfld System.Byte[] Buddmvxej.ResponseHandling.ResponderList::_TracerProcData
ldsfld System.Byte[] Buddmvxej.ResponseHandling.ResponderList::m_AdapterDistributorArray
ldstr iU8j0v3V9H1TYVIFlK.fmZJoDGTLPT9m9DNT1
ldstr Ld86ICQZ4
callvirt System.Void Buddmvxej.Xvdhxdywz::Pjhnsue(System.Byte[],System.Byte[],System.Byte[],System.String,System.String)
br IL_0038: leave IL_0005
leave IL_0005: ret
pop <null>
br IL_0043: leave IL_0005
leave IL_0005: ret
br IL_0005: ret
Module Name
Buddmvxej.exe
Full Name
Buddmvxej.exe
EntryPoint
System.Void Buddmvxej.Fnhblm::Main()
Scope Name
Buddmvxej.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Buddmvxej
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
12
Main Method
System.Void Buddmvxej.Fnhblm::Main()
Main IL Instruction Count
19
Main IL
br IL_0006: newobj System.Void Buddmvxej.Xvdhxdywz::.ctor()
ret <null>
newobj System.Void Buddmvxej.Xvdhxdywz::.ctor()
stloc.s V_0
br IL_0012: nop
nop <null>
ldloc.s V_0
call System.Byte[] Buddmvxej.Properties.Jfkpnwvbie::get_Irvrsvlh()
ldsfld System.Byte[] Buddmvxej.ResponseHandling.ResponderList::_TracerProcData
ldsfld System.Byte[] Buddmvxej.ResponseHandling.ResponderList::m_AdapterDistributorArray
ldstr iU8j0v3V9H1TYVIFlK.fmZJoDGTLPT9m9DNT1
ldstr Ld86ICQZ4
callvirt System.Void Buddmvxej.Xvdhxdywz::Pjhnsue(System.Byte[],System.Byte[],System.Byte[],System.String,System.String)
br IL_0038: leave IL_0005
leave IL_0005: ret
pop <null>
br IL_0043: leave IL_0005
leave IL_0005: ret
br IL_0005: ret
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Buddmvxej.Properties.Resources.resources
Irvrsvlh
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙