Malicious
eaff05ace23686b52695ea35367725fd
PE Executable
MD5: eaff05ace23686b52695ea35367725fd
Size: 1.21 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Very high
| MD5 | eaff05ace23686b52695ea35367725fd |
| Sha1 | 3f81b9e39a7a60bd964308548dda75c1d7bc4350 |
| Sha256 | 81c589fae253795f2a6625709d192409df2349b929b3ea692b8ea3af08767ffd |
| Sha384 | a13829023b8c4076bcd794686d340cc4001a7d1afba54fa84416721c64690e5713d93b483f50709b0ee8c9f520eee763 |
| Sha512 | 538ac4ccf1098f307b8f139446e4285dea08b51bcc729979783735523a28a0622663d704c3d2872e18615e8daacba716487d00b418e4eca9dcb9e1e0d5412732 |
| SSDeep | 24576:uO02UxAPqGcv/+Duyx42IPOr+e4ggVq3XOI0Nd:uFqPRcvEnyggiXOIO |
| TLSH | 0D45F1256A866A56CB3E0B74C026488823F0CD52AA77E71F3EEDB0F85B737C52D17452 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Malicious
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
4 / 4
Path
pe:exe>pe:dll>pe:rsrc>bin
Shape
pe:exe>pe:dll>pe:rsrc>bin
malicious
4 nodes
Path
pe:exe>pe:dll>bin
Shape
pe:exe>pe:dll>bin
malicious
3 nodes
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | kf8A0aC |
| Full Name | kf8A0aC |
| EntryPoint | System.Void Ay4_6dxQL.6FdwAoq30::Faz4zg7E() |
| Scope Name | kf8A0aC |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | kf8A0aC |
| Assembly Version | 24.6.5.146 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 0 |
| Main Method | System.Void Ay4_6dxQL.6FdwAoq30::Faz4zg7E() |
| Main IL Instruction Count | 80 |
| Main IL | |
| Module Name | kf8A0aC |
| Full Name | kf8A0aC |
| EntryPoint | System.Void Ay4_6dxQL.6FdwAoq30::Faz4zg7E() |
| Scope Name | kf8A0aC |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | kf8A0aC |
| Assembly Version | 24.6.5.146 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.6 |
| Total Strings | 0 |
| Main Method | System.Void Ay4_6dxQL.6FdwAoq30::Faz4zg7E() |
| Main IL Instruction Count | 80 |
| Main IL | |
Malicious
No malware configuration was found at this point.
You must be signed in to view YARA rules.