Suspicious
Suspect

[Base64-Block @0x0000006A]

PE Executable
|
MD5: eb71784366b6d5797ec1fc2ebe79f0ee
|
Size: 1.08 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
eb71784366b6d5797ec1fc2ebe79f0ee
Sha1
0ddca47c328e45f051f5978ce03a2e22901bc3b2
Sha256
06d67f64685d6851e45d6f0861c277f47e6331fbd69b234ef23073e88d880fad
Sha384
de040014462fd7fa55beabce88bb73c431650c8a27fff62fc7337dd214eeee8331559c4fe171722d5380bc44647ecddc
Sha512
f5add26fb0145992901d09194da3e7cc0492fba8cc4bfea429cef4e9681f7a6ae092c72472b337279138c0194fbccb5fea6d2f158986b424fc783d953ede2181
SSDeep
24576:laFpMlPaqcABd4vY8rMBdmfdt/ncMcbGE9qNEOtaHuT6uIp2BJaxp:EpMlPFzBZpGfd9crGRNDtaOTyG4
TLSH
8B35230B75CFA592CBA80F77C662448056A2DBD4D6EBC2DBBC1D02E75C8739E440968F

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
[Base64-Block @0x0000006A]
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ehhrqyry.Properties.Resources.resources
Fanpp
            
Informations
Name
 Value
Module Name

Qwawsoyqdic.exe
Full Name

Qwawsoyqdic.exe
EntryPoint

System.Void Qwawsoyqdic.Cryptography.GeneralEncryptor::EncryptIsolatedEncryptor()
Scope Name

Qwawsoyqdic.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Qwawsoyqdic
Assembly Version

1.0.7188.7974
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void Qwawsoyqdic.Cryptography.GeneralEncryptor::EncryptIsolatedEncryptor()
Main IL Instruction Count

32
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0028: ret ret <null> ldsfld System.Action`1<System.IO.MemoryStream> Qwawsoyqdic.Cryptography.GeneralEncryptor/FunctionRequester::functionServer dup <null> brfalse IL_0039: pop br IL_006F: call System.Void Qwawsoyqdic.Cryptography.GeneralEncryptor::EncodeFilteredEncryptor(System.Action`1<System.IO.MemoryStream>) pop <null> ldc.i4 1 ldsfld <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e} <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e}::m_f105eba8f035454d8ae49b93cafd251f ldfld System.Int32 <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e}::m_f404acf23f124660aedc95c835c99d29 brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 1 br IL_0012: switch(IL_0028,IL_0059,IL_0029) ldsfld System.Object Qwawsoyqdic.Cryptography.GeneralEncryptor/FunctionRequester::_FunctionContext ldftn System.Void Qwawsoyqdic.Cryptography.GeneralEncryptor/FunctionRequester::CallLocalFunction(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream> Qwawsoyqdic.Cryptography.GeneralEncryptor/FunctionRequester::functionServer call System.Void Qwawsoyqdic.Cryptography.GeneralEncryptor::EncodeFilteredEncryptor(System.Action`1<System.IO.MemoryStream>) ldc.i4 0 ldsfld <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e} <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e}::m_f105eba8f035454d8ae49b93cafd251f ldfld System.Int32 <Module>{eb820b25-e362-44f0-9646-b6c15c8b7e5e}::m_d87407dac7e44353b0a173c423701640 brtrue IL_0012: switch(IL_0028,IL_0059,IL_0029) pop <null> ldc.i4 0 br IL_0012: switch(IL_0028,IL_0059,IL_0029)
[Base64-Block @0x0000006A] (1.08 MB)
File Structure
[Base64-Block @0x0000006A]
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ehhrqyry.Properties.Resources.resources
Fanpp
            
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙