Malicious
Malicious

eb71bd542c88dee476937c64f685729e

PE Executable
|
MD5: eb71bd542c88dee476937c64f685729e
|
Size: 3.55 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
eb71bd542c88dee476937c64f685729e
Sha1
9c5264de5006a051cf949d749173211af5f71086
Sha256
e7cf9ae73751f92a53dbbc41b4939510e23352bf3a942e86b269c72b80cdb63c
Sha384
0dfbafc35303e68f820757f5bedaaaebbb7a98fb6b7ceda655117d55dc8242a77b75d553355069d218458c2be0597523
Sha512
1b58ae7989d54093eccd0b06e07440b6e0769ed85aa149f12796bbc0a29553eebd70f764edd9d3ad40e0e592100d0887f565c8fddd072729a51b003821c6330e
SSDeep
49152:mSWEezum6cP6UWecaJtx1Y2QUoB70+xfiXkRSMxUoMK4U7gqo:PWim6cC5eBxCB5Bxfg0dmo3M
TLSH
B0F5E0027E44CA11F0191A33C2FF459887B4D951A6A6E32B7DBA37BD55123A73C0DACB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
eb71bd542c88dee476937c64f685729e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
fSgTM8IW5GXvLSa1sy.vLiVqKVW0Tl5xTVHIZ
MFC8rWyvV9MrShfRxC.q0ffj9eSx75pZ5bqLo
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
Full Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
EntryPoint

System.Void nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::YIoVH5ZCAa()
Scope Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

apWfjt07zEAxe0RZV8yVf9EWbbhdxmhh5xBf0L
Assembly Version

6.6.8.2
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::YIoVH5ZCAa()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void nKlApkVXAN0hQMnlIBO.erQBCnV2HwbWZsVitOh::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::kV7Vjw3vYH callvirt System.Void VuplOva2BSVAXDRVe9h.dW7tp2aBC49XIGV9JgO::GegNluPj02() nop <null> ret <null>
Module Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
Full Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
EntryPoint

System.Void nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::YIoVH5ZCAa()
Scope Name

p1dSfG3cPmuNobKNrLZqNqwG0EjZomFNS
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

apWfjt07zEAxe0RZV8yVf9EWbbhdxmhh5xBf0L
Assembly Version

6.6.8.2
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::YIoVH5ZCAa()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void nKlApkVXAN0hQMnlIBO.erQBCnV2HwbWZsVitOh::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object nS0rYNaFLnOhoKhioGx.nRtxtiaRIgmaI5yGSMg::kV7Vjw3vYH callvirt System.Void VuplOva2BSVAXDRVe9h.dW7tp2aBC49XIGV9JgO::GegNluPj02() nop <null> ret <null>
eb71bd542c88dee476937c64f685729e (3.55 MB)
File Structure
eb71bd542c88dee476937c64f685729e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
fSgTM8IW5GXvLSa1sy.vLiVqKVW0Tl5xTVHIZ
MFC8rWyvV9MrShfRxC.q0ffj9eSx75pZ5bqLo
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙