Malicious
Malicious

Providerbroker.exe

PE Executable
|
MD5: ecaeaf94f164d3383186a4268455de87
|
Size: 847.36 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
ecaeaf94f164d3383186a4268455de87
Sha1
b8998e177b675d71e3a0fd4f839e137ae02f2c54
Sha256
e7b2bf7ed59c963d825828be2de6e88c8017354e2a91c7228c079dd6a76861c0
Sha384
740dca934c2d537dbfc9caa43e9dd5d5d48d6e29f0effb381639815711162e76d4e95e11b2319242a2e90a2affcc3462
Sha512
dd1fcd24d1b4847d5ccda061121822a5de8679f870ee463f269c143bdac8d5e6f8bc46b96bc2589deaa7aaf96f0e26e9508b0575438d734be382c24d4643c793
SSDeep
12288:c9tgCz/IW48t3ssqqaBEaBH9B6A7k/GE0vrfHw/uYkEz:iy2tfssBaBHXH7kudLmoEz
TLSH
EA05F6017E46CA11F4091233D2EF854887B2995166E6F32B7DBE376D95223A73C0E9CB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Providerbroker.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
mYyc3fRKb8kh0PadGx.4RPt39QQ5KWwl6pinN
jS8aFy93PRx3ypg1kU.ofwFQCkM9iVZTyIF3E
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

FaWEJEd4vn8nM33afIUwvfS5Y
Full Name

FaWEJEd4vn8nM33afIUwvfS5Y
EntryPoint

System.Void VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::IVY0IwU1MG()
Scope Name

FaWEJEd4vn8nM33afIUwvfS5Y
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

iPhUDg6ZUPTFxUhSvF6CjqHSLHpFt
Assembly Version

5.1.4.6
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::IVY0IwU1MG()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void tHEFvL0M5CdaQRuC872.wxeYVh04ppvsMKCRl9C::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::Pes0ul7pyK callvirt System.Void qKe3VLh4e5cDlUa0RRe.pMJlsQhZHAVMATnHlLL::rtTaGWohTQ() nop <null> ret <null>
Module Name

FaWEJEd4vn8nM33afIUwvfS5Y
Full Name

FaWEJEd4vn8nM33afIUwvfS5Y
EntryPoint

System.Void VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::IVY0IwU1MG()
Scope Name

FaWEJEd4vn8nM33afIUwvfS5Y
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

iPhUDg6ZUPTFxUhSvF6CjqHSLHpFt
Assembly Version

5.1.4.6
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::IVY0IwU1MG()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void tHEFvL0M5CdaQRuC872.wxeYVh04ppvsMKCRl9C::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object VMuLyPhNTPUrgwpxe9N.dUM4E8hYtIexSibvnFi::Pes0ul7pyK callvirt System.Void qKe3VLh4e5cDlUa0RRe.pMJlsQhZHAVMATnHlLL::rtTaGWohTQ() nop <null> ret <null>
Providerbroker.exe (847.36 KB)
File Structure
Providerbroker.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
mYyc3fRKb8kh0PadGx.4RPt39QQ5KWwl6pinN
jS8aFy93PRx3ypg1kU.ofwFQCkM9iVZTyIF3E
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙