Malicious
Malicious

Providerdhcp.exe

PE Executable
|
MD5: ecf84f909230a1913ae3807f6e1b18ba
|
Size: 846.34 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
ecf84f909230a1913ae3807f6e1b18ba
Sha1
3862125d4db019e81549aeb6c961861c519836a3
Sha256
a4bb5616ecb06dcf4916e9cc5bcf5763bdea28c85b8bf1853c615f5621b11798
Sha384
4d58378f6017623a6935526dd3ac6a968a585371d3b523e7b2681f9ad48dec855f1600a60fc86912e1e9b70f30e08d57
Sha512
49f91a0fe1b81d9fbd1ecf67d55c0f06b707b5f3a7e5e9627d7b01a19c1963f893b260ea16a09d132dbc56235943bddee09a373cf1961297ff405e6929fbe5fc
SSDeep
12288:fKeOz33J1wsgVeoNKrUtcLDLQmBoa57iHrODfeED0xiWFC:fOz33J1wsrqcHHoJrGm/xiWFC
TLSH
CA05E6027E44CE11F0191233C2EF454887F0A9516AA6E32B7DBA376E59133A77C4D9EB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Providerdhcp.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
AfIhGdEEFDT4qO1FrE.VwycWng6e869uQQbAb
20V1N4lAWjIrVCMnMd.Vn2Bl792p2xHvTJ1cC
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
Full Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
EntryPoint

System.Void pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::ULjYjwXV7j()
Scope Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

X9Dhx9fHwnMOxHv
Assembly Version

6.4.6.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::ULjYjwXV7j()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void cwSj5JYDHKj1ZVD1Y1G.lVPbkRYLhkQYB2gwTLy::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::RpuYoTptx1 callvirt System.Void gfu4QLfLr2KNOhTjqfI.vRC81UfEfUox7kwqjIM::hnI7Pan85D() nop <null> ret <null>
Module Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
Full Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
EntryPoint

System.Void pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::ULjYjwXV7j()
Scope Name

vXMcH0zHJaJ5Qgu1eA5kKSvUMikV5lyXDzJIc4
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

X9Dhx9fHwnMOxHv
Assembly Version

6.4.6.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::ULjYjwXV7j()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void cwSj5JYDHKj1ZVD1Y1G.lVPbkRYLhkQYB2gwTLy::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object pWgbWdfHSJjTgV1jR92.V93K30f2ShD1UY16RXr::RpuYoTptx1 callvirt System.Void gfu4QLfLr2KNOhTjqfI.vRC81UfEfUox7kwqjIM::hnI7Pan85D() nop <null> ret <null>
Providerdhcp.exe (846.34 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙