Malicious
Malicious

ef550978657954819eb7364490741b75

PE Executable
|
MD5: ef550978657954819eb7364490741b75
|
Size: 642.05 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
ef550978657954819eb7364490741b75
Sha1
08b79b554ac4f6f4b44b2d7c6b2afbf1683f86bb
Sha256
bbcde509fae3909f332e465c1857358bbef60c481414bb2632505337cc1204b5
Sha384
15472c7815853c3a35194677f84ad81e8beeb468273f3091d9139808062a9a617d5de4e181aec765582f4528ed0b2f2b
Sha512
68a1c35341fb429755c6aa56cf6d3cf56f7d00e3eb4ccf62ae3f821005e711e25202777fa7573d73e18dbbb988587bb2c75eeda6233bbde54bacc12be4e6a215
SSDeep
12288:nK4ajKkb3j5SVMht/t8nrYZHrla4yXMNIigtyOe9OB4qDF/0:nNMm8ZHJZ6XytOB4qK
TLSH
54D49E6776524E10D2998733C1CB4E4193F4A78676B7F70E734533AA24163EEDB0A2A3

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
ef550978657954819eb7364490741b75
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
UbDc9Gn0SSqeIo2Eup.EPEKAqN1EEk7ynD9jy
tHPp7Ntb0a1YPd008X.r2jF8vxUKfexsJ6DuJ
Movasek.g.resources
StBBJRIFYHW8tAvr27.CkNqkZQdFBBI4QXFxv
Vakdfcwpt.Properties.Resources.resources
Hotkjucxy
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Movasek.exe
Full Name

Movasek.exe
EntryPoint

System.Void QPTyId6Cu7l9Fvgs5l.uqQvRkBRyHkhg3FYCf::z8cSwZTiw()
Scope Name

Movasek.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Movasek
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void QPTyId6Cu7l9Fvgs5l.uqQvRkBRyHkhg3FYCf::z8cSwZTiw()
Main IL Instruction Count

112
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0009: ldloc V_3 br IL_002D: ret ret <null> nop <null> newobj System.Void GaUmJbVkZfxGtHgarf.zIkpyAfDbIQAtLA6of::.ctor() stloc.s V_5 ldc.i4 2 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_23d81ff98e1c4347a81c149f78ed770d brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 0 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) br IL_0063: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 11 beq IL_009D: newobj System.Void TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE::.ctor() ldloc V_0 ldc.i4 991 beq IL_0063: ldloc V_0 br IL_00D4: newobj System.Void XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY::.ctor() newobj System.Void TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE::.ctor() stloc.s V_4 ldc.i4 1 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_dadaa40a207c4724af58508672d01922 brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 1 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void rNVVstguitVBTqH8JK.bNvsKeqiS94Hio84se::.ctor() stloc.s V_6 ldc.i4 3 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY::.ctor() dup <null> dup <null> ldsfld mtiuyIQ1wZw7IhSAHi3 mtiuyIQ1wZw7IhSAHi3::vm9QHlRBK4 call System.Void mtiuyIQ1wZw7IhSAHi3::y5OQSAvrsX(System.Object,XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY,mtiuyIQ1wZw7IhSAHi3) dup <null> ldloc.s V_6 ldsfld LpHJ7jQE5qP4teqqG73 LpHJ7jQE5qP4teqqG73::GLmQ4L4oqT call System.Void LpHJ7jQE5qP4teqqG73::y5OQSAvrsX(System.Object,rNVVstguitVBTqH8JK.bNvsKeqiS94Hio84se,LpHJ7jQE5qP4teqqG73) ldloc.s V_6 ldloc.s V_4 ldsfld mXMOFBQuT3FKJbkYeHu mXMOFBQuT3FKJbkYeHu::H1mQRNMgeG call System.Void mXMOFBQuT3FKJbkYeHu::y5OQSAvrsX(System.Object,TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE,mXMOFBQuT3FKJbkYeHu) ldloc.s V_4 ldloc.s V_1 ldsfld XjTrWuQaQJ0ON6PparH XjTrWuQaQJ0ON6PparH::T06Q59KqaO call System.Void XjTrWuQaQJ0ON6PparH::y5OQSAvrsX(System.Object,f3giM85vMltXb2KMUA.LjbjwOa53RDKJuBYxw,XjTrWuQaQJ0ON6PparH) ldloc.s V_1 ldloc.s V_5 ldsfld PboYlbQGDZdXZrUnbYC PboYlbQGDZdXZrUnbYC::BkTQltd0x8 call System.Void PboYlbQGDZdXZrUnbYC::y5OQSAvrsX(System.Object,GaUmJbVkZfxGtHgarf.zIkpyAfDbIQAtLA6of,PboYlbQGDZdXZrUnbYC) ldsfld KEXnQLQ8I4vKtnoHouj KEXnQLQ8I4vKtnoHouj::IBEQUycSL6 call System.Boolean KEXnQLQ8I4vKtnoHouj::y5OQSAvrsX(System.Object,KEXnQLQ8I4vKtnoHouj) brtrue IL_0176: leave IL_002D ldc.i4 0 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_c5b29a41f72b4423912991d388c70899 brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 7 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void f3giM85vMltXb2KMUA.LjbjwOa53RDKJuBYxw::.ctor() stloc.s V_1 ldc.i4 10 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_f958c5b605b6494a8d4dee26b58fc903 brfalse IL_005F: stloc V_0 pop <null> ldc.i4 11 br IL_005F: stloc V_0 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 1 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_b34b36ce4d304b1eb08495f024b58dda brtrue IL_01AD: switch(IL_01C9) pop <null> ldc.i4 0 br IL_01AD: switch(IL_01C9) br IL_01A9: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_01A9: ldloc V_2 br IL_01C9: leave IL_002D leave IL_002D: ret ldc.i4 3 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_9fc16a51694b405d9c8123a6981d9834 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
Module Name

Movasek.exe
Full Name

Movasek.exe
EntryPoint

System.Void QPTyId6Cu7l9Fvgs5l.uqQvRkBRyHkhg3FYCf::z8cSwZTiw()
Scope Name

Movasek.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Movasek
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

43
Main Method

System.Void QPTyId6Cu7l9Fvgs5l.uqQvRkBRyHkhg3FYCf::z8cSwZTiw()
Main IL Instruction Count

112
Main IL

ldc.i4 1 stloc V_3 ldloc V_3 switch dnlib.DotNet.Emit.Instruction[] ldloc V_3 ldc.i4 989 beq IL_0009: ldloc V_3 br IL_002D: ret ret <null> nop <null> newobj System.Void GaUmJbVkZfxGtHgarf.zIkpyAfDbIQAtLA6of::.ctor() stloc.s V_5 ldc.i4 2 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_23d81ff98e1c4347a81c149f78ed770d brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 0 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) br IL_0063: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 11 beq IL_009D: newobj System.Void TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE::.ctor() ldloc V_0 ldc.i4 991 beq IL_0063: ldloc V_0 br IL_00D4: newobj System.Void XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY::.ctor() newobj System.Void TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE::.ctor() stloc.s V_4 ldc.i4 1 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_dadaa40a207c4724af58508672d01922 brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 1 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void rNVVstguitVBTqH8JK.bNvsKeqiS94Hio84se::.ctor() stloc.s V_6 ldc.i4 3 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY::.ctor() dup <null> dup <null> ldsfld mtiuyIQ1wZw7IhSAHi3 mtiuyIQ1wZw7IhSAHi3::vm9QHlRBK4 call System.Void mtiuyIQ1wZw7IhSAHi3::y5OQSAvrsX(System.Object,XqVOM7CDWTAZkuTYwm.KlEnaD2EaiqGjbAIeY,mtiuyIQ1wZw7IhSAHi3) dup <null> ldloc.s V_6 ldsfld LpHJ7jQE5qP4teqqG73 LpHJ7jQE5qP4teqqG73::GLmQ4L4oqT call System.Void LpHJ7jQE5qP4teqqG73::y5OQSAvrsX(System.Object,rNVVstguitVBTqH8JK.bNvsKeqiS94Hio84se,LpHJ7jQE5qP4teqqG73) ldloc.s V_6 ldloc.s V_4 ldsfld mXMOFBQuT3FKJbkYeHu mXMOFBQuT3FKJbkYeHu::H1mQRNMgeG call System.Void mXMOFBQuT3FKJbkYeHu::y5OQSAvrsX(System.Object,TocRg6KD0SgymM83wT.px7KlbjFfWlZNgH6sE,mXMOFBQuT3FKJbkYeHu) ldloc.s V_4 ldloc.s V_1 ldsfld XjTrWuQaQJ0ON6PparH XjTrWuQaQJ0ON6PparH::T06Q59KqaO call System.Void XjTrWuQaQJ0ON6PparH::y5OQSAvrsX(System.Object,f3giM85vMltXb2KMUA.LjbjwOa53RDKJuBYxw,XjTrWuQaQJ0ON6PparH) ldloc.s V_1 ldloc.s V_5 ldsfld PboYlbQGDZdXZrUnbYC PboYlbQGDZdXZrUnbYC::BkTQltd0x8 call System.Void PboYlbQGDZdXZrUnbYC::y5OQSAvrsX(System.Object,GaUmJbVkZfxGtHgarf.zIkpyAfDbIQAtLA6of,PboYlbQGDZdXZrUnbYC) ldsfld KEXnQLQ8I4vKtnoHouj KEXnQLQ8I4vKtnoHouj::IBEQUycSL6 call System.Boolean KEXnQLQ8I4vKtnoHouj::y5OQSAvrsX(System.Object,KEXnQLQ8I4vKtnoHouj) brtrue IL_0176: leave IL_002D ldc.i4 0 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_c5b29a41f72b4423912991d388c70899 brtrue IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) pop <null> ldc.i4 7 br IL_0067: switch(IL_0170,IL_00C3,IL_014A,IL_00D4) newobj System.Void f3giM85vMltXb2KMUA.LjbjwOa53RDKJuBYxw::.ctor() stloc.s V_1 ldc.i4 10 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_f958c5b605b6494a8d4dee26b58fc903 brfalse IL_005F: stloc V_0 pop <null> ldc.i4 11 br IL_005F: stloc V_0 newobj System.Void System.InvalidOperationException::.ctor() throw <null> leave IL_002D: ret pop <null> ldc.i4 1 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_b34b36ce4d304b1eb08495f024b58dda brtrue IL_01AD: switch(IL_01C9) pop <null> ldc.i4 0 br IL_01AD: switch(IL_01C9) br IL_01A9: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_01A9: ldloc V_2 br IL_01C9: leave IL_002D leave IL_002D: ret ldc.i4 3 ldsfld <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a} <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_915aeeec84254b73be6901e6b0c85ed9 ldfld System.Int32 <Module>{2eacf641-e201-4ff7-a0fa-148c89c5bb9a}::m_9fc16a51694b405d9c8123a6981d9834 brfalse IL_000D: switch(IL_002D,IL_002E) pop <null> ldc.i4 0 br IL_000D: switch(IL_002D,IL_002E)
ef550978657954819eb7364490741b75 (642.05 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙