Malicious
Malicious

f007d6f55501568d8e4d15d32f358159

PE Executable
|
MD5: f007d6f55501568d8e4d15d32f358159
|
Size: 1.43 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
f007d6f55501568d8e4d15d32f358159
Sha1
65e4868953a985c0d07cb67e099ca876d418991c
Sha256
f0c19bca34ec10ca7f3057c3ecccc0a4b2d8f21fa163c1149ca8d15fa9918703
Sha384
6330dcc31c6a07050e779676d33881acfabc97fc2121c9751d1e9d0c523aecd9983003ce28769e889b5535318fa17680
Sha512
2d0ab9a86e9c5657d1fb84e4aa4a0686b4eb838272b6a94942764570cc04b05a83e6071e70928aaf41f2e6bfe797997f410ffc3aee55f3cf3db5ed2e8b42afb0
SSDeep
24576:ZLXAMBYlPRL78DaniHLFaSkVQYZafcuKHumnywS:FAXPSJaL+su6
TLSH
28657C017E44CA11F0181633C2EF494887F0A95167A6E32B7DBA37AE59133A73C5D9EB

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f007d6f55501568d8e4d15d32f358159
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
06CSUZ1cH0wmGyysvc.OkwgDY6XVm0ladltxI
0EAO89bXbYgWxEIMgS.LJXI3QwCAZ1jwD8F0U
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
Full Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
EntryPoint

System.Void vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::bJjVZ4gH0a()
Scope Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DT6cYBR6bPZhYaV
Assembly Version

3.1.8.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::bJjVZ4gH0a()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void EG1TOyVMuWvX76Q2pwG.XiFBgUVdjvpX8aghBZl::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::GrOVUCvdFe callvirt System.Void bxaQ27adk0KKZFlT0XD.l5NU3Za7u259CqUQ90l::WLsN0nRbRx() nop <null> ret <null>
Module Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
Full Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
EntryPoint

System.Void vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::bJjVZ4gH0a()
Scope Name

vVUgSUFQTCfDZpeOjKkWgpgkm7ISGDsppQEzCE
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DT6cYBR6bPZhYaV
Assembly Version

3.1.8.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

63
Main Method

System.Void vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::bJjVZ4gH0a()
Main IL Instruction Count

14
Main IL

br.s IL_000B: ldc.i4.0 call <null> ldnull <null> ldc.i4.0 <null> ldelem.ref <null> pop <null> ldc.i4.0 <null> brtrue.s IL_0007: ldnull call System.Void EG1TOyVMuWvX76Q2pwG.XiFBgUVdjvpX8aghBZl::kLjw4iIsCLsZtxc4lksN0j() nop <null> ldsfld System.Object vJEygBaGH71A4vJIj19.CU0SB8aRkvCZX5vQFdI::GrOVUCvdFe callvirt System.Void bxaQ27adk0KKZFlT0XD.l5NU3Za7u259CqUQ90l::WLsN0nRbRx() nop <null> ret <null>
f007d6f55501568d8e4d15d32f358159 (1.43 MB)
File Structure
f007d6f55501568d8e4d15d32f358159
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
06CSUZ1cH0wmGyysvc.OkwgDY6XVm0ladltxI
0EAO89bXbYgWxEIMgS.LJXI3QwCAZ1jwD8F0U
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙