Malicious
Malicious

f2c925692a7a9d067464948adaad9dd1

PE Executable
|
MD5: f2c925692a7a9d067464948adaad9dd1
|
Size: 3.4 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
f2c925692a7a9d067464948adaad9dd1
Sha1
b703fda15b6f665ce4a220ece7ab65492e2d4c18
Sha256
6286cf6a7653c3bd92c6cf8f159324abda4a33cd9df6cd9c44813afdcaba96f4
Sha384
aff4982e0d379a84e70d68facd38798fed62f8d6cd363d227504fe3e8069857665a46647e90dfe2b198ec69a270f80ee
Sha512
8014cae115ef7e063bbc69099092437dd2ffb1ebb1e7087236f635271265acb7d16b955b3c1325f854141dbdfd0a3847acf7d65e3298ff8298cd62d33f983f11
SSDeep
49152:15TX6w2k5zc72TD8aoxk2LKIgjuFfdGkLjXn0okCKAA:15D6w2k5DAx0ydG6kuK
TLSH
EDF53813FF8E9AE3E6407F76C6F788125B71E1427327D30B7A0AA39A58077661D49603

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
File Structure
f2c925692a7a9d067464948adaad9dd1
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Kqwffcka.Properties.Resources.resources
Kkxxiewdbf
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Chtumtecvpu.exe
Full Name

Chtumtecvpu.exe
EntryPoint

System.Void SteamKit2.Modules.GroupedModule::TestModule()
Scope Name

Chtumtecvpu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Chtumtecvpu
Assembly Version

1.0.7274.4224
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1291
Main Method

System.Void SteamKit2.Modules.GroupedModule::TestModule()
Main IL Instruction Count

18
Main IL

ldc.i4 1 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0057: ret newobj System.Void SteamKit2.Monitoring.OrderedWatcher::.ctor() call System.Byte[] SteamKit2.Monitoring.OrderedWatcher::ObserveResponsiveWatcher() call System.Byte[] Chtumtecvpu.Factories.FactorySolver::CreateSetFactory(System.Object) call System.Void SteamKit2.Helpers.ChooserInspector::DetachChooser(System.Object) ldc.i4 0 ldsfld <Module>{3252589e-f2bc-4504-b836-6c4602ad1db6} <Module>{3252589e-f2bc-4504-b836-6c4602ad1db6}::m_8fc4440d235147c2a1dcd5e20ddc5c8f ldfld System.Int32 <Module>{3252589e-f2bc-4504-b836-6c4602ad1db6}::m_cc63a567429046f48254266f032cd992 brtrue IL_0012: switch(IL_0057,IL_0024) pop <null> ldc.i4 0 br IL_0012: switch(IL_0057,IL_0024) ret <null>
f2c925692a7a9d067464948adaad9dd1 (3.4 MB)
File Structure
f2c925692a7a9d067464948adaad9dd1
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Kqwffcka.Properties.Resources.resources
Kkxxiewdbf
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙