Malicious
Malicious

f4c4efd3636904ac0d25722f893166dd

PE Executable
|
MD5: f4c4efd3636904ac0d25722f893166dd
|
Size: 568.83 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
f4c4efd3636904ac0d25722f893166dd
Sha1
87a49a0223e34dbbe70e2311ea3a4148d072ed6f
Sha256
2ead3b4303a43796d7de2cf5fbd28743b3e1cf9690626ae575d360c474fb0639
Sha384
391f5c13268dbe2aa67b1f11efa65aacd551396da1612e65a333db8695bf49e241e654aef9e1cee9fa2948c94c63bcfa
Sha512
fe41d23aabd0a6661e3f711f6a1128fada6195181df6da2588506d6e2c9163da47aa104f90159244e8cefe433d7bd43cf00248417165ebf149565ebf5cc94125
SSDeep
12288:dPw4Bw1hbJVOCJz03VJcuEzd5z1EEfPN3bRgeeTacV07zMtpm:dPw4BkSozgVyuUB9fl3bqeeT56zM
TLSH
52C4028A7B84A702C6606EB6C0E3857503F69ACB7273D7453E1153D6BE013E6CE49BC8

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f4c4efd3636904ac0d25722f893166dd
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
gDRR3XbkGTXWk9KTxs.fQBte6Vpvqv9fwcVSj
l0JFPZoqcDlTxCknRC.gctXDIwvSNS8eKimVL
9s6OG9tcW6FH2tH9hG.itwGwBeVxgUqUU7VTM
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Aobujcwld.exe
Full Name

Aobujcwld.exe
EntryPoint

System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA::hrgrk60Ah()
Scope Name

Aobujcwld.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Aobujcwld
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA::hrgrk60Ah()
Main IL Instruction Count

84
Main IL

ldc.i4 3 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 991 beq IL_0009: ldloc V_0 br IL_014F: ldsfld s6sCelbW4FxSyZkjGoR s6sCelbW4FxSyZkjGoR::p85bukYQRn nop <null> ldsfld System.Threading.ThreadStart qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::cadAuG5Gs dup <null> brtrue IL_00A9: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_76e40b9f002b4068bc1aabe3d4aad76c brtrue IL_0073: switch(IL_0093,IL_00D7) pop <null> ldc.i4 5 br IL_0073: switch(IL_0093,IL_00D7) br IL_006F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_006F: ldloc V_1 br IL_0093: ldsfld qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::qiARPvfLl ldsfld qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::qiARPvfLl ldftn System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::S9oB2X9MM() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::cadAuG5Gs newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld Iv2wHgb2fC221BEReGk Iv2wHgb2fC221BEReGk::fR0bLIY2Jk call System.Void Iv2wHgb2fC221BEReGk::biqbAFYbom(System.Object,Iv2wHgb2fC221BEReGk) ldc.i4 1 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_d9f0eaf27788428092843f77d7a841bb brtrue IL_0073: switch(IL_0093,IL_00D7) pop <null> ldc.i4 1 br IL_0073: switch(IL_0093,IL_00D7) leave IL_0163: ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P pop <null> ldc.i4 4 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_336ca702c9bc498998382960e9452c74 brtrue IL_010E: switch(IL_012A) pop <null> ldc.i4 0 br IL_010E: switch(IL_012A) br IL_010A: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_010A: ldloc V_2 br IL_012A: leave IL_0163 leave IL_0163: ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P ldc.i4 0 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_ce275910bf0843d0a6c1583610f13389 brtrue IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) pop <null> ldc.i4 6 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) ret <null> ldsfld s6sCelbW4FxSyZkjGoR s6sCelbW4FxSyZkjGoR::p85bukYQRn call System.Void s6sCelbW4FxSyZkjGoR::biqbAFYbom(s6sCelbW4FxSyZkjGoR) ldc.i4 2 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P call System.Void Kjaa0Tb8LJiEuBmWD1v::biqbAFYbom(Kjaa0Tb8LJiEuBmWD1v) ldc.i4 2 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_59002d16a00346f088e85d5e86fbbc79 brfalse IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) pop <null> ldc.i4 1 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F)
Module Name

Aobujcwld.exe
Full Name

Aobujcwld.exe
EntryPoint

System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA::hrgrk60Ah()
Scope Name

Aobujcwld.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Aobujcwld
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA::hrgrk60Ah()
Main IL Instruction Count

84
Main IL

ldc.i4 3 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 991 beq IL_0009: ldloc V_0 br IL_014F: ldsfld s6sCelbW4FxSyZkjGoR s6sCelbW4FxSyZkjGoR::p85bukYQRn nop <null> ldsfld System.Threading.ThreadStart qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::cadAuG5Gs dup <null> brtrue IL_00A9: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_76e40b9f002b4068bc1aabe3d4aad76c brtrue IL_0073: switch(IL_0093,IL_00D7) pop <null> ldc.i4 5 br IL_0073: switch(IL_0093,IL_00D7) br IL_006F: ldloc V_1 ldc.i4 0 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 989 beq IL_006F: ldloc V_1 br IL_0093: ldsfld qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::qiARPvfLl ldsfld qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::qiARPvfLl ldftn System.Void qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::S9oB2X9MM() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart qSdLdPm9Xueoo8uwdJ.y8vX9C9XwEho1xXLoA/<>c::cadAuG5Gs newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld Iv2wHgb2fC221BEReGk Iv2wHgb2fC221BEReGk::fR0bLIY2Jk call System.Void Iv2wHgb2fC221BEReGk::biqbAFYbom(System.Object,Iv2wHgb2fC221BEReGk) ldc.i4 1 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_d9f0eaf27788428092843f77d7a841bb brtrue IL_0073: switch(IL_0093,IL_00D7) pop <null> ldc.i4 1 br IL_0073: switch(IL_0093,IL_00D7) leave IL_0163: ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P pop <null> ldc.i4 4 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_336ca702c9bc498998382960e9452c74 brtrue IL_010E: switch(IL_012A) pop <null> ldc.i4 0 br IL_010E: switch(IL_012A) br IL_010A: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_010A: ldloc V_2 br IL_012A: leave IL_0163 leave IL_0163: ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P ldc.i4 0 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_ce275910bf0843d0a6c1583610f13389 brtrue IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) pop <null> ldc.i4 6 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) ret <null> ldsfld s6sCelbW4FxSyZkjGoR s6sCelbW4FxSyZkjGoR::p85bukYQRn call System.Void s6sCelbW4FxSyZkjGoR::biqbAFYbom(s6sCelbW4FxSyZkjGoR) ldc.i4 2 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) ldsfld Kjaa0Tb8LJiEuBmWD1v Kjaa0Tb8LJiEuBmWD1v::yIebMoqX9P call System.Void Kjaa0Tb8LJiEuBmWD1v::biqbAFYbom(Kjaa0Tb8LJiEuBmWD1v) ldc.i4 2 ldsfld <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b} <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_8742bc5e0c6f4971a4c94b2cae09db71 ldfld System.Int32 <Module>{f99d9d11-ab41-4516-97a8-3b5624953b9b}::m_59002d16a00346f088e85d5e86fbbc79 brfalse IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F) pop <null> ldc.i4 1 br IL_000D: switch(IL_0163,IL_014E,IL_0035,IL_014F)
f4c4efd3636904ac0d25722f893166dd (568.83 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙