Malicious
Malicious

refmonitor.exe

PE Executable
|
MD5: fdc5b09cf1c88f78c278f81480012607
|
Size: 1.92 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
fdc5b09cf1c88f78c278f81480012607
Sha1
9a1261d05c7a5e66844e5d6904a41c944b6103d7
Sha256
77693f6d2956f9e626381e1228732a454fca3bd2a39c8247898e627bb427e12d
Sha384
4f1f20efc58026f47c6fc1de3fc39e06f5a9456e04f99e8c3aae93eb835ef9e5fac2db2f64f9a7d4b1240b9f0ef76834
Sha512
a3c17c9587de51b6c99544718e4866feca98f2721118f98572d76bfa5343179f66ee93d618ed7d9e01ff5ea08397435721ff7cdf47d64074e885fac3c5f6814e
SSDeep
24576:30US5djN7js5j63pzwXDdk8zdKFJuMc2aAIHtTOY7SrbpOsZan:k9xWpHUcsINTkp
TLSH
5595AF0655E25E3BC2741B714497003E4295D73A39B2EB5B3A1F60E2A8037B5CF762BB

PeID

.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
refmonitor.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
8qNXcbXsEpNHxbakhy.oaogWuBt043eCgX0sF
dDHM6nAj2e20bAnteb.Z4yfoCEH4wC28esbUm
ufm61hcmyQXj46ESGK.wG1Pq7kfRRvdr6A4FH
g4e1SXWpJts5pILkAr.2rMpvh3hnxExotTKqC
t1RsHcFkcnLunf5FxF.MJLnADIs4mloJl1dx2
lf9u7aiJJTsOeTyuFZ.K9gDT5tpQsEmyFArRu
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void cW9KGA738xCRIRRm0jg.h0w8Et7W28Ik1NKSwrF::JRZ7AMwjqR()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void cW9KGA738xCRIRRm0jg.h0w8Et7W28Ik1NKSwrF::JRZ7AMwjqR()
Main IL Instruction Count

48
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_009B: ldnull newobj System.Void TWlkXmcIuhoa3MtRulP.J8L1GXcFHLALy0ya6M1::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_a742c194088747869b565307d0849811 brtrue IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 0 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) ldc.i4 103847978 neg <null> ldc.i4 -708413310 xor <null> ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_a6493140d7724ed5af35c1194212ac79 xor <null> call System.String TOTpHBMgKJXB5QLHQEZ.B0qD8AMQOvEaXr7ix3l::Vp6MmWR5EW(System.Int32) newobj System.Void JbJYJfkXtapZuvYhf5J.iWa6vskI9jfNn3VIdvf::.ctor(System.String) call System.Void JbJYJfkXtapZuvYhf5J.iWa6vskI9jfNn3VIdvf::AyKkBeaHEq() ldc.i4 4 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_1e81031a013d433b848f58cdd5564eb9 brfalse IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 4 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) ret <null> ldnull <null> ldnull <null> newobj System.Void SrMkU83foK7Hs3LCkvV.qjidlU3CsSkwTkSN4mD::.ctor(System.String,System.String) call System.Void yHqIFPt9e0paguMWkBg.ebYNYQt71HfkJqJBQMS::SeStZWJQxC(SrMkU83foK7Hs3LCkvV.qjidlU3CsSkwTkSN4mD) ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 call System.Void lhAj2djLCV0TPHYSLmg.zgcQkNjg59r0hFlEtRo::jd3tc3oJaMm() ldc.i4 1 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_2a0e9bd021df435794ee6afc04cd506d brtrue IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 1 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void cW9KGA738xCRIRRm0jg.h0w8Et7W28Ik1NKSwrF::JRZ7AMwjqR()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void cW9KGA738xCRIRRm0jg.h0w8Et7W28Ik1NKSwrF::JRZ7AMwjqR()
Main IL Instruction Count

48
Main IL

ldc.i4 2 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_009B: ldnull newobj System.Void TWlkXmcIuhoa3MtRulP.J8L1GXcFHLALy0ya6M1::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_a742c194088747869b565307d0849811 brtrue IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 0 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) ldc.i4 103847978 neg <null> ldc.i4 -708413310 xor <null> ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_a6493140d7724ed5af35c1194212ac79 xor <null> call System.String TOTpHBMgKJXB5QLHQEZ.B0qD8AMQOvEaXr7ix3l::Vp6MmWR5EW(System.Int32) newobj System.Void JbJYJfkXtapZuvYhf5J.iWa6vskI9jfNn3VIdvf::.ctor(System.String) call System.Void JbJYJfkXtapZuvYhf5J.iWa6vskI9jfNn3VIdvf::AyKkBeaHEq() ldc.i4 4 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_1e81031a013d433b848f58cdd5564eb9 brfalse IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 4 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) ret <null> ldnull <null> ldnull <null> newobj System.Void SrMkU83foK7Hs3LCkvV.qjidlU3CsSkwTkSN4mD::.ctor(System.String,System.String) call System.Void yHqIFPt9e0paguMWkBg.ebYNYQt71HfkJqJBQMS::SeStZWJQxC(SrMkU83foK7Hs3LCkvV.qjidlU3CsSkwTkSN4mD) ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 call System.Void lhAj2djLCV0TPHYSLmg.zgcQkNjg59r0hFlEtRo::jd3tc3oJaMm() ldc.i4 1 ldsfld <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722} <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_9d7a02512d0348a8a13131824cbdf9e2 ldfld System.Int32 <Module>{28f1f8da-6b3e-42d7-b5a1-073873c55722}::m_2a0e9bd021df435794ee6afc04cd506d brtrue IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A) pop <null> ldc.i4 1 br IL_0012: switch(IL_009B,IL_0030,IL_00B5,IL_0055,IL_009A)
refmonitor.exe (1.92 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙