Malicious
Malicious

fe42e96e013688b343504698c491acc5

PE Executable
|
MD5: fe42e96e013688b343504698c491acc5
|
Size: 567.81 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
fe42e96e013688b343504698c491acc5
Sha1
c3df1aa34cdea565b62e306a7d4177253ae030a1
Sha256
1fa15bcc25e702d940d76b98bd402d0783c25f60c1928ae7ed3612d1b9419d45
Sha384
ac7b563770c83126f62a81b9ecd7685be1e455a8c2b6fa67534e1f11f72f72bfeeceeb5fd9dc62f06194267d274f7938
Sha512
9aa7b10dc4861e9864e136675cd6c52c4300f123dad4249f146998e6cdd1ddb843b5c247f680f488e1efeefd743ae02214e27a794a9d1fa9256dd38f3da1154e
SSDeep
12288:yW7yNqbJTara8BQKGgZFKzdfKyHln0Idz6m:y49ara8BzezdScTl
TLSH
0FC402077A942B42CA6411B5C8E3E82503FAE98B32F3D74D7F4503869E417E48DA6B9D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
fe42e96e013688b343504698c491acc5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
XrkkFLRKMF3tuwfoSZ.S7IypxrxC0nxCUhdC9
I9ynYk4DdVLel570Ak.Vw4coCV0fdg9fg55DH
jc1CP7NbCOdPCkelK9.XcFEHQJmdSvU7ZQ42p
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Kihwbuuw.exe
Full Name

Kihwbuuw.exe
EntryPoint

System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb::dHG0mHCfX()
Scope Name

Kihwbuuw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Kihwbuuw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb::dHG0mHCfX()
Main IL Instruction Count

85
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_005E: ldsfld jkkBvd4TTOqtinCa5Xc jkkBvd4TTOqtinCa5Xc::Rqt4cL9Vu9 ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc call System.Void mYl5bR4wj1ZxrPshoGx::FO046MTlNR(mYl5bR4wj1ZxrPshoGx) ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_c43625f5dcf14b94bced5e993d40ece6 brfalse IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) pop <null> ldc.i4 8 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) ldsfld jkkBvd4TTOqtinCa5Xc jkkBvd4TTOqtinCa5Xc::Rqt4cL9Vu9 call System.Void jkkBvd4TTOqtinCa5Xc::FO046MTlNR(jkkBvd4TTOqtinCa5Xc) ldc.i4 6 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_5ad5033d5ad94b198914b76c1130aea6 brtrue IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) pop <null> ldc.i4 1 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) ret <null> nop <null> ldsfld System.Threading.ThreadStart puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::N176HbxtU dup <null> brfalse IL_0099: pop br IL_0101: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_cd9fd381aa924b34a4fcd8676f33f607 brtrue IL_00CB: switch(IL_00EB,IL_012F) pop <null> ldc.i4 4 br IL_00CB: switch(IL_00EB,IL_012F) br IL_00C7: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_00C7: ldloc V_0 br IL_012F: leave IL_0035 ldsfld puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::S0RMD6yM4 ldftn System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::C45oFFnLF() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::N176HbxtU newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld cYte4N4Pw9bkr3CxXJl cYte4N4Pw9bkr3CxXJl::hWI4K7F9OM call System.Void cYte4N4Pw9bkr3CxXJl::FO046MTlNR(System.Object,cYte4N4Pw9bkr3CxXJl) ldc.i4 3 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_881096bba9514764945ee783cf148030 brtrue IL_00CB: switch(IL_00EB,IL_012F) pop <null> ldc.i4 1 br IL_00CB: switch(IL_00EB,IL_012F) leave IL_0035: ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc pop <null> ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_b729d507fc57443d8f45d39bf5b18a24 brtrue IL_0166: switch(IL_0182) pop <null> ldc.i4 2 br IL_0166: switch(IL_0182) br IL_0162: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0162: ldloc V_2 br IL_0182: leave IL_0035 leave IL_0035: ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc ldc.i4 3 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035)
Module Name

Kihwbuuw.exe
Full Name

Kihwbuuw.exe
EntryPoint

System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb::dHG0mHCfX()
Scope Name

Kihwbuuw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Kihwbuuw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

39
Main Method

System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb::dHG0mHCfX()
Main IL Instruction Count

85
Main IL

ldc.i4 2 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_005E: ldsfld jkkBvd4TTOqtinCa5Xc jkkBvd4TTOqtinCa5Xc::Rqt4cL9Vu9 ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc call System.Void mYl5bR4wj1ZxrPshoGx::FO046MTlNR(mYl5bR4wj1ZxrPshoGx) ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_c43625f5dcf14b94bced5e993d40ece6 brfalse IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) pop <null> ldc.i4 8 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) ldsfld jkkBvd4TTOqtinCa5Xc jkkBvd4TTOqtinCa5Xc::Rqt4cL9Vu9 call System.Void jkkBvd4TTOqtinCa5Xc::FO046MTlNR(jkkBvd4TTOqtinCa5Xc) ldc.i4 6 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_5ad5033d5ad94b198914b76c1130aea6 brtrue IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) pop <null> ldc.i4 1 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035) ret <null> nop <null> ldsfld System.Threading.ThreadStart puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::N176HbxtU dup <null> brfalse IL_0099: pop br IL_0101: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_cd9fd381aa924b34a4fcd8676f33f607 brtrue IL_00CB: switch(IL_00EB,IL_012F) pop <null> ldc.i4 4 br IL_00CB: switch(IL_00EB,IL_012F) br IL_00C7: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_00C7: ldloc V_0 br IL_012F: leave IL_0035 ldsfld puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::S0RMD6yM4 ldftn System.Void puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::C45oFFnLF() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart puUnATCIdXWDMufGIm.JiicLAlqWR6bdEsrwb/<>c::N176HbxtU newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld cYte4N4Pw9bkr3CxXJl cYte4N4Pw9bkr3CxXJl::hWI4K7F9OM call System.Void cYte4N4Pw9bkr3CxXJl::FO046MTlNR(System.Object,cYte4N4Pw9bkr3CxXJl) ldc.i4 3 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_881096bba9514764945ee783cf148030 brtrue IL_00CB: switch(IL_00EB,IL_012F) pop <null> ldc.i4 1 br IL_00CB: switch(IL_00EB,IL_012F) leave IL_0035: ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc pop <null> ldc.i4 0 ldsfld <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b} <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_9ec7ea14aadf4c5384f4e2141523865b ldfld System.Int32 <Module>{7be6b9ef-beea-4895-8abd-446d895d8f0b}::m_b729d507fc57443d8f45d39bf5b18a24 brtrue IL_0166: switch(IL_0182) pop <null> ldc.i4 2 br IL_0166: switch(IL_0182) br IL_0162: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0162: ldloc V_2 br IL_0182: leave IL_0035 leave IL_0035: ldsfld mYl5bR4wj1ZxrPshoGx mYl5bR4wj1ZxrPshoGx::CdB4AI1idc ldc.i4 3 br IL_000D: switch(IL_0087,IL_0088,IL_005E,IL_0035)
fe42e96e013688b343504698c491acc5 (567.81 KB)
File Structure
fe42e96e013688b343504698c491acc5
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
XrkkFLRKMF3tuwfoSZ.S7IypxrxC0nxCUhdC9
I9ynYk4DdVLel570Ak.Vw4coCV0fdg9fg55DH
jc1CP7NbCOdPCkelK9.XcFEHQJmdSvU7ZQ42p
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙