Malicious
Malicious

0930fad6bd9efc8443909578a149fac2

PE Executable
|
MD5: 0930fad6bd9efc8443909578a149fac2
|
Size: 49.15 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
0930fad6bd9efc8443909578a149fac2
Sha1
0a75a78e76451e27e7071cee21528b5439251ffa
Sha256
478deaf8d2cec05767fdc2c2025f17cf64e93be5be9ccbb4a9387700158b129d
Sha384
33ecb30b9b44ea02058f7c1f29ca551b34cccd881e2bda92e44513478fe28c8001484372e9837a77ec75c8659d21d3dd
Sha512
0b74a9320552d04520b582f29a1c76b04245472f8060b60525adc5f6878e9fb3462e2c535ca20ba9deb66f95b5169beb6931d4ecb91c06e26f2707eb2bdf66b5
SSDeep
768:4udZNTAoZjRWUJd9bmo2qL86kU9cWPmfs+gfkOc0bqWofp/knFt5AgYDZv+:4udZNTAGL2BUlPmKk4bHuxkFs7dv+
TLSH
45234D003BE9812AF2BE5F7499F37146867AF2673603D54E1CC841975B23FC68A425FA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0930fad6bd9efc8443909578a149fac2
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

Wjdab24zTmFhQmdTb2piVkFUeVJLNHpwR1VQOG9LT0s=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOumdUH2bTp9TDXzpTziczANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjIwMDUzNDUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI207akN5sAn+GGF6YEYEV9CmbTELQdtHfzUo7sSVeVM7cpDHdV+1NYV+8+ffT2T973/hZwG4ZeOJFxSwyCDfmbZRhS2BaRGtTmSwI47K0XxnSDzqZG4HshmZ6RHpK71ZBUmcho2MHyHXrksoCo6vwb2DmW93lTeZu05f1Rb9R+RuXN/AIk53MqtXu3GsNfvFmqbLcOLEo4Lz8pmAn1oAG0/Z4kj9NWDFcnDneIUAlpaVgmF3BWtWjdr5jL3pl+oujZAQUxTY/28ba1nYZzJJQADX1XVCc1YznsS6p6CmCRZI74Zq0e7g8EMgqBxsXKj0BDKvUkFYcyE2N80jphTLgQGsUP3EgozZmTX4G9OO1qsLaqiWbosrn9rOODT6dd2oN4I2agBDEsUDGTua1PrLo2QZbuLASFonvm382gJMW2yuJQD6xyb2r25gGcmqYetLeZ2xN/y9k0O5THFe22VEgDXnS+lUQfMNYgJ2qz05sVP7LASHY6BKymD+SJKtpo7S3v3kp66Yik7WwRtoZTiuki5TgSN/FT2htbJXeBqVRrwvZd0k4Utn4CKV6PbraU778s+vgH9I2ota0g46MxoW5YsPDgoAlBEb7Bj75REoefTOd3tAceNjzvOVf4lN5l+y7R9bo3ja0a5+oZTRiSb+qV7AyDcIMHqvPp2oHNBQMFdAgMBAAGjMjAwMB0GA1UdDgQWBBTubMskX3ukPGgSjDB90P6isD8ZxjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCENU9W0258J5wC58XgtdiirDB0tUddV01024vfvr/tqKgSxJeTL3RZAFgwGV4gmN2U77BoeGRKGhjJqkIPradmvfDGm3fqTE7M6oYRA9IP9Rh6L54J9V95OaI5Z1IXqHA2qEoczlz0oSpEkcOeklRJO46jtJaMcQxiGgwy2UZCgZTjQrTkZx8DnyyM4ZRuRn9kTdSYeTHXQt1dg0w4BdqRXcbBGHHbRDdRttG1DvLTAD4fI/G7/TUd4FhyWTx/1vZeYPYZrNWd8sKiegLQEadvdrZz7di6omhlzWLu5Iry5/x4L0NK6aRR9MJPugVH70H0VZtkjYrdL44Qiz5Qwm+c2NwVKX/L+IypXRFUykEJKWgppWIUyGOHhroANuM0xlMUF/v59/Sc7GwwzToXgCp46vs0J1FGWr6/XqNFcn1Q0sSqH3hwPg4aigEhpW8ElUdUrJsVEjpPkuSYL5W3bYeuIRmG2TcgdD6Vn4dTRBnOn7u0tDomngiLAkWJtHoBPU4O/mi+ctONpWDcgvCJJEK2YJ2fgqUy19sZcIlps8EF4bmeq+yQJdzcPJNyEjdMMBXT1PNLLW2WEDrjD++kdXP1td1TQjjoiBH5ruiNzyHfp/1QUhMApiwMYsfx+vIpKdc8JKdJClK7enrj7qGwTOx3xc/UHYsbtfFlxZf9aRaZBQ==
ServerSignature

XenWTm3FX+Odl/JmQCG1e/avqQIl7mx4F0MR5vcQ6O3+zraFomJmaxfVnesgEVxNJTmQCYTGWJavEcGS+/0KjcfISrBJSa8NnMFP85Dyd8Nx0f3VIFaRCgGSlgKVlIBQAnk3oCAmvcCk7Nj/u3Wp/0WesTJScOaVafRUJPo2Lrl8ZeHVy3hAfLf3gVe2UduI+haCtNDx9WnuvlP6MWPWNNRbZrjZLTb5tp0LiTZVq4gj+13u3T8v0WFBV+pdr63apeiorteysqdvpJWneYt+/OEWDDQbYE02qjUJmUUzHFaguH34GCPaT/f5YBRK2tkooLuk0xh7364BxeqTcRgMnfSHow17vy45Ch2+atUWkGFpqDKaiz1tw/urgpm1HyDXua/k9YI4E1ro5TEqw4OoVkFstJfK/ZSG2oBwXJRCIvStpfBIi8PC9/JnmRgRqgFJRt0lAVbaZK900Azq9I5NfP82vXQaUVdrOVPuNDRAWrO39kdE4nictJiz6AhXIawkog50ZXKC4AeFAScEMHkBBn4bOXPjyP3GfnPRiPJMMpejxsnTiPOT7VquJPBeED6xiK/Lj22CE7UPiv4ARO7NAKqWpTG/MB2l0esGTxM1hodfy64xKGv8oU5BET91O8KzQ6l75Ds3vdMZX9RoPrjEJl0YLHh2yYR9
Install

false
BDOS

false
Anti-VM

false
Install File

datarat.exe
Install-Folder

%AppData%
Hosts

111.229.180.223
Ports

3555,15555,25555
Mutex

N5FRYpEM0DuB
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

BcaBImvIoy
Full Name

BcaBImvIoy
EntryPoint

System.Void iqEBlAsJyAgHzyP.QHeEXLjUpCho::Main()
Scope Name

BcaBImvIoy
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ClientTool
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

120
Main Method

System.Void iqEBlAsJyAgHzyP.QHeEXLjUpCho::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0012: ldloc.0 ldc.i4.s 100 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::yyQKJJSbtoNcTL call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4.s 100 call System.Boolean iqEBlAsJyAgHzyP.NpELvlIhWsyW::stgVZwaWyFuJIEUte() brtrue IL_002F: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean esqfmTcxOGvwKlIE.AUFCymJwWhBcXJv::ySDdFRxcOZ() brtrue IL_0040: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::UQIYXRuazvcE ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::UQIYXRuazvcE call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0054: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::mvrAfaVbbqF call System.Void esqfmTcxOGvwKlIE.cyBuNAgmJkw::EoixbJvciCTS() ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::mvrAfaVbbqF call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0068: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::ASYshUQdJlEZ call System.Void xGuAfkhjYZbz.xaEdNqbEcgOR::rmqDoqddyxwZe() ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::ASYshUQdJlEZ call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0086: call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() call System.Boolean esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::SknmonJCzuBDu() brfalse IL_0086: call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() call System.Void esqfmTcxOGvwKlIE.GhzPGLsnJMSL::TrZLvCwhRIZvW() call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() leave IL_0096: nop pop <null> leave IL_0096: nop nop <null> call System.Boolean CKlAZdFitc.rNhwaSJGzbd::get_IsConnected() brtrue IL_00AB: leave IL_00B6 call System.Void CKlAZdFitc.rNhwaSJGzbd::tMaXTlaroXWDyL() call System.Void CKlAZdFitc.rNhwaSJGzbd::sumGfrnVXJsDB() leave IL_00B6: ldc.i4 5000 pop <null> leave IL_00B6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0096: nop
Module Name

BcaBImvIoy
Full Name

BcaBImvIoy
EntryPoint

System.Void iqEBlAsJyAgHzyP.QHeEXLjUpCho::Main()
Scope Name

BcaBImvIoy
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ClientTool
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

120
Main Method

System.Void iqEBlAsJyAgHzyP.QHeEXLjUpCho::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0012: ldloc.0 ldc.i4.s 100 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::yyQKJJSbtoNcTL call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4.s 100 call System.Boolean iqEBlAsJyAgHzyP.NpELvlIhWsyW::stgVZwaWyFuJIEUte() brtrue IL_002F: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean esqfmTcxOGvwKlIE.AUFCymJwWhBcXJv::ySDdFRxcOZ() brtrue IL_0040: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::UQIYXRuazvcE ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::UQIYXRuazvcE call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0054: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::mvrAfaVbbqF call System.Void esqfmTcxOGvwKlIE.cyBuNAgmJkw::EoixbJvciCTS() ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::mvrAfaVbbqF call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0068: ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::ASYshUQdJlEZ call System.Void xGuAfkhjYZbz.xaEdNqbEcgOR::rmqDoqddyxwZe() ldsfld System.String iqEBlAsJyAgHzyP.NpELvlIhWsyW::ASYshUQdJlEZ call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0086: call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() call System.Boolean esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::SknmonJCzuBDu() brfalse IL_0086: call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() call System.Void esqfmTcxOGvwKlIE.GhzPGLsnJMSL::TrZLvCwhRIZvW() call System.Void esqfmTcxOGvwKlIE.yvZmstPZAQbmmqH::cKqeJbfIZC() leave IL_0096: nop pop <null> leave IL_0096: nop nop <null> call System.Boolean CKlAZdFitc.rNhwaSJGzbd::get_IsConnected() brtrue IL_00AB: leave IL_00B6 call System.Void CKlAZdFitc.rNhwaSJGzbd::tMaXTlaroXWDyL() call System.Void CKlAZdFitc.rNhwaSJGzbd::sumGfrnVXJsDB() leave IL_00B6: ldc.i4 5000 pop <null> leave IL_00B6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0096: nop
Artefacts
Name
 Value
Key (AES_256)

Wjdab24zTmFhQmdTb2piVkFUeVJLNHpwR1VQOG9LT0s=
CnC

111.229.180.223
Ports

3555
Ports

15555
Ports

25555
Mutex

N5FRYpEM0DuB
0930fad6bd9efc8443909578a149fac2 (49.15 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙