Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 0db33c257d847bf64fa107aa79dd5e39
|
| Sha1 | 36b73b0a2482532edf5e261639ea922257b795d5
|
| Sha256 | 124be4ded50da810cbfd7abd3a393875639b64c7fc9103c14490800484a2b6c4
|
| Sha384 | f1e429fdf2006347d9e7ce65ad8875305ab9b6106b83e56e6bf022ce0426896ac75b411b9278180d7582d84e264a5ec2
|
| Sha512 | 5367a3910c0199f4f890e6afaac310439e9b65bd94110c2f78e56e330d828b72456aaa5dc041611f93607c5d35117d1433ce8790f4118f3944ee47fdb2e4ed9a
|
| SSDeep | 768:/uifh9Tg4xr5WUx9tDmo2qrF9YaPqf5OPI0zjbwgX3iiTrNdQ0PxBDZOnj:/uqh9Tg+L2qaa6303b3XSiToCPdGj
|
| TLSH | B8232B003BE9C12BF2BE5FB89DF26145467AB1633603D64E1C8411DB5713BC68A52AFE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | cmNEbDZNYnp3ejFLc2RFM1F5Y2Yxd3l0Q01OaXhXZTQ= |
| Pastebin | - |
| Certificate | MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFwXjs8+Tjb6rGW2uRjpX92Pyhjh8LBpkQ8ZVWmHgnrg6rG0F60rBKz4ew8WXbKcUo3Q+oz/td4gqFQDlhw1kKoLeUmr+9QKyInnm/2UOlpU4DY3Vpgw9RKXcNYyUemiFybYORXhX5itphsOy7VNGbmDGcokwXemsR8Dxtx/fxqxdTSIJt2+bnMbPPCL05l7xkOyVQMnLIGcsDBoQXotDfeKlpluqyut2YjHGluh/uIUb/c37ZW17RCI+CtrNRGQjB8ErSBSWGtlxKh6a7DtgUD3Ixy87tueEKyeiHIjKNGM2DeeYpPp94vQ1L9omOqV6XBPRIlE8dZG2wIEh9U7nAbyILI5CsDNK3ZKIo9rFYVDCqRpjSpDW6EE3X+megquYTgBmYwz0wc3Nm7DyXpYWw9M6ubgwJOY4IuNEV3JNHsxHdX457CHJ1B3pvyDSRoD4GGQWzFrod/rSdbc6h0Znk520NtZ7qkP+AA3KumXQoREuIENMqFyEeb4jAL/o+NLZJ2s25y37AhIULalSXUWRpFFN4afCogVBX2Lq5fTnARunBy+iM0cTCITKg1PzdagOzpIYZ1301QYewT1wIDAQABozIwMDAdBgNVHQ4EFgQUwIO7jdsbGYhuyUURLCnL8u8aCiswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAPXoIXK5CvTxz3g1MuFheFwcA6CSzDoKFPW4zVdDtZTjVtAd9wnPaH7HpQXLwpPUb3WM8iEX/zgdze8q36+IWIv7LOpMKCDr3+dyeR5dyuSF0HNggANxw64nb8ggfquNYXofQDR8B2fp/c1iXT3NQcZ4CsM37nMLyvKC7n2hWWArrhshFMKZ/AnT+3r996JaT0BopXowQsSIzBNFez3KrBQ2fKj8HuJPZ3VJKnAH+sUBvTup/5qk5+aijalDJU/APvTFLKBom0ifAqZoYgwI/B9H0mEO7qYXokEVtEPX9LS41ALFQl/naWldHpnhmMgpN3Y30HgI+CJIyUxR9k7f0AIYXdGHdXeqc+MhZa25H+ESwSwI7N7FMyxkdzkikWAXIYoKK3o1mdb9+0s1/CstbjWs8QAzUYmZTb1vUAg9tUMhL2LqaWlpnzOOXdQUhRqk1JuYoBAvlesZ5qsgrZxzaQtDZ7hq6oWsqdDScXGUt7SrPvtXFjFXHjdCrfVHISH0RcEsmaSSV6+cjvcSZe3gb/t5lfjmaDMgWvlIHtKONjneUbCKzoYY2OHU/gy4DkWdt4q8SX1a0jLYXkYr7KPKFaDR/oc85PRUsCKg/vhCtRIbTAJ1CCf0RCk61CuONfs18uIvo08JwHJgWVwN/1lq94mdsEzo1SPA5mE4FFr/APuY= |
| ServerSignature | mBS9vsEDuapsM0VlHM6B8h5vf+INDQi3voiFo0zpjjRswnHq50LvCRjwaEqBEVbXAoO9EJSCfjSSQqtNE/WHUGNfuybHO902GabqbHnHKPHnGe0G4aK7U8sisGRLHlVMn4VhuI8+h8E0DcJgWjNRBOKMAGBvRRbjHKIcD6s9FKIe9+QKOMY8uVn2idwculd6TZI1FQfuo52YH40zzql3fTtVwFFu1OD/FroxNw420r9zMtgNKA2RXb2VBuW13KqLwCxBovdKdKDtUFoBDjVpBDwkauT8dr1MP1uENaS/HufwUBekRi4pIDZ+fCazCSjYH6Km/Ac5+WY6AxBGxDdUW7YL3qmoolMkVStyp/bynXz4LQjNVqaOebIIDuzDJdsAeljgYkDVK/6FMHmcxSvFPWh8N+loYYBHQ8LBfSHG3/NEyYAu5BWwfbLXBxwK3KxKagLwD/9Ia0+kMEjii6btXHcNysfGVdkntpPO3otGRhVF9N1KtbiDka6rHKhqqODhCz3ImhZpYKWb4ZcvkxibgBSHMP1knvZgI5P2mfdQ++J6otoZvH/cWROE+2vB+WN8qHb1/lfL87LYlB4erPoa74BLZTZ00hGk+TVvt2AImQhhGi+USNxOS/NzISp6iY7po8wTRQtADEnYtBgtviKobI60SaD2xe3fgBk0iiwi8LE= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | NetworkSecurity.exe |
| Install-Folder | %AppData% |
| Hosts | eco.sa.com,www.eco.sa.com |
| Ports | 80,443,1604,4444,5555,6606,7707,8080,8808 |
| Mutex | icr8a7gMw4ny |
| Version | 0.5.8 |
| Delay | 3 |
| Group | |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | NetworkSecurity.exe |
| Full Name | NetworkSecurity.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | NetworkSecurity.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | NetworkSecurity |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | NetworkSecurity.exe |
| Full Name | NetworkSecurity.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | NetworkSecurity.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | NetworkSecurity |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | cmNEbDZNYnp3ejFLc2RFM1F5Y2Yxd3l0Q01OaXhXZTQ= |
| CnC | eco.sa.com |
| CnC | www.eco.sa.com |
| Ports | 80 |
| Ports | 443 |
| Ports | 1604 |
| Ports | 4444 |
| Ports | 5555 |
| Ports | 6606 |
| Ports | 7707 |
| Ports | 8080 |
| Ports | 8808 |
| Mutex | icr8a7gMw4ny |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | cmNEbDZNYnp3ejFLc2RFM1F5Y2Yxd3l0Q01OaXhXZTQ= |
| Pastebin | - |
| Certificate | MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFwXjs8+Tjb6rGW2uRjpX92Pyhjh8LBpkQ8ZVWmHgnrg6rG0F60rBKz4ew8WXbKcUo3Q+oz/td4gqFQDlhw1kKoLeUmr+9QKyInnm/2UOlpU4DY3Vpgw9RKXcNYyUemiFybYORXhX5itphsOy7VNGbmDGcokwXemsR8Dxtx/fxqxdTSIJt2+bnMbPPCL05l7xkOyVQMnLIGcsDBoQXotDfeKlpluqyut2YjHGluh/uIUb/c37ZW17RCI+CtrNRGQjB8ErSBSWGtlxKh6a7DtgUD3Ixy87tueEKyeiHIjKNGM2DeeYpPp94vQ1L9omOqV6XBPRIlE8dZG2wIEh9U7nAbyILI5CsDNK3ZKIo9rFYVDCqRpjSpDW6EE3X+megquYTgBmYwz0wc3Nm7DyXpYWw9M6ubgwJOY4IuNEV3JNHsxHdX457CHJ1B3pvyDSRoD4GGQWzFrod/rSdbc6h0Znk520NtZ7qkP+AA3KumXQoREuIENMqFyEeb4jAL/o+NLZJ2s25y37AhIULalSXUWRpFFN4afCogVBX2Lq5fTnARunBy+iM0cTCITKg1PzdagOzpIYZ1301QYewT1wIDAQABozIwMDAdBgNVHQ4EFgQUwIO7jdsbGYhuyUURLCnL8u8aCiswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAPXoIXK5CvTxz3g1MuFheFwcA6CSzDoKFPW4zVdDtZTjVtAd9wnPaH7HpQXLwpPUb3WM8iEX/zgdze8q36+IWIv7LOpMKCDr3+dyeR5dyuSF0HNggANxw64nb8ggfquNYXofQDR8B2fp/c1iXT3NQcZ4CsM37nMLyvKC7n2hWWArrhshFMKZ/AnT+3r996JaT0BopXowQsSIzBNFez3KrBQ2fKj8HuJPZ3VJKnAH+sUBvTup/5qk5+aijalDJU/APvTFLKBom0ifAqZoYgwI/B9H0mEO7qYXokEVtEPX9LS41ALFQl/naWldHpnhmMgpN3Y30HgI+CJIyUxR9k7f0AIYXdGHdXeqc+MhZa25H+ESwSwI7N7FMyxkdzkikWAXIYoKK3o1mdb9+0s1/CstbjWs8QAzUYmZTb1vUAg9tUMhL2LqaWlpnzOOXdQUhRqk1JuYoBAvlesZ5qsgrZxzaQtDZ7hq6oWsqdDScXGUt7SrPvtXFjFXHjdCrfVHISH0RcEsmaSSV6+cjvcSZe3gb/t5lfjmaDMgWvlIHtKONjneUbCKzoYY2OHU/gy4DkWdt4q8SX1a0jLYXkYr7KPKFaDR/oc85PRUsCKg/vhCtRIbTAJ1CCf0RCk61CuONfs18uIvo08JwHJgWVwN/1lq94mdsEzo1SPA5mE4FFr/APuY= |
| ServerSignature | mBS9vsEDuapsM0VlHM6B8h5vf+INDQi3voiFo0zpjjRswnHq50LvCRjwaEqBEVbXAoO9EJSCfjSSQqtNE/WHUGNfuybHO902GabqbHnHKPHnGe0G4aK7U8sisGRLHlVMn4VhuI8+h8E0DcJgWjNRBOKMAGBvRRbjHKIcD6s9FKIe9+QKOMY8uVn2idwculd6TZI1FQfuo52YH40zzql3fTtVwFFu1OD/FroxNw420r9zMtgNKA2RXb2VBuW13KqLwCxBovdKdKDtUFoBDjVpBDwkauT8dr1MP1uENaS/HufwUBekRi4pIDZ+fCazCSjYH6Km/Ac5+WY6AxBGxDdUW7YL3qmoolMkVStyp/bynXz4LQjNVqaOebIIDuzDJdsAeljgYkDVK/6FMHmcxSvFPWh8N+loYYBHQ8LBfSHG3/NEyYAu5BWwfbLXBxwK3KxKagLwD/9Ia0+kMEjii6btXHcNysfGVdkntpPO3otGRhVF9N1KtbiDka6rHKhqqODhCz3ImhZpYKWb4ZcvkxibgBSHMP1knvZgI5P2mfdQ++J6otoZvH/cWROE+2vB+WN8qHb1/lfL87LYlB4erPoa74BLZTZ00hGk+TVvt2AImQhhGi+USNxOS/NzISp6iY7po8wTRQtADEnYtBgtviKobI60SaD2xe3fgBk0iiwi8LE= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | NetworkSecurity.exe |
| Install-Folder | %AppData% |
| Hosts | eco.sa.com,www.eco.sa.com |
| Ports | 80,443,1604,4444,5555,6606,7707,8080,8808 |
| Mutex | icr8a7gMw4ny |
| Version | 0.5.8 |
| Delay | 3 |
| Group | |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | cmNEbDZNYnp3ejFLc2RFM1F5Y2Yxd3l0Q01OaXhXZTQ= Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| CnC | eco.sa.com Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| CnC | www.eco.sa.com Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 80 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 443 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 1604 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 4444 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 5555 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 6606 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 7707 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 8080 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Ports | 8808 Malicious |
0db33c257d847bf64fa107aa79dd5e39 |
| Mutex | icr8a7gMw4ny Malicious |
0db33c257d847bf64fa107aa79dd5e39 |