Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 10fa0a5c89f32f2575487b3df9aadeb7
|
| Sha1 | 8a5018513d310a9da23a7dab601042c3dd4728d4
|
| Sha256 | 98e46f012a28847c685bb505deadb9a14c8b4eae478d1799ac022b35071e8c5a
|
| Sha384 | be16a8cfff2e92988ae13f34d6852ab9c3605adaea26bf4c13c8be3e45ae9a33d852dd7d4c772e72ea4508a92baa8590
|
| Sha512 | 025d81186773212f7cd2f08d839579913855a3713c2a800af67bf8684484a560b55c0745803c91c6e4d8f313ff7bd689d7aaa0338aa1d9d6a60151a07786300c
|
| SSDeep | 1536:Kub3dT5Pk27eR3H3bH1SHvlQVAkYdJS+VGdRxR:KubtT5Pk2yR3H3bHiQVYLMjxR
|
| TLSH | 7B435D007BE9822BF2BE5F7499F26145467EF6633603EA4D2CC441D74623FC58A426FA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | dXd6T3p0eVVNUXM1ZkxhSXJ0S3hLUWZ3UENjTFZya1M= |
| Pastebin | - |
| Certificate | MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFwXjs8+Tjb6rGW2uRjpX92Pyhjh8LBpkQ8ZVWmHgnrg6rG0F60rBKz4ew8WXbKcUo3Q+oz/td4gqFQDlhw1kKoLeUmr+9QKyInnm/2UOlpU4DY3Vpgw9RKXcNYyUemiFybYORXhX5itphsOy7VNGbmDGcokwXemsR8Dxtx/fxqxdTSIJt2+bnMbPPCL05l7xkOyVQMnLIGcsDBoQXotDfeKlpluqyut2YjHGluh/uIUb/c37ZW17RCI+CtrNRGQjB8ErSBSWGtlxKh6a7DtgUD3Ixy87tueEKyeiHIjKNGM2DeeYpPp94vQ1L9omOqV6XBPRIlE8dZG2wIEh9U7nAbyILI5CsDNK3ZKIo9rFYVDCqRpjSpDW6EE3X+megquYTgBmYwz0wc3Nm7DyXpYWw9M6ubgwJOY4IuNEV3JNHsxHdX457CHJ1B3pvyDSRoD4GGQWzFrod/rSdbc6h0Znk520NtZ7qkP+AA3KumXQoREuIENMqFyEeb4jAL/o+NLZJ2s25y37AhIULalSXUWRpFFN4afCogVBX2Lq5fTnARunBy+iM0cTCITKg1PzdagOzpIYZ1301QYewT1wIDAQABozIwMDAdBgNVHQ4EFgQUwIO7jdsbGYhuyUURLCnL8u8aCiswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAPXoIXK5CvTxz3g1MuFheFwcA6CSzDoKFPW4zVdDtZTjVtAd9wnPaH7HpQXLwpPUb3WM8iEX/zgdze8q36+IWIv7LOpMKCDr3+dyeR5dyuSF0HNggANxw64nb8ggfquNYXofQDR8B2fp/c1iXT3NQcZ4CsM37nMLyvKC7n2hWWArrhshFMKZ/AnT+3r996JaT0BopXowQsSIzBNFez3KrBQ2fKj8HuJPZ3VJKnAH+sUBvTup/5qk5+aijalDJU/APvTFLKBom0ifAqZoYgwI/B9H0mEO7qYXokEVtEPX9LS41ALFQl/naWldHpnhmMgpN3Y30HgI+CJIyUxR9k7f0AIYXdGHdXeqc+MhZa25H+ESwSwI7N7FMyxkdzkikWAXIYoKK3o1mdb9+0s1/CstbjWs8QAzUYmZTb1vUAg9tUMhL2LqaWlpnzOOXdQUhRqk1JuYoBAvlesZ5qsgrZxzaQtDZ7hq6oWsqdDScXGUt7SrPvtXFjFXHjdCrfVHISH0RcEsmaSSV6+cjvcSZe3gb/t5lfjmaDMgWvlIHtKONjneUbCKzoYY2OHU/gy4DkWdt4q8SX1a0jLYXkYr7KPKFaDR/oc85PRUsCKg/vhCtRIbTAJ1CCf0RCk61CuONfs18uIvo08JwHJgWVwN/1lq94mdsEzo1SPA5mE4FFr/APuY= |
| ServerSignature | g5mJx4D2T9PF2W/9LuWC5WrGiXhzbGC4reqEjcQcwc8Rv3tc3Ui7J+n9YkawTM64fE0wvnZKRMb+X2uIM9qV0pw/CdZKFLypSQhwm2iFQfYb7CrBACiXlKq/tBmOG1/zYdNqQGPhNEqQAtStUA4uuMWkqRtKLCZauKPgyUsAzPZ4LvhG5pYBOCRM3M2JLQEccks2lPI5Yg8znRVAcbK18YLf1Y4Z1nXB1RhmQUotrLvAnJQHngVOsDzeZrOtcAKVgq7aj/0gtG2W4GUqpUuANbvuDYBHsonEP3f+yYg/dRSjFK2V/SeLxyshzduv37KjGtf2Cr7yiLRMTzCAAOkVc+ZKzERmXlWVP1rvm8mF5/WkgiVopGqlxfsqmWN2B44PP/OyP9M3w0qBcCxyo3yWwxBJORwjyKIaZcXoOvj/gTcAknBlNM/ZYZ8VjVt6M6FyaIBuw9DLMYp1VTJWfvOvH+10K7kkAtFyWHQotrV6V4N5ir1d1EjC3IVOVRmuBwNFvRpKE6QLSlaJXX3WsRWa84zi133XdvWIqoN16ExcLT+6Y8T/ZOd8r6A6XxGejrjpZpgXOydmu6iQt5RUPw6JVrkslvuN7hWk/GpnlSeokWPQpS87JCUGi2/6P+HapXFw7fiHZH0Gx3gKxxlcUJm/2COy1pzKJR9pqZ5sTmHhsZE= |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | Facebook.exe |
| Install-Folder | %AppData% |
| Hosts | drfdm.za.com,www.drfdm.za.com,mozammilhayatt.in.net,www.mozammilhayatt.in.net,xpch.sa.com,www.xpch.sa.com |
| Ports | 80,443,1604,4444,5555,6606,7707,8080,8808 |
| Mutex | 40dW48Sz8n9n |
| Version | 0.5.8 |
| Delay | 3 |
| Group | |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Facebook.exe |
| Full Name | Facebook.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | Facebook.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | Facebook.exe |
| Full Name | Facebook.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | Facebook.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | dXd6T3p0eVVNUXM1ZkxhSXJ0S3hLUWZ3UENjTFZya1M= |
| CnC | drfdm.za.com |
| CnC | www.drfdm.za.com |
| CnC | mozammilhayatt.in.net |
| CnC | www.mozammilhayatt.in.net |
| CnC | xpch.sa.com |
| CnC | www.xpch.sa.com |
| Ports | 80 |
| Ports | 443 |
| Ports | 1604 |
| Ports | 4444 |
| Ports | 5555 |
| Ports | 6606 |
| Ports | 7707 |
| Ports | 8080 |
| Ports | 8808 |
| Mutex | 40dW48Sz8n9n |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | dXd6T3p0eVVNUXM1ZkxhSXJ0S3hLUWZ3UENjTFZya1M= |
| Pastebin | - |
| Certificate | MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFwXjs8+Tjb6rGW2uRjpX92Pyhjh8LBpkQ8ZVWmHgnrg6rG0F60rBKz4ew8WXbKcUo3Q+oz/td4gqFQDlhw1kKoLeUmr+9QKyInnm/2UOlpU4DY3Vpgw9RKXcNYyUemiFybYORXhX5itphsOy7VNGbmDGcokwXemsR8Dxtx/fxqxdTSIJt2+bnMbPPCL05l7xkOyVQMnLIGcsDBoQXotDfeKlpluqyut2YjHGluh/uIUb/c37ZW17RCI+CtrNRGQjB8ErSBSWGtlxKh6a7DtgUD3Ixy87tueEKyeiHIjKNGM2DeeYpPp94vQ1L9omOqV6XBPRIlE8dZG2wIEh9U7nAbyILI5CsDNK3ZKIo9rFYVDCqRpjSpDW6EE3X+megquYTgBmYwz0wc3Nm7DyXpYWw9M6ubgwJOY4IuNEV3JNHsxHdX457CHJ1B3pvyDSRoD4GGQWzFrod/rSdbc6h0Znk520NtZ7qkP+AA3KumXQoREuIENMqFyEeb4jAL/o+NLZJ2s25y37AhIULalSXUWRpFFN4afCogVBX2Lq5fTnARunBy+iM0cTCITKg1PzdagOzpIYZ1301QYewT1wIDAQABozIwMDAdBgNVHQ4EFgQUwIO7jdsbGYhuyUURLCnL8u8aCiswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAPXoIXK5CvTxz3g1MuFheFwcA6CSzDoKFPW4zVdDtZTjVtAd9wnPaH7HpQXLwpPUb3WM8iEX/zgdze8q36+IWIv7LOpMKCDr3+dyeR5dyuSF0HNggANxw64nb8ggfquNYXofQDR8B2fp/c1iXT3NQcZ4CsM37nMLyvKC7n2hWWArrhshFMKZ/AnT+3r996JaT0BopXowQsSIzBNFez3KrBQ2fKj8HuJPZ3VJKnAH+sUBvTup/5qk5+aijalDJU/APvTFLKBom0ifAqZoYgwI/B9H0mEO7qYXokEVtEPX9LS41ALFQl/naWldHpnhmMgpN3Y30HgI+CJIyUxR9k7f0AIYXdGHdXeqc+MhZa25H+ESwSwI7N7FMyxkdzkikWAXIYoKK3o1mdb9+0s1/CstbjWs8QAzUYmZTb1vUAg9tUMhL2LqaWlpnzOOXdQUhRqk1JuYoBAvlesZ5qsgrZxzaQtDZ7hq6oWsqdDScXGUt7SrPvtXFjFXHjdCrfVHISH0RcEsmaSSV6+cjvcSZe3gb/t5lfjmaDMgWvlIHtKONjneUbCKzoYY2OHU/gy4DkWdt4q8SX1a0jLYXkYr7KPKFaDR/oc85PRUsCKg/vhCtRIbTAJ1CCf0RCk61CuONfs18uIvo08JwHJgWVwN/1lq94mdsEzo1SPA5mE4FFr/APuY= |
| ServerSignature | g5mJx4D2T9PF2W/9LuWC5WrGiXhzbGC4reqEjcQcwc8Rv3tc3Ui7J+n9YkawTM64fE0wvnZKRMb+X2uIM9qV0pw/CdZKFLypSQhwm2iFQfYb7CrBACiXlKq/tBmOG1/zYdNqQGPhNEqQAtStUA4uuMWkqRtKLCZauKPgyUsAzPZ4LvhG5pYBOCRM3M2JLQEccks2lPI5Yg8znRVAcbK18YLf1Y4Z1nXB1RhmQUotrLvAnJQHngVOsDzeZrOtcAKVgq7aj/0gtG2W4GUqpUuANbvuDYBHsonEP3f+yYg/dRSjFK2V/SeLxyshzduv37KjGtf2Cr7yiLRMTzCAAOkVc+ZKzERmXlWVP1rvm8mF5/WkgiVopGqlxfsqmWN2B44PP/OyP9M3w0qBcCxyo3yWwxBJORwjyKIaZcXoOvj/gTcAknBlNM/ZYZ8VjVt6M6FyaIBuw9DLMYp1VTJWfvOvH+10K7kkAtFyWHQotrV6V4N5ir1d1EjC3IVOVRmuBwNFvRpKE6QLSlaJXX3WsRWa84zi133XdvWIqoN16ExcLT+6Y8T/ZOd8r6A6XxGejrjpZpgXOydmu6iQt5RUPw6JVrkslvuN7hWk/GpnlSeokWPQpS87JCUGi2/6P+HapXFw7fiHZH0Gx3gKxxlcUJm/2COy1pzKJR9pqZ5sTmHhsZE= |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | Facebook.exe |
| Install-Folder | %AppData% |
| Hosts | drfdm.za.com,www.drfdm.za.com,mozammilhayatt.in.net,www.mozammilhayatt.in.net,xpch.sa.com,www.xpch.sa.com |
| Ports | 80,443,1604,4444,5555,6606,7707,8080,8808 |
| Mutex | 40dW48Sz8n9n |
| Version | 0.5.8 |
| Delay | 3 |
| Group | |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | dXd6T3p0eVVNUXM1ZkxhSXJ0S3hLUWZ3UENjTFZya1M= Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | drfdm.za.com Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | www.drfdm.za.com Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | mozammilhayatt.in.net Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | www.mozammilhayatt.in.net Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | xpch.sa.com Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| CnC | www.xpch.sa.com Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 80 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 443 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 1604 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 4444 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 5555 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 6606 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 7707 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 8080 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Ports | 8808 Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |
| Mutex | 40dW48Sz8n9n Malicious |
10fa0a5c89f32f2575487b3df9aadeb7 |