118b634961d975dfa659e9b8e71c5524
PE Executable | MD5: 118b634961d975dfa659e9b8e71c5524 | Size: 46.08 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 118b634961d975dfa659e9b8e71c5524
|
| Sha1 | 3ba5ea6739bd7d1e4dd8e19146a8532cea50addb
|
| Sha256 | 9002cf282676bb568dd82bb012e19700f8acaa77f14cc99d0132f4cb525a9425
|
| Sha384 | 14071600a32f13a65214f3791d286482aff2720e3acee3a494138db18b7f29f84a5c52f1e73ccb7ce3db085d02a654b2
|
| Sha512 | b39a4572ffd3fbcfa872144076ee851c57a6d8c7e8a132e8e65d8f6612e802567eaf3ccf3ee2a5b96452ccedfd57c4e6f034689be2a4080113f346e7ee4804ac
|
| SSDeep | 768:yuPfZTg4pYiWUU9jjmo2qrYKjPGaG6PIyzjbFgX3igMvmejfADmoiBDZqx:yuPfZTgKa2BKTkDy3bCXSjelmdqx
|
| TLSH | 03232B003BE8823BF2BE5F789DF25145467AF1A32603E6591CC451DB5B13FC68A426EE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | YUdOMjI1bEZYQUNuaVI4TFZ4YTA3UFJ1MUxEZWY5d00= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIZglKJCK1+yZT6g78JBATANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwODIwMDc1MjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANQK1TP3H8ML3jCfTD6jdBc+eOhgvtWWFYS1oJKokdclTyLC0fOfncM+R907uIPLee32vwB5dxirvvd2qGFWMz9+TqVifVUiYFEon4STkezhobrXELr4PgIm3CH6tfeWfzUGKA16zm7lobBCKKq+grRo4ExD6b2mQxXhL/dPHz2liF5nGi4FhlqEg38TPn8PoL78AHDNBAg8Rc69hiKR96bEY6230oaT2jls0U5HC+l3SJHKZRvZy353+KygMuLi7q8huyT8AjxBuc11sPEXrcCSl4zDGNWpYhSNGrTxv0E1aVyH4HzsE8TEzLI4GgkzTlq1TB1n7XqXJHvTZge65H6Iz1O+RU/2en97GlHthteH/VyDHChBCp8OXdDnb2rW8WAgbjrI/ljFJCBcUE+PdE+XQB5hNpo/ib8c1yWFpYMM7ZujQk+BzcalRTz+2fdb8uktlJJcFLoxQ60S33iiMH5LiPyj+tj/jYyVi2zTNdFe++LaIeYPChyw2fTEo53mK/OgqWqwNRlnvB0dmcT4h5KlWMiGQ/yXbAoh9c1FxOqjuFffiMeGnkLKr/HZDPwuCNpLND/1a1OmdgybJnjSqVCwjbAw4PD3DMi79VIvx3iUtUVmlix7WJ3iGsFnXqazwZckXgbZbbxq4HOjdCSUlyGmWdGqegHOT8qzg8EVe05VAgMBAAGjMjAwMB0GA1UdDgQWBBRiDw+Kv+F0qQfOiJhON6Hbz2wYoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCivf5lxd4wc5EMrjhJFqy15GDZ83OZmLciHkgxeQPrwrTYd1krts4TqFMX99RS0PcpbfNg/uEfwxFr5dtwPBr5s1bo1uQf2kiikxeIv1XQJCYq57MuhJcvuwLYpFnVNi3fQwew+PuzOIkhWq2MeqC6F1Z1V0xm4u49K2c8CJ9TW0WFTT0MSpjR+/VkH7zcSsoEBc/Z0sn+SYDzkCU290SLi5T5wVsLvX/CWWihPyMXkVzUH579nSdJ6kQ7YkeZm2UpDCH3BDORkrDvPZFlCFFqTpiepgqaSukuUONorzdD/o9zSchx1lrXMgLFCtDlUXQ5rbWCp2Oqv/CIJXjUpPHC5IdSf8WjddYj1L5tWWE9xN/BSTVCyo5/8EhiPVptHh1RSFv7Coy2Mcd6eOqyaA1wD2YYMvNjzV02sIIZhLvlQCNHwxaYDzVgUsn9FZJadkg8v8sDFdcsqxrYixDSPWSSjrRDP15qSeIVYetvxmVm1hwqrO20q1lntM+bbUVBT+K0OEJvg2RgVP3RW2OCq+S7pblQ/gsrHMSbQ4jdO6YzOHkKVji2fbSDdwawP4zZMH3+e5KAHpsQtuK5jiuJRay6TfkSIfSaP30SWKaC5d3L4cFmgciAeH6gUSlPFRJb1T+jxVta2o0cnjGOQEEqbRpF4anOkc69uMpenf94ob/UsA== |
| ServerSignature | zq07NldfD4A3yUprx58pCZaUkfT70WTq4D3xt4Yrxg1FlDE+NPkM5QvSstgh6fSe0sPH5FW6Qi++EvKj108Z51530S5b8e6WnjBlDdUyqNU9AXxe6CLUV3PtUlF2la6p/FhzDqMAatqdvHND3a+gzcO7THIxM6TnCkhmTVk2emWFOXYnLNR9h9gpTAWPKQ0uaFTMDyGkAeNJt+Oxn/irg6HCXda9q4ARWOqzUez1sEOeaM6fW4DAMcgn1IK6XDXXa88t+S8qdV5HnB6ygur37n2CjHuw8YNfpQ454LF/tSQqQNMg1vEnCIjIAaf6TLcZAq/evO146UD1jEjwWw0pURBG7GLfwqaBGBQR18jp+xxsDsBNc4hQI3P1KusLDyvei/nAy+NblMBdnnke7gKvb1UN1QMnEHVUCAL5N8ur/VoXfvJqJmqwsPPSYk5Kt8LBPSYToM9itiSO1YqYiWB4c2s6QIfYZ1HxvbSOlqwFl9hdxfElpS44+RnH+blcCgPIoVXsCbk84E2BCIpSdtEZ7MzJGRrEdgHydDZM+kXiN1vU9Ig0zzuXy1uEdlaFxUTZZ+BwJUbQSVZ4YaXamtomJsjoS/gmJUmvpu+9J9/dchukORyQwgjIGKEbuBnw52e5JNrge7mRePGActulOQCXk5ISP1yQ9qID |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | parts-ways.gl.at |
| Ports | 34357 |
| Mutex | z2Z9OPXoZHkh |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | YUdOMjI1bEZYQUNuaVI4TFZ4YTA3UFJ1MUxEZWY5d00= |
| CnC | parts-ways.gl.at |
| Ports | 34357 |
| Mutex | z2Z9OPXoZHkh |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | YUdOMjI1bEZYQUNuaVI4TFZ4YTA3UFJ1MUxEZWY5d00= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIZglKJCK1+yZT6g78JBATANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwODIwMDc1MjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANQK1TP3H8ML3jCfTD6jdBc+eOhgvtWWFYS1oJKokdclTyLC0fOfncM+R907uIPLee32vwB5dxirvvd2qGFWMz9+TqVifVUiYFEon4STkezhobrXELr4PgIm3CH6tfeWfzUGKA16zm7lobBCKKq+grRo4ExD6b2mQxXhL/dPHz2liF5nGi4FhlqEg38TPn8PoL78AHDNBAg8Rc69hiKR96bEY6230oaT2jls0U5HC+l3SJHKZRvZy353+KygMuLi7q8huyT8AjxBuc11sPEXrcCSl4zDGNWpYhSNGrTxv0E1aVyH4HzsE8TEzLI4GgkzTlq1TB1n7XqXJHvTZge65H6Iz1O+RU/2en97GlHthteH/VyDHChBCp8OXdDnb2rW8WAgbjrI/ljFJCBcUE+PdE+XQB5hNpo/ib8c1yWFpYMM7ZujQk+BzcalRTz+2fdb8uktlJJcFLoxQ60S33iiMH5LiPyj+tj/jYyVi2zTNdFe++LaIeYPChyw2fTEo53mK/OgqWqwNRlnvB0dmcT4h5KlWMiGQ/yXbAoh9c1FxOqjuFffiMeGnkLKr/HZDPwuCNpLND/1a1OmdgybJnjSqVCwjbAw4PD3DMi79VIvx3iUtUVmlix7WJ3iGsFnXqazwZckXgbZbbxq4HOjdCSUlyGmWdGqegHOT8qzg8EVe05VAgMBAAGjMjAwMB0GA1UdDgQWBBRiDw+Kv+F0qQfOiJhON6Hbz2wYoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCivf5lxd4wc5EMrjhJFqy15GDZ83OZmLciHkgxeQPrwrTYd1krts4TqFMX99RS0PcpbfNg/uEfwxFr5dtwPBr5s1bo1uQf2kiikxeIv1XQJCYq57MuhJcvuwLYpFnVNi3fQwew+PuzOIkhWq2MeqC6F1Z1V0xm4u49K2c8CJ9TW0WFTT0MSpjR+/VkH7zcSsoEBc/Z0sn+SYDzkCU290SLi5T5wVsLvX/CWWihPyMXkVzUH579nSdJ6kQ7YkeZm2UpDCH3BDORkrDvPZFlCFFqTpiepgqaSukuUONorzdD/o9zSchx1lrXMgLFCtDlUXQ5rbWCp2Oqv/CIJXjUpPHC5IdSf8WjddYj1L5tWWE9xN/BSTVCyo5/8EhiPVptHh1RSFv7Coy2Mcd6eOqyaA1wD2YYMvNjzV02sIIZhLvlQCNHwxaYDzVgUsn9FZJadkg8v8sDFdcsqxrYixDSPWSSjrRDP15qSeIVYetvxmVm1hwqrO20q1lntM+bbUVBT+K0OEJvg2RgVP3RW2OCq+S7pblQ/gsrHMSbQ4jdO6YzOHkKVji2fbSDdwawP4zZMH3+e5KAHpsQtuK5jiuJRay6TfkSIfSaP30SWKaC5d3L4cFmgciAeH6gUSlPFRJb1T+jxVta2o0cnjGOQEEqbRpF4anOkc69uMpenf94ob/UsA== |
| ServerSignature | zq07NldfD4A3yUprx58pCZaUkfT70WTq4D3xt4Yrxg1FlDE+NPkM5QvSstgh6fSe0sPH5FW6Qi++EvKj108Z51530S5b8e6WnjBlDdUyqNU9AXxe6CLUV3PtUlF2la6p/FhzDqMAatqdvHND3a+gzcO7THIxM6TnCkhmTVk2emWFOXYnLNR9h9gpTAWPKQ0uaFTMDyGkAeNJt+Oxn/irg6HCXda9q4ARWOqzUez1sEOeaM6fW4DAMcgn1IK6XDXXa88t+S8qdV5HnB6ygur37n2CjHuw8YNfpQ454LF/tSQqQNMg1vEnCIjIAaf6TLcZAq/evO146UD1jEjwWw0pURBG7GLfwqaBGBQR18jp+xxsDsBNc4hQI3P1KusLDyvei/nAy+NblMBdnnke7gKvb1UN1QMnEHVUCAL5N8ur/VoXfvJqJmqwsPPSYk5Kt8LBPSYToM9itiSO1YqYiWB4c2s6QIfYZ1HxvbSOlqwFl9hdxfElpS44+RnH+blcCgPIoVXsCbk84E2BCIpSdtEZ7MzJGRrEdgHydDZM+kXiN1vU9Ig0zzuXy1uEdlaFxUTZZ+BwJUbQSVZ4YaXamtomJsjoS/gmJUmvpu+9J9/dchukORyQwgjIGKEbuBnw52e5JNrge7mRePGActulOQCXk5ISP1yQ9qID |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | parts-ways.gl.at |
| Ports | 34357 |
| Mutex | z2Z9OPXoZHkh |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | YUdOMjI1bEZYQUNuaVI4TFZ4YTA3UFJ1MUxEZWY5d00= Malicious |
118b634961d975dfa659e9b8e71c5524 |
| CnC | parts-ways.gl.at Malicious |
118b634961d975dfa659e9b8e71c5524 |
| Ports | 34357 Malicious |
118b634961d975dfa659e9b8e71c5524 |
| Mutex | z2Z9OPXoZHkh Malicious |
118b634961d975dfa659e9b8e71c5524 |