Malicious
Malicious

11cd7d2c12f95e5d0f5d266081347a4d

PE Executable
|
MD5: 11cd7d2c12f95e5d0f5d266081347a4d
|
Size: 47.1 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
11cd7d2c12f95e5d0f5d266081347a4d
Sha1
02ed019cc8b80631f51c851d8cd578f0a9378986
Sha256
8d442884095406939c783e9c1f2b872026643a3bdd21545748e87033aa88a855
Sha384
99a3a8cba9bc27465d6dee7af16b251dca59d1040561ab5e906eef4350d18fefc96bca7d5148b6ad2f7b0704a5de9de6
Sha512
ec24a3e1402e7ee217bdcff97a1ba9fedd4e37730e901109b49799eca2c61529fc538e16a299ad4ad6d0e4cc0983c68876fe7aa5f6b756e8d87e2dccd0668657
SSDeep
768:YCq/z5bX/wPLsekOicvHk3eHlWMPbPgF0qahx/BRYI6OC22tYcFmVc6K:YC7seXvZH0ub4Fr4J/6O7KmVcl
TLSH
DD232C003BE98126E2BE5FB8ACF5614187B6E6633503D65A3CC841D74B137C6CE52AF6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
11cd7d2c12f95e5d0f5d266081347a4d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

a25lY0gxZlZLSGI3b1RFcENJeUVOdXBMR3F6ZHNWblE=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

rPhiZllemAfi3zRop+loWHMFW0mcnKRMd8ZqT2xWjHOD65CVXeh1O45BrOm86kk3+3bgAN9LkwZP4LDsTb8W5YJXAsLZ8qZLKByFP48geeXZ7QHAah9t0KeAgAFxM+TFUGI6NneVpOwq3LIGugKkXqiUtz5JT2tIL4als+03RjFWrpqYeAV8Gbktff0C+yUJDkqqHwhzCnTtUEYCgGhtFL4B+uMDOaTjitXPlbiOegjxwOdM+jPnvKy7mn5XDZqr/RzielNMGp/tXpCYeVgGgpN1cnrHYJ/e0mjP/7+Fv9jOBu5e0Z3QafjJNBxDXv03YMyP3iv64udT++eJ6ocGjiYfPYKnBZAH/6/DXlN6tWIoHpqg8nIkfB5s+z4hi2IFv0RGgqtqEWOEfxqm7q7TpXHVM+7j65RmHzMWjv7QTx293wvtkMU5rZREtGUpA6mSITKOHT3yXgFgUcveMcSjqL40lyADrz7BnQWh4vIgvgk326GrmIbrjkNhdwWPRGbEcRXawccYjVqjwjjUTNeWWqxbXqFNNW43UsfUq3FHQN7J9R0u1hSTu9GIVJq/hMeAKQUuD+OhrYh4WjEA75Oj9xJAW2dylVuNyNq3buNUNpxBIuaDv2M0p+EJMORUj5mXyV9T7nbpIyuB8A7Kjl6nsf93r//0lT2/rf1RzGRGXXE=
Install

false
BDOS

false
Anti-VM

false
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

xoso360.com
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

a25lY0gxZlZLSGI3b1RFcENJeUVOdXBMR3F6ZHNWblE=
CnC

xoso360.com
Ports

80
Ports

443
Ports

6606
Ports

7707
Ports

8080
Ports

8808
Mutex

mestizo.co.com
11cd7d2c12f95e5d0f5d266081347a4d (47.1 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙