Malicious
Malicious

1b37fb289ad1e3da62510caf740de1ce

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: 1b37fb289ad1e3da62510caf740de1ce
Size: 48.64 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
1b37fb289ad1e3da62510caf740de1ce
Sha1
0468dca0ebefd05537dfa9a770b7c9e332aa4093
Sha256
c9eadf5f3be0996c41ad4c42f7bf530b74d8682ac630cea018dd0edefa07d4ea
Sha384
599ffe391574047063c57a6fd7e0ce64f2502af6313ef1e314d1475b49470333406a339efc52eaadf9f88e97a758ca1d
Sha512
5483b4cad4dcaaf63c6438bcb58ca085037c4ef4ca95361a5f05347e2cecbf1d66ebf6cdcf95bfebac125707af2f11dd6ded1afba583309ea898e943c0c8fa57
SSDeep
768:kuSEa5TAYOTSWUkC+zmo2qLnrSBHYPrUmIPImXQIJXOBjr0bEDx/wreq0YlAm+dS:kuSEa5TAxv2qrSGrUamXLp2gbEDx+eqt
TLSH
8B233D003BF9C12BF27E4F7858F22145867AF2673603D54E2CC4469B5A13BC29A525FE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1b37fb289ad1e3da62510caf740de1ce
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

Q0thZXRGVmFPQnFzc0JaWndIY3pVRTZKOGttcFBsc0c=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAPi56EgrELeZNiW0ZTsiuzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNjE1MTYzMzA5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK7dEPv58ald14XBWZk/JPbZBcEt3k9Y7QWQDRq/rRmqUVOTurC1YSGJUDsq4WXvDiPJnCCZFA5Ad/sW4iXGrWL2EFCejmAihFGNZUYt3plQwiYNi9I8QyeuTdjFi4U6BZMghyZZnDqhqK+azELiGW/wEkfyLx3uCtOpqAv+3rWWx+0awnQHTKpBABlDVBt4593JBN44aV8PsLIAVOSs+MUvbSTnVD/Ns7Awu9+SU5BlCefi28FYidGh2aEnHtOvA+7IgXc/4Rwr42yTQ3Saz/uncFRzZeZxYgzMnRfzqzBPMY1Ha2ge7A+lzTtkSlMIirvzOYflCmMIe3gh7TvTBeeg9vEVYWMEzOJm20rBCdw9hQPoh+YrAdt0NHxat/g9XfFR7WaW51xUWCD9JbDycqeSFtdnRffnVgjxt5rPBu9J6u6bZuDRfgHZsiTl7pZYaf9hnR8+SZ98t6XPtTvlXvKEroL8OPzHcUMYh1ZxRFuDe6uN+tS2ThUwSI/xibwhdvh0tnRV1m78HN+OMi0Aca1XVh9fElZDfX8AXC7QLcBh/rXGIn8TsVsvN77+Xo1OR6vyeP9hpuITszf0q4NFbQDAaeRXOn20+aDjnPawhSCjIR02G9/T4O/TQRNq8mDEPmfVlKkALupPrkI1RtmAdL0cG8wwRqIIh/D9/SsJR86NAgMBAAGjMjAwMB0GA1UdDgQWBBTkFMIf3Xb9I64uzcWX8sflehtzKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAGOF8VYxAuGyNrZu09cGPWB33myGXxHJ6vDX+Dsmu5olO8wCTQd7YNp8+neKcwFPa8nuRx7qq/1PQEE2rlalWqeO4r0iG/8y5fSRoyvsi96tQBbxws9gk8D7Jg1qVuLH9BjnMSVeYzyDg64gKyn6LPDo3+MsWSOEc41dSn8gpFdGK3/RWDqQ0LY1kQdaqJJolscngD9wzXYDA4GKwxQLLeDulB6QiVu2GXXKvxc9IaiYiHk9TWMSEkMnJHltlXJFh/ZRyjY/APN6j1NUCUtSDZbiN3qP/mI9vRm+AvFZVg6mD7TXepAmtCHFwhtSGokYtifjpiwdi4KkESTPrbux+LSROIVOooeck8BLQPBjVi88pHVk1+S8r/LnmvlIuvUEDcDBWz6rT6ATz75kAQr2xleP35JWWWk1H7cy8PEzuIBoroSEsesNlD3lfanhxP5ZMDJ4dGn3KIiUQg5JmbWwEVMCvJFNWZLqQ/Ih0w1+i1dxbJ1PUbvH2sN/7GjB3ADeiI/Z0oPIOG/2UuYVJ5pf8R7jwhg4xCA+E8ZjcYKh8fldgPPcCVxtMAObXmFrRhuKG1N6WV85PGgF+AKZdLf7N8NDr+L4PvmcCude5s4tT/66lKtq8v+E69pxd9amhXREqyeaPJNYLPKoaGV/Ue88SrCABguDpNV2dfC8FSHsTwIA==
ServerSignature

aIIXGoRiqaB25mdD7A8t9JeCUR5KqN0J9RaNE//x1JM9/GGI+Vhqeky/+vA5BkxZu29ALZxHPntAK35XBH/B9zTHQhViAyjgS8rHD1YSBveSaYsqnnCbz25jSlp98lw++LYMbCk7Kr1xTe38dODxpuVshxe613BjlIHl3w/QQztiIPXhViB7UNJjWkkqyHc7/zGHZHXqhDbOYwnOiLo6Xmr9mwJvTkAbIP+jES85RsPCn3c6ar2ANNEjT74KvxbI1DB5eP39ai0Vhc+SN6qILHXefQ6ytEUOTfkoqM8/sV5m2a62OQKpxp0aNqOvEE4eQ9Fisu7v4Q4lxdSiNjFnQpuEdoDOOF/Kkr+el4Rmd+OPzRZ3DApQ31Zx6CUt3JZxz+3fv/MoPx79a8eju9wdGHyY4UTvmPOFfq0YQH2vWIq+vqnZ+JaJVZaiF/i51S7Mt6ODfrYVLpbPw+LRVEvnwnOladAL9R3T6n/eh+wUAY3ihmn6hA6q+czRGaVU5R6bzojqWB+JK7uGfq24RshhSCErzgbDpboVuXQucqw3u9kAkm+KX147pXdDeAUXb+9fh/+lV+5nvpQKjQTuB6F7XYY+phoWm99OxLBjZno6heh4r51dVidgaZu8WlqN753cMzDL5GhZ9z5Pr5Hm2D0DmTt9IuNd/55B/9xHeLvZEEE=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

127.0.0.1,185.56.46.230,host.serveminecraft.net
Ports

1605,6606,7707,8808
Mutex

kknCAPElLjzZ
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

wDzpZixuWcs
Full Name

wDzpZixuWcs
EntryPoint

System.Void XLhLHpiIIVVxH.pQSAsAOqmeHq::Main()
Scope Name

wDzpZixuWcs
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

duh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void XLhLHpiIIVVxH.pQSAsAOqmeHq::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::sXYQGbkfAuFEN call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean XLhLHpiIIVVxH.lKyPDNDjcybjCP::IpyxmWJvlBuvm() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean WcDbFqSfFHJM.ZWkeXweLcAR::mGkLbZkyTaR() brtrue IL_0043: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::hHbulrKqsmv ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::hHbulrKqsmv call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UdsohqXqrUtn call System.Void WcDbFqSfFHJM.ZynZPNMePqt::JTwgUsTmzJRacyLZF() ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UdsohqXqrUtn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UQvaWVcHOdRzWn call System.Void ikLRDRdPpVxvTpB.FmckbTwYoaEa::JnUsmRJyDUDkV() ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UQvaWVcHOdRzWn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() call System.Boolean WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::XCXHvefLUImTuz() brfalse IL_0089: call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() call System.Void WcDbFqSfFHJM.rsIRgGZqUgGmueM::lkhEtZMCuOSUvq() call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::owFDhTeylAJqlOoz() call System.Void KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::bBoMhHFiBHjBb() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

wDzpZixuWcs
Full Name

wDzpZixuWcs
EntryPoint

System.Void XLhLHpiIIVVxH.pQSAsAOqmeHq::Main()
Scope Name

wDzpZixuWcs
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

duh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void XLhLHpiIIVVxH.pQSAsAOqmeHq::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::sXYQGbkfAuFEN call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean XLhLHpiIIVVxH.lKyPDNDjcybjCP::IpyxmWJvlBuvm() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean WcDbFqSfFHJM.ZWkeXweLcAR::mGkLbZkyTaR() brtrue IL_0043: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::hHbulrKqsmv ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::hHbulrKqsmv call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UdsohqXqrUtn call System.Void WcDbFqSfFHJM.ZynZPNMePqt::JTwgUsTmzJRacyLZF() ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UdsohqXqrUtn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UQvaWVcHOdRzWn call System.Void ikLRDRdPpVxvTpB.FmckbTwYoaEa::JnUsmRJyDUDkV() ldsfld System.String XLhLHpiIIVVxH.lKyPDNDjcybjCP::UQvaWVcHOdRzWn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() call System.Boolean WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::XCXHvefLUImTuz() brfalse IL_0089: call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() call System.Void WcDbFqSfFHJM.rsIRgGZqUgGmueM::lkhEtZMCuOSUvq() call System.Void WcDbFqSfFHJM.fHZlKfwGQTeuNVUH::nwaSwVWUOoq() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::owFDhTeylAJqlOoz() call System.Void KosCRPUeCwDij.EHfmnOJfuHnkxfhKIN::bBoMhHFiBHjBb() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

Q0thZXRGVmFPQnFzc0JaWndIY3pVRTZKOGttcFBsc0c=
CnC

127.0.0.1
CnC

185.56.46.230
CnC

host.serveminecraft.net
Ports

1605
Ports

6606
Ports

7707
Ports

8808
Mutex

kknCAPElLjzZ
1b37fb289ad1e3da62510caf740de1ce (48.64 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙