Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 1e3fd12fee9d2fd27642ed24cff01338
|
| Sha1 | 2f299b8f3839e4259a27f4b1d8af0d2473cfe7e0
|
| Sha256 | a834cec6b236453ee671c23326b60763880a47c93ccc595d6e566ec5f81ade88
|
| Sha384 | 6b969077f5ffb57039b1af20fb9d90b17b13c83e4553723daaa1d1333860c75536c39584d12f8641f3ac3bb3d554c665
|
| Sha512 | 1a7001a98c621da530ce52b7b9ffb034a0adf475724ac545e17e98bd82bb39b3ff28d368f1eaddb4a50de7fc67bb72f9fb227cb8d84a5e9d6ae6639465e64a04
|
| SSDeep | 768:JrMXvwpJbb2zxxO5GOq3zisfvAmQmIDUu0tiKCj:QkK9isXQVksj
|
| TLSH | 95E23C6DFBE64466D1BC1AB50571950013B8D003E523F77E4ECA24E62B2B3C84B88DF2
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | WindowsServices.exe |
| cnc_host [H] | vnew88.net |
| is_dir_defined [Idr] | False |
| Anti_CH | False |
| is_startup_folder [IsF] | True |
| USB_SP | True |
| is_user_reg [Isu] | True |
| cnc_port [P] | 443 |
| reg_key [RG] | 8ddbd6654f61f59ddd883d6079008b9f |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | fly88.krd |
| version [VR] | 0.7d |
| splitter [Y] | Y262SUCZ4UJJ |
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 241 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 4 |
| Main IL | nop <null> call System.Void j.OK::ko() nop <null> ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 241 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 4 |
| Main IL | nop <null> call System.Void j.OK::ko() nop <null> ret <null> |
|
Name | Value |
|---|---|
| CnC | vnew88.net |
| Port | 443 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | WindowsServices.exe |
| cnc_host [H] | vnew88.net |
| is_dir_defined [Idr] | False |
| Anti_CH | False |
| is_startup_folder [IsF] | True |
| USB_SP | True |
| is_user_reg [Isu] | True |
| cnc_port [P] | 443 |
| reg_key [RG] | 8ddbd6654f61f59ddd883d6079008b9f |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | fly88.krd |
| version [VR] | 0.7d |
| splitter [Y] | Y262SUCZ4UJJ |
|
Name | Value | Location |
|---|---|---|
| CnC | vnew88.net Malicious |
1e3fd12fee9d2fd27642ed24cff01338 |
| Port | 443 Malicious |
1e3fd12fee9d2fd27642ed24cff01338 |