Malicious
Malicious

20a96e130d7c0141531d4be69baed599

PE Executable
|
MD5: 20a96e130d7c0141531d4be69baed599
|
Size: 77.82 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
20a96e130d7c0141531d4be69baed599
Sha1
8efecef829efc0232ae2cd48f5e1b4f7eda71a02
Sha256
04206c143c79f1c33d855eb781995ff764fbcb8649a3422d59b0540cbc2e00f0
Sha384
4f2a643f581dd3bbd948910635034f6aebfddeada54fa8308f630a4f307e15e0e5f4c4dff5c20fbb17d7488684443941
Sha512
496970522db1c0f60d13abc5ddb1e5fa07f098a267549a95c748286264d8dacf30327a4a780224129246f86fd8081ebb46e49c8eeaf88ef785ff873405c480dc
SSDeep
1536:MuyJNTAGL2NwIZlsIbOXSLCbqdrjC5wM5IN:MuyHTAGL2rbsIbOJ29C5wkIN
TLSH
38735B0077D88566F1BE0B7499E2D1B5467AEE637503EA4E2CC47C8B3733BC25502AE9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
20a96e130d7c0141531d4be69baed599
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

NVVXMnJ3QVdDMjVGMkFTS1NtaGRMaHN0bG82NDgzb2Q=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAIeaTIsX0xrh98eYXC9j2zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDA1MTI1MjQxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJbR3tWkFsJ5o8qzFE4d18wYJQvfQlTMQJu96gZVwZAkK56RJFC/Lz0p2xDYq643UB/3bBX2oADQYVZFO18WYLi/QiLxwgHe9jUinFXk4EbYzL2KQliOnyFy9JIMDs/ynW/GKV7auPGB45/FeBT5gevmeI82pzjqNreAOXjb8Q9TVCg7zgmnHOpdUCUA2I8sk2v4mLmwmkIrOgkkEqkEeBeyiUqnVOajHTESRf4ZkEz91aYjSk5oDBAau5+HZS4yxLKVYOzyfTNni2XLyePo119O1k1T4U6b6PfNOqWntHSUmeeliomSbWGoMf7xo40vuuPhDRzNCd36VKfzs29jCLfvlPgHHQgwXQcCs/beShLQPI14f+9RkX44tGK3DuiUJ96Kgsr7TryARaF5IjaYmq6zVNRdr7jIlyPCFTZ2iQpdBvtGsx8C7/rHMO22d/jTSY273s/XCeaWuihLdk+o28aFYthrzppjXpOSvdi5ciT+A+pKqg3spanW+eO1DP2+AOxk8oxAmaxrgFkakuJT3ibfKm3mrSgi7iZgqvavk4K+q+O1SXJsg0jndHNdWKe0hgpsRTXPtXWSw7Te3SL+rKH9sLgy3lQyBIeD8BuVUd4tw/6dNR5WGU4hP0prK0poKJRxWXnMCEIt35Tp5O/X0LH8gshllq1vhfqztZoOm0jHAgMBAAGjMjAwMB0GA1UdDgQWBBQjYJtlGlA3E1bqFrjU6Gz68LLt8zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQACdHIsCyy2xp2uYA2IhCBqHkfsIqJ4VfOPhF/beOYYtN3HbKPLjmfiLHkFHV3VxMg264svbwuEevO1DTT3PgpaGh6OyGDt+F5DiYDHWyY74q6hzg0LZhct9hxPgzSLQgDpA79ib0zuNpoEzVvhXYThTbZpGN2FAfHeiiMiUS38JANMoP6v2SUJ7rCTIbdZl2zBrpFDqK6DpP3U3ALXbcr9zUZq4mU2V3pZ1a7u29qSeuAcitAn3+pSZOrlmsp5dWfiQetpZ936txW6/GreXz/fxh+ncPbW5IDVJ2mMHKeGytju472Z4FranW/HQG04r8jaHnkoNILJHdzd5xp96rF4GETg3VapvdCGlAK56umAZccph+lLZGXnXzJR3D3WqVAhX0IYRuuDjvudrhZsQzhmShYy6XeA4Gp1IacQPBJCGMJ4Aocg+s5M7uaOKud/CuDXHafdO1mAq+iKri4sEi8J+GtE9B/hkruD7AHTKuf930Bqxl1zO6OL6ZpijRgoQILjuiJhap3SUBm+g/oZ5vQzDnH5L+Vieu20wwxr/GuSl/tKU7V/VwPdjIP0IK9gzPrK95yAfslbmA/3RMbbCPt54JlWB4NMLSJi6GPcz2xqyiHoZFqZRxeguVJiax701n94YThKgsVbnuI/Htq+OKmn6DBzj/OH0zt4E0KEM5qUCw==
ServerSignature

krYGki2h4hMerP8Lw2mrTAeieuLNHT8w95YekhxDYv3FZ8rwMf3XA1JqZpblxvpNRHuhc8nnUaJ3YQQiwd+41mTJIHd7lZdGIcCW1LdtFh37zDCIgLBocQAs2qdK50gmQKXhSXgYdO2+SB2kJv6VH+vu4YyqKiiXgerl/wl7YjdtSVk+hCDNtUtRyIxmi2nLK+1Nnay6vLisnpCSn2yJGgvqK3NpruNKAsijvyKY1OGs5TV3C5yg4fmu/jAQZdU5uZ2LR6UvJ4Wq64oeKiKYQ6wqCgiPsr82nrH+QK7hmUih4btDMvm89ueVzNXEati5xzDfrI6PNIT8MO1lupcSd8ifBbAdbt5rYV9oibDbaxRJ+Lja4c/z0HxNbystpbiWUs5FRb85EMC8XKxnkUtsJdmDQ+LTsC+DE9LtDrCvh5MljgdQiPxeZOlK1mEM3c8QkyaHPuaIfH3d6bm67xV8x1NqP++RTNOtrJbUW/JGQBqoy471+Le7JOoU5HHpt7u3IhiUin4BY0V60IdHZGEPSYHVDAqtInIdhchXz4CiwPoqw0xfpACaGtmi5FyoPhvY6YoHBhlelD1K9uoegw9M5kcy6i1nfuEzj1TiaIH+mD7cbw57jCfLt13u8urrBXZDMFHO5CWe1yU6NaYO6d21RduJ/dfZoHRN78IbA5xQL2w=
Install

true
BDOS

false
Anti-VM

false
Install File

svchost.exe
Install-Folder

%AppData%
Hosts

dmzxfh.ru.com
Ports

21,22,80,3306,8080,8443,9999
Mutex

SWUQA8OnT0aT
Version

0.5.8
Delay

3
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

ccc.exe
Full Name

ccc.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ccc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ccc
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

ccc.exe
Full Name

ccc.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ccc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ccc
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

NVVXMnJ3QVdDMjVGMkFTS1NtaGRMaHN0bG82NDgzb2Q=
CnC

dmzxfh.ru.com
Ports

21
Ports

22
Ports

80
Ports

3306
Ports

8080
Ports

8443
Ports

9999
Mutex

SWUQA8OnT0aT
20a96e130d7c0141531d4be69baed599 (77.82 KB)
File Structure
20a96e130d7c0141531d4be69baed599
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

NVVXMnJ3QVdDMjVGMkFTS1NtaGRMaHN0bG82NDgzb2Q=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAIeaTIsX0xrh98eYXC9j2zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDA1MTI1MjQxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJbR3tWkFsJ5o8qzFE4d18wYJQvfQlTMQJu96gZVwZAkK56RJFC/Lz0p2xDYq643UB/3bBX2oADQYVZFO18WYLi/QiLxwgHe9jUinFXk4EbYzL2KQliOnyFy9JIMDs/ynW/GKV7auPGB45/FeBT5gevmeI82pzjqNreAOXjb8Q9TVCg7zgmnHOpdUCUA2I8sk2v4mLmwmkIrOgkkEqkEeBeyiUqnVOajHTESRf4ZkEz91aYjSk5oDBAau5+HZS4yxLKVYOzyfTNni2XLyePo119O1k1T4U6b6PfNOqWntHSUmeeliomSbWGoMf7xo40vuuPhDRzNCd36VKfzs29jCLfvlPgHHQgwXQcCs/beShLQPI14f+9RkX44tGK3DuiUJ96Kgsr7TryARaF5IjaYmq6zVNRdr7jIlyPCFTZ2iQpdBvtGsx8C7/rHMO22d/jTSY273s/XCeaWuihLdk+o28aFYthrzppjXpOSvdi5ciT+A+pKqg3spanW+eO1DP2+AOxk8oxAmaxrgFkakuJT3ibfKm3mrSgi7iZgqvavk4K+q+O1SXJsg0jndHNdWKe0hgpsRTXPtXWSw7Te3SL+rKH9sLgy3lQyBIeD8BuVUd4tw/6dNR5WGU4hP0prK0poKJRxWXnMCEIt35Tp5O/X0LH8gshllq1vhfqztZoOm0jHAgMBAAGjMjAwMB0GA1UdDgQWBBQjYJtlGlA3E1bqFrjU6Gz68LLt8zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQACdHIsCyy2xp2uYA2IhCBqHkfsIqJ4VfOPhF/beOYYtN3HbKPLjmfiLHkFHV3VxMg264svbwuEevO1DTT3PgpaGh6OyGDt+F5DiYDHWyY74q6hzg0LZhct9hxPgzSLQgDpA79ib0zuNpoEzVvhXYThTbZpGN2FAfHeiiMiUS38JANMoP6v2SUJ7rCTIbdZl2zBrpFDqK6DpP3U3ALXbcr9zUZq4mU2V3pZ1a7u29qSeuAcitAn3+pSZOrlmsp5dWfiQetpZ936txW6/GreXz/fxh+ncPbW5IDVJ2mMHKeGytju472Z4FranW/HQG04r8jaHnkoNILJHdzd5xp96rF4GETg3VapvdCGlAK56umAZccph+lLZGXnXzJR3D3WqVAhX0IYRuuDjvudrhZsQzhmShYy6XeA4Gp1IacQPBJCGMJ4Aocg+s5M7uaOKud/CuDXHafdO1mAq+iKri4sEi8J+GtE9B/hkruD7AHTKuf930Bqxl1zO6OL6ZpijRgoQILjuiJhap3SUBm+g/oZ5vQzDnH5L+Vieu20wwxr/GuSl/tKU7V/VwPdjIP0IK9gzPrK95yAfslbmA/3RMbbCPt54JlWB4NMLSJi6GPcz2xqyiHoZFqZRxeguVJiax701n94YThKgsVbnuI/Htq+OKmn6DBzj/OH0zt4E0KEM5qUCw==
ServerSignature

krYGki2h4hMerP8Lw2mrTAeieuLNHT8w95YekhxDYv3FZ8rwMf3XA1JqZpblxvpNRHuhc8nnUaJ3YQQiwd+41mTJIHd7lZdGIcCW1LdtFh37zDCIgLBocQAs2qdK50gmQKXhSXgYdO2+SB2kJv6VH+vu4YyqKiiXgerl/wl7YjdtSVk+hCDNtUtRyIxmi2nLK+1Nnay6vLisnpCSn2yJGgvqK3NpruNKAsijvyKY1OGs5TV3C5yg4fmu/jAQZdU5uZ2LR6UvJ4Wq64oeKiKYQ6wqCgiPsr82nrH+QK7hmUih4btDMvm89ueVzNXEati5xzDfrI6PNIT8MO1lupcSd8ifBbAdbt5rYV9oibDbaxRJ+Lja4c/z0HxNbystpbiWUs5FRb85EMC8XKxnkUtsJdmDQ+LTsC+DE9LtDrCvh5MljgdQiPxeZOlK1mEM3c8QkyaHPuaIfH3d6bm67xV8x1NqP++RTNOtrJbUW/JGQBqoy471+Le7JOoU5HHpt7u3IhiUin4BY0V60IdHZGEPSYHVDAqtInIdhchXz4CiwPoqw0xfpACaGtmi5FyoPhvY6YoHBhlelD1K9uoegw9M5kcy6i1nfuEzj1TiaIH+mD7cbw57jCfLt13u8urrBXZDMFHO5CWe1yU6NaYO6d21RduJ/dfZoHRN78IbA5xQL2w=
Install

true
BDOS

false
Anti-VM

false
Install File

svchost.exe
Install-Folder

%AppData%
Hosts

dmzxfh.ru.com
Ports

21,22,80,3306,8080,8443,9999
Mutex

SWUQA8OnT0aT
Version

0.5.8
Delay

3
Artefacts
Name
 Value Location
Key (AES_256)

NVVXMnJ3QVdDMjVGMkFTS1NtaGRMaHN0bG82NDgzb2Q=

Malicious

20a96e130d7c0141531d4be69baed599
CnC

dmzxfh.ru.com

Malicious

20a96e130d7c0141531d4be69baed599
Ports

21

Malicious

20a96e130d7c0141531d4be69baed599
Ports

22

Malicious

20a96e130d7c0141531d4be69baed599
Ports

80

Malicious

20a96e130d7c0141531d4be69baed599
Ports

3306

Malicious

20a96e130d7c0141531d4be69baed599
Ports

8080

Malicious

20a96e130d7c0141531d4be69baed599
Ports

8443

Malicious

20a96e130d7c0141531d4be69baed599
Ports

9999

Malicious

20a96e130d7c0141531d4be69baed599
Mutex

SWUQA8OnT0aT

Malicious

20a96e130d7c0141531d4be69baed599
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙