Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
20f26a980149598b2a7f6d3935822c62
Sha1
9c6817c9269a596b51d35474f6d02293d9301cee
Sha256
587ea69283a5e2863add67c8d8ad0382910bdb57d1fd52882ad6df7531dc6a5e
Sha384
0900dd9bce8ea856810b0344287a982df38d32ceae748fa5f7b6ad7353ee7e32c8227d42ce3296656b83c6d99df5714a
Sha512
a6b936fdbf0c0769c3e1e8709701cacdb72bb539c1c06946f3528800672140760dacc9e8d72fc0ab36dc744a08dbf459cd02c3b6e0fa066ae17a20db9d46690f
SSDeep
49152:HVc5DC7FeBs1pM/hF/eOsoMkMSx8xHOL9TuvCm5IkdbyWfmT9wlc961UnQHWWzE:HKskApKeoMkaO0v9oT6KdQZE
TLSH
6AE523189FD77BC6E41508BCAA6AD7A54B59DF98F4E10AD528FAAE3C32D14B0C700F50

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
20f26a980149598b2a7f6d3935822c62
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Malicious
hut.Resources
Malicious
jusched.exe
Malicious
jusched.exe [AES Decoded]
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
miner.exe
Malicious
miner.exe [AES Decoded]
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.00cfg
.tls
.reloc
update.exe
Malicious
update.exe [AES Decoded]
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
update.Properties.Resources.resources
Malware Configuration - XBinder config.
Config. Field
 Value
ref_elem_0x0000000E

jusched.exe-=>True-=>False
ref_elem_0x00000016

miner.exe-=>True-=>False
ref_elem_0x0000001E

update.exe-=>True-=>False
Workpath

%AppData%
SPL

-=>
Mutex

kNBJpMVXS3a9AbAQl
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

CzModghbE8YddUnY
Hosts

adobe-cdn.duckdns.org,chelou.duckdns.org,mauvaise.duckdns.org
Port

8887
KEY

goku92ad!!
USBNM

<Xwormmm>
LoggerPath

%Temp%
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Edge.exe
Full Name

Edge.exe
EntryPoint

System.Void Program::Main()
Scope Name

Edge.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Edge
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

12
Main Method

System.Void Program::Main()
Main IL Instruction Count

159
Main IL

ldc.i4.1 <null> stloc.s V_5 call System.Boolean Program::CreateMutex() brtrue.s IL_0013: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.2 <null> stloc.s V_5 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.1 <null> stloc.3 <null> ldc.i4.5 <null> stloc.s V_5 ldsfld System.Collections.Generic.List`1<System.String> Program::List callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.2 <null> br IL_0130: ldloca.s V_2 ldloca.s V_2 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.0 <null> ldc.i4.6 <null> stloc.s V_5 ldsfld System.String Program::Workpath call System.Object Program::GETP(System.String) ldstr \ call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stloc.1 <null> ldc.i4.7 <null> stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.2 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_00CB: ldc.i4.s 13 ldc.i4.8 <null> stloc.s V_5 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_00C9: br.s IL_0123 ldc.i4.s 9 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 10 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> br.s IL_0123: ldc.i4.s 19 ldc.i4.s 13 stloc.s V_5 ldc.i4.s 14 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 15 stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.1 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_0123: ldc.i4.s 19 ldc.i4.s 16 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 19 stloc.s V_5 call System.Void System.GC::Collect() ldc.i4.s 20 stloc.s V_5 ldloca.s V_2 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue IL_002D: ldloca.s V_2 ldloca.s V_2 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() leave IL_01F8: ldloc.s V_4 ldloc.s V_4 br.s IL_0156: ldc.i4.0 ldloc.s V_4 ldc.i4.1 <null> add <null> ldc.i4.0 <null> stloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 ldloc.s V_5 stloc.s V_4 ldloc.3 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 isinst System.Exception ldnull <null> cgt.un <null> ldloc.3 <null> ldc.i4.0 <null> cgt.un <null> and <null> ldloc.s V_4 ldc.i4.0 <null> ceq <null> and <null> endfilter <null> castclass System.Exception call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) leave.s IL_01B8: ldloc.s V_5 ldc.i4 -2146828237 call System.Exception Microsoft.VisualBasic.CompilerServices.ProjectData::CreateProjectError(System.Int32) throw <null> ldloc.s V_4 brfalse.s IL_0201: ret call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ret <null>
Module Name

Edge.exe
Full Name

Edge.exe
EntryPoint

System.Void Program::Main()
Scope Name

Edge.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Edge
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

12
Main Method

System.Void Program::Main()
Main IL Instruction Count

159
Main IL

ldc.i4.1 <null> stloc.s V_5 call System.Boolean Program::CreateMutex() brtrue.s IL_0013: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.2 <null> stloc.s V_5 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.1 <null> stloc.3 <null> ldc.i4.5 <null> stloc.s V_5 ldsfld System.Collections.Generic.List`1<System.String> Program::List callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.2 <null> br IL_0130: ldloca.s V_2 ldloca.s V_2 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.0 <null> ldc.i4.6 <null> stloc.s V_5 ldsfld System.String Program::Workpath call System.Object Program::GETP(System.String) ldstr \ call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stloc.1 <null> ldc.i4.7 <null> stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.2 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_00CB: ldc.i4.s 13 ldc.i4.8 <null> stloc.s V_5 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_00C9: br.s IL_0123 ldc.i4.s 9 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 10 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> br.s IL_0123: ldc.i4.s 19 ldc.i4.s 13 stloc.s V_5 ldc.i4.s 14 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 15 stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.1 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_0123: ldc.i4.s 19 ldc.i4.s 16 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 19 stloc.s V_5 call System.Void System.GC::Collect() ldc.i4.s 20 stloc.s V_5 ldloca.s V_2 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue IL_002D: ldloca.s V_2 ldloca.s V_2 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() leave IL_01F8: ldloc.s V_4 ldloc.s V_4 br.s IL_0156: ldc.i4.0 ldloc.s V_4 ldc.i4.1 <null> add <null> ldc.i4.0 <null> stloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 ldloc.s V_5 stloc.s V_4 ldloc.3 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 isinst System.Exception ldnull <null> cgt.un <null> ldloc.3 <null> ldc.i4.0 <null> cgt.un <null> and <null> ldloc.s V_4 ldc.i4.0 <null> ceq <null> and <null> endfilter <null> castclass System.Exception call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) leave.s IL_01B8: ldloc.s V_5 ldc.i4 -2146828237 call System.Exception Microsoft.VisualBasic.CompilerServices.ProjectData::CreateProjectError(System.Int32) throw <null> ldloc.s V_4 brfalse.s IL_0201: ret call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ret <null>
Artefacts
Name
 Value
Mutex

CzModghbE8YddUnY
CnC

adobe-cdn.duckdns.org
CnC

chelou.duckdns.org
CnC

mauvaise.duckdns.org
Port

8887
20f26a980149598b2a7f6d3935822c62 (3.09 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙