Malicious
Malicious

2926094481ac6f1595acf760ac945634

PE Executable
|
MD5: 2926094481ac6f1595acf760ac945634
|
Size: 48.13 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
2926094481ac6f1595acf760ac945634
Sha1
8ea822f694a0e352dde42ef38bb7bd803aaf51bf
Sha256
81fc050eaf5ddbdfd0a470c3214096aa2eeaa4b3c27a97384d14e1abdc8cdede
Sha384
13415aed48a6de681a463c7a5f6176762c4ca3b9eea49782e02a4efbb8fe518093045daa6cbc853b25f7ee1e2109734c
Sha512
5fbae8d5aa3b1c52812f07232bd03b309397d77c32785dda114f6c9f4f3011d7920d7dacc668166d7e848bfea447cd4f668f15a67703cf282caa14c38a2310a8
SSDeep
768:lseY5qqfyAacveEK2fC+enm51a5vXgl4Aeb17gUptwcTFrAK8RcccrWBNQF:iq6acM2f2na1NCxbCU3pTFrvYcP2QF
TLSH
C3232A143BE95226E2FE9F7955F12645CA7AF6132602D74F1CC002CE4A23BC6DA127F6
File Structure
2926094481ac6f1595acf760ac945634
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOMIvJPAU6LoP1Ucn44URzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDEwMTUyNzE4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXIq2ZA/jJ6LqmJGt1rYqqRdZPRXwNyyKcb+mZQKYs2mhUhuGFyzSUUaIwdDRHkKDehdsn7ThmR3A3Go0gVS7AbXTAiVIzaOGEcqOnk12R3pQAAhE1eg5FhJ4QR6RoMsy73RjfrTKzomDjYmBbYhqEibAQEQnXvzyHnQAt70gsGEgYQhORrrdt94mCNJjEBqNEaENt3Mrvfs6vy0Yi2C8UVQuEHLuo60mvJklgolqOwbsepmq8UXmWsAXHH2hZNtkpbtWg1yx0n7cCWIcuhfTQaS3X1oRWxaAfQt7RlhuH0oi3NOvfJgJVzG1O/8cajSpf8HvuCs+UmI56GddgwKVaK0eI3PpdNm2aLhrsEpeT284na8SafREXiNp/eGUaraecKpbIpGKriILHvLFfufUUVOMTcHfBwVgc4mNnN2HTULyiLem7HW3ckGH7KKQPSn0pIWWAPNP87E+T2m8XODiiBGDk7ejBIJJzDaa0s5e4YV+Un0ahrzznagr61oO45kI3I3P9b23sGOElZHFRKQZAj3XLJOkiVR8mYyI1XhRf8TeQ8KU/Bzw7PBHwWxGmB61nSuMkG/hPYiXMJoBE6tnnV+eoUZlkOcMeb+BgySVjgLQ+VEeQ5k+mu07HIywoCCJIV4MX3wINpYN+73ri0OhydwnhdwbRLcL5VWvJ2Zn9HAgMBAAGjMjAwMB0GA1UdDgQWBBQCPTDYFWNH7puRgZKDd7JocFZ0ozAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCrI7jtFXmaNl1njhz/YjZhKPVip/xE1PAZ4WV2axz6zXunVZwVWXOzD6LDfkoDWQXhzlmrLMtbRbWUBBNn13oFsY742YCXr8oz3XKUN+cbtQq3Mfpe/mVe2fkZ1VQQXKHQXNzDkwJsp8VCzPhRW/Skd1bRAZpkBiO8W7aXysJKaGje+2kmnstBRjYtSWWUej7xr5mtL8BcnglJWJICHMqgQJF+1bp8Li26hJQIMIO+JSZQ6XZ7g7H2wNCJMX3hw2pUwRSOvvZexjM7M8p9yVWf0d10CoR6cVt24vYr4S5ERLYnVnX53AnsPgCJ0Z42qddqK2ak0M0FUGFC8i4eMCRBNLZbEnx0jWjNM90I3lYcYOVt1JyE/LTt7v99/LI8pA/QGGosgAVkwxHifPGnf3oaZW5lixD4KBlpodHVJCowsX4DQULEPlj9k4VyEGft/4Pb7P15GBWa5bWUji+km8H1jzJCEsWDgzyGZcwAXHDgwT4O1rTV3Y0ayRH7T+MOh5utBnRxNEUcbg92RRhnQBCYBcBVsBv8fwQccH+pA/vUnYDBXFC7zeIAVpCmY3mmixPoAkcsivGuX8S+24swHKCRrVUA68ge6sv+D94tFLfDSRqHcwZ5UDa2qcOFmC3KIibkiOt7kztUNFBwlpsAyYe2mMRLRUMicHXGVkODAfsNVA==
ServerSignature

JDKMPV/e33fGaB6yHVtRiszVzdGeD7xhTdDjLfZ+CSepZnIiylmxSRWBNvf01kw7S12aJ2dl6Y+jwtF9u3SxvVtVbS6XGbWyzVrxNzAcpzegEN4PbWerFT+RS5EVZ8M18Dwgt5EQyrv+YjUDERaeo053IniGrhz9jmmsucoW+N2s1c87QZ2lZbfAdwtHLrvo5TvK9rM58sbIhvkT/zK9Nvtpox2aQBmeCMPv19PkODicM8Zwy+9Br0fYl7OE05E35GiB7Z8dOPBDaeIctAYipGVXSDyRDnSOCW5B/Ik2nq28U2bYfZO4ROQvE0537JuWEmY7OSy8/VSTILK9lJZIpSSQQZTwTzMHmGvvdpNEb55/oTJi5mtKQo54dHrblXIrckKXQkVUtIDqvYNWN1RKBNOHb6qxj+doIFjJtyDQTrDJq6nMD2y8dpiKstIqVIndfnL/FO5hT8yAChTW4Epa0l5LPH//+YT2OIn528fsCY4nz7KQg618sDGSMANant09jf56E+cJPSGZYeeQteAmzmOiITLGm2NwoWf3KA0hvzW5zSNrG+Ort37Rstxft5oc9O/AE7ESGgTW1yDp0eFpnR3CplGS8rB1jw63Bk9sbX54nte/A3sZoYWCzDF/1tnOuNiIsLPqfMAk9FoVbD1UXsb4Z7Xjji8NG7Bdmirw7f4=
Install

true
BDOS

false
Anti-VM

true
Install File

gv3.exe
Install-Folder

%AppData%
Hosts

livecdnem.com,www.livecdnem.com,xoilac.livecdnem.com,www.xoilac.livecdnem.com,xlz.livecdnem.com,www.xlz.livecdnem.com,91p.livecdnem.com,www.91p.livecdnem.com,ck.livecdnem.com,www.ck.livecdnem.com,xl365.livecdnem.com,www.xl365.livecdnem.com,soco.livecdnem.com,www.soco.livecdnem.com,xlvi.livecdnem.com,www.xlvi.livecdnem.com
Ports

25,80,443,8443
Mutex

lM9F7Ezcu9e3
Version

0.5.8
Delay

9
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\vboxuser\Desktop\SourceDecode\gatex\obj\Release\net481\gv3.pdb
Module Name

gv3.exe
Full Name

gv3.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

gv3.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gv3
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8.1
Total Strings

128
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

69
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003E: ldsfld System.String Client.Settings::Anti ldstr Mutex already exists or cannot be created. call System.Void System.Console::WriteLine(System.String) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004F: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_009D: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.1 <null> ldstr Win32Exception caught: {0} - {1} ldloc.1 <null> callvirt System.Int32 System.ComponentModel.Win32Exception::get_NativeErrorCode() box System.Int32 ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Format(System.String,System.Object,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.2 <null> ldstr Other exception: ldloc.2 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave.s IL_00BF: nop pop <null> leave.s IL_00BF: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_00D1: leave.s IL_00D6 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave.s IL_00D6: ldc.i4 5000 pop <null> leave.s IL_00D6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00BF: nop
Artefacts
Name
 Value
Key (AES_256)

b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
CnC

livecdnem.com
CnC

www.livecdnem.com
CnC

xoilac.livecdnem.com
CnC

www.xoilac.livecdnem.com
CnC

xlz.livecdnem.com
CnC

www.xlz.livecdnem.com
CnC

91p.livecdnem.com
CnC

www.91p.livecdnem.com
CnC

ck.livecdnem.com
CnC

www.ck.livecdnem.com
CnC

xl365.livecdnem.com
CnC

www.xl365.livecdnem.com
CnC

soco.livecdnem.com
CnC

www.soco.livecdnem.com
CnC

xlvi.livecdnem.com
CnC

www.xlvi.livecdnem.com
Ports

25
Ports

80
Ports

443
Ports

8443
Mutex

lM9F7Ezcu9e3
2926094481ac6f1595acf760ac945634 (48.13 KB)
File Structure
2926094481ac6f1595acf760ac945634
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOMIvJPAU6LoP1Ucn44URzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDEwMTUyNzE4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXIq2ZA/jJ6LqmJGt1rYqqRdZPRXwNyyKcb+mZQKYs2mhUhuGFyzSUUaIwdDRHkKDehdsn7ThmR3A3Go0gVS7AbXTAiVIzaOGEcqOnk12R3pQAAhE1eg5FhJ4QR6RoMsy73RjfrTKzomDjYmBbYhqEibAQEQnXvzyHnQAt70gsGEgYQhORrrdt94mCNJjEBqNEaENt3Mrvfs6vy0Yi2C8UVQuEHLuo60mvJklgolqOwbsepmq8UXmWsAXHH2hZNtkpbtWg1yx0n7cCWIcuhfTQaS3X1oRWxaAfQt7RlhuH0oi3NOvfJgJVzG1O/8cajSpf8HvuCs+UmI56GddgwKVaK0eI3PpdNm2aLhrsEpeT284na8SafREXiNp/eGUaraecKpbIpGKriILHvLFfufUUVOMTcHfBwVgc4mNnN2HTULyiLem7HW3ckGH7KKQPSn0pIWWAPNP87E+T2m8XODiiBGDk7ejBIJJzDaa0s5e4YV+Un0ahrzznagr61oO45kI3I3P9b23sGOElZHFRKQZAj3XLJOkiVR8mYyI1XhRf8TeQ8KU/Bzw7PBHwWxGmB61nSuMkG/hPYiXMJoBE6tnnV+eoUZlkOcMeb+BgySVjgLQ+VEeQ5k+mu07HIywoCCJIV4MX3wINpYN+73ri0OhydwnhdwbRLcL5VWvJ2Zn9HAgMBAAGjMjAwMB0GA1UdDgQWBBQCPTDYFWNH7puRgZKDd7JocFZ0ozAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCrI7jtFXmaNl1njhz/YjZhKPVip/xE1PAZ4WV2axz6zXunVZwVWXOzD6LDfkoDWQXhzlmrLMtbRbWUBBNn13oFsY742YCXr8oz3XKUN+cbtQq3Mfpe/mVe2fkZ1VQQXKHQXNzDkwJsp8VCzPhRW/Skd1bRAZpkBiO8W7aXysJKaGje+2kmnstBRjYtSWWUej7xr5mtL8BcnglJWJICHMqgQJF+1bp8Li26hJQIMIO+JSZQ6XZ7g7H2wNCJMX3hw2pUwRSOvvZexjM7M8p9yVWf0d10CoR6cVt24vYr4S5ERLYnVnX53AnsPgCJ0Z42qddqK2ak0M0FUGFC8i4eMCRBNLZbEnx0jWjNM90I3lYcYOVt1JyE/LTt7v99/LI8pA/QGGosgAVkwxHifPGnf3oaZW5lixD4KBlpodHVJCowsX4DQULEPlj9k4VyEGft/4Pb7P15GBWa5bWUji+km8H1jzJCEsWDgzyGZcwAXHDgwT4O1rTV3Y0ayRH7T+MOh5utBnRxNEUcbg92RRhnQBCYBcBVsBv8fwQccH+pA/vUnYDBXFC7zeIAVpCmY3mmixPoAkcsivGuX8S+24swHKCRrVUA68ge6sv+D94tFLfDSRqHcwZ5UDa2qcOFmC3KIibkiOt7kztUNFBwlpsAyYe2mMRLRUMicHXGVkODAfsNVA==
ServerSignature

JDKMPV/e33fGaB6yHVtRiszVzdGeD7xhTdDjLfZ+CSepZnIiylmxSRWBNvf01kw7S12aJ2dl6Y+jwtF9u3SxvVtVbS6XGbWyzVrxNzAcpzegEN4PbWerFT+RS5EVZ8M18Dwgt5EQyrv+YjUDERaeo053IniGrhz9jmmsucoW+N2s1c87QZ2lZbfAdwtHLrvo5TvK9rM58sbIhvkT/zK9Nvtpox2aQBmeCMPv19PkODicM8Zwy+9Br0fYl7OE05E35GiB7Z8dOPBDaeIctAYipGVXSDyRDnSOCW5B/Ik2nq28U2bYfZO4ROQvE0537JuWEmY7OSy8/VSTILK9lJZIpSSQQZTwTzMHmGvvdpNEb55/oTJi5mtKQo54dHrblXIrckKXQkVUtIDqvYNWN1RKBNOHb6qxj+doIFjJtyDQTrDJq6nMD2y8dpiKstIqVIndfnL/FO5hT8yAChTW4Epa0l5LPH//+YT2OIn528fsCY4nz7KQg618sDGSMANant09jf56E+cJPSGZYeeQteAmzmOiITLGm2NwoWf3KA0hvzW5zSNrG+Ort37Rstxft5oc9O/AE7ESGgTW1yDp0eFpnR3CplGS8rB1jw63Bk9sbX54nte/A3sZoYWCzDF/1tnOuNiIsLPqfMAk9FoVbD1UXsb4Z7Xjji8NG7Bdmirw7f4=
Install

true
BDOS

false
Anti-VM

true
Install File

gv3.exe
Install-Folder

%AppData%
Hosts

livecdnem.com,www.livecdnem.com,xoilac.livecdnem.com,www.xoilac.livecdnem.com,xlz.livecdnem.com,www.xlz.livecdnem.com,91p.livecdnem.com,www.91p.livecdnem.com,ck.livecdnem.com,www.ck.livecdnem.com,xl365.livecdnem.com,www.xl365.livecdnem.com,soco.livecdnem.com,www.soco.livecdnem.com,xlvi.livecdnem.com,www.xlvi.livecdnem.com
Ports

25,80,443,8443
Mutex

lM9F7Ezcu9e3
Version

0.5.8
Delay

9
Artefacts
Name
 Value Location
Key (AES_256)

b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=

Malicious

2926094481ac6f1595acf760ac945634
CnC

livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

xoilac.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.xoilac.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

xlz.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.xlz.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

91p.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.91p.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

ck.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.ck.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

xl365.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.xl365.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

soco.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.soco.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

xlvi.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
CnC

www.xlvi.livecdnem.com

Malicious

2926094481ac6f1595acf760ac945634
Ports

25

Malicious

2926094481ac6f1595acf760ac945634
Ports

80

Malicious

2926094481ac6f1595acf760ac945634
Ports

443

Malicious

2926094481ac6f1595acf760ac945634
Ports

8443

Malicious

2926094481ac6f1595acf760ac945634
Mutex

lM9F7Ezcu9e3

Malicious

2926094481ac6f1595acf760ac945634
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙