General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | 2a034511446d3f8360c14a91b47777c2
|
| Sha1 | 6e8964bcff3dd00587fc84a5a739141eb3553c09
|
| Sha256 | f8913a531ebd3da8cd44c2b2e902a343beefc275c6e4e8da100faefc483d6271
|
| Sha384 | 933c686489321459ad34d851609614e9d3e5b032aec5b6cf246f15587753521622f9835afeddfe0138c36e97b6bf6abd
|
| Sha512 | 43c2de9f12c4f2b6f7cecbb421cd773bfe01862c1bf5da992e8ffa9f1762ee28bf4d2fd7ad6fe0a3d721b5897f09b22671d3c28b484aaba0a8cc577c6f11c58b
|
| SSDeep | 49152:utLtG52BLdnc8ImhHy69ztxaY5lyni2DBZKe8taaY5lSni2DBZWLV7wRd7IoBG6F:utLE5kLdnjZdyeJH6O1MJKm77LrwkFW
|
| TLSH | 38467B06F7F210D1F5BBC279A4A73129BD3674A14B38D7CB52845A8E1B31BE4AD39702
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
File Structure
2a034511446d3f8360c14a91b47777c2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
Pulsar.Client.Resource.rootkit.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
InstallStager.Properties.Resources.resources
InstallService32
InstallService64
Pulsar.Client.Resource.unrootkit.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
InstallStager.Properties.Resources.resources
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.textbss
.text
.rdata
.data
.idata
.msvcjmc
.00cfg
.rsrc
.reloc
Resources
EXE
ID:0065
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.textbss
.text
.rdata
.data
.pdata
.idata
.msvcjmc
.00cfg
_RDATA
.rsrc
.reloc
RT_MANIFEST
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.textbss
.text
.rdata
.data
.pdata
.idata
.msvcjmc
.00cfg
_RDATA
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.dll.compressed
costura.protobuf-net.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.core.dll.compressed
costura.protobuf-net.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_16f812e0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: ? |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::Main() |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.6.6.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1531 |
| Main Method | System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::Main() |
| Main IL Instruction Count | 11 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::lhOLIy7hio3E3xGaHuOCOYEu5lWzk() newobj System.Void pstlgqalledhxhykzxokrwcmgiauf.kWkh4NhHDyyeue2::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::Main() |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.6.6.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1531 |
| Main Method | System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::Main() |
| Main IL Instruction Count | 11 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void pstlgqalledhxhykzxokrwcmgiauf.lIOSvvtUsjoUE99ZT1Lb61yQr::lhOLIy7hio3E3xGaHuOCOYEu5lWzk() newobj System.Void pstlgqalledhxhykzxokrwcmgiauf.kWkh4NhHDyyeue2::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
2a034511446d3f8360c14a91b47777c2 (5.66 MB)
File Structure
2a034511446d3f8360c14a91b47777c2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
Pulsar.Client.Resource.rootkit.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
InstallStager.Properties.Resources.resources
InstallService32
InstallService64
Pulsar.Client.Resource.unrootkit.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
InstallStager.Properties.Resources.resources
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.textbss
.text
.rdata
.data
.idata
.msvcjmc
.00cfg
.rsrc
.reloc
Resources
EXE
ID:0065
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.textbss
.text
.rdata
.data
.pdata
.idata
.msvcjmc
.00cfg
_RDATA
.rsrc
.reloc
RT_MANIFEST
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.textbss
.text
.rdata
.data
.pdata
.idata
.msvcjmc
.00cfg
_RDATA
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.dll.compressed
costura.protobuf-net.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.core.dll.compressed
costura.protobuf-net.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_16f812e0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.