Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 2cf0b92cdfc2a7514c14126389f483c6
|
| Sha1 | 1d6bafa3ee6d6541972b272cf5abbcaa4408860b
|
| Sha256 | f1de64ba6c22c6c873fd7c965ec1e2d70f385ef4ae051be4b8d3d6fc13daf5ae
|
| Sha384 | f96e01b2a52cfd18eef542ed1f48c47218833f930f4a7a34b3b9f1c0f4cecd6308260cbcd311731ab1cd69bfa796ff2e
|
| Sha512 | 725ca1d8a891cbdc844e98897216f999d8585d2d6473fb218d6977c3e532748dbbe348ec2aa5bf369d35296a0010c3c5d2d2603e467ca44bffe06879f1375d68
|
| SSDeep | 1536:JKGu6Af2IzzRtbn8RZzPu9ktU6OwKmVcl:JLAf2IHDbn8zPkktUEK8Y
|
| TLSH | 80331A043BE98126E2BE5F789DF12181C6BAB6633603D55E3CCC41D64B13BC6CA51AF6
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | VTV1bGxrcHhzVjE4WUV1blNJOTZxamRLSWp2Ym1waFI= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA== |
| ServerSignature | H02a7AEFoJZYBLaH6E4/WrQDn3p3IH4M3P/U/CLU88hOPrcgsVd68dzpKj81Lx4rrTDzgCLjhpFIK46N6OfmFBDveJkp5wQGRndQJasPwGbpXKAX5RwnUPpOsJ4/8z1MQLL/xG+oky+dwkKjRf7Cas+BOi/Jnhm94YGAtReVrnqIHU/9ieTGDgjrWb6NZx+vawQADY649/ZiOp15eTZLLDNwWug3/08WOUjd7AvI0vfpdNgNW0ql2ACpcfRzO0bXnUjLkjU56T4XdREHef0HhoByYS7yVq4MNIoqwR3uyk3INqH0VJlwhc2w2Yn+VWbbf9jygBOpi/kzL5VHYRKQ6rYHhcshANQyyShI2mca8CqW3EjmaOdZv57p47R+5bQf1LiwFkprZKh/bWI9bdTL50vn4Uu5MBd7wIbAQdoIrXZVa5yDr1BNN92ZzNisktomg3zYnVMCjymTYXW23lRA04ST0kvE/T5EOMTh916qDMVQmCERxgSilVHPx3853+voBmo8aVTA+yC9BfCLzq/vJzFzVOGNx2NsbEkXsZc1w0Fygf6ldlTs/dawzoLvJMYdteJpZ0FxTg+qQl2N2JyxqFCuR/wAhY+L14JKu3G5lG8Wr+47g28y+XupcumVJueHqS8MN3Ch7JdfvyFJFSJ3AnYhgEVLoNUvgpYgEYmHgkE= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | ChromeUpdate.exe |
| Install-Folder | %AppData% |
| Version | 0.5.6A |
| Hosts | hvit.sa.com |
| Ports | 22,23,80,443,6607,8080,8443 |
| Mutex | lejkytfotaniitj |
| Delay | 5 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | LXEqSzCbTCJcx |
| Full Name | LXEqSzCbTCJcx |
| EntryPoint | System.Void NIRCWPgFJUO.yofQMcJgpM::Main() |
| Scope Name | LXEqSzCbTCJcx |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 130 |
| Main Method | System.Void NIRCWPgFJUO.yofQMcJgpM::Main() |
| Main IL Instruction Count | 53 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::devFafgetqOTT call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean NIRCWPgFJUO.NOaNyzAhqyxI::yEsxwsHgNV() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean VsSzBuEBioXYJxHg.sqnPJnSEHgAqq::LsQOjdHlWvg() brtrue.s IL_003A: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::rcvffNdkpgIU ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::rcvffNdkpgIU call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::QdbPRGordgYPjCt call System.Void VsSzBuEBioXYJxHg.UOkyJpgvaq::vftQCSFwQQFqCsr() ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::QdbPRGordgYPjCt call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::gnrYahxHNRtpu call System.Void aOythYpLPSCo.ldUfxOsfABJLQ::aXWbMYWRGMxT() ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::gnrYahxHNRtpu call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() call System.Boolean VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::HSascvjygEJNTqu() brfalse.s IL_0074: call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() call System.Void VsSzBuEBioXYJxHg.nRIblrIyRjFPZK::YDLuNHyagmoS() call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() newobj System.Void VsSzBuEBioXYJxHg.pZxLSAoYteZKuqcZ::.ctor() call System.String VsSzBuEBioXYJxHg.pZxLSAoYteZKuqcZ::fiRoYnqAym() pop <null> leave.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void zsClfXuuYnJVm.sKcAUbQIFUqVtM::TdDSGGETLeIG() call System.Void zsClfXuuYnJVm.sKcAUbQIFUqVtM::eDWluOLDsMhLlff() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() |
| Module Name | LXEqSzCbTCJcx |
| Full Name | LXEqSzCbTCJcx |
| EntryPoint | System.Void NIRCWPgFJUO.yofQMcJgpM::Main() |
| Scope Name | LXEqSzCbTCJcx |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 130 |
| Main Method | System.Void NIRCWPgFJUO.yofQMcJgpM::Main() |
| Main IL Instruction Count | 53 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::devFafgetqOTT call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean NIRCWPgFJUO.NOaNyzAhqyxI::yEsxwsHgNV() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean VsSzBuEBioXYJxHg.sqnPJnSEHgAqq::LsQOjdHlWvg() brtrue.s IL_003A: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::rcvffNdkpgIU ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::rcvffNdkpgIU call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::QdbPRGordgYPjCt call System.Void VsSzBuEBioXYJxHg.UOkyJpgvaq::vftQCSFwQQFqCsr() ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::QdbPRGordgYPjCt call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::gnrYahxHNRtpu call System.Void aOythYpLPSCo.ldUfxOsfABJLQ::aXWbMYWRGMxT() ldsfld System.String NIRCWPgFJUO.NOaNyzAhqyxI::gnrYahxHNRtpu call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() call System.Boolean VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::HSascvjygEJNTqu() brfalse.s IL_0074: call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() call System.Void VsSzBuEBioXYJxHg.nRIblrIyRjFPZK::YDLuNHyagmoS() call System.Void VsSzBuEBioXYJxHg.WtVHghSYTEYHTtou::oHjppJpuOIhz() newobj System.Void VsSzBuEBioXYJxHg.pZxLSAoYteZKuqcZ::.ctor() call System.String VsSzBuEBioXYJxHg.pZxLSAoYteZKuqcZ::fiRoYnqAym() pop <null> leave.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void zsClfXuuYnJVm.sKcAUbQIFUqVtM::TdDSGGETLeIG() call System.Void zsClfXuuYnJVm.sKcAUbQIFUqVtM::eDWluOLDsMhLlff() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean zsClfXuuYnJVm.sKcAUbQIFUqVtM::get_IsConnected() |
|
Name0 | Value |
|---|---|
| Key (AES_256) | VTV1bGxrcHhzVjE4WUV1blNJOTZxamRLSWp2Ym1waFI= |
| CnC | hvit.sa.com |
| Ports | 22 |
| Ports | 23 |
| Ports | 80 |
| Ports | 443 |
| Ports | 6607 |
| Ports | 8080 |
| Ports | 8443 |
| Mutex | lejkytfotaniitj |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | VTV1bGxrcHhzVjE4WUV1blNJOTZxamRLSWp2Ym1waFI= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA== |
| ServerSignature | H02a7AEFoJZYBLaH6E4/WrQDn3p3IH4M3P/U/CLU88hOPrcgsVd68dzpKj81Lx4rrTDzgCLjhpFIK46N6OfmFBDveJkp5wQGRndQJasPwGbpXKAX5RwnUPpOsJ4/8z1MQLL/xG+oky+dwkKjRf7Cas+BOi/Jnhm94YGAtReVrnqIHU/9ieTGDgjrWb6NZx+vawQADY649/ZiOp15eTZLLDNwWug3/08WOUjd7AvI0vfpdNgNW0ql2ACpcfRzO0bXnUjLkjU56T4XdREHef0HhoByYS7yVq4MNIoqwR3uyk3INqH0VJlwhc2w2Yn+VWbbf9jygBOpi/kzL5VHYRKQ6rYHhcshANQyyShI2mca8CqW3EjmaOdZv57p47R+5bQf1LiwFkprZKh/bWI9bdTL50vn4Uu5MBd7wIbAQdoIrXZVa5yDr1BNN92ZzNisktomg3zYnVMCjymTYXW23lRA04ST0kvE/T5EOMTh916qDMVQmCERxgSilVHPx3853+voBmo8aVTA+yC9BfCLzq/vJzFzVOGNx2NsbEkXsZc1w0Fygf6ldlTs/dawzoLvJMYdteJpZ0FxTg+qQl2N2JyxqFCuR/wAhY+L14JKu3G5lG8Wr+47g28y+XupcumVJueHqS8MN3Ch7JdfvyFJFSJ3AnYhgEVLoNUvgpYgEYmHgkE= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | ChromeUpdate.exe |
| Install-Folder | %AppData% |
| Version | 0.5.6A |
| Hosts | hvit.sa.com |
| Ports | 22,23,80,443,6607,8080,8443 |
| Mutex | lejkytfotaniitj |
| Delay | 5 |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | VTV1bGxrcHhzVjE4WUV1blNJOTZxamRLSWp2Ym1waFI= Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| CnC | hvit.sa.com Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 22 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 23 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 80 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 443 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 6607 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 8080 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Ports | 8443 Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |
| Mutex | lejkytfotaniitj Malicious |
2cf0b92cdfc2a7514c14126389f483c6 |